Ubuntu
freeipa package

ipa-client-install fails on restarting non-existing chrony.service

Bug #1966181 reported by Martin Pitt
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
freeipa (Debian)
Fix Released
Unknown
freeipa (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

DistroRelease: Ubuntu 21.10
Package: freeipa-client 4.8.6-1ubuntu6

This is a bug that just doesn't want to die -- the package *really* should grow an autopkgtest that checks if a basic ipa-client-install actually works. It's very similar to bug 1890786 except that it now fails on "chrony.service", not "chronyd.service":

# ipa-client-install --domain cockpit.lan --realm COCKPIT.LAN --principal admin -W
This program will set up FreeIPA client.
Version 4.8.6

WARNING: conflicting time&date synchronization service 'ntp' will be disabled in favor of chronyd

Discovery was successful!
Do you want to configure chrony with NTP server or pool address? [no]:
Client hostname: x0.cockpit.lan
Realm: COCKPIT.LAN
DNS Domain: cockpit.lan
IPA Server: f0.cockpit.lan
BaseDN: dc=cockpit,dc=lan

Continue to configure the system with these values? [no]: yes
Synchronizing time
No SRV records of NTP servers found and no NTP server or pool address was provided.
Using default chrony configuration.
CalledProcessError(Command ['/bin/systemctl', 'restart', 'chrony.service'] returned non-zero exit status 5: 'Failed to restart chrony.service: Unit chrony.service not found.\n')
The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information

This also happens if I say "yes" to the NTP question.

Now, the chrony package is indeed rather weird/broken:

| root@x0:~# find /etc/systemd -name '*chrony*' | xargs ls -l
| lrwxrwxrwx 1 root root 9 Mar 24 05:54 /etc/systemd/system/chrony.service -> /dev/null
| lrwxrwxrwx 1 root root 34 Mar 23 04:31 /etc/systemd/system/chronyd.service -> /lib/systemd/system/chrony.service
| lrwxrwxrwx 1 root root 34 Mar 23 04:31 /etc/systemd/system/multi-user.target.wants/chrony.service -> /lib/systemd/system/chrony.service

| # systemctl status chrony chronyd
| Warning: The unit file, source configuration file or drop-ins of chronyd.service changed on disk. Run 'systemctl daemon-reload' to relo>
| ○ chrony.service
| Loaded: masked (Reason: Unit chrony.service is masked.)
| Active: inactive (dead)
|
| ○ chronyd.service
| Loaded: error (Reason: Unit chronyd.service failed to load properly, please adjust/correct and reload service manager: File exists)
| Active: inactive (dead)

Again, this is unconfigured and out of the box -- the idea is that FreeIPA
sets up everything and configures NTP/chrony/etc. to listen to the FreeIPA
server.

Purging chrony doesn't really help, though:

| dpkg -P chrony
| # no '*chrony*' files in /etc any more

Exactly the same failure, and it still tries to configure chrony even though
it's not there any more:

| WARNING: conflicting time&date synchronization service 'ntp' will be disabled in favor of chronyd
|
| Discovery was successful!
| Do you want to configure chrony with NTP server or pool address? [no]: yes
| Enter NTP source server addresses separated by comma, or press Enter to skip:
| Enter a NTP source pool address, or press Enter to skip:
| Client hostname: x0.cockpit.lan
| Realm: COCKPIT.LAN
| DNS Domain: cockpit.lan
| IPA Server: f0.cockpit.lan
| BaseDN: dc=cockpit,dc=lan
|
| Continue to configure the system with these values? [no]: yes
| Synchronizing time
| No SRV records of NTP servers found and no NTP server or pool address was provided.
| Using default chrony configuration.
| CalledProcessError(Command ['/bin/systemctl', 'restart', 'chrony.service'] returned non-zero exit status 5: 'Failed to restart chrony.service: Unit chrony.service
+not found.\n')
| The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information

Bug Watch Updater (bug-watch-updater)
Changed in freeipa (Debian):
status: Unknown → New
Revision history for this message
Timo Aaltonen (tjaalton) wrote :

Hi, chrony.service is masked for some reason? And I can't find chronyd.service file shipped by any package, so dunno why systemctl thinks it's available.

There is code to disable chrony in a particular case during uninstall, but everything should work fine if you have a clean install.

Revision history for this message
Martin Pitt (pitti) wrote :

Hello Timo,

I'm not actually sure where these /etc/systemd/system/chrony* files come from (in particular the mask). They are not owned by any package, nor does chrony's postinst seem to create it (but maybe through a helper, they are not exactly simple -- some weird interaction with the SysV compat code?).

The chronyd.service link is created by the Alias=chronyd.service in chrony.service, and systemd creates that when enabling the service.

My debian-testing VM has that chrony.service → /dev/null mask link right after a fresh install and boot, no IPA script was running yet. But I just saw that I apparently mixed up my VMs when reporting this here -- my ubuntu-stable VM does not have chrony installed at all (even though freeipa-client recommends it, and I don't use --no-install-recommends). I'll investigate this more thoroughly, chase down what creates that pesky chrony.service masking, and report back here.

Thanks, and sorry for the noise so far!

Revision history for this message
Martin Pitt (pitti) wrote :

A-ha! I wasn't seeing things after all. Our test images install the "systemd-timesyncd" package (as we also run tests against that), and that removes the chrony package and installs the mask:

# apt install systemd-timesyncd
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following packages will be REMOVED:
  chrony
The following NEW packages will be installed:
  systemd-timesyncd
0 upgraded, 1 newly installed, 1 to remove and 0 not upgraded.
Need to get 30.8 kB of archives.
After this operation, 364 kB disk space will be freed.
Do you want to continue? [Y/n] y
Get:1 http://archive.ubuntu.com/ubuntu impish-updates/main amd64 systemd-timesyncd amd64 248.3-1ubuntu8.2 [30.8 kB]
Fetched 30.8 kB in 0s (82.3 kB/s)
dpkg: chrony: dependency problems, but removing anyway as you requested:
 systemd depends on systemd-timesyncd | time-daemon; however:
  Package systemd-timesyncd is not installed.
  Package time-daemon is not installed.
  Package systemd-timesyncd which provides time-daemon is not installed.
  Package chrony which provides time-daemon is to be removed.

# ls -l /etc/systemd/system/chrony.service
lrwxrwxrwx 1 root root 9 Mar 24 12:16 /etc/systemd/system/chrony.service -> /dev/null

Mystery solved!

So, sorry for the noise!

Changed in freeipa (Ubuntu):
status: New → Invalid
Bug Watch Updater (bug-watch-updater)
Changed in freeipa (Debian):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.