Re: [chrony-dev] [PATCH] nm-dispatcher: handle NTP servers from DHCP
On Fri, Jun 26, 2020 at 12:43:08AM -0400, Robert Fairley wrote: > There could still be ways to proceed without doing this, but I'm not > sure of a natural way of grouping the directives into files, without > assuming which ones are likely to be overridden by a distribution > and preserving visibility of the config (e.g. `pool`, `makestep`, > `sourcedirs` would be best in separate files within `/usr/lib/chrony.d` > to allow overriding in the case of Fedora CoreOS, but that won't apply > for other distributions). Another way is having only one directive > in each `.conf` file under `/usr/lib/chrony.d` and require admins to > copy the file into `/etc/chrony.d` before editing it, which I think > would still be reasonable, but it's more difficult for the admin to > see all the main directives that way. I think I'd prefer some grouping of directives in fragments like "10-timesources", "10-defaultpaths" that could be shared between distributions over single-directive fragments and the "reset" directive, but I don't really like the fact the admin needs to use a correct name for the file in order to disable the default sources. I'll need to think about this more. > Agreed, it makes sense now to simplify the file now the helper > isn't included - updated now. Applied. Thanks! -- Miroslav Lichvar -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
Re: [chrony-dev] [PATCH] nm-dispatcher: handle NTP servers from DHCP
On Mon, Jun 22, 2020 at 11:19 AM Miroslav Lichvar wrote: > > On Thu, Jun 18, 2020 at 11:21:29AM -0400, Robert Fairley wrote: > > On Thu, Jun 18, 2020 at 6:31 AM Miroslav Lichvar > > wrote: > > > > > > I think it could be a fragment now, and probably everything else > > > except the default servers. I'll see if I can add an example of > > > a fragmented configuration, which downstreams could use. > > > > > I've some questions about fragmented configuration: > > - Should they be in /usr/lib/chrony.d or /usr/share/chrony.d? > My opinion is /usr/lib/chrony.d to align with most existing projects using overlay/dropin fragments - e.g. systemd sysusers.d and tmpfiles.d. For /usr/share it seems like a common pattern is serving it to a group of machines from an NFS server whereas /usr/lib would normally be local - I guess in those situations /usr/lib would be more efficient avoiding a network call to read the config files? https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch04s11.html > - Does it make sense to add fragments that only have commented-out > directives? Should they be in /etc/chrony.d? The provided files > shouldn't be edited by the admin, but how will they know about the > important directives? > Still thinking on this, but I wonder if something like `reset ` could be implemented to allow a directive specified later to ignore previous settings for that directive. E.g., the usual `/etc/chrony.conf` file could be left as it is now with the current `pool` setting, but if a distribution wanted to "reset" this so that no pool was given it could drop `/usr/lib/chrony.d/90-pool.conf` containing: ``` reset pool pool 2.fedora.pool.ntp.org iburst ``` which would have the effect of deleting the `pool` directive from `/etc/chrony.conf` and replacing it with the fedora pool. This would be a similar effect to passing an empty string to `ExecStart=` in systemd unit files (https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStart=). This would let the main options stay together within `/etc/chrony.conf` but allow vendors (like Fedora CoreOS) to override them if needed by dropping into `/usr/lib/chrony.d`. There could still be ways to proceed without doing this, but I'm not sure of a natural way of grouping the directives into files, without assuming which ones are likely to be overridden by a distribution and preserving visibility of the config (e.g. `pool`, `makestep`, `sourcedirs` would be best in separate files within `/usr/lib/chrony.d` to allow overriding in the case of Fedora CoreOS, but that won't apply for other distributions). Another way is having only one directive in each `.conf` file under `/usr/lib/chrony.d` and require admins to copy the file into `/etc/chrony.d` before editing it, which I think would still be reasonable, but it's more difficult for the admin to see all the main directives that way. > > +++ b/examples/chrony.nm-dispatcher.dhcp.in > > @@ -0,0 +1,43 @@ > > > +chronyc=@CHRONYC@ > > +default_server_options=@CHRONY_DEFAULT_SERVER_OPTIONS@ > > +server_dir=@CHRONY_SERVER_DIR@ > > After removing the helper and its directory, I'm now wondering if > those three substitution are worth the trouble. Why not just set them > to "/usr/bin/chronyc", "iburst", and "/var/run/chrony-dhcp"? That > should work for most distributions/users and the remaining can fix > them, like the other provided examples. It could also work with an > example fragment using "sourcedirs" to read the files. > Agreed, it makes sense now to simplify the file now the helper isn't included - updated now. From 09619ea5b6924aaedec391b15e2ec7c512f517c0 Mon Sep 17 00:00:00 2001 From: Robert Fairley Date: Thu, 4 Jun 2020 14:48:35 -0400 Subject: [PATCH 1/2] examples: add dispatcher for NTP servers from DHCP Add new NM dispatcher script for NTP servers given by DHCP through NetworkManager in a similar way to how distributions have done in 11-dhclient, e.g. [1]. New NTP servers are written as entries to a file per-interface in /var/run/chrony-dhcp, which is re-read by chronyd upon executing `chronyc reload sources`. This provides a way for NTP server configuration to be carried over from NetworkManager DHCP events to chrony, for DHCP clients other than dhclient. Part of fixing integration where the NetworkManager internal client is used, e.g [2]. Paths to the chronyc executable and sources directory are set in variables, which may be overwritten by downstream packages, but should work for distributions for the most part. [1] https://src.fedoraproject.org/rpms/dhcp/blob/master/f/11-dhclient [2] https://bugzilla.redhat.com/show_bug.cgi?id=1800901 --- examples/chrony.nm-dispatcher.dhcp | 43 ++ 1 file changed, 43 insertions(+) create mode 100644 examples/chrony.nm-dispatcher.dhcp diff --git a/examples/chrony.nm-dispatcher.dhcp b/examples/chrony.nm-dispatcher.dhcp new file mode 100644 index 000..6ea4c37 --- /dev/null +++ b/examples/chrony.nm-dispatcher.dhcp @@ -0,0
