[Bug 1744072] Re: [MIR] Chrony in 18.04

2018-11-29 Thread Paul Gear
** Changed in: ntp-charm
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1744072

Title:
  [MIR] Chrony in 18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1744072] Re: [MIR] Chrony in 18.04

2018-09-16 Thread Paul Gear
** Changed in: ntp-charm
   Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1744072

Title:
  [MIR] Chrony in 18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1744072] Re: [MIR] Chrony in 18.04

2018-06-07 Thread  Christian Ehrhardt 
Hi Mathias - that was for both to support configuring chrony for ntp services.
Both are done AFAIK, setting fix released.

** Changed in: cloud-init (Ubuntu)
   Status: Confirmed => Fix Released

** Changed in: maas (Ubuntu)
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1744072

Title:
  [MIR] Chrony in 18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1744072] Re: [MIR] Chrony in 18.04

2018-06-07 Thread Matthias Klose
clout-init and maas are already in main. why are these still open?

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1744072

Title:
  [MIR] Chrony in 18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1744072] Re: [MIR] Chrony in 18.04

2018-04-26 Thread Doug Smythies
** Changed in: serverguide
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1744072

Title:
  [MIR] Chrony in 18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1744072] Re: [MIR] Chrony in 18.04

2018-03-05 Thread Paul Gear
I've added initial support for chrony to the ntp charm:
https://code.launchpad.net/~paulgear/ntp-charm/+git/ntp-
charm/+merge/340780

Very lightly tested at present - nagios check known to be non-working,
other features should work.  It's available as cs:~paulgear/ntp if
anyone would like to test: https://jujucharms.com/u/paulgear/ntp/

** Merge proposal linked:
   https://code.launchpad.net/~paulgear/ntp-charm/+git/ntp-charm/+merge/340780

** Changed in: ntp-charm
 Assignee: (unassigned) => Paul Gear (paulgear)

** Changed in: ntp-charm
   Status: Triaged => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1744072

Title:
  [MIR] Chrony in 18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1744072] Re: [MIR] Chrony in 18.04

2018-02-26 Thread Andres Rodriguez
** Merge proposal linked:
   https://code.launchpad.net/~andreserl/maas/+git/maas/+merge/339706

** Merge proposal linked:
   https://code.launchpad.net/~andreserl/maas/+git/maas/+merge/339707

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1744072

Title:
  [MIR] Chrony in 18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1744072] Re: [MIR] Chrony in 18.04

2018-02-23 Thread Andres Rodriguez
** Merge proposal linked:
   https://code.launchpad.net/~andreserl/maas/+git/maas/+merge/336685

** Changed in: maas (Ubuntu)
 Assignee: (unassigned) => Andres Rodriguez (andreserl)

** Changed in: maas (Ubuntu)
   Status: Confirmed => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1744072

Title:
  [MIR] Chrony in 18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1744072] Re: [MIR] Chrony in 18.04

2018-02-23 Thread Launchpad Bug Tracker
** Branch linked: lp:serverguide

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1744072

Title:
  [MIR] Chrony in 18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1744072] Re: [MIR] Chrony in 18.04

2018-02-23 Thread Doug Smythies
** Changed in: serverguide
   Status: New => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1744072

Title:
  [MIR] Chrony in 18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1744072] Re: [MIR] Chrony in 18.04

2018-02-23 Thread ChristianEhrhardt
FYI Proposed documentation update:
https://code.launchpad.net/~paelzer/serverguide/serverguide-
chrony-18.04/+merge/338892

** Branch linked: lp:~paelzer/serverguide/serverguide-chrony-18.04

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1744072

Title:
  [MIR] Chrony in 18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1744072] Re: [MIR] Chrony in 18.04

2018-02-19 Thread Launchpad Bug Tracker
This bug was fixed in the package ceph - 12.2.2-0ubuntu2

---
ceph (12.2.2-0ubuntu2) bionic; urgency=medium

  * d/control: Re-order Recommends to prefer chrony over time-daemon
(chrony/openntp) and ntp for Ubuntu (LP: #1744072).

 -- Christian Ehrhardt   Fri, 16 Feb
2018 09:19:21 +0100

** Changed in: ceph (Ubuntu)
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1744072

Title:
  [MIR] Chrony in 18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1744072] Re: [MIR] Chrony in 18.04

2018-02-19 Thread ChristianEhrhardt
The ceph change to modify the dependencies (reorder recommends) are in
proposed and hopefully soon to migrate.

Of the rather time critical bits (to demote ntp in time before FF) what
is left is the change in MAAS. Since the sprint there was no reply by
MAAS yet, so pinging on IRC in addition to this bug update.

Those two depend on ntp in d/control:
- maas-region-api
- maas-rack-controller

You could likely even keep most of the tests as-is, but the custom ntp
config (src/provisioningserver/ntp/config.py?) would need to be changed
I assume.

