"if options.no_ntp or options.ntp_servers or options.ntp_pool" fails all configurations. Adding "not options.no_ntp" ensures replicas install when explicitly telling role not to configure ntp.

[parmstro]

tested with 4 replica environment:
existing master
existing replica
uninstalled replica
new replica

Summary by Sourcery

Bug Fixes:

• Use 'not options.no_ntp' in NTP configuration check to avoid blocking installations when NTP is explicitly disabled

[sourcery-ai]

Hey there - I've reviewed your changes and they look great!

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[t-woerner]

Hello, thanks for the PR.
Please explain what this change is fixing.
The NTP configuration can not be touched on a pre-installed client. There is no way to turn off ntp if it was enabled for the client before.

[parmstro]

Hi Thomas, Isn’t that the purpose of ipaclient_no_ntp? To tell the module not to touch ntp? If that is not the case, and the intention is that the switch is meant to disable ntp, I would suggest it be renamed as such. e.g. ipaclient_disable_ntp I was having difficulty deploying any replicas… If my PR is in error please accept my apologies and I will close it. I may open a documentation PR. :-) Regards, Paul Paul Armstrong Senior Principal Technical Specialist Red Hat 647-285-0044 Get Red Hat Developer for Individuals <https://developers.redhat.com/register> Sign up with a personal email to get free RHEL for personal use. Use and extend Granite open source AI models, develop software and learn new skills with no cost, self-support subscriptions.

…

On Tue, Sep 16, 2025 at 7:43 AM Thomas Woerner ***@***.***> wrote: *t-woerner* left a comment (freeipa/ansible-freeipa#1386) <#1386 (comment)> Hello, thanks for the PR. Please explain what this change is fixing. The NTP configuration can not be touched on a pre-installed client. There is no way to turn off ntp if it was enabled for the client before. — Reply to this email directly, view it on GitHub <#1386 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABMAI2ORPQFHPKJWXY2N6KT3S7ZUPAVCNFSM6AAAAACGS5XZMOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTEOJYGEYTKMRYGU> . You are receiving this because you authored the thread.Message ID: ***@***.***>

[t-woerner]

FreeIPA is not supporting to turn off previously enabled features for clients and servers. The deployment roles for client, replica and server in ansible-freeipa are using the FreeIPA code and therefore they are following that rule.

If ntp or any other client feature was enabled or configured for a client and later on the client is promoted to become a server, there is no way to deactivate any of the features. Therefore there is a check if any ipaclient setting is given for the replica promotion.

For no_ntp it might work to ignore it in this case, but what do we do with the other ntp or ipaclient settings? The ipareplica role is not able to change any client settings in the "client is already deployed" case.