Re: [chrony-dev] [PATCH] nm-dispatcher: handle NTP servers from DHCP
On Thu, Jun 18, 2020 at 11:21:29AM -0400, Robert Fairley wrote: > On Thu, Jun 18, 2020 at 6:31 AM Miroslav Lichvar wrote: > > > > I think it could be a fragment now, and probably everything else > > except the default servers. I'll see if I can add an example of > > a fragmented configuration, which downstreams could use. > > I've some questions about fragmented configuration: - Should they be in /usr/lib/chrony.d or /usr/share/chrony.d? - Does it make sense to add fragments that only have commented-out directives? Should they be in /etc/chrony.d? The provided files shouldn't be edited by the admin, but how will they know about the important directives? Do other maintainers have any preferences or suggestions? > +++ b/examples/chrony.nm-dispatcher.dhcp.in > @@ -0,0 +1,43 @@ > +chronyc=@CHRONYC@ > +default_server_options=@CHRONY_DEFAULT_SERVER_OPTIONS@ > +server_dir=@CHRONY_SERVER_DIR@ After removing the helper and its directory, I'm now wondering if those three substitution are worth the trouble. Why not just set them to "/usr/bin/chronyc", "iburst", and "/var/run/chrony-dhcp"? That should work for most distributions/users and the remaining can fix them, like the other provided examples. It could also work with an example fragment using "sourcedirs" to read the files. -- Miroslav Lichvar -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
Re: [chrony-dev] [PATCH] nm-dispatcher: handle NTP servers from DHCP
On Thu, Jun 18, 2020 at 6:31 AM Miroslav Lichvar wrote:
>
> I think it could be a fragment now, and probably everything else
> except the default servers. I'll see if I can add an example of
> a fragmented configuration, which downstreams could use.
>
That'd help a lot! Would then rebase
https://src.fedoraproject.org/rpms/chrony/pull-request/3
on that.
> The patches look good, except the commit message still mentions the
> helper. Can you please update that?
>
Sorry I had missed that, had not checked the commit messages again
after removing the helper commit. Fixed.
> > +++ b/examples/chrony.nm-dispatcher.dhcp.in
> > @@ -0,0 +1,44 @@
> > +#!/bin/sh
> > +# This is a NetworkManager dispatcher script for chronyd to update
> > +# its NTP sources passed from DHCP options. Note that this script is
> > +# specific to NetworkManager-dispatcher due to use of the
> > +# DHCP4_NTP_SERVERS environment variable. For networkd-dispatcher,
> > +# an alternative approach is external means such as a dhclient hook.
>
> Maybe don't mention networkd-dispatcher here at all? If someone adds
> support to this script, or adds a new script, it will be mentioned
> there.
>
Makes sense, updated!
Thanks,
Robert
From bec10018a7d4468fbfc531438ae312e12debbf23 Mon Sep 17 00:00:00 2001
From: Robert Fairley
Date: Thu, 4 Jun 2020 14:48:35 -0400
Subject: [PATCH 1/2] examples: add dispatcher for NTP servers from DHCP
Add new NM dispatcher script for NTP servers given by DHCP through
NetworkManager in a similar way to how distributions have done in
11-dhclient, e.g. [1]. New NTP servers are written as entries to a
file per-interface in CHRONY_SERVER_DIR, which is re-read by
chronyd upon executing `chronyc reload sources`.
This provides a way for NTP server configuration to be carried over
from NetworkManager DHCP events to chrony, for DHCP clients other
than dhclient. Part of fixing integration where the NetworkManager
internal client is used, e.g [2].
Paths and options are made configurable through macros that can be
substituted at install time with distribution-specific values.
[1] https://src.fedoraproject.org/rpms/dhcp/blob/master/f/11-dhclient
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1800901
---
examples/chrony.nm-dispatcher.dhcp.in | 43 +++
1 file changed, 43 insertions(+)
create mode 100644 examples/chrony.nm-dispatcher.dhcp.in
diff --git a/examples/chrony.nm-dispatcher.dhcp.in b/examples/chrony.nm-dispatcher.dhcp.in
new file mode 100644
index 000..bbd9430
--- /dev/null
+++ b/examples/chrony.nm-dispatcher.dhcp.in
@@ -0,0 +1,43 @@
+#!/bin/sh
+# This is a NetworkManager dispatcher script for chronyd to update
+# its NTP sources passed from DHCP options. Note that this script is
+# specific to NetworkManager-dispatcher due to use of the
+# DHCP4_NTP_SERVERS environment variable.
+
+export LC_ALL=C
+
+interface=$1
+action=$2
+
+chronyc=@CHRONYC@
+default_server_options=@CHRONY_DEFAULT_SERVER_OPTIONS@
+server_dir=@CHRONY_SERVER_DIR@
+
+dhcp_server_file=$server_dir/$interface.sources
+# DHCP4_NTP_SERVERS is passed from DHCP options by NetworkManager.
+nm_dhcp_servers=$DHCP4_NTP_SERVERS
+
+add_servers_from_dhcp() {
+rm -f "$dhcp_server_file"
+for server in $nm_dhcp_servers; do
+echo "server $server $default_server_options" >> "$dhcp_server_file"
+done
+$chronyc reload sources > /dev/null 2>&1 || :
+}
+
+clear_servers_from_dhcp() {
+if [ -f "$dhcp_server_file" ]; then
+rm -f "$dhcp_server_file"
+$chronyc reload sources > /dev/null 2>&1 || :
+fi
+}
+
+mkdir -p $server_dir
+
+if [ "$action" = "up" ] || [ "$action" = "dhcp4-change" ]; then
+add_servers_from_dhcp
+elif [ "$action" = "down" ]; then
+clear_servers_from_dhcp
+fi
+
+exit 0
--
2.26.2
From 1d1abaa07c96249fd15a3a2676d362acbbf7916b Mon Sep 17 00:00:00 2001
From: Robert Fairley
Date: Thu, 4 Jun 2020 14:48:40 -0400
Subject: [PATCH 2/2] examples/nm-dispatcher: make chronyc configurable
Similar to the DHCP dispatcher, add the @CHRONYC@ macro to make the
chronyc command path configurable at install time.
