← Back to team overview

freeipa team mailing list archive

[Bug 1630911] Re: freeipa-client has a hard dependency on "ntp" which is not wanted in lxd environment

 

"the client setup would fail if there's no ntp installed"

In what way?

Is what you're really saying that the client setup would fail if the
clock of the client is not within X seconds of the real time? That's
correct, but is not the same as saying ntp must be installed.

There are other ways of obtaining time sufficiently synchronized for
Kerberos to work; hence my second suggestion of having a virtual package
meaning "the system must have synchronized time (somehow)". This is
similar to the virtual package which says "the system must have a mail-
transport-agent (but I don't care which one)"

However, "recommends" ntp would actually install it in most cases - i.e.
unless the user specifies "--no-install-recommends", or has modified
their apt config.  If the user explicitly asks not to install
"recommended" packages, then they are saying they are happy to deal with
the possible consequences.

Also, I don't think detecting lxc/lxd is a good idea. There are other
virtualization environments which ensure the guest clock is
synchronized, without running NTP on the guest, so this would not be a
generic solution.

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to freeipa in Ubuntu.
https://bugs.launchpad.net/bugs/1630911

Title:
  freeipa-client has a hard dependency on "ntp" which is not wanted in
  lxd environment

Status in freeipa package in Ubuntu:
  New

Bug description:
  [Note: the package is called "freeipa-client" but launchpad only lets
  me select "freeipa"]

  The "freeipa-client" package has a hard dependency on "ntp".

  However: when running Ubuntu inside an lxd container, ntpd cannot run:
  the host is responsible for setting the clock, not the container.

  Hence I want to "apt-get remove ntp" from inside the container. But if
  I do so, this forcibly removes the "freeipa-client" package as well,
  because of the dependency. This in turn leaves a whole heap of
  dangling packages - see below - which are vulnerable to being
  accidentally removed.

  Proposal: change to "Recommends: ntp" instead of "Depends: ntp"


  -------------------------------------------------------------------------------
  # apt-get remove ntp
  Reading package lists... Done
  Building dependency tree
  Reading state information... Done
  The following packages were automatically installed and are no longer required:
    bind9utils certmonger cracklib-runtime freeipa-common ieee-data iproute
    libavahi-client3 libavahi-common-data libavahi-common3 libbasicobjects0
    libc-ares2 libcollection4 libcrack2 libcups2 libcurl3 libcurl3-nss libdhash1
    libfreetype6 libini-config5 libipa-hbac0 libjbig0 libjpeg-turbo8 libjpeg8
    liblcms2-2 libldb1 libnfsidmap2 libnl-3-200 libnl-route-3-200 libnspr4
    libnss-sss libnss3 libnss3-nssdb libnss3-tools libopts25 libpam-pwquality
    libpam-sss libpath-utils1 libpwquality-common libpwquality1 libref-array1
    libsmbclient libsss-idmap0 libsss-nss-idmap0 libsss-sudo libtdb1 libtevent0
    libtiff5 libwebp5 libwebpmux1 libxmlrpc-core-c3 libxslt1.1 oddjob
    oddjob-mkhomedir python-bs4 python-cffi python-cffi-backend python-chardet
    python-cryptography python-dbus python-decorator python-dnspython
    python-enum34 python-gi python-gssapi python-html5lib python-idna
    python-imaging python-ipaclient python-ipaddress python-ipalib
    python-jwcrypto python-ldap python-libipa-hbac python-lxml python-memcache
    python-netaddr python-nss python-pil python-pkg-resources python-ply
    python-pyasn1 python-pycparser python-qrcode python-setuptools python-six
    python-sss python-talloc python-usb python-yubico samba-libs sssd sssd-ad
    sssd-ad-common sssd-common sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap
    sssd-proxy
  Use 'apt autoremove' to remove them.
  The following packages will be REMOVED:
    freeipa-client ntp
  0 upgraded, 0 newly installed, 2 to remove and 0 not upgraded.
  1 not fully installed or removed.
  After this operation, 2002 kB disk space will be freed.
  Do you want to continue? [Y/n] n
  Abort.

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: freeipa-client 4.3.1-0ubuntu1
  ProcVersionSignature: Ubuntu 4.4.0-34.53-generic 4.4.15
  Uname: Linux 4.4.0-34-generic x86_64
  NonfreeKernelModules: nfsd auth_rpcgss nfs_acl lockd grace sunrpc ip6table_filter ip6_tables xt_conntrack ufs msdos xfs binfmt_misc veth ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack isofs xt_CHECKSUM iptable_mangle xt_tcpudp bridge stp llc iptable_filter ip_tables x_tables zfs zunicode zcommon znvpair spl zavl ppdev xen_fbfront syscopyarea sysfillrect sysimgblt fb_sys_fops serio_raw parport_pc parport ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear crct10dif_pclmul crc32_pclmul aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd psmouse floppy
  ApportVersion: 2.20.1-0ubuntu2.1
  Architecture: amd64
  Date: Thu Oct  6 09:05:52 2016
  Ec2AMI: ami-c06b1eb3
  Ec2AMIManifest: (unknown)
  Ec2AvailabilityZone: eu-west-1a
  Ec2InstanceType: t2.medium
  Ec2Kernel: unavailable
  Ec2Ramdisk: unavailable
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
  SourcePackage: freeipa
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1630911/+subscriptions


References