Re: [ovirt-users] chrony or ntp ?

[Christopher Cox]

On 06/11/2017 04:19 AM, Fabrice Bacchella wrote:



Le 10 juin 2017 à 22:21, Michal Skrivanek  a écrit :


On 09 Jun 2017, at 15:48, Fabrice Bacchella  wrote:


People might be suprised. I'm currently trying to understand what chrony did to 
my ntpd setup, it look like it killed it and puppet has hard time to 
reconfigure it.

And as it's not a 'ovirt update' but instead vdsm update seems to happen more 
frequently, some people might forget to read release notes and be disappointed.


We do not configure anything. Just pull in dependency. You're free to
disable the service as a common admin task. As long as you replace it
with other time synchronization solution


Yes, that's I've done, but beware of user complain about broken ntp service 
because their specially crafted ntpd configuration now lying dead. I detected 
it because my puppet setup tried to uninstall chrony and failed. What about 
other users ? Does the default chrony settings always works, for every one ?



Since you mentioned puppet, here's out puppet pp and template erb we use, hope 
it help.  IMHO, ntp has problems that chrony doesn't have:


chrony/manifests/init.pp:

# This class is really only for CentOS 7 or higher.
#
class chrony (
  $stratumweight  = 0,
  $driftfile  = '/var/lib/chrony/drift',
  $keyfile= '/etc/chrony.keys',
  $keyfile_commandkey = 1,
  $generatecommandkey = true,
  $logdir = '/var/log/chrony',
  $noclientlog= true,
  $logchange  = '0.5',
  $makestep_enable= true,
  $makestep_threshold = 10,
  $makestep_update= -1,
  $bindcmdaddress = '127.0.0.1',
  $servers= ['ntp1.example.com', 'ntp2.example.com'],
  $iburst_enable  = true,
  $rtcsync_enable = false,) {
  if $operatingsystem in ['CentOS', 'RedHat'] and ($::operatingsystemmajrelease 
+ 0) >= 7 {

ensure_packages(['chrony'])
# Red Hat, CentOS don't readily have ability to change location of conf
#  file.
$conf_file = '/etc/chrony.conf'

service { 'chronyd':
  ensure  => 'running',
  enable  => true,
  require => Package['chrony'],
}

file { $conf_file:
  ensure  => present,
  group   => 'root',
  mode=> '644',
  owner   => 'root',
  content => template('chrony/chrony_conf.erb'),
  notify  => Service['chronyd'],
  require => Package['chrony'],
}
  } else {
notify { 'chrony only supported in CentOS/RHEL 7 or greater': }

exec { '/bin/false': }
  }
}

chrony/templates/chrony_conf.erb

<% @servers.flatten.each do |server| -%>
server <%= server %><% if @iburst_enable == true -%> iburst<% end -%>

<% end -%>

<% if @stratumweight -%>
stratumweight <%= @stratumweight %>
<% end -%>
<% if @driftfile -%>
driftfile <%= @driftfile %>
<% end -%>
<% if @makestep_enable == true -%>
makestep <%= @makestep_threshold %> <%= @makestep_update %>
<% end -%>
<% if @rtcsync_enable == true -%>
rtcsync
<% end -%>
<% if @bindcmdaddress -%>
bindcmdaddress <%= @bindcmdaddress %>
<% end -%>
<% if @keyfile -%>
keyfile <%= @keyfile %>
<%   if @keyfile_commandkey -%>
commandkey <%= @keyfile_commandkey %>
<%   else -%>
commandkey 0
<%   end -%>
<%   if @generatecommandkey == true -%>
generatecommandkey
<%   end -%>
<% end -%>
<% if @noclientlog -%>
noclientlog
<% end -%>
<% if @logchange -%>
logchange <%= @logchange %>
<% end -%>
<% if @logdir -%>
logdir <%= @logdir %>
<% end -%>



___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] chrony or ntp ?

[Fabrice Bacchella]