Add the suffix `.in` to the filename to indicate this must be
substituted.
Also give an `.onoffline` suffix to more clearly differentiate
this script from `chrony.nm-dispatcher.dhcp.in`.
---
...chrony.nm-dispatcher => chrony.nm-dispatcher.onoffline.in} | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
rename examples/{chrony.nm-dispatcher => chrony.nm-dispatcher.onoffline.in} (87%)
diff --git a/examples/chrony.nm-dispatcher b/examples/chrony.nm-dispatcher.onoffline.in
similarity index 87%
rename from examples/chrony.nm-dispatcher
rename to examples/chrony.nm-dispatcher.onoffline.in
index 0b0c3e7..7c0e2dd 100644
--- a/examples/chrony.nm-dispatcher
+++ b/examples/chrony.nm-dispatcher.onoffline.in
@@ -5,11 +5,13 @@
export LC_ALL=C
+chronyc=@CHRONYC@
+
# For NetworkManager consider only up/down events
[ $# -ge 2 ] && [ "$2" != "up" ] && [ "$2" != "down" ] && exit 0
#
Re: [chrony-dev] [PATCH] nm-dispatcher: handle NTP servers from DHCP
On Thu, Jun 18, 2020 at 04:01:27AM -0400, Robert Fairley wrote: > For now I've left https://src.fedoraproject.org/rpms/chrony/pull-request/3 > with a fragment for `sourcedirs`, as the PR is pending the `sourcedirs` > being packaged. In the meantime I can take a look to see what changes > are needed in the installer and others. Otherwise, for now having > `sourcedirs` appended the main `/etc/chrony.conf` would be fine (with > respect to allowing overriding the propagation from DHCP, we'd > later on aim to make this its own fragment, if acceptable). I think it could be a fragment now, and probably everything else except the default servers. I'll see if I can add an example of a fragmented configuration, which downstreams could use. > So far I have tested these patches with the downstream macro > substitutions and sysconfig patch applied, and using `sourcedirs` > to specify `/var/run/chrony-dhcp`, in Fedora Rawhide. On modifying the > `*.sources` files and `chronyc reload sources` (or > deactivating/activating the NM interface to re-run the dispatcher, > the sources from a DHCP server appeared in `chronyc sources`. Great. The patches look good, except the commit message still mentions the helper. Can you please update that? > +++ b/examples/chrony.nm-dispatcher.dhcp.in > @@ -0,0 +1,44 @@ > +#!/bin/sh > +# This is a NetworkManager dispatcher script for chronyd to update > +# its NTP sources passed from DHCP options. Note that this script is > +# specific to NetworkManager-dispatcher due to use of the > +# DHCP4_NTP_SERVERS environment variable. For networkd-dispatcher, > +# an alternative approach is external means such as a dhclient hook. Maybe don't mention networkd-dispatcher here at all? If someone adds support to this script, or adds a new script, it will be mentioned there. Thanks, -- Miroslav Lichvar -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
Re: [chrony-dev] [PATCH] nm-dispatcher: handle NTP servers from DHCP
On Wed, Jun 10, 2020 at 2:59 AM Miroslav Lichvar wrote: > > On Tue, Jun 09, 2020 at 02:09:54PM -0400, Robert Fairley wrote: > > That sounds a good idea! We only need to reload the NTP sources - > > having a directive to specify where the NTP sources are managed makes > > sense. Would the directive point to a file/directory/glob to load > > files containing the NTP server config from? > > I was thinking about reusing the confdirs code with its syntax, e.g. > > sourcedirs /etc/chrony.d /var/run/chrony-dhcp > > I'm not sure how much sense it will make to override the source files > (maybe disable servers from a specific interface?), but it's free and > it's easier to document. > Using sourcedirs, with the current behavior of reading *.sources files from all directories specified SGTM (thank you for implementing that already!) For overriding, we really just need a switch to disable propagating sources from DHCP through host configuration. At first I was thinking have direct overrides for `*.source` files, but the per-interface filenames would be difficult to override from /etc directories (and probably wouldn't make sense to allow this semantic). With the current implementation using `confdirs`, the `sourcedirs /var/run/chrony-dhcp` line could exist as its own config fragment under /usr/lib/chrony.d, which could be overridden/disabled by writing into /etc/chrony.d. This would fit the use case for specifying the per-platform configs in FCOS and ignoring DHCP - https://github.com/coreos/fedora-coreos-config/blob/testing-devel/overlay.d/20platform-chrony/usr/lib/systemd/system-generators/coreos-platform-chrony. In https://src.fedoraproject.org/rpms/chrony/c/93dbaa93159f5d4ffc601f88d0b57b6c7c839dda I added an example of how the fragment could look. > As for your patchset, it would be good to rebase it to not include the > helper. It won't be very useful and we can probably drop it downstream > too. AFAIK nobody is really using the DNS SRV support. It was meant to > be used by the ipa installer, but it doesn't look like they ever used > it. For the static sources we might want to discourage editing the > main config. > Done. I left it in the package in https://src.fedoraproject.org/rpms/chrony/pull-request/3 for now - later on the helper and code using it can be removed. > There are other tools that rely on NTP sources being specified in the > main config (e.g. the installer). They will need to be updated before > we can move the default servers to a fragment. > For now I've left https://src.fedoraproject.org/rpms/chrony/pull-request/3 with a fragment for `sourcedirs`, as the PR is pending the `sourcedirs` being