** Changed in: chrony (Ubuntu)
 Assignee: Nish Aravamudan (nacc) => (unassigned)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1744072

Title:
  [MIR] Chrony in 18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1744072] Re: [MIR] Chrony in 18.04

2018-02-18 Thread ChristianEhrhardt
** Changed in: maas (Ubuntu)
   Importance: Undecided => Critical

** Changed in: ceph (Ubuntu)
   Status: Confirmed => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1744072

Title:
  [MIR] Chrony in 18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1744072] Re: [MIR] Chrony in 18.04

2018-02-16 Thread Steve Langasek
Override component to main
chrony 3.2-2ubuntu3 in bionic amd64: universe/admin/extra/100% -> main
chrony 3.2-2ubuntu3 in bionic arm64: universe/admin/extra/100% -> main
chrony 3.2-2ubuntu3 in bionic armhf: universe/admin/extra/100% -> main
chrony 3.2-2ubuntu3 in bionic i386: universe/admin/extra/100% -> main
chrony 3.2-2ubuntu3 in bionic ppc64el: universe/admin/extra/100% -> main
chrony 3.2-2ubuntu3 in bionic s390x: universe/admin/extra/100% -> main
6 publications overridden.


** Changed in: chrony (Ubuntu)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1744072

Title:
  [MIR] Chrony in 18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1744072] Re: [MIR] Chrony in 18.04

2018-02-16 Thread ChristianEhrhardt
Thanks Nish that you took a look.
I merged the two open and already approved seed changing branches.

Will also do the ceph upload soon.
All those will make chrony show up in component mismatches to then be added.
(and hopefully ntp will show up soon after for demotion to universe)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1744072

Title:
  [MIR] Chrony in 18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1744072] Re: [MIR] Chrony in 18.04

2018-02-15 Thread Nish Aravamudan
I reviewed chrony; it's fine to MIR (and has security team approval).
MIR ACKed.

** Changed in: chrony (Ubuntu)
   Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1744072

Title:
  [MIR] Chrony in 18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1744072] Re: [MIR] Chrony in 18.04

2018-02-14 Thread Nish Aravamudan
** Changed in: chrony (Ubuntu)
 Assignee: (unassigned) => Nish Aravamudan (nacc)

** Changed in: chrony (Ubuntu)
   Status: New => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1744072

Title:
  [MIR] Chrony in 18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1744072] Re: [MIR] Chrony in 18.04

2018-02-12 Thread Paul Gear
@paelzer: As I looked at chrony's config and the options which would be
needed in a new chrony charm, I found that most of them were common with
ntp, so I'm going to start work on a branch of the ntp charm which
supports switching between ntp and chrony.  I'll link the branch here
when I have some progress to report.

** Changed in: ntp-charm
   Status: New => Triaged

** Changed in: ntp-charm
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1744072

Title:
  [MIR] Chrony in 18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1744072] Re: [MIR] Chrony in 18.04

2018-02-08 Thread David Britton
** Description changed:

  --- MIR ---
  
  1. Availability: The package is Ubuntu universe and builds for the
  architectures it is designed to work on.
  
  2. Rationale:
   2.1 NTP in general is needed quite a lot, but we want to exchange ntpd
   which is the current implementation in main with chrony for 18.04.
   2.2 Security: chrony was considered easier to be maintained easier in
   terms of security and provide a more modern ntp experience as well.
   2.3 Efficiency: Furthermore several cloud people seem to be interested to
   change to chrony in the guests for its lower memoy/cpu footprint
   (efficiency I guess).
  2.4 related to this MIR 6 years ago this is the same but for Fedora.
  See: https://fedoraproject.org/wiki/Features/ChronyDefaultNTP
  IIRC some limitations that were present have been eliminated since, so
  it is even better than it was back then.
  2.5 In general one has to realize that in a systemd-timesync world
  ntp/chrony are mostly for the "serving" portion of an ntp service, and
  not so much about the client (unless you the better accuracy vs
  timesyncd is needed).
  
  3. Security: In fact the request came in by security Team, so I guess I
  call this section done
  
  3. Quality assurance
   3.1 configuration ease - works after installation
   3.2 no high prio debconf
   3.3 usability (no major issues in Debian nor Ubuntu)
   asked Paul in regard to the ntp charm in comment #5
   3.4 long-term >=high bugs (none in Debian nor Ubuntu)
   3.5 Debian/Ubuntu bugs look reasonable maintained
   3.6 does not deal with hard to support exotic hardware (other than ntpd
   btw). If used this can be done through universe package GPSD (no
   dependency)
   3.7 Test suite runs on build (some skipped if not env applicable)
   3.8 debian/watch exists
   3.9 not depending on obsoleted packages
  
  4.1 It does not face graphical UI
  4.2 It is unfortunately not internationalized as far as I could see in the 
source
  
  5. Dependencies - there is one not in main libtomcrypt
     We don't want it in main either, instead we want to fix bug 1744328 and 
then use libnss which is in main already.
  
  6. Not found major Policy or FSH violations that would have to be fixed.
  
  7. Maintenance
    7.1 Upstream - is maintained well (and better than ntpd it seems
     according to some discussisons)
    7.2 Ubuntu - Owning Team would be Ubuntu (in exchange to drop ntp)
  
  8. Background information:
    Fulfills the same role as ntp, yet according to the security Team would
    be preferred for them.
  