> Le 10 juin 2017 à 22:21, Michal Skrivanek  a écrit :
> 
>> On 09 Jun 2017, at 15:48, Fabrice Bacchella  
>> wrote:
>> 
>> 
>> People might be suprised. I'm currently trying to understand what chrony did 
>> to my ntpd setup, it look like it killed it and puppet has hard time to 
>> reconfigure it.
>> 
>> And as it's not a 'ovirt update' but instead vdsm update seems to happen 
>> more frequently, some people might forget to read release notes and be 
>> disappointed.
> 
> We do not configure anything. Just pull in dependency. You're free to
> disable the service as a common admin task. As long as you replace it
> with other time synchronization solution

Yes, that's I've done, but beware of user complain about broken ntp service 
because their specially crafted ntpd configuration now lying dead. I detected 
it because my puppet setup tried to uninstall chrony and failed. What about 
other users ? Does the default chrony settings always works, for every one ?
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] chrony or ntp ?

[Michal Skrivanek]

> On 09 Jun 2017, at 15:48, Fabrice Bacchella  
> wrote:
>
>
> People might be suprised. I'm currently trying to understand what chrony did 
> to my ntpd setup, it look like it killed it and puppet has hard time to 
> reconfigure it.
>
> And as it's not a 'ovirt update' but instead vdsm update seems to happen more 
> frequently, some people might forget to read release notes and be 
> disappointed.

We do not configure anything. Just pull in dependency. You're free to
disable the service as a common admin task. As long as you replace it
with other time synchronization solution
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] chrony or ntp ?

[Fabrice Bacchella]

People might be suprised. I'm currently trying to understand what chrony did to 
my ntpd setup, it look like it killed it and puppet has hard time to 
reconfigure it.

And as it's not a 'ovirt update' but instead vdsm update seems to happen more 
frequently, some people might forget to read release notes and be disappointed.
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] chrony or ntp ?

[Sandro Bonazzola]

On Fri, Jun 9, 2017 at 11:46 AM, Fabrice Bacchella <
fabrice.bacche...@orange.fr> wrote:

> Other strange dependencies:
> rpm -q --requires vdsm
>
> returns:
> sos
> tree
> NetworkManager-config-server
>
> I don't use NetworkManager-config-server and never used it. There is just
> this lonely components.
> I'm running Centos, not Redhat, what 'sos' is good for in this case ?
>

vdsm ships a sos plugin for collecting logs useful for debug issues. Here
the dependency on sos is needed for ensuring the directory tree owned by
sos is in place for installing the plugin.
Also, ovirt-log-collector assumes sos is installed on the hosts.
Yes, sos is still useful, I often ask users to provide a sos report in
order to understand what's going wrong.




> tree is for interactive shell, who can a python application needs it ?
>

tree is needed by vdsm sos plugin, see https://gerrit.ovirt.org/#/c/555/


>
> There is a lot of other tools like openvswitch's and iscsi's that are not
> used in my setup. But I can understand that they are always installed. A
> modular approach would have been better but much more complicated to
> implement.
>
> which, every one use it , even if it's not the best solution instead of
> the bash builtin 'type -p' (bash is part of the requires) or more portable
> 'command -v', it's all explained at: https://unix.stackexchange.
> com/a/85250. But I must live with this.
>
> > Le 9 juin 2017 à 11:05, Fabrice Bacchella 
> a écrit :
> >
> > I haven't switched from ntp to chrony. So I have configured my puppet to
> remove it as it's now part of default installation of rhel.
> >
> > I works well with everything except on vdsm, since last upgrade:
> >
> > # yum erase chrony
> > ..
> > Removing for dependencies:
> > vdsm  x86_64
>4.19.15-1.el7.centos
>  @ovirt-4.1   2.6 M
> > vdsm-hook-vmfex-dev   noarch
>4.19.15-1.el7.centos
>  @ovirt-4.121 k
> >
> >
> > Why vdsm depends on chrony ? Any time synchronisation solution is good.
> Is that the role of ovirt to chose for me ?
> >
> > ___
> > Users mailing list
> > Users@ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
>
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>



-- 

SANDRO BONAZZOLA

ASSOCIATE MANAGER, SOFTWARE ENGINEERING, EMEA ENG VIRTUALIZATION R

Red Hat EMEA 

TRIED. TESTED. TRUSTED. 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] chrony or ntp ?