packaged. In the meantime I can take a look to see what changes are needed in the installer and others. Otherwise, for now having `sourcedirs` appended the main `/etc/chrony.conf` would be fine (with respect to allowing overriding the propagation from DHCP, we'd later on aim to make this its own fragment, if acceptable). So far I have tested these patches with the downstream macro substitutions and sysconfig patch applied, and using `sourcedirs` to specify `/var/run/chrony-dhcp`, in Fedora Rawhide. On modifying the `*.sources` files and `chronyc reload sources` (or deactivating/activating the NM interface to re-run the dispatcher, the sources from a DHCP server appeared in `chronyc sources`. From 2c5875aede60b040b5613e71eb0d7884041a48fd Mon Sep 17 00:00:00 2001 From: Robert Fairley Date: Thu, 4 Jun 2020 14:48:35 -0400 Subject: [PATCH 1/2] examples: add dispatcher for NTP servers from DHCP Add new NM dispatcher script for NTP servers given by DHCP through NetworkManager in a similar way to how distributions have done in 11-dhclient, e.g. [1]. New NTP servers are written as entries to a file per-interface in CHRONY_SERVER_DIR, which is read by chrony.helper when updating the chrony service. This provides a way for NTP server configuration to be carried over from NetworkManager DHCP events to chrony, for DHCP clients other than dhclient. Part of fixing integration where the NetworkManager internal client is used, e.g [2]. Similarly to the chrony.helper script, make paths and options configurable through macros that can be substituted at install time. [1] https://src.fedoraproject.org/rpms/dhcp/blob/master/f/11-dhclient [2] https://bugzilla.redhat.com/show_bug.cgi?id=1800901 --- examples/chrony.nm-dispatcher.dhcp.in | 44 +++ 1 file changed, 44 insertions(+) create mode 100644 examples/chrony.nm-dispatcher.dhcp.in diff --git a/examples/chrony.nm-dispatcher.dhcp.in b/examples/chrony.nm-dispatcher.dhcp.in new file mode 100644 index 000..d1f34eb --- /dev/null +++ b/examples/chrony.nm-dispatcher.dhcp.in @@ -0,0 +1,44 @@ +#!/bin/sh +# This is a NetworkManager dispatcher script for chronyd to update +# its NTP sources passed from DHCP options. Note that this script is +# specific to NetworkManager-dispatcher due to use of the +# DHCP4_NTP_SERVERS environment variable.
Re: [chrony-dev] [PATCH] nm-dispatcher: handle NTP servers from DHCP
On Tue, Jun 09, 2020 at 02:09:54PM -0400, Robert Fairley wrote: > That sounds a good idea! We only need to reload the NTP sources - > having a directive to specify where the NTP sources are managed makes > sense. Would the directive point to a file/directory/glob to load > files containing the NTP server config from? I was thinking about reusing the confdirs code with its syntax, e.g. sourcedirs /etc/chrony.d /var/run/chrony-dhcp I'm not sure how much sense it will make to override the source files (maybe disable servers from a specific interface?), but it's free and it's easier to document. As for your patchset, it would be good to rebase it to not include the helper. It won't be very useful and we can probably drop it downstream too. AFAIK nobody is really using the DNS SRV support. It was meant to be used by the ipa installer, but it doesn't look like they ever used it. For the static sources we might want to discourage editing the main config. There are other tools that rely on NTP sources being specified in the main config (e.g. the installer). They will need to be updated before we can move the default servers to a fragment. -- Miroslav Lichvar -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
Re: [chrony-dev] [PATCH] nm-dispatcher: handle NTP servers from DHCP
On Mon, Jun 8, 2020 at 10:54 AM Miroslav Lichvar wrote:
> Would it make sense to add a suffix to the non-DHCP dispatcher script
> (e.g .online -> 20-chrony-online) to avoid confusion with the two
> scripts?
Done - I gave it `onoffline` as a suffix, just to help suggest it
applies for offline situations too (for dropping in on.d and off.d
for networkd-dispatcher). "online" would be fine too though.
> Also, could you please rename the default_options variables in the
> helper and dispatcher scripts to something like default_source_options
> or default_server_options to make it more clear where the options are
> used?
Done.
Updated the patches and attached an interdiff below for the changes.
We'll want to change the .dhcp dispatcher or the helper soon to use
the new directive, once implemented. Good with holding this
pending resolution of the new directive, and updating to use the
directive, but also good with merging as-is and iterating.
From 9cd346a6478193e9606de5ecebe33633744ae37a Mon Sep 17 00:00:00 2001
From: Robert Fairley
Date: Thu, 4 Jun 2020 14:48:24 -0400
Subject: [PATCH 1/3] examples: upstream chrony.helper script
Add an example chrony.helper file, which was initially copied from
the downstream Fedora downstream package, with distro-specific parts
taken out. Overall the following changes are made from the downstream
version:
* Remove use of `/etc/sysconfig`, which is specific to
Fedora/RHEL.
* Make the paths in variables such as chrony_conf and
helper_dir configurable through macros @CHRONY_CONF@ and
@CHRONY_HELPER_DIR@. Values used here may vary across
distributions, and should be set by downstream packages.
* Introduce the server_dir variable, where `chrony.servers.*` files
are placed, so that a common macro @CHRONY_SERVER_DIR@ between the
helper script and the NetworkManager dispatch script can be used.
* Remove dhclient identifiers and commands.