  --- Affected Packages ---
  
  I'll add all those as bug tasks.
  Once the MIR has passed the state of uncertainty (e.g. would it be blocked by 
one of the dependent bug being not doable at all) then please work on these 
into 18.04. Here a list what is affected in the listed packages:
  
  Maas - needs to change dependencies and maybe template
  cloud-init - needs to support writing ntp config to chrony instead of ntpd
  ceph-base - change recommends from ntpd to chrony (it only intends to get 
good time and doesn't care via which dameon that is, so that should be ok to be 
change)
  ntp charm - switch to chrony for >=18.04
  chrony - MIR itself (discussion here and eventually seeding)
  
  --- Depending on further Bugs ---
  In my initial evaluation I uncovered (and filed) a set of bugs that I 
consider requirement to make it fully ready:
  Reminder - tracking state here might be out of sync, I'll only change them to 
Done once complete and not care about interim status changes.
  
  DONE - bug 1744662 - add chrony apparmor profile
  DONE - bug 1744328 - make src:libnss libfreebl3 usable by other programs
  COMMITTED - bug 1744664 - use Ubuntu time servers
  COMMITTED - bug 1744072 - d/control: use to nss instead of tomcrypt
  Some more cleanups in Chrony are optional but useful.
+ 
+ Other Related Bugs
+ 
+  * https://bugs.launchpad.net/cloud-init/+bug/1731619 (cloud-init)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1744072

Title:
  [MIR] Chrony in 18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1744072] Re: [MIR] Chrony in 18.04

2018-02-07 Thread ChristianEhrhardt
MP's for the seed changes are up:
platform: 
https://code.launchpad.net/~paelzer/ubuntu-seeds/18.04-ntp-to-chrony-platform/+merge/337257
ubuntu: 
https://code.launchpad.net/~paelzer/ubuntu-seeds/18.04-ntp-to-chrony-ubuntu/+merge/337256

Waiting now for:
- the general MIR team ack and setting to fix committed on this bug.
- a review ack on the two MPs above


** Branch linked: lp:~paelzer/ubuntu-seeds/18.04-ntp-to-chrony-platform

** Branch linked: lp:~paelzer/ubuntu-seeds/18.04-ntp-to-chrony-ubuntu

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1744072

Title:
  [MIR] Chrony in 18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1744072] Re: MIR Chrony in 18.04

2018-02-07 Thread ChristianEhrhardt
Ok, this now has all prereqs resolved.
It is ready for the actual MIR + seed change.
Setting the state back to new (we reused the bugno, but it is for the MIR 
actually)

So todo's now are:
@MIR Team ack and set fix committed
@Cpaelzer - Propose a seed change.


** Changed in: chrony (Ubuntu)
   Status: Fix Released => New

** Summary changed:

- MIR Chrony in 18.04
+ [MIR] Chrony in 18.04

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1744072

Title:
  [MIR] Chrony in 18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1744072] Re: MIR Chrony in 18.04

2018-02-07 Thread Launchpad Bug Tracker
This bug was fixed in the package chrony - 3.2-2ubuntu2

---
chrony (3.2-2ubuntu2) bionic; urgency=medium

  * d/control: use to nss instead of tomcrypt (in main) (LP: #1744072)
  * d/chrony.conf: use ubuntu ntp pool and server (LP: #1744664)
  * d/chrony.default, d/chrony.service: support /etc/default/chrony
DAEMON_OPTS in systemd environment (LP: #1746081)
  * d/chrony.service: properly start after networking (LP: #1746458)
  * d/usr.sbin.chronyd: allow to create /run/chrony on demand (LP: #1746444)

 -- Christian Ehrhardt   Fri, 19 Jan
2018 09:45:38 +0100

** Changed in: chrony (Ubuntu)
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1744072

Title:
  MIR Chrony in 18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1744072] Re: MIR Chrony in 18.04

2018-02-06 Thread ChristianEhrhardt
Builds complete against new nss, also all other bugs we wanted are grouped.
New chrony uploaded to bionic - once passed we can do the seeding.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1744072

Title:
  MIR Chrony in 18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1744072] Re: MIR Chrony in 18.04

2018-02-06 Thread ChristianEhrhardt
** Description changed:

  --- MIR ---
  
  1. Availability: The package is Ubuntu universe and builds for the
  architectures it is designed to work on.
  
  2. Rationale:
   2.1 NTP in general is needed quite a lot, but we want to exchange ntpd
   which is the current implementation in main with chrony for 18.04.
   2.2 Security: chrony was considered easier to be maintained easier in
   terms of security and provide a more modern ntp experience as well.
   2.3 Efficiency: Furthermore several cloud people seem to be interested to
   change to chrony in the guests for its lower memoy/cpu footprint
   (efficiency I guess).
  2.4 related to this MIR 6 years ago this is the same but for Fedora.
  See: https://fedoraproject.org/wiki/Features/ChronyDefaultNTP
  IIRC some limitations that were present have been eliminated since, so
  it is even better than it was back then.
  2.5 In general one has to realize that in a systemd-timesync world
  ntp/chrony are mostly for the "serving" portion of an ntp service, and
  not so much about the client (unless you the better accuracy vs
  timesyncd is needed).
  
