Hello, I fixed design page.

https://www.freeipa.org/page/V4/NTP_Servers_Configuration

Andrey Bychkov via FreeIPA-users wrote:

/->>There is no description about what the abstraction layer should be.
What basic functions are there for an NTP server and how does each
server map into that abstraction? What basic methods are required?/

An abstract module is the parent basentpconf module, which contains the
base ntp classes for the server and the client, from which ntpdlib,
ontpdlib, and chronylib are inherited. The parent client and server
classes contain methods for configuring, synchronizing, and restoring
the initial state of the ntp server. It uses common functions from
ntpmethods. As for ntpdlib, ontpdlib, and chronylib, they contain
classes for configuring their ntp server directly, inherited from
basentpconf, and override the desired properties.

Right, so I realize we sort of backed into this Design document from a
PR. The purpose of the design review is to hash things out before they
are implemented so I'm commenting only on what is in the doc and not in
the PR. There are no details of this abstraction in the design.

/->>Do all servers support the options server and pool?/

All the ntp servers listed here support the server and pool options, the
values ​​of which are written to the configuration file with the
appropriate field.

Ok cool.

/->>How will dependencies be managed? Is there a common way to do this
with both Fedora-like and Debian-like distributions?/

Each package with freeipa ntp lib contains a dependency on the ntp
server that it uses. To use freeipa ntp lib, it is enough to install a
package with an appropriate ntp server.

Right but using what mechanism? rpm has this weak dependencies thing
which I haven't had a chance to look at (and I don't know about other
distros). How is the appropriate time package going to be installed? Are
we relying on the end-user to install the time package they want, so if
they install none then there is no time sync?

/->>Is it an error if no NTP servers are installed? Is this what is
meant by "default ntp configuration"? Is that functionally equivalent to
"no NTP service is configured"?/

If the system does not detect the ntp server, and the user does not use
the option '--no-ntp', then the installation of freeipa will end with
information about this. If the ntp server or ntp pool options are not
specified by the user, then the ntp server is set by default, that is,
configured on the basis of the ntp server that was laid down.

Ok, this is a change in current behavior. Right now just a warning is
displayed if there is no NTP server found.

/->>Could there be service-specific options that would need to be passed
or set?/

You can set options for the ntp service such as ntp pool and ntp server.

But there is no feature that one server provides that others don't, for
example? It's fine to limit it to only pools and servers, I'm just
trying to anticipate future RFEs.

/->>How will this impact testing? Will all possible options need to be
tested or is spot-checking or a single server adequate?/

For testing, it is necessary to start the installation of freeipa both
with the --ntp-server and --ntp-pool options, and without them, on all
supported time servers.

What I mean is there will be say 3 NTP servers supported. Do all three
need to be tested or is it sufficient to test the abstraction?

/->>Will backup/restore need to be extended to pick up the
service-specific files?/

For backup and restore, standard freeipa methods are used, which are
used to preserve the original state of the service and the configuration
file. After freeipa is removed, the service is restored to its original
state. To do this, freeipa ntp using the createntp.uninstall_client and
createntp.uninstall_server methods for the client and server, respectively.

Yes but configuration files need to be baked in, for example. They don't
all share the same config file.

/->>Upon restore there will need to be some sort of check that the
required NTP service is installed which means that the service needs to
be recorded somewhere./

If another ntp service is installed, the service will not be restored,
since the required service will not be available in the system.

Right, I think this needs to be spelled out in the design.

rob
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org