---
examples/chrony.helper.in | 264 ++
1 file changed, 264 insertions(+)
create mode 100644 examples/chrony.helper.in
diff --git a/examples/chrony.helper.in b/examples/chrony.helper.in
new file mode 100644
index 000..6dbab81
--- /dev/null
+++ b/examples/chrony.helper.in
@@ -0,0 +1,264 @@
+#!/bin/bash
+# This script configures running chronyd to use NTP servers obtained from
+# DHCP and _ntp._udp DNS SRV records. Files with servers from DHCP are managed
+# externally (e.g. by a dhclient script). Files with servers from DNS SRV
+# records are updated here using the dig utility. The script can also list
+# and set static sources in the chronyd configuration file.
+
+chronyc=@CHRONYC@
+chrony_conf=@CHRONY_CONF@
+chrony_service=@CHRONY_SERVICE@
+default_server_options=@CHRONY_DEFAULT_SERVER_OPTIONS@
+helper_dir=@CHRONY_HELPER_DIR@
+server_dir=@CHRONY_SERVER_DIR@
+
+dhcp_servers_files="${server_dir}/chrony.servers.*"
+added_servers_file=$helper_dir/added_servers
+dnssrv_servers_files="$helper_dir/dnssrv@*"
+dnssrv_timer_prefix=chrony-dnssrv@
+
+chrony_command() {
+$chronyc -a -n -m "$1"
+}
+
+is_running() {
+chrony_command "tracking" &> /dev/null
+}
+
+get_servers_files() {
+echo "$dhcp_servers_files"
+echo "$dnssrv_servers_files"
+}
+
+is_update_needed() {
+for file in $(get_servers_files) $added_servers_file; do
+[ -e "$file" ] && return 0
+done
+return 1
+}
+
+update_daemon() {
+local all_servers_with_args all_servers added_servers
+
+if ! is_running; then
+rm -f $added_servers_file
+return 0
+fi
+
+all_servers_with_args=$(cat $(get_servers_files) 2> /dev/null)
+
+all_servers=$(
+echo "$all_servers_with_args" |
+while read -r server serverargs; do
+echo "$server"
+done | sort -u)
+added_servers=$( (
+cat $added_servers_file 2> /dev/null
+echo "$all_servers_with_args" |
+while read -r server serverargs; do
+[ -z "$server" ] && continue
+chrony_command "add server $server $serverargs" &> /dev/null &&
+echo "$server"
+done) | sort -u)
+
+comm -23 <(echo -n "$added_servers") <(echo -n "$all_servers") |
+while read -r server; do
+chrony_command "delete $server" &> /dev/null
+done
+
+added_servers=$(comm -12 <(echo -n "$added_servers") <(echo -n "$all_servers"))
+
+if [ -n "$added_servers" ]; then
+echo "$added_servers" > $added_servers_file
+else
+rm -f $added_servers_file
+fi
+}
+
+get_dnssrv_servers() {
+local name=$1 output
+
+if ! command -v dig &> /dev/null; then
+echo "Missing dig (DNS lookup utility)" >&2
+return 1
+fi
+
+output=$(dig "$name" srv +short +ndots=2 +search 2> /dev/null) || return 0
+
+echo "$output" | while read -r _ _ port target; do
+server=${target%.}
+[ -z "$server" ] && continue
+echo "$server port $port $default_server_options"
+
Re: [chrony-dev] [PATCH] nm-dispatcher: handle NTP servers from DHCP
On Tue, Jun 9, 2020 at 5:54 AM Miroslav Lichvar wrote: > Following up on the comments from bugzilla about reloading > configuration. > > chronyd cannot easily support reloading its configuration (e.g. due to > losing root privileges), but it could have a directive specific to NTP > sources. The files could be reloaded on request from chronyc. It would > basically reimplement the logic from the chrony-helper script, which > would became redundant. > > A dispatcher script would just create or remove a *.sources file in a > directory (e.g. /var/run/chrony-dhcp) specified in chrony.conf and a > chronyc command would tell chronyd to add the new sources and/or > remove sources that are no longer there. > That sounds a good idea! We only need to reload the NTP sources - having a directive to specify where the NTP sources are managed makes sense. Would the directive point to a file/directory/glob to load files containing the NTP server config from? I'd imagine if we wanted to be able to override the directive via host configuration in /etc, a chrony.d config fragment could contain something like (calling it `external-sources` for the example): ``` # /usr/lib/chrony.d/10-dhcp-sources external-sources /var/run/chrony-dhcp/*.sources ``` Which could be overridden by dropping an empty file at `/etc/chrony.d/10-dhcp-sources`, effectively disabling NTP sources from DHCP. -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
Re: [chrony-dev] [PATCH] nm-dispatcher: handle NTP servers from DHCP
On Fri, Jun 05, 2020 at 06:23:21PM -0400, Robert Fairley wrote: > Attached an interdiff of the overall changes from last comments. > > I have also updated https://src.fedoraproject.org/rpms/chrony/pull-request/3 > with the downstream patch that would be applied downstream to work with > Fedora/RHEL. Following up on the comments from bugzilla about reloading configuration. chronyd cannot easily support reloading its configuration (e.g. due to losing root privileges), but it could have a directive specific to NTP sources. The files could be reloaded on request from chronyc. It would basically reimplement the logic from the chrony-helper script, which would became redundant. A dispatcher script would just create or remove a *.sources file in a directory (e.g. /var/run/chrony-dhcp) specified in chrony.conf and a chronyc command would tell chronyd to add the new sources and/or remove sources that are no longer there. All sources would be visible in chrony.conf. No need to set a PEERNTP variable to disable the servers from DHCP. I'll see what it would take to implement such directive. -- Miroslav Lichvar -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
Re: [chrony-dev] [PATCH] nm-dispatcher: handle NTP servers from DHCP
On Fri, Jun 05, 2020 at 06:23:21PM -0400, Robert Fairley wrote: > On Thu, May 28, 2020 at 5:44 AM Miroslav Lichvar wrote: > > I suspect this breaks the networkd-dispatcher support. IIRC there are no > > arguments passed to the script. > > I see - I should have looked into what'd happen if less than 2 > arguments were passed. Reading on networkd-dispatcher - I think to > best preserve compatibility of the original chrony.nm-dispatcher > file (e.g. so downstreams using networkd-dispatcher don't need to > patch the file), the DHCP bits should be kept in a separate > dispatcher script. I updated the patch to instead add > `chrony.nm-dispatcher.dhcp.in`. That way, `chrony.nm-dispatcher.dhcp` > (after substituting macros) can be packaged downstream as > `/usr/lib/NetworkManager/dispatcher.d/20-chrony-dhcp` or so, or > ignored if not using NetworkManager. Good idea. Would it make sense to add a suffix to the non-DHCP dispatcher script (e.g .online -> 20-chrony-online) to avoid confusion with the two scripts? Also, could you please rename the default_options variables in the helper and dispatcher scripts to something like default_source_options or default_server_options to make it more clear where the options are used? Thanks, -- Miroslav Lichvar -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
Re: [chrony-dev] [PATCH] nm-dispatcher: handle NTP servers from DHCP
On Thu, May 28, 2020 at 5:44 AM Miroslav Lichvar wrote:
> > From 9cf2514489352140f70d650cfc6f41f4e4f6a983 Mon Sep 17 00:00:00 2001
> > From: Robert Fairley
> > Date: Sat, 23 May 2020 02:10:38 -0400
> > Subject: [PATCH 1/2] examples: upstream chrony.helper script
>
> This patch looks good to me, but please send them as attachments or
> separate mails, not mangled by your MUA. git am complained it is
> corrupted.
