2016-12-15 13:47 GMT+01:00 Petr Vobornik <pvobo...@redhat.com>: > On 12/12/2016 08:53 PM, Rob Verduijn wrote: > > Hello, > > > > I've recently upgraded to centos 7.3. > > Didn't intend to so soon but should have checked the anounce lists before > > launching my ansible update playbook. > > > > Most of my servers came through, and mostly also the ipa server. > > There were duplicate rpms and a failed rpm upgrade. > > After some yum magic the rpm duplicates where gone and all the updates > installed. > > > > Manually running ipa-server-upgrade also seems to finish properly. > > > > However > > ipactl start keeps failing on the ntpd service. > > Not a big surprise since its running chronyd. > > > > I now start the ipa server with 'ipactl start --ignore-service-failure' > > > > Is there a way to explain the script that it should check for chronyd > instead of > > ntpd ? > > > > I also see this a lot in the logs: > > dns_rdatatype_fromtext() failed for attribute > > 'idnsTemplateAttribute;cnamerecord': unknown class/type > > > > Is that a serious error ? > > > > Rob Verduijn > > > > This looks like 7.3 update incorrectly added NTP service to IPA server > services (which is displayed as NTP role in `ipa server-show $server`). > > A workaround might be to disable the service or remove the service > entry. Disabling is IMHO safer. IPA CLI tools don't allow > enabling/disabling of services so it must be done by LDAP mod. > > It can be done by removing 'enabledService' config value from server's > service entry, e.g.: > > dn: cn=NTP,cn=$SERVER_FQDN,cn=masters,cn=ipa,cn=etc,$SUFFIX > changetype: modify > delete: ipaConfigString > ipaConfigString: enabledService > - > > Where $SERVER_FQDN is e.g. ipa.example.com and $SUFFIX is e.g. > dc=example,dc=com > > > Rob, have you originally installed the replica with NTPD and then later > switched manually to chrony? > > -- > Petr Vobornik >
Hello, I can't remember if I installed and configured freeipa and then switched to chronyd or the other way around. I had my ntpd/ntpdate services masked because I got tired of stopping and disabling them all the time. It seems ipactl can't deal with that. Currently I unmasked the services and enabled them (disabling chronyd) so that the server boots properly. I will try your ldiff to see if I can switch back, since I do not use my ipa server as a time source for clients. I'll let you know the results. Rob Verduijn
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
