The use-ntp flag when set to false still tries to use ntp because of the default os check. os_major is <=7 which will always match for centos 7
use_ntp = host_param_true?('use-ntp') || (is_fedora && os_major < 16) || (rhel_compatible && os_major <= 7
Expected outcome:
chrony is used instead of ntp
Foreman and Proxy versions:
foreman 1.21
Hello and welcome to the community.
Either fix it by explicitly checking for the value or use this patch and change:
Should the check be < 7 instead of <= 7 so you can use chrony on EL7? The intention of it is that on older ELs there was no chrony but it does appear to be available on EL7.
In our case we cloned the template and changed the check to use < 7 since we only want to use chrony on el7. There might be users that still have/require ntp on their el7 systems. The other confusing part was the naming of the parameter. It is defined as use-ntp but the actual param is use_ntp <% if use_ntp -%>
Could you write a patch for https://github.com/theforeman/community-templates/? Ideally with a Redmine issue so we can track the change.
I don’t think so. The intention is that you can choose which one you want from version 7 or higher. Because as the documentation says, chrony is great for non VM environment and ntp is still better for VM environment (or vice versa I don’t remember).
I think ntpd was dropped from RHEL8 repos so the OS in question is only RHEL7 now. Perhaps the issues were ironed out.
I don’t like changing what we do. We already decided to have NTPD as the default for RHEL7 and there are still documented reasons why to use it:
Previously it was this (which we based our decision to stick with NTPD):
Chrony should be considered for all systems which are frequently suspended or
otherwise intermittently disconnected and reconnected to a network. Mobile and
virtual systems for example.The NTP daemon (ntpd) should be considered for systems which are normally kept
permanently on. Systems which are required to use broadcast or multicast IP, or
to perform authentication of packets with the Autokey protocol, should consider
using ntpd. Chrony only supports symmetric key authentication using a message
authentication code (MAC) with MD5, SHA1 or stronger hash functions, whereas
ntpd also supports the Autokey authentication protocol which can make use of
the PKI system. Autokey is described in RFC 5906.
I suggest to leave NTPD as the default option for CentOS 7 and only fix the line in template (it currently does not work, you cannot opt out of NTPD - I filed a PR for that). For CentOS 8 it will be chrony only.
Sounds good. I will close the PR. Can someone close out the issue?
For me chrony and ntp got installed by default kickstart:
%packages
yum
dhclient
ntp
wget
@Core
redhat-lsb-core
chrony-3.4-1.el7.x86_64 Tue 12 Nov 2019 02:13:27 PM CET
ntp-4.2.6p5-29.el7.x86_64 Tue 12 Nov 2019 02:13:17 PM CET
ntpdate-4.2.6p5-29.el7.x86_64 Tue 12 Nov 2019 02:13:04 PM CET
Resulting in ntpd is not running:
[~]$ service ntpd status
Redirecting to /bin/systemctl status ntpd.service
● ntpd.service - Network Time Service
Loaded: loaded (/usr/lib/systemd/system/ntpd.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Can someone confirm this?
Yeah, how about this:
Can you confirm this fixed the issue (I haven’t tried myself).
Yes, this fixed the issue. Thanks!