  3. Security: In fact the request came in by security Team, so I guess I
  call this section done
  
  3. Quality assurance
   3.1 configuration ease - works after installation
   3.2 no high prio debconf
   3.3 usability (no major issues in Debian nor Ubuntu)
   asked Paul in regard to the ntp charm in comment #5
   3.4 long-term >=high bugs (none in Debian nor Ubuntu)
   3.5 Debian/Ubuntu bugs look reasonable maintained
   3.6 does not deal with hard to support exotic hardware (other than ntpd
   btw). If used this can be done through universe package GPSD (no
   dependency)
   3.7 Test suite runs on build (some skipped if not env applicable)
   3.8 debian/watch exists
   3.9 not depending on obsoleted packages
  
  4.1 It does not face graphical UI
  4.2 It is unfortunately not internationalized as far as I could see in the 
source
  
  5. Dependencies - there is one not in main libtomcrypt
     We don't want it in main either, instead we want to fix bug 1744328 and 
then use libnss which is in main already.
  
  6. Not found major Policy or FSH violations that would have to be fixed.
  
  7. Maintenance
    7.1 Upstream - is maintained well (and better than ntpd it seems
     according to some discussisons)
    7.2 Ubuntu - Owning Team would be Ubuntu (in exchange to drop ntp)
  
  8. Background information:
    Fulfills the same role as ntp, yet according to the security Team would
    be preferred for them.
  
  --- Affected Packages ---
  
  I'll add all those as bug tasks.
  Once the MIR has passed the state of uncertainty (e.g. would it be blocked by 
one of the dependent bug being not doable at all) then please work on these 
into 18.04. Here a list what is affected in the listed packages:
  
  Maas - needs to change dependencies and maybe template
  cloud-init - needs to support writing ntp config to chrony instead of ntpd
  ceph-base - change recommends from ntpd to chrony (it only intends to get 
good time and doesn't care via which dameon that is, so that should be ok to be 
change)
  ntp charm - switch to chrony for >=18.04
  chrony - MIR itself (discussion here and eventually seeding)
  
  --- Depending on further Bugs ---
  In my initial evaluation I uncovered (and filed) a set of bugs that I 
consider requirement to make it fully ready:
  Reminder - tracking state here might be out of sync, I'll only change them to 
Done once complete and not care about interim status changes.
  
  DONE - bug 1744662 - add chrony apparmor profile
- COMMITTED - bug 1744328 - make src:libnss libfreebl3 usable by other programs
+ DONE - bug 1744328 - make src:libnss libfreebl3 usable by other programs
  COMMITTED - bug 1744664 - use Ubuntu time servers
+ COMMITTED - bug 1744072 - d/control: use to nss instead of tomcrypt
+ Some more cleanups in Chrony are optional but useful.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1744072

Title:
  MIR Chrony in 18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Re: [Bug 1744072] Re: MIR Chrony in 18.04

2018-02-01 Thread Paul Gear
On 22/01/18 17:27, ChristianEhrhardt wrote:
> Hi Paul,
> I subscribed you as I wanted to clarify something.
> Back in [1], you mentioned it was important to you to get ntpdate (single 
> shot cli) and ntpd (daemon) to work together nicely for the ntp charm.
>
> Now if the ntp charm would be modified to use chrony from 18.04 onward,
> would that break it completely as chrony has no direct ntpdate
> counterpart that I'd know of?
>
> [1]: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1706818
>
Hi Christian,

My current plan is to write a new reactive charm for chrony rather than
trying to retrofit the ntp charm to support chrony.  I would expect that
the functionality which relies on ntpdate will drop out.  I don't have a
timeframe for this, however.

Regards,
Paul

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1744072

Title:
  MIR Chrony in 18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1744072] Re: MIR Chrony in 18.04

2018-01-30 Thread ChristianEhrhardt
** Description changed:

  --- MIR ---
  
  1. Availability: The package is Ubuntu universe and builds for the
  architectures it is designed to work on.
  
  2. Rationale:
   2.1 NTP in general is needed quite a lot, but we want to exchange ntpd
   which is the current implementation in main with chrony for 18.04.
   2.2 Security: chrony was considered easier to be maintained easier in
   terms of security and provide a more modern ntp experience as well.
   2.3 Efficiency: Furthermore several cloud people seem to be interested to
   change to chrony in the guests for its lower memoy/cpu footprint
   (efficiency I guess).
  2.4 related to this MIR 6 years ago this is the same but for Fedora.
  See: https://fedoraproject.org/wiki/Features/ChronyDefaultNTP
  IIRC some limitations that were present have been eliminated since, so
  it is even better than it was back then.
  2.5 In general one has to realize that in a systemd-timesync world
  ntp/chrony are mostly for the "serving" portion of an ntp service, and
  not so much about the client (unless you the better accuracy vs
  timesyncd is needed).
  
  3. Security: In fact the request came in by security Team, so I guess I
  call this section done
  
  3. Quality assurance
   3.1 configuration ease - works after installation
   3.2 no high prio debconf
   3.3 usability (no major issues in Debian nor Ubuntu)
   asked Paul in regard to the ntp charm in comment #5
   3.4 long-term >=high bugs (none in Debian nor Ubuntu)
   3.5 Debian/Ubuntu bugs look reasonable maintained
   3.6 does not deal with hard to support exotic hardware (other than ntpd
   btw). If used this can be done through universe package GPSD (no
   dependency)
   3.7 Test suite runs on build (some skipped if not env applicable)
   3.8 debian/watch exists
   3.9 not depending on obsoleted packages
  
  4.1 It does not face graphical UI
  4.2 It is unfortunately not internationalized as far as I could see in the 
source
  
  5. Dependencies - there is one not in main libtomcrypt
     We don't want it in main either, instead we want to fix bug 1744328 and 
then use libnss which is in main already.
  