[Michal Skrivanek]

> On 9 Jun 2017, at 11:46, Sandro Bonazzola  wrote:
> 
> 
> 
> On Fri, Jun 9, 2017 at 11:05 AM, Fabrice Bacchella 
> > wrote:
> I haven't switched from ntp to chrony. So I have configured my puppet to 
> remove it as it's now part of default installation of rhel.
> 
> I works well with everything except on vdsm, since last upgrade:
> 
>  # yum erase chrony
> ..
> Removing for dependencies:
>  vdsm  x86_64 
>   4.19.15-1.el7.centos   @ovirt-4.1   
> 2.6 M
>  vdsm-hook-vmfex-dev   noarch 
>   4.19.15-1.el7.centos   @ovirt-4.1   
>  21 k
> 
> 
> Why vdsm depends on chrony ? Any time synchronisation solution is good. Is 
> that the role of ovirt to chose for me ?
> 
> Adding people involved in this change.
> Please note the change has been reviewed and discussed on 
> https://gerrit.ovirt.org/#/c/73822/  for 
> addressing https://bugzilla.redhat.com/show_bug.cgi?id=1428419 
> 
> and it moves from requiring ntp to requiring chrony.
> So it was already deciding for you, you just both were in agreement :-)
> 
> Sadly:
> # rpm -q --provides ntp
> config(ntp) = 4.2.8p10-1.fc26
> ntp = 4.2.8p10-1.fc26
> ntp(x86-64) = 4.2.8p10-1.fc26
> 
> rpm -q --provides chrony
> chrony = 3.1-4.fc26
> chrony(x86-64) = 3.1-4.fc26
> config(chrony) = 3.1-4.fc26
> 
> there's no way to require just the time synchronization capability like in 
> httpd providing the webserver capability:
> 
> # rpm -q --provides httpd
> config(httpd) = 2.4.25-8.fc26
> httpd = 2.4.25-8.fc26
> httpd(x86-64) = 2.4.25-8.fc26
> httpd-mmn = 20120211
> httpd-mmn = 20120211x8664
> httpd-suexec = 2.4.25-8.fc26
> mod_dav = 2.4.25-8.fc26
> webserver
> 
> # dnf provides webserver
> Ultima verifica della scadenza dei metadati: 0:02:59 fa il Fri Jun 09 
> 11:36:58 2017 CEST.
> httpd-2.4.25-8.fc26.x86_64 : Apache HTTP Server
> Repo : @System
> 
> nginx-1:1.10.3-1.fc26.x86_64 : A high performance web server and reverse 
> proxy server
> Repo : @System
> 
> httpd-2.4.25-8.fc26.x86_64 : Apache HTTP Server
> Repo : updates-testing
> 
> cherokee-1.2.104-1.fc25.i686 : Flexible and Fast Webserver
> Repo : fedora
> 
> cherokee-1.2.104-1.fc25.x86_64 : Flexible and Fast Webserver
> Repo : fedora
> 
> httpd-2.4.25-5.fc26.x86_64 : Apache HTTP Server
> Repo : fedora
> 
> lighttpd-1.4.45-3.fc26.x86_64 : Lightning fast webserver with light system 
> requirements
> Repo : fedora
> 
> nginx-1:1.10.3-1.fc26.x86_64 : A high performance web server and reverse 
> proxy server
> Repo : fedora
> 
> In Fedora we may use boolean dependencies and install chrony only if ntp is 
> not already installed: http://rpm.org/user_doc/boolean_dependencies.html 
> 
> but this feature is not available in RHEL / CentOS.
> 
> I let others explain why we are enforcing the dependency on the package 
> itself instead of moving vdsm to an error state if time synchronization is 
> disabled at runtime:

because it’s much more problematic to troubleshoot and fix then.
The main reason is by enforcing NTP service on the host we get a good time sync 
even for people who do not care/do not know anything about it and get the right 
setup from DHCP
As Sandro says there is no easy way to identify the capability in general, and 
chrony is the default in el7