Right - apologies for that previously, had pasted them into the email
text before. Sent them as separate attachments now to this email.
> > From fe3db7858a3fd6180c89fd25fd37a5e16805b31a Mon Sep 17 00:00:00 2001
> > From: Robert Fairley
> > Date: Wed, 20 May 2020 14:36:38 -0400
> > Subject: [PATCH 2/2] nm-dispatcher: handle NTP servers from DHCP
>
> Please change the subject prefix to "examples:".
Updated.
> > +# Make sure the two action interface and action arguments are passed by
> > +# NetworkManager before continuing.
> > +[ $# -lt 2 ] && exit 0
>
> I suspect this breaks the networkd-dispatcher support. IIRC there are no
> arguments passed to the script.
I see - I should have looked into what'd happen if less than 2
arguments were passed. Reading on networkd-dispatcher - I think to
best preserve compatibility of the original chrony.nm-dispatcher
file (e.g. so downstreams using networkd-dispatcher don't need to
patch the file), the DHCP bits should be kept in a separate
dispatcher script. I updated the patch to instead add
`chrony.nm-dispatcher.dhcp.in`. That way, `chrony.nm-dispatcher.dhcp`
(after substituting macros) can be packaged downstream as
`/usr/lib/NetworkManager/dispatcher.d/20-chrony-dhcp` or so, or
ignored if not using NetworkManager.
Alternatively, the DHCP parts could be kept in the same file
(`chrony.nm-dispatcher`) with `[ $# -lt 2 ] && exit 0` removed, then
the added DHCP parts shouldn't affect networkd-dispatcher (as DHCP
parts will only be active if two arguments are passed). Distros using
networkd would probably still want to patch out the DHCP code though
as it'll be inactive code - so I decided to make it a separate file here.
Keeping it to one dispatcher file should be fine though,
functionally, if preferred.
> > +for server in $DHCP4_NTP_SERVERS; do
> > +echo "$server iburst" >> "$dhcp_server_file"
> > +done
> > +/usr/libexec/chrony-helper update-daemon || :
>
> It would be nice to have the default options and the chrony-helper
> path in variables.
Done! I also made chronyc configurable in the existing nm-dispatcher
while at it.
Attached an interdiff of the overall changes from last comments.
I have also updated https://src.fedoraproject.org/rpms/chrony/pull-request/3
with the downstream patch that would be applied downstream to work with
Fedora/RHEL.
From 3f26a5e7c60cdaec25b69f7b4805096b0f44514d Mon Sep 17 00:00:00 2001
From: Robert Fairley
Date: Thu, 4 Jun 2020 14:48:24 -0400
Subject: [PATCH 1/3] examples: upstream chrony.helper script
Add an example chrony.helper file, which was initially copied from
the downstream Fedora downstream package, with distro-specific parts
taken out. Overall the following changes are made from the downstream
version:
* Remove use of `/etc/sysconfig`, which is specific to
Fedora/RHEL.
* Make the paths in variables such as chrony_conf and
helper_dir configurable through macros @CHRONY_CONF@ and
@CHRONY_HELPER_DIR@. Values used here may vary across
distributions, and should be set by downstream packages.
* Introduce the server_dir variable, where `chrony.servers.*` files
are placed, so that a common macro @CHRONY_SERVER_DIR@ between the
helper script and the NetworkManager dispatch script can be used.
* Remove dhclient identifiers and commands.
---
examples/chrony.helper.in | 264 ++
1 file changed, 264 insertions(+)
create mode 100644 examples/chrony.helper.in
diff --git a/examples/chrony.helper.in b/examples/chrony.helper.in
new file mode 100644
index 000..d50ccf7
--- /dev/null
+++ b/examples/chrony.helper.in
@@ -0,0 +1,264 @@
+#!/bin/bash
+# This script configures running chronyd to use NTP servers obtained from
+# DHCP and _ntp._udp DNS SRV records. Files with servers from DHCP are managed
+# externally (e.g. by a dhclient script). Files with servers from DNS SRV
+# records are updated here using the dig utility. The script can also list
+# and set static sources in the chronyd configuration file.