  6. Not found major Policy or FSH violations that would have to be fixed.
  
  7. Maintenance
    7.1 Upstream - is maintained well (and better than ntpd it seems
     according to some discussisons)
    7.2 Ubuntu - Owning Team would be Ubuntu (in exchange to drop ntp)
  
  8. Background information:
    Fulfills the same role as ntp, yet according to the security Team would
    be preferred for them.
  
  --- Affected Packages ---
  
  I'll add all those as bug tasks.
  Once the MIR has passed the state of uncertainty (e.g. would it be blocked by 
one of the dependent bug being not doable at all) then please work on these 
into 18.04. Here a list what is affected in the listed packages:
  
  Maas - needs to change dependencies and maybe template
  cloud-init - needs to support writing ntp config to chrony instead of ntpd
  ceph-base - change recommends from ntpd to chrony (it only intends to get 
good time and doesn't care via which dameon that is, so that should be ok to be 
change)
  ntp charm - switch to chrony for >=18.04
  chrony - MIR itself (discussion here and eventually seeding)
  
  --- Depending on further Bugs ---
  In my initial evaluation I uncovered (and filed) a set of bugs that I 
consider requirement to make it fully ready:
  Reminder - tracking state here might be out of sync, I'll only change them to 
Done once complete and not care about interim status changes.
  
- OPEN - bug 1718227 - convert ifup hooks to networkd compatible hooks
  DONE - bug 1744662 - add chrony apparmor profile
- OPEN - bug 1744328 - make src:libnss libfreebl3 usable by other programs
- OPEN - bug 1744664 - use Ubuntu time servers
+ COMMITTED - bug 1744328 - make src:libnss libfreebl3 usable by other programs
+ COMMITTED - bug 1744664 - use Ubuntu time servers

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1744072

Title:
  MIR Chrony in 18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1744072] Re: MIR Chrony in 18.04

2018-01-30 Thread David Britton
re: ifup/down hooks --

In the end, it's the same situation with either ntpd or chrony. let's
just add it to the tasks to do after promotion in general for 18.04.  I
wouldn't conflate the MIR with this point at all.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1744072

Title:
  MIR Chrony in 18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1744072] Re: MIR Chrony in 18.04

2018-01-30 Thread ChristianEhrhardt
ifup/down hooks are undirected (just chronyc offline/online).
There are networkmanager dispatchers which are smarter.

All of this is to allow to handle lossy/changing connections which is
far more a laptop or similar (=>NetworkManager) than a server.

We might consider moving on without a solution.
Cyphermox mentioned he will look to provide a solution to hook into events 
again at some point (Part of the netplan transition) that is based on netlink 
events I think.

If all but the hooks are complete we can still move on IMHO.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1744072

Title:
  MIR Chrony in 18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1744072] Re: MIR Chrony in 18.04

2018-01-30 Thread ChristianEhrhardt
** Merge proposal linked:
   
https://code.launchpad.net/~paelzer/ubuntu/+source/chrony/+git/chrony/+merge/336844

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1744072

Title:
  MIR Chrony in 18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1744072] Re: MIR Chrony in 18.04

2018-01-30 Thread ChristianEhrhardt
FYI - It seems a bit dead here, but most work atm is going into
dependent bug 1744328

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1744072

Title:
  MIR Chrony in 18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1744072] Re: MIR Chrony in 18.04

2018-01-29 Thread Seth Arnold
I reviewed chrony version 3.2-1build1 as checked into bionic. This isn't a
full security audit but rather a quick gauge of maintainability.

- There are ten CVEs in our database; the fixes mostly aren't enumerated
  in our database, but many of the descriptions sound like they were
  handed out 'conservatively' -- errors in administration-level command
  channel or a malicious peer server operator in a position to interpose
  traffic from another peer server.

  I like the paranoia.

- chrony is a new, simpler, smaller, safer, ntp daemon. It's suitable for
  client and server use, and supports some hardware drivers, NIC
  timestamping, but perhaps not as many features as our old NTPD.

- Build-Depends: debhelper, bison, libedit-dev, libtomcrypt-dev,
  libcap-dev, pps-tools, libseccomp-dev, pkg-config, asciidoctor

- libtomcrypt dependency is being worked on; apparently nss is an option
  once we expose an "internal only" library.

- Does daemonize, nicely
- pre/post inst/rm scripts have autogenerated sections. Also:
- postinst script creates _chrony user and group, chowns /var/log/chrony
  and /var/lib/chrony
- postinst cleans up after previous version "key" file (authentication has
  been simplified in newer versions) in a complicated set of comparisons
- postrm removes /var/lib/chrony/, /etc/chrony/, _chrony user and group
- Initscript uses start-stop-daemon to start chrony
- systemd unit file is simple
- No dbus services
- No setuid files
- chronyc and chronyd executables in PATH
- No sudo fragments
- No udev rules
- test suite run at build; not comprehensive, but nice to have
- clean build logs

- sendmail is spawned to send mail via popen(). All variables are under
  control of configuration file. No error handling in case the admin sets
  the "mail to" variable to something silly long or dangerous, but this is
  very low risk.

