freeipa team mailing list archive

Thread
Date
[Bug 1966181] Re: ipa-client-install fails on restarting non-existing chrony.service

To: freeipa@xxxxxxxxxxxxxxxxxxx
From: Martin Pitt <1966181@xxxxxxxxxxxxxxxxxx>
Date: Thu, 24 Mar 2022 12:09:54 -0000
Reply-to: Bug 1966181 <1966181@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx
Hello Timo,

I'm not actually sure where these /etc/systemd/system/chrony* files come
from (in particular the mask). They are not owned by any package, nor
does chrony's postinst seem to create it (but maybe through a helper,
they are not exactly simple -- some weird interaction with the SysV
compat code?).

The chronyd.service link is created by the Alias=chronyd.service in
chrony.service, and systemd creates that when enabling the service.

My debian-testing VM has that chrony.service → /dev/null mask link right
after a fresh install and boot, no IPA script was running yet. But I
just saw that I apparently mixed up my VMs when reporting this here --
my ubuntu-stable VM does not have chrony installed at all (even though
freeipa-client recommends it, and I don't use --no-install-recommends).
I'll investigate this more thoroughly, chase down what creates that
pesky chrony.service masking, and report back here.

Thanks, and sorry for the noise so far!

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to freeipa in Ubuntu.
https://bugs.launchpad.net/bugs/1966181

Title:
  ipa-client-install fails on restarting non-existing chrony.service

Status in freeipa package in Ubuntu:
  New
Status in freeipa package in Debian:
  New

Bug description:
  DistroRelease: Ubuntu 21.10
  Package: freeipa-client 4.8.6-1ubuntu6

  This is a bug that just doesn't want to die -- the package *really*
  should grow an autopkgtest that checks if a basic ipa-client-install
  actually works. It's very similar to bug 1890786 except that it now
  fails on "chrony.service", not "chronyd.service":

  
  # ipa-client-install --domain cockpit.lan --realm COCKPIT.LAN --principal admin -W
  This program will set up FreeIPA client.
  Version 4.8.6

  WARNING: conflicting time&date synchronization service 'ntp' will be
  disabled in favor of chronyd

  Discovery was successful!
  Do you want to configure chrony with NTP server or pool address? [no]: 
  Client hostname: x0.cockpit.lan
  Realm: COCKPIT.LAN
  DNS Domain: cockpit.lan
  IPA Server: f0.cockpit.lan
  BaseDN: dc=cockpit,dc=lan

  Continue to configure the system with these values? [no]: yes
  Synchronizing time
  No SRV records of NTP servers found and no NTP server or pool address was provided.
  Using default chrony configuration.
  CalledProcessError(Command ['/bin/systemctl', 'restart', 'chrony.service'] returned non-zero exit status 5: 'Failed to restart chrony.service: Unit chrony.service not found.\n')
  The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information


  This also happens if I say "yes" to the NTP question.

  
  Now, the chrony package is indeed rather weird/broken:

  | root@x0:~# find /etc/systemd -name '*chrony*' | xargs ls -l
  | lrwxrwxrwx 1 root root  9 Mar 24 05:54 /etc/systemd/system/chrony.service -> /dev/null
  | lrwxrwxrwx 1 root root 34 Mar 23 04:31 /etc/systemd/system/chronyd.service -> /lib/systemd/system/chrony.service
  | lrwxrwxrwx 1 root root 34 Mar 23 04:31 /etc/systemd/system/multi-user.target.wants/chrony.service -> /lib/systemd/system/chrony.service

  | # systemctl status chrony chronyd
  | Warning: The unit file, source configuration file or drop-ins of chronyd.service changed on disk. Run 'systemctl daemon-reload' to relo>
  | ○ chrony.service
  |      Loaded: masked (Reason: Unit chrony.service is masked.)
  |      Active: inactive (dead)
  |
  | ○ chronyd.service
  |      Loaded: error (Reason: Unit chronyd.service failed to load properly, please adjust/correct and reload service manager: File exists)
  |      Active: inactive (dead)

  Again, this is unconfigured and out of the box -- the idea is that FreeIPA
  sets up everything and configures NTP/chrony/etc. to listen to the FreeIPA
  server.

  Purging chrony doesn't really help, though:

  | dpkg -P chrony
  | # no '*chrony*' files in /etc any more

  Exactly the same failure, and it still tries to configure chrony even though
  it's not there any more:

  | WARNING: conflicting time&date synchronization service 'ntp' will be disabled in favor of chronyd
  |
  | Discovery was successful!
  | Do you want to configure chrony with NTP server or pool address? [no]: yes
  | Enter NTP source server addresses separated by comma, or press Enter to skip:
  | Enter a NTP source pool address, or press Enter to skip:
  | Client hostname: x0.cockpit.lan
  | Realm: COCKPIT.LAN
  | DNS Domain: cockpit.lan
  | IPA Server: f0.cockpit.lan
  | BaseDN: dc=cockpit,dc=lan
  |
  | Continue to configure the system with these values? [no]: yes
  | Synchronizing time
  | No SRV records of NTP servers found and no NTP server or pool address was provided.
  | Using default chrony configuration.
  | CalledProcessError(Command ['/bin/systemctl', 'restart', 'chrony.service'] returned non-zero exit status 5: 'Failed to restart chrony.service: Unit chrony.service
  +not found.\n')
  | The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1966181/+subscriptions
References

[Bug 1966181] [NEW] ipa-client-install fails on restarting non-existing chrony.service
From: Martin Pitt, 2022-03-24