+
+chronyc=@CHRONYC@
+chrony_conf=@CHRONY_CONF@
+chrony_service=@CHRONY_SERVICE@
+default_options=@CHRONY_DEFAULT_OPTIONS@
+helper_dir=@CHRONY_HELPER_DIR@
+server_dir=@CHRONY_SERVER_DIR@
+
+dhcp_servers_files="${server_dir}/chrony.servers.*"
+added_servers_file=$helper_dir/added_servers
+dnssrv_servers_files="$helper_dir/dnssrv@*"
+dnssrv_timer_prefix=chrony-dnssrv@
+
+chrony_command() {
+$chronyc -a -n -m "$1"
+}
+
+is_running() {
+chrony_command "tracking" &> /dev/null
+}
+
+get_servers_files() {
+echo "$dhcp_servers_files"
+echo
Re: [chrony-dev] [PATCH] nm-dispatcher: handle NTP servers from DHCP
On Tue, May 26, 2020 at 03:26:21PM -0400, Robert Fairley wrote: > Thank you for the feedback and suggestions on the approach, makes sense > to keep the files as general examples without the distribution-specific > handling. I have updated the patch to include chrony.helper.in, following > these points. One part of the above description which I deviated from > while making the edits is the following: > > - Use @DHCP_SERVERS_DIR@ instead of @DHCP_SERVERS_FILES@. In the Makes sense. > From 9cf2514489352140f70d650cfc6f41f4e4f6a983 Mon Sep 17 00:00:00 2001 > From: Robert Fairley > Date: Sat, 23 May 2020 02:10:38 -0400 > Subject: [PATCH 1/2] examples: upstream chrony.helper script This patch looks good to me, but please send them as attachments or separate mails, not mangled by your MUA. git am complained it is corrupted. > From fe3db7858a3fd6180c89fd25fd37a5e16805b31a Mon Sep 17 00:00:00 2001 > From: Robert Fairley > Date: Wed, 20 May 2020 14:36:38 -0400 > Subject: [PATCH 2/2] nm-dispatcher: handle NTP servers from DHCP Please change the subject prefix to "examples:". > +# Make sure the two action interface and action arguments are passed by > +# NetworkManager before continuing. > +[ $# -lt 2 ] && exit 0 I suspect this breaks the networkd-dispatcher support. IIRC there are no arguments passed to the script. > +for server in $DHCP4_NTP_SERVERS; do > +echo "$server iburst" >> "$dhcp_server_file" > +done > +/usr/libexec/chrony-helper update-daemon || : It would be nice to have the default options and the chrony-helper path in variables. Other that I think it's great and I like the descriptive commit messages. Thanks, -- Miroslav Lichvar -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
Re: [chrony-dev] [PATCH] nm-dispatcher: handle NTP servers from DHCP
On Mon, May 25, 2020 at 7:27 AM Miroslav Lichvar wrote:
> I'd rather avoid having any distribution-specific code in the
> examples. If there was a downstream change in one of the directories
> for instance, we would need to support different versions of the
> distribution.
>
> If you would like to submit the chrony-helper script, please remove
> the sysconfig/PEERNTP stuff. It can be put back in a downstream patch.
> The various locations in the script can be set to strings like
> @CHRONYC@, @CHRONYCONF@, @DHCP_SERVERS_FILES@ to indicate they need to
> be edited before use.
>
> Also, please rename the dhclient_servers_files variable to
> dhcp_servers_file and remove the add/remove-dhclient-servers commands.
>
> The NM dispatcher script should follow the same idea, e.g. the check
> of /sbin/dhclient should be in a downstream patch.
Thank you for the feedback and suggestions on the approach, makes sense
to keep the files as general examples without the distribution-specific
handling. I have updated the patch to include chrony.helper.in, following
these points. One part of the above description which I deviated from
while making the edits is the following:
- Use @DHCP_SERVERS_DIR@ instead of @DHCP_SERVERS_FILES@. In the
helper, dhcp_servers_files is a glob expression, but
dhcp_server_file in the NM dispatcher is variable based on the
${interface} argument. To avoid two different macros for these two
variables, and avoid passing in a variable reference "${interface}" as
part of a config string, I made only the directory configurable.
That way, both the helper and NM dispatcher can use one macro
@DHCP_SERVERS_DIR@.
I have updated https://src.fedoraproject.org/rpms/chrony/pull-request/3
with the downstream changes for adding back sysconfig, etc., which is
the `examples-use-sysconfig-detect-dhclient.patch` file. The other two
`.patch` files in that PR add in the upstream patches proposed in this
email.
So far, I have tested these changes by manually applying the files,
with the downstream patch for Fedora, in Fedora CoreOS (the F32-based
"next" stream) with and without dhclient present on the system, with
a DHCP server on the same network using the `ntp-servers` option. In
both cases NTP server config files are written to `/var/lib/dhclient`
or `/var/lib/chrony/servers`, and the NTP servers from the DHCP server
are listed with `chronyc sources`.
>From 9cf2514489352140f70d650cfc6f41f4e4f6a983 Mon Sep 17 00:00:00 2001
From: Robert Fairley
Date: Sat, 23 May 2020 02:10:38 -0400
Subject: [PATCH 1/2] examples: upstream chrony.helper script
Add an example chrony.helper file, which was initially copied from
the downstream Fedora downstream package, with distro-specific parts
taken out. Overall the following changes are made from the downstream
version:
* Remove use of `/etc/sysconfig`, which is specific to
Fedora/RHEL.
* Make the paths in variables such as chrony_conf and
helper_dir configurable through markers @CHRONY_CONF@ and
@CHRONY_HELPER_DIR@. Values used here may vary across
distributions, and should be set by downstream packages.
* Introduce the server_dir variable, where `chrony.servers.*` files
are placed, so that a common marker @CHRONY_SERVER_DIR@ between the
helper script and the NetworkManager dispatch script can be used.
* Remove dhclient identifiers and commands.