- Memory management looked careful
- file io looked careful
- logging looked careful
- TZ environment variable used to gather information on leap seconds,
  looked careful
- Privileged operations looked careful
- I did not inspect cryptography
- Privileged portions of the code, privsep-style, looked careful; I did
  not inspect privsep for safety
- Extensive networking, looked careful
- No temporary file handling
- No WebKit
- No JavaScript
- No PolicyKit
- Clean cppcheck


Errors are checked religiously, coding style is unique and awkward but not
a real impediment to maintenance. Obviously ntp is an involved protocol
and probably further flaws will be found -- and we will rely upon
upstream's help for all but the simplest of issues. It looks
professionally programmed.

The only issue I found has no security relevance but may be slightly
surprising:

- reference() uses snprintf() to build a string to call sendmail; the
  username may not fit in the allocated space, and the code gets no
  warning about this.

  Any shell metacharacters in this setting would interfere with proper
  operation of the program.

I'd like to see this addressed for reliability reasons but it's not a
pressing issue.

Security team ACK for promoting chrony to main.

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1744072

Title:
  MIR Chrony in 18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1744072] Re: MIR Chrony in 18.04

2018-01-29 Thread ChristianEhrhardt
** Description changed:

  --- MIR ---
  
  1. Availability: The package is Ubuntu universe and builds for the
  architectures it is designed to work on.
  
  2. Rationale:
   2.1 NTP in general is needed quite a lot, but we want to exchange ntpd
   which is the current implementation in main with chrony for 18.04.
   2.2 Security: chrony was considered easier to be maintained easier in
   terms of security and provide a more modern ntp experience as well.
   2.3 Efficiency: Furthermore several cloud people seem to be interested to
   change to chrony in the guests for its lower memoy/cpu footprint
   (efficiency I guess).
  2.4 related to this MIR 6 years ago this is the same but for Fedora.
  See: https://fedoraproject.org/wiki/Features/ChronyDefaultNTP
  IIRC some limitations that were present have been eliminated since, so
  it is even better than it was back then.
  2.5 In general one has to realize that in a systemd-timesync world
  ntp/chrony are mostly for the "serving" portion of an ntp service, and
  not so much about the client (unless you the better accuracy vs
  timesyncd is needed).
  
  3. Security: In fact the request came in by security Team, so I guess I
  call this section done
- 
- -- EVERYTHING BELOW TBD FOR NOW --
  
  3. Quality assurance
   3.1 configuration ease - works after installation
   3.2 no high prio debconf
   3.3 usability (no major issues in Debian nor Ubuntu)
   asked Paul in regard to the ntp charm in comment #5
   3.4 long-term >=high bugs (none in Debian nor Ubuntu)
   3.5 Debian/Ubuntu bugs look reasonable maintained
   3.6 does not deal with hard to support exotic hardware (other than ntpd
   btw). If used this can be done through universe package GPSD (no
   dependency)
   3.7 Test suite runs on build (some skipped if not env applicable)
   3.8 debian/watch exists
   3.9 not depending on obsoleted packages
  
  4.1 It does not face graphical UI
  4.2 It is unfortunately not internationalized as far as I could see in the 
source
  
  5. Dependencies - there is one not in main libtomcrypt
     We don't want it in main either, instead we want to fix bug 1744328 and 
then use libnss which is in main already.
  
  6. Not found major Policy or FSH violations that would have to be fixed.
  
  7. Maintenance
    7.1 Upstream - is maintained well (and better than ntpd it seems
     according to some discussisons)
    7.2 Ubuntu - Owning Team would be Ubuntu (in exchange to drop ntp)
  
  8. Background information:
    Fulfills the same role as ntp, yet according to the security Team would
    be preferred for them.
  
  --- Affected Packages ---
  
  I'll add all those as bug tasks.
  Once the MIR has passed the state of uncertainty (e.g. would it be blocked by 
one of the dependent bug being not doable at all) then please work on these 
into 18.04. Here a list what is affected in the listed packages:
  
  Maas - needs to change dependencies and maybe template
  cloud-init - needs to support writing ntp config to chrony instead of ntpd
  ceph-base - change recommends from ntpd to chrony (it only intends to get 
good time and doesn't care via which dameon that is, so that should be ok to be 
change)
  ntp charm - switch to chrony for >=18.04
  chrony - MIR itself (discussion here and eventually seeding)
  
  --- Depending on further Bugs ---
  In my initial evaluation I uncovered (and filed) a set of bugs that I 
consider requirement to make it fully ready:
  Reminder - tracking state here might be out of sync, I'll only change them to 
Done once complete and not care about interim status changes.
  