You can just disable the chrony service(we rely on the fact it’s enabled by 
default) and install any other NTP service as you prefer

Thanks,
micahl

> 
> # timedatectl status
>   Local time: ven 2017-06-09 11:45:18 CEST
>   Universal time: ven 2017-06-09 09:45:18 UTC
> RTC time: ven 2017-06-09 09:45:18
>Time zone: Europe/Rome (CEST, +0200)
>  Network time on: yes
> NTP synchronized: yes
>  RTC in local TZ: no
> 
> # rpm -qf `which timedatectl`
> systemd-233-3.fc26.x86_64
> 
> 
>  
> 
> ___
> Users mailing list
> Users@ovirt.org 
> http://lists.ovirt.org/mailman/listinfo/users 
> 
> 
> 
> 
> -- 
> SANDRO BONAZZOLA
> ASSOCIATE MANAGER, SOFTWARE ENGINEERING, EMEA ENG VIRTUALIZATION R
> Red Hat EMEA 
>   
> TRIED. TESTED. TRUSTED. 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] chrony or ntp ?

[Fabrice Bacchella]

Other strange dependencies:
rpm -q --requires vdsm

returns:
sos
tree
NetworkManager-config-server

I don't use NetworkManager-config-server and never used it. There is just this 
lonely components.
I'm running Centos, not Redhat, what 'sos' is good for in this case ?
tree is for interactive shell, who can a python application needs it ?

There is a lot of other tools like openvswitch's and iscsi's that are not used 
in my setup. But I can understand that they are always installed. A modular 
approach would have been better but much more complicated to implement.

which, every one use it , even if it's not the best solution instead of the 
bash builtin 'type -p' (bash is part of the requires) or more portable 'command 
-v', it's all explained at: https://unix.stackexchange.com/a/85250. But I must 
live with this.

> Le 9 juin 2017 à 11:05, Fabrice Bacchella  a 
> écrit :
> 
> I haven't switched from ntp to chrony. So I have configured my puppet to 
> remove it as it's now part of default installation of rhel.
> 
> I works well with everything except on vdsm, since last upgrade:
> 
> # yum erase chrony
> ..
> Removing for dependencies:
> vdsm  x86_64  
>  4.19.15-1.el7.centos   @ovirt-4.1
>2.6 M
> vdsm-hook-vmfex-dev   noarch  
>  4.19.15-1.el7.centos   @ovirt-4.1
> 21 k
> 
> 
> Why vdsm depends on chrony ? Any time synchronisation solution is good. Is 
> that the role of ovirt to chose for me ?
> 
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] chrony or ntp ?

[Sandro Bonazzola]

On Fri, Jun 9, 2017 at 11:05 AM, Fabrice Bacchella <
fabrice.bacche...@orange.fr> wrote:

> I haven't switched from ntp to chrony. So I have configured my puppet to
> remove it as it's now part of default installation of rhel.
>
> I works well with everything except on vdsm, since last upgrade:
>
>  # yum erase chrony
> ..
> Removing for dependencies:
>  vdsm  x86_64
>  4.19.15-1.el7.centos   @ovirt-4.1
>  2.6 M
>  vdsm-hook-vmfex-dev   noarch
>  4.19.15-1.el7.centos   @ovirt-4.1
>   21 k
>
>
> Why vdsm depends on chrony ? Any time synchronisation solution is good. Is
> that the role of ovirt to chose for me ?
>

