From 86e1558558296bfa21bac9d08d06a0b4032fff04 Mon Sep 17 00:00:00 2001 From: Saikrishna Arcot Date: Tue, 30 Jul 2024 18:06:52 -0700 Subject: [PATCH] Add some initial changes for using chrony instead of NTP Signed-off-by: Saikrishna Arcot --- build_debian.sh | 3 +- .../build_templates/sonic_debian_extension.j2 | 19 ++-- files/image_config/chrony/chrony-config.sh | 5 + files/image_config/chrony/chrony.conf.j2 | 107 ++++++++++++++++++ files/image_config/chrony/chrony.keys.j2 | 18 +++ files/image_config/chrony/sonic-target.conf | 3 + rules/ntp.dep | 10 -- rules/ntp.mk | 11 -- src/ntp/.gitignore | 5 - src/ntp/Makefile | 61 ---------- ...bug1970-UNLINK_EXPR_SLIST_empty_list.patch | 26 ----- src/ntp/patch/changelog | 12 -- src/ntp/patch/series | 3 - src/ntp/patch/update_ENOBUFS_log_level.patch | 22 ---- 14 files changed, 141 insertions(+), 164 deletions(-) create mode 100755 files/image_config/chrony/chrony-config.sh create mode 100644 files/image_config/chrony/chrony.conf.j2 create mode 100644 files/image_config/chrony/chrony.keys.j2 create mode 100644 files/image_config/chrony/sonic-target.conf delete mode 100644 rules/ntp.dep delete mode 100644 rules/ntp.mk delete mode 100644 src/ntp/.gitignore delete mode 100644 src/ntp/Makefile delete mode 100644 src/ntp/patch/bug1970-UNLINK_EXPR_SLIST_empty_list.patch delete mode 100644 src/ntp/patch/changelog delete mode 100644 src/ntp/patch/series delete mode 100644 src/ntp/patch/update_ENOBUFS_log_level.patch diff --git a/build_debian.sh b/build_debian.sh index 8c767d619196..211d9ee1a674 100755 --- a/build_debian.sh +++ b/build_debian.sh @@ -233,7 +233,6 @@ echo '[INFO] Install docker' ## Install apparmor utils since they're missing and apparmor is enabled in the kernel ## Otherwise Docker will fail to start sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install apparmor -sudo cp files/image_config/ntp/ntp-apparmor $FILESYSTEM_ROOT/etc/apparmor.d/local/usr.sbin.ntpd sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install apt-transport-https \ ca-certificates \ curl @@ -426,7 +425,7 @@ sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y in picocom \ systemd \ systemd-sysv \ - ntp + chrony if [[ $TARGET_BOOTLOADER == grub ]]; then if [[ $CONFIGURED_ARCH == amd64 ]]; then diff --git a/files/build_templates/sonic_debian_extension.j2 b/files/build_templates/sonic_debian_extension.j2 index 1845f9b8c18e..4958b39ed04a 100644 --- a/files/build_templates/sonic_debian_extension.j2 +++ b/files/build_templates/sonic_debian_extension.j2 @@ -415,18 +415,13 @@ sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/flashrom_*.deb sudo cp -f $IMAGE_CONFIGS/cron.d/* $FILESYSTEM_ROOT/etc/cron.d/ # Copy NTP configuration files and templates -sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT \ - apt-get -y install ntpdate -sudo rm -f $FILESYSTEM_ROOT/etc/network/if-up.d/ntpsec-ntpdate -sudo cp $IMAGE_CONFIGS/ntp/ntp-config.service $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM -echo "ntp-config.service" | sudo tee -a $GENERATED_SERVICE_FILE -sudo cp $IMAGE_CONFIGS/ntp/ntp-config.sh $FILESYSTEM_ROOT/usr/bin/ -sudo cp $IMAGE_CONFIGS/ntp/ntp.conf.j2 $FILESYSTEM_ROOT_USR_SHARE_SONIC_TEMPLATES/ -sudo cp $IMAGE_CONFIGS/ntp/ntp.keys.j2 $FILESYSTEM_ROOT_USR_SHARE_SONIC_TEMPLATES/ -sudo cp $IMAGE_CONFIGS/ntp/ntp-systemd-wrapper $FILESYSTEM_ROOT/usr/libexec/ntpsec/ -sudo mkdir $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM/ntpsec.service.d -sudo cp $IMAGE_CONFIGS/ntp/sonic-target.conf $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM/ntpsec.service.d/ -echo "ntpsec.service" | sudo tee -a $GENERATED_SERVICE_FILE +sudo cp $IMAGE_CONFIGS/chrony/chrony-config.sh $FILESYSTEM_ROOT/usr/bin/ +sudo cp $IMAGE_CONFIGS/chrony/chrony.conf.j2 $FILESYSTEM_ROOT_USR_SHARE_SONIC_TEMPLATES/ +sudo cp $IMAGE_CONFIGS/chrony/chrony.keys.j2 $FILESYSTEM_ROOT_USR_SHARE_SONIC_TEMPLATES/ +sudo cp $IMAGE_CONFIGS/chrony/chronyd-starter.sh $FILESYSTEM_ROOT/usr/lib/systemd/scripts/ +sudo mkdir $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM/chrony.service.d +sudo cp $IMAGE_CONFIGS/chrony/override.conf $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM/chrony.service.d/ +echo "chrony.service" | sudo tee -a $GENERATED_SERVICE_FILE # Copy DNS templates sudo cp $BUILD_TEMPLATES/dns.j2 $FILESYSTEM_ROOT_USR_SHARE_SONIC_TEMPLATES/ diff --git a/files/image_config/chrony/chrony-config.sh b/files/image_config/chrony/chrony-config.sh new file mode 100755 index 000000000000..7d5e9b937d7a --- /dev/null +++ b/files/image_config/chrony/chrony-config.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +sonic-cfggen -d -t /usr/share/sonic/templates/chrony.conf.j2 >/etc/chrony/chrony.conf +sonic-cfggen -d -t /usr/share/sonic/templates/chrony.keys.j2 >/etc/chrony/chrony.keys +chmod o-r /etc/chrony/chrony.keys diff --git a/files/image_config/chrony/chrony.conf.j2 b/files/image_config/chrony/chrony.conf.j2 new file mode 100644 index 000000000000..1de549795cc8 --- /dev/null +++ b/files/image_config/chrony/chrony.conf.j2 @@ -0,0 +1,107 @@ +############################################################################### +# This file was AUTOMATICALLY GENERATED. DO NOT MODIFY. +# Controlled by ntp-config.service +############################################################################### + +# Welcome to the chrony configuration file. See chrony.conf(5) for more +# information about usable directives. + +# Include configuration files found in /etc/chrony/conf.d. +confdir /etc/chrony/conf.d + +{# Getting NTP global configuration -#} +{% set global = (NTP | d({})).get('global', {}) -%} + +{# Adding NTP servers. We need to know if we have some pools, to set proper config -#} +{% set ns = namespace(is_pools=false) %} +{% for server in NTP_SERVER if NTP_SERVER[server].admin_state != 'disabled' -%} + {% set config = NTP_SERVER[server] -%} + {# Server options -#} + {% set soptions = '' -%} + + {# Define defaults if not defined -#} + {% set association_type = config.association_type | d('server') -%} + {% set resolve_as = config.resolve_as | d(server) -%} + + {# Authentication key -#} + {% if global.authentication == 'enabled' -%} + {% if config.key -%} + {% set soptions = soptions ~ ' key ' ~ config.key -%} + {% endif -%} + {% endif -%} + + {# Aggressive polling -#} + {% if config.iburst -%} + {% set soptions = soptions ~ ' iburst' -%} + {% endif -%} + + {# Protocol version -#} + {% if config.version -%} + {% set soptions = soptions ~ ' version ' ~ config.version -%} + {% endif -%} + + {# Check if there are any pool configured. BTW it doesn't matter what was + configured as "resolve_as" for pools. If they were configured with FQDN they + must remain like that -#} + {% if association_type == 'pool' -%} + {% set resolve_as = server -%} + {% endif -%} + +{{ association_type }} {{ resolve_as }}{{ soptions }} + +{% endfor -%} + +{# Access control options -#} +{% set options = '' -%} + +{# Disable NTP server functionality. Should stay on when dhcp is enabled -#} +{# {% if global.server_role == 'disabled' and global.dhcp == 'disabled' -%} + {% set options = options ~ ' ignore' -%} +{% endif -%} #} + +# Access control configuration +# By default, exchange time with everybody, but don't allow configuration. +# NTPsec doesn't establish peer associations, and so nopeer has no effect, and +# has been removed from here +restrict default kod nomodify noquery limited{{ options }} + +# Use time sources from DHCP. +sourcedir /run/chrony-dhcp + +# Use NTP sources found in /etc/chrony/sources.d. +sourcedir /etc/chrony/sources.d + +{% if global.authentication == 'enabled' %} +# This directive specify the location of the file containing ID/key pairs for +# NTP authentication. +keyfile /etc/chrony/chrony.keys +{% endif %} + +# This directive specify the file into which chronyd will store the rate +# information. +driftfile /var/lib/chrony/chrony.drift + +# Save NTS keys and cookies. +ntsdumpdir /var/lib/chrony + +# Uncomment the following line to turn logging on. +#log tracking measurements statistics + +# Log files location. +logdir /var/log/chrony + +# Stop bad estimates upsetting machine clock. +maxupdateskew 100.0 + +# This directive enables kernel synchronisation (every 11 minutes) of the +# real-time clock. Note that it can’t be used along with the 'rtcfile' directive. +rtcsync + +# Step the system clock instead of slewing it if the adjustment is larger than +# one second, but only in the first three clock updates. +makestep 1 3 + +# Get TAI-UTC offset and leap seconds from the system tz database. +# This directive must be commented out when using time sources serving +# leap-smeared time. +leapsectz right/UTC diff --git a/files/image_config/chrony/chrony.keys.j2 b/files/image_config/chrony/chrony.keys.j2 new file mode 100644 index 000000000000..4d362b5c2819 --- /dev/null +++ b/files/image_config/chrony/chrony.keys.j2 @@ -0,0 +1,18 @@ +############################################################################### +# This file was AUTOMATICALLY GENERATED. DO NOT MODIFY. +# Controlled by ntp-config.service +############################################################################### + +{# We can connect only to the servers we trust. Determine those servers -#} +{% set trusted_arr = [] -%} +{% for server in NTP_SERVER if NTP_SERVER[server].trusted == 'yes' and + NTP_SERVER[server].resolve_as -%} + {% set _ = trusted_arr.append(NTP_SERVER[server].resolve_as) -%} +{% endfor -%} + +{# Define authentication keys inventory -#} +{% set trusted_str = ' ' ~ trusted_arr|join(',') -%} +{% for keyid in NTP_KEY if NTP_KEY[keyid].type and NTP_KEY[keyid].value %} +{% set keyval = NTP_KEY[keyid].value | b64decode %} +{{ keyid }} {{ NTP_KEY[keyid].type | upper }} {{ keyval }}{{trusted_str}} +{% endfor -%} diff --git a/files/image_config/chrony/sonic-target.conf b/files/image_config/chrony/sonic-target.conf new file mode 100644 index 000000000000..83dd118fe5e9 --- /dev/null +++ b/files/image_config/chrony/sonic-target.conf @@ -0,0 +1,3 @@ +[Unit] +BindsTo=sonic.target +After=sonic.target diff --git a/rules/ntp.dep b/rules/ntp.dep deleted file mode 100644 index c261482f9327..000000000000 --- a/rules/ntp.dep +++ /dev/null @@ -1,10 +0,0 @@ - -SPATH := $($(NTP)_SRC_PATH) -DEP_FILES := $(SONIC_COMMON_FILES_LIST) rules/ntp.mk rules/ntp.dep -DEP_FILES += $(SONIC_COMMON_BASE_FILES_LIST) -DEP_FILES += $(shell git ls-files $(SPATH)) - -$(NTP)_CACHE_MODE := GIT_CONTENT_SHA -$(NTP)_DEP_FLAGS := $(SONIC_COMMON_FLAGS_LIST) -$(NTP)_DEP_FILES := $(DEP_FILES) - diff --git a/rules/ntp.mk b/rules/ntp.mk deleted file mode 100644 index 52e7db516138..000000000000 --- a/rules/ntp.mk +++ /dev/null @@ -1,11 +0,0 @@ -# ntp package - -NTP_VERSION = 4.2.8p15+dfsg -export NTP_VERSION - -NTP = ntp_$(NTP_VERSION)-1+deb10u2_$(CONFIGURED_ARCH).deb -$(NTP)_SRC_PATH = $(SRC_PATH)/ntp -SONIC_MAKE_DEBS += $(NTP) -SONIC_STRETCH_DEBS += $(NTP) - -export NTP diff --git a/src/ntp/.gitignore b/src/ntp/.gitignore deleted file mode 100644 index 1b46fe753f41..000000000000 --- a/src/ntp/.gitignore +++ /dev/null @@ -1,5 +0,0 @@ -*+dfsg -*.buildinfo -*.changes -*.xz -*.deb diff --git a/src/ntp/Makefile b/src/ntp/Makefile deleted file mode 100644 index f449d2125bc7..000000000000 --- a/src/ntp/Makefile +++ /dev/null @@ -1,61 +0,0 @@ -.ONESHELL: -SHELL = /bin/bash -.SHELLFLAGS += -e - -MAIN_TARGET = $(NTP) - -$(addprefix $(DEST)/, $(MAIN_TARGET)): $(DEST)/% : - # Remove any stale files - rm -rf ./ntp-$(NTP_VERSION) ./ntp_$(NTP_VERSION).orig.tar.xz ./ntp_$(NTP_VERSION)-4.debian.tar.xz - - # Get ntp release, debian files - wget http://deb.debian.org/debian/pool/main/n/ntp/ntp_$(NTP_VERSION).orig.tar.xz - wget http://deb.debian.org/debian/pool/main/n/ntp/ntp_$(NTP_VERSION)-1.debian.tar.xz - - # UnTar ntp release - xzcat ntp_$(NTP_VERSION).orig.tar.xz | tar -xvf - - - pushd ./ntp-4.2.8p15 - - # UnTar debian files - xzcat ../ntp_$(NTP_VERSION)-1.debian.tar.xz | tar -xvf - - - # Add the additional patch - cp ../patch/bug1970-UNLINK_EXPR_SLIST_empty_list.patch debian/patches/ - cp ../patch/update_ENOBUFS_log_level.patch debian/patches/ - cat ../patch/series >> debian/patches/series - - # Update the changelog - cat ../patch/changelog debian/changelog > debian/changelog.new - rm debian/changelog ; mv debian/changelog.new debian/changelog - - # The debian mirror build likely took place on a system without - # libevent installed, thus adding the below for SONiC - sed -i 's/--with-locfile=legacy/--with-locfile=legacy --enable-local-libevent/' debian/rules - - # Fix the apparmor profile to avoid the following message - # "Failed name lookup - disconnected path" - # and go into learning mode. - sed -i 's/\/usr\/sbin\/ntpd {/\/usr\/sbin\/ntpd flags=(attach_disconnected complain) {/' debian/apparmor-profile - -ifeq ($(CROSS_BUILD_ENVIRON), y) - sed -i 's/dh_auto_configure \--/dh_auto_configure -- --with-yielding-select=yes /g' debian/rules - echo ". $(CONFIG_SITE)" > fix.ntp.cross-config.