  OPEN - bug 1718227 - convert ifup hooks to networkd compatible hooks
  DONE - bug 1744662 - add chrony apparmor profile
  OPEN - bug 1744328 - make src:libnss libfreebl3 usable by other programs
  OPEN - bug 1744664 - use Ubuntu time servers

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1744072

Title:
  MIR Chrony in 18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1744072] Re: MIR Chrony in 18.04

2018-01-29 Thread ChristianEhrhardt
FYI: Debian accepted all our apparmor changes already plus a few
cleanups - synced that new version into Bionic

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1744072

Title:
  MIR Chrony in 18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1744072] Re: MIR Chrony in 18.04

2018-01-25 Thread ChristianEhrhardt
We will also have to rewrite parts of the server guide
- Chrony usage in general
- Maybe how to convert a config from ntp to chrony

** Also affects: serverguide
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1744072

Title:
  MIR Chrony in 18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1744072] Re: MIR Chrony in 18.04

2018-01-24 Thread ChristianEhrhardt
Thanks Simin and Ken, both great to know about!

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1744072

Title:
  MIR Chrony in 18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1744072] Re: MIR Chrony in 18.04

2018-01-22 Thread ChristianEhrhardt
** Description changed:

  --- MIR ---
  
  1. Availability: The package is Ubuntu universe and builds for the
  architectures it is designed to work on.
  
  2. Rationale:
-  2.1 NTP in general is needed quite a lot, but we want to exchange ntpd 
-  which is the current implementation in main with chrony for 18.04.
-  2.2 Security: chrony was considered easier to be maintained easier in 
-  terms of security and provide a more modern ntp experience as well.
-  2.3 Efficiency: Furthermore several cloud people seem to be interested to 
-  change to chrony in the guests for its lower memoy/cpu footprint 
-  (efficiency I guess).
+  2.1 NTP in general is needed quite a lot, but we want to exchange ntpd
+  which is the current implementation in main with chrony for 18.04.
+  2.2 Security: chrony was considered easier to be maintained easier in
+  terms of security and provide a more modern ntp experience as well.
+  2.3 Efficiency: Furthermore several cloud people seem to be interested to
+  change to chrony in the guests for its lower memoy/cpu footprint
+  (efficiency I guess).
  2.4 related to this MIR 6 years ago this is the same but for Fedora.
- See: https://fedoraproject.org/wiki/Features/ChronyDefaultNTP
- IIRC some limitations that were present have been eliminated since, so 
- it is even better than it was back then.
- 2.5 In general one has to realize that in a systemd-timesync world 
- ntp/chrony are mostly for the "serving" portion of an ntp service, and 
- not so much about the client (unless you the better accuracy vs 
- timesyncd is needed).
+ See: https://fedoraproject.org/wiki/Features/ChronyDefaultNTP
+ IIRC some limitations that were present have been eliminated since, so
+ it is even better than it was back then.
+ 2.5 In general one has to realize that in a systemd-timesync world
+ ntp/chrony are mostly for the "serving" portion of an ntp service, and
+ not so much about the client (unless you the better accuracy vs
+ timesyncd is needed).
  
  3. Security: In fact the request came in by security Team, so I guess I
  call this section done
  
  -- EVERYTHING BELOW TBD FOR NOW --
  
  3. Quality assurance
   3.1 configuration ease - works after installation
   3.2 no high prio debconf
   3.3 usability (no major issues in Debian nor Ubuntu)
   asked Paul in regard to the ntp charm in comment #5
   3.4 long-term >=high bugs (none in Debian nor Ubuntu)
   3.5 Debian/Ubuntu bugs look reasonable maintained
   3.6 does not deal with hard to support exotic hardware (other than ntpd
   btw). If used this can be done through universe package GPSD (no
   dependency)
   3.7 Test suite runs on build (some skipped if not env applicable)
   3.8 debian/watch exists
   3.9 not depending on obsoleted packages
  
  4.1 It does not face graphical UI
  4.2 It is unfortunately not internationalized as far as I could see in the 
source
  
  5. Dependencies - there is one not in main libtomcrypt
     We don't want it in main either, instead we want to fix bug 1744328 and 
then use libnss which is in main already.
  
  6. Not found major Policy or FSH violations that would have to be fixed.
  
  7. Maintenance
    7.1 Upstream - is maintained well (and better than ntpd it seems
     according to some discussisons)
    7.2 Ubuntu - Owning Team would be Ubuntu (in exchange to drop ntp)
  
  8. Background information:
    Fulfills the same role as ntp, yet according to the security Team would
    be preferred for them.
  
  --- Affected Packages ---
  
  I'll add all those as bug tasks.
  Once the MIR has passed the state of uncertainty (e.g. would it be blocked by 
one of the dependent bug being not doable at all) then please work on these 
into 18.04. Here a list what is affected in the listed packages:
  
  Maas - needs to change dependencies and maybe template
  cloud-init - needs to support writing ntp config to chrony instead of ntpd
  ceph-base - change recommends from ntpd to chrony (it only intends to get 
good time and doesn't care via which dameon that is, so that should be ok to be 
change)
  ntp charm - switch to chrony for >=18.04
  chrony - MIR itself (discussion here and eventually seeding)
  
  --- Depending on further Bugs ---
  In my initial evaluation I uncovered (and filed) a set of bugs that I 
consider requirement to make it fully ready:
  Reminder - tracking state here might be out of sync, I'll only change them to 
Done once complete and not care about interim status changes.
  