Adding people involved in this change.
Please note the change has been reviewed and discussed on
https://gerrit.ovirt.org/#/c/73822/ for addressing
https://bugzilla.redhat.com/show_bug.cgi?id=1428419
and it moves from requiring ntp to requiring chrony.
So it was already deciding for you, you just both were in agreement :-)

Sadly:
# rpm -q --provides ntp
config(ntp) = 4.2.8p10-1.fc26
ntp = 4.2.8p10-1.fc26
ntp(x86-64) = 4.2.8p10-1.fc26

rpm -q --provides chrony
chrony = 3.1-4.fc26
chrony(x86-64) = 3.1-4.fc26
config(chrony) = 3.1-4.fc26

there's no way to require just the time synchronization capability like in
httpd providing the webserver capability:

# rpm -q --provides httpd
config(httpd) = 2.4.25-8.fc26
httpd = 2.4.25-8.fc26
httpd(x86-64) = 2.4.25-8.fc26
httpd-mmn = 20120211
httpd-mmn = 20120211x8664
httpd-suexec = 2.4.25-8.fc26
mod_dav = 2.4.25-8.fc26
webserver

# dnf provides webserver
Ultima verifica della scadenza dei metadati: 0:02:59 fa il Fri Jun 09
11:36:58 2017 CEST.
httpd-2.4.25-8.fc26.x86_64 : Apache HTTP Server
Repo : @System

nginx-1:1.10.3-1.fc26.x86_64 : A high performance web server and reverse
proxy server
Repo : @System

httpd-2.4.25-8.fc26.x86_64 : Apache HTTP Server
Repo : updates-testing

cherokee-1.2.104-1.fc25.i686 : Flexible and Fast Webserver
Repo : fedora

cherokee-1.2.104-1.fc25.x86_64 : Flexible and Fast Webserver
Repo : fedora

httpd-2.4.25-5.fc26.x86_64 : Apache HTTP Server
Repo : fedora

lighttpd-1.4.45-3.fc26.x86_64 : Lightning fast webserver with light system
requirements
Repo : fedora

nginx-1:1.10.3-1.fc26.x86_64 : A high performance web server and reverse
proxy server
Repo : fedora

In Fedora we may use boolean dependencies and install chrony only if ntp is
not already installed: http://rpm.org/user_doc/boolean_dependencies.html
but this feature is not available in RHEL / CentOS.

I let others explain why we are enforcing the dependency on the package
itself instead of moving vdsm to an error state if time synchronization is
disabled at runtime:

# timedatectl status
  Local time: ven 2017-06-09 11:45:18 CEST
  Universal time: ven 2017-06-09 09:45:18 UTC
RTC time: ven 2017-06-09 09:45:18
   Time zone: Europe/Rome (CEST, +0200)
 Network time on: yes
NTP synchronized: yes
 RTC in local TZ: no

# rpm -qf `which timedatectl`
systemd-233-3.fc26.x86_64




>
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>



-- 

SANDRO BONAZZOLA

ASSOCIATE MANAGER, SOFTWARE ENGINEERING, EMEA ENG VIRTUALIZATION R

Red Hat EMEA 

TRIED. TESTED. TRUSTED. 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] chrony or ntp ?

[Fabrice Bacchella]

I haven't switched from ntp to chrony. So I have configured my puppet to remove 
it as it's now part of default installation of rhel.

I works well with everything except on vdsm, since last upgrade:

 # yum erase chrony
..
Removing for dependencies:
 vdsm  x86_64   
4.19.15-1.el7.centos   @ovirt-4.1   
2.6 M
 vdsm-hook-vmfex-dev   noarch   
4.19.15-1.el7.centos   @ovirt-4.1   
 21 k


Why vdsm depends on chrony ? Any time synchronisation solution is good. Is that 
the role of ovirt to chose for me ?

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users