$(CONFIGURED_ARCH) - echo "unset with_openssl_libdir" >> fix.ntp.cross-config.$(CONFIGURED_ARCH) - echo "unset with_openssl_incdir" >> fix.ntp.cross-config.$(CONFIGURED_ARCH) - rm -f cross-config.cache - ln -s /etc/dpkg-cross/cross-config.cache cross-config.cache -endif - - # Build source and Debian packages with the symbols -ifeq ($(CROSS_BUILD_ENVIRON), y) - CONFIG_SITE=`pwd`/fix.ntp.cross-config.$(CONFIGURED_ARCH) dpkg-buildpackage -rfakeroot -b -us -uc -a$(CONFIGURED_ARCH) -Pcross,nocheck -j$(SONIC_CONFIG_MAKE_JOBS) --admindir $(SONIC_DPKG_ADMINDIR) -else - dpkg-buildpackage -rfakeroot -b -us -uc -j$(SONIC_CONFIG_MAKE_JOBS) --admindir $(SONIC_DPKG_ADMINDIR) -endif - - popd - - # Move the newly-built .deb packages to the destination directory - mv $* $(DEST)/ - diff --git a/src/ntp/patch/bug1970-UNLINK_EXPR_SLIST_empty_list.patch b/src/ntp/patch/bug1970-UNLINK_EXPR_SLIST_empty_list.patch deleted file mode 100644 index 701dc0103944..000000000000 --- a/src/ntp/patch/bug1970-UNLINK_EXPR_SLIST_empty_list.patch +++ /dev/null @@ -1,26 +0,0 @@ -Bug 1970 UNLINK_EXPR_SLIST() causes crash if list is empty - -From: Arun Barboza - - ---- - include/ntp_lists.h | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/include/ntp_lists.h b/include/ntp_lists.h -index d741974..f90bf23 100644 ---- a/include/ntp_lists.h -+++ b/include/ntp_lists.h -@@ -184,7 +184,11 @@ do { \ - do { \ - entrytype **ppentry; \ - \ -- ppentry = &(listhead); \ -+ if (!listhead) { \ -+ (punlinked) = NULL; \ -+ break; \ -+ } \ -+ else ppentry = &(listhead); \ - \ - while (!(expr)) \ - if (*ppentry != NULL && \ diff --git a/src/ntp/patch/changelog b/src/ntp/patch/changelog deleted file mode 100644 index ce5fb6096276..000000000000 --- a/src/ntp/patch/changelog +++ /dev/null @@ -1,12 +0,0 @@ -ntp (1:4.2.8p15+dfsg-1+deb10u2) bullseye; urgency=medium - - * Adjust the ENOBUFS syslog level on the Netlink routing to LOG_WARNING. - - -- Arun Barboza Mon, 09 Sep 2019 10:15:35 -0700 - -ntp (1:4.2.8p15+dfsg-1+deb10u1) bullseye; urgency=medium - - * Apply Bug1970 fix for UNLINK_EXPR_SLIST_empty_list from dev branch. - - -- Arun Barboza Tue, 25 Jun 2019 14:35:24 -0700 - diff --git a/src/ntp/patch/series b/src/ntp/patch/series deleted file mode 100644 index 9ce40f13e21a..000000000000 --- a/src/ntp/patch/series +++ /dev/null @@ -1,3 +0,0 @@ -# This series applies on GIT commit d09f041a49c61971f59fc29f505446c63aea51b1 -bug1970-UNLINK_EXPR_SLIST_empty_list.patch -update_ENOBUFS_log_level.patch diff --git a/src/ntp/patch/update_ENOBUFS_log_level.patch b/src/ntp/patch/update_ENOBUFS_log_level.patch deleted file mode 100644 index 618fc323b105..000000000000 --- a/src/ntp/patch/update_ENOBUFS_log_level.patch +++ /dev/null @@ -1,22 +0,0 @@ -Adjust the ENOBUFS syslog level on the Netlink routing to LOG_WARNING. - -From: Arun Barboza - - ---- - ntpd/ntp_io.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Index: b/ntpd/ntp_io.c -=================================================================== ---- a/ntpd/ntp_io.c -+++ b/ntpd/ntp_io.c -@@ -4709,7 +4709,7 @@ process_routing_msgs(struct asyncio_read - - if (cnt < 0) { - if (errno == ENOBUFS) { -- msyslog(LOG_ERR, -+ msyslog(LOG_WARNING, - "routing socket reports: %m"); - } else { - msyslog(LOG_ERR,