---
examples/chrony.helper.in | 263 ++
1 file changed, 263 insertions(+)
create mode 100644 examples/chrony.helper.in
diff --git a/examples/chrony.helper.in b/examples/chrony.helper.in
new file mode 100644
index 000..b743a08
--- /dev/null
+++ b/examples/chrony.helper.in
@@ -0,0 +1,263 @@
+#!/bin/bash
+# This script configures running chronyd to use NTP servers obtained from
+# DHCP and _ntp._udp DNS SRV records. Files with servers from DHCP are managed
+# externally (e.g. by a dhclient script). Files with servers from DNS SRV
+# records are updated here using the dig utility. The script can also list
+# and set static sources in the chronyd configuration file.
+
+chronyc=@CHRONYC@
+chrony_conf=@CHRONY_CONF@
+chrony_service=@CHRONY_SERVICE@
+helper_dir=@CHRONY_HELPER_DIR@
+server_dir=@CHRONY_SERVER_DIR@
+
+dhcp_servers_files="${server_dir}/chrony.servers.*"
+added_servers_file=$helper_dir/added_servers
+dnssrv_servers_files="$helper_dir/dnssrv@*"
+dnssrv_timer_prefix=chrony-dnssrv@
+
+chrony_command() {
+$chronyc -a -n -m "$1"
+}
+
+is_running() {
+chrony_command "tracking" &> /dev/null
+}
+
+get_servers_files() {
+echo "$dhcp_servers_files"
+echo "$dnssrv_servers_files"
+}
+
+is_update_needed() {
+for file in $(get_servers_files) $added_servers_file; do
+[ -e "$file" ] && return 0
+done
+return 1
+}
+
+update_daemon() {
+local all_servers_with_args all_servers added_servers
+
+if ! is_running; then
+rm -f $added_servers_file
+return 0
+fi
+
+all_servers_with_args=$(cat $(get_servers_files) 2> /dev/null)
+
+
Re: [chrony-dev] [PATCH] nm-dispatcher: handle NTP servers from DHCP
On Thu, May 21, 2020 at 01:48:31PM -0400, Robert Fairley wrote: > Would it be reasonable to check `os-release`, and source /etc/sysconfig > if `ID`/`ID_LIKE` has `fedora` or `rhel`? Directories set by > $chrony_conf, $chrony_service, and $helper_dir could be set in an > environment file maintained downstream (with defaults to certain > locations). Other than that, places where $PEERNTP and $NTPSERVERARGS > are used which normally come from sysconfig could be left as-is, and > have distributions set them to an empty value in the downstream > environment file, or make their use conditional on the `os-release`check > above. I'd rather avoid having any distribution-specific code in the examples. If there was a downstream change in one of the directories for instance, we would need to support different versions of the distribution. If you would like to submit the chrony-helper script, please remove the sysconfig/PEERNTP stuff. It can be put back in a downstream patch. The various locations in the script can be set to strings like @CHRONYC@, @CHRONYCONF@, @DHCP_SERVERS_FILES@ to indicate they need to be edited before use. Also, please rename the dhclient_servers_files variable to dhcp_servers_file and remove the add/remove-dhclient-servers commands. The NM dispatcher script should follow the same idea, e.g. the check of /sbin/dhclient should be in a downstream patch. -- Miroslav Lichvar -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
Re: [chrony-dev] [PATCH] nm-dispatcher: handle NTP servers from DHCP
On Thu, May 21, 2020 at 10:39 AM Miroslav Lichvar wrote: > > With this change the example NM dispatcher script would depend on the > chrony-helper script, which is not included in the upstream > repository. The patch should be downstream, or the helper script needs > to be modified to work on all (systemd-based?) distributions and > included here first. Things like /etc/sysconfig/ and the PEERNTP > variable are specific to Fedora/RHEL. Right, I see. Diffing the Fedora RPM with the Debian chrony-helper [1] as an example, the differences are not too major (directory paths, not sourcing /etc/sysconfig, and no use of $PEERNTP as you mentioned). OpenSUSE [2] doesn't appear to have many differences aside from not using /etc/sysconfig. Would it be reasonable to check `os-release`, and source /etc/sysconfig if `ID`/`ID_LIKE` has `fedora` or `rhel`? Directories set by $chrony_conf, $chrony_service, and $helper_dir could be set in an environment file maintained downstream (with defaults to certain locations). Other than that, places where $PEERNTP and $NTPSERVERARGS are used which normally come from sysconfig could be left as-is, and have distributions set them to an empty value in the downstream environment file, or make their use conditional on the `os-release`check above. With the changes above I think we'd have a sufficiently configurable chrony-helper script that'd generally work across distributions. May not be able to account for certain cases (e.g. distros outside of Fedora/RHEL/CentOS that might be using /etc/sysconfig?). If the changes sound reasonable, I'd be happy to work on the edits to chrony-helper and adding it to this patchset, as part of upstreaming this functionality. [1] https://salsa.debian.org/debian/chrony/-/blob/master/debian/chrony-helper [2] https://build.opensuse.org/package/view_file/openSUSE:Factory/chrony/chrony.helper -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
Re: [chrony-dev] [PATCH] nm-dispatcher: handle NTP servers from DHCP
On Thu, May 21, 2020 at 09:56:30AM -0400, Robert Fairley wrote: > Following discussion in https://bugzilla.redhat.com/show_bug.cgi?id=1800901, > this patch carries over NTP config for DHCP client backends in > NetworkManagerother than dhclient. I have tested this with a Fedora > machine using the NetworkManager internal client connecting to a > DHCP server where the NTP servers option was specified. NTP > config is written to/var/lib/chrony-servers, and ends up shown with > `chronyc_sources`. With this change the example NM dispatcher script would depend on the chrony-helper script, which is not included in the upstream repository. The patch should be downstream, or the helper script needs to be modified to work on all (systemd-based?) distributions and included here first. Things like /etc/sysconfig/ and the PEERNTP variable are specific to Fedora/RHEL. -- Miroslav Lichvar -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