  OPEN - bug 1718227 - convert ifup hooks to networkd compatible hooks
- OPEN - bug 1744662 - add chrony apparmor profile
+ DONE - bug 1744662 - add chrony apparmor profile
  OPEN - bug 1744328 - make src:libnss libfreebl3 usable by other programs
  OPEN - bug 1744664 - use Ubuntu time servers

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launch

[Bug 1744072] Re: MIR Chrony in 18.04

2018-01-22 Thread Ken Dreyer (Red Hat)
Ceph tracker to switch from ntpd to chronyd:
http://tracker.ceph.com/issues/22751

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1744072

Title:
  MIR Chrony in 18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1744072] Re: MIR Chrony in 18.04

2018-01-22 Thread Simon Déziel
RE: ntpdate equivalent, upstream recommends "chrony -q" with or without
a config file.

https://chrony.tuxfamily.org/faq.html#_does_code_chronyd_code_have_an_ntpdate_mode

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1744072

Title:
  MIR Chrony in 18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1744072] Re: MIR Chrony in 18.04

2018-01-22 Thread Launchpad Bug Tracker
Status changed to 'Confirmed' because the bug affects multiple users.

** Changed in: maas (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1744072

Title:
  MIR Chrony in 18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1744072] Re: MIR Chrony in 18.04

2018-01-22 Thread Launchpad Bug Tracker
Status changed to 'Confirmed' because the bug affects multiple users.

** Changed in: ceph (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1744072

Title:
  MIR Chrony in 18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1744072] Re: MIR Chrony in 18.04

2018-01-22 Thread Launchpad Bug Tracker
Status changed to 'Confirmed' because the bug affects multiple users.

** Changed in: chrony (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1744072

Title:
  MIR Chrony in 18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1744072] Re: MIR Chrony in 18.04

2018-01-22 Thread Launchpad Bug Tracker
Status changed to 'Confirmed' because the bug affects multiple users.

** Changed in: cloud-init (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1744072

Title:
  MIR Chrony in 18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1744072] Re: MIR Chrony in 18.04

2018-01-22 Thread ChristianEhrhardt
While some things are up in the air we should step this forward as good
as we can, so @ubuntu-mir Team pleas ack and set it so the next status
(if ok) so that the security Team can do an official check and ack as
well.

** Description changed:

- Note: I know it is the template so far, but after the discussions at the
- sprint I want something we can start working on together.
- 
- Background: after evaluation it was considered easier to maintain to
- provide a good and secure ntp experience as well as some people asking
- me if it could be preferred.
- 
  --- MIR ---
  
  1. Availability: The package is Ubuntu universe and builds for the
  architectures it is designed to work on.
  
- 2. Rationale: NTP in general is needed quite a lot, but we want to
- exchange ntpd which is the current implementation in main with chrony
- for 18.04.
+ 2. Rationale:
+  2.1 NTP in general is needed quite a lot, but we want to exchange ntpd 
+  which is the current implementation in main with chrony for 18.04.
+  2.2 Security: chrony was considered easier to be maintained easier in 
+  terms of security and provide a more modern ntp experience as well.
+  2.3 Efficiency: Furthermore several cloud people seem to be interested to 
+  change to chrony in the guests for its lower memoy/cpu footprint 
+  (efficiency I guess).
+ 2.4 related to this MIR 6 years ago this is the same but for Fedora.
+ See: https://fedoraproject.org/wiki/Features/ChronyDefaultNTP
+ IIRC some limitations that were present have been eliminated since, so 
+ it is even better than it was back then.
+ 2.5 In general one has to realize that in a systemd-timesync world 
+ ntp/chrony are mostly for the "serving" portion of an ntp service, and 
+ not so much about the client (unless you the better accuracy vs 
+ timesyncd is needed).
  
  3. Security: In fact the request came in by security Team, so I guess I
  call this section done
  
  -- EVERYTHING BELOW TBD FOR NOW --
  
  3. Quality assurance
-  3.1 configuration ease - works after installation
-  3.2 no high prio debconf
-  3.3 usability (no major issues in Debian nor Ubuntu)
-  asked Paul in regard to the ntp charm in comment #5
-  3.4 long-term >=high bugs (none in Debian nor Ubuntu)
-  3.5 Debian/Ubuntu bugs look reasonable maintained
-  3.6 does not deal with hard to support exotic hardware (other than ntpd 
-  btw). If used this can be done through universe package GPSD (no 
-  dependency)
-  3.7 Test suite runs on build (some skipped if not env applicable)
-  3.8 debian/watch exists
-  3.9 not depending on obsoleted packages
- 
+  3.1 configuration ease - works after installation
+  3.2 no high prio debconf
+  3.3 usability (no major issues in Debian nor Ubuntu)
+  asked Paul in regard to the ntp charm in comment #5
+  3.4 long-term >=high bugs (none in Debian nor Ubuntu)
+  3.5 Debian/Ubuntu bugs look reasonable maintained
+  3.6 does not deal with hard to support exotic hardware (other than ntpd
+  btw). If used this can be done through universe package GPSD (no
+  dependency)
+  3.7 Test suite runs on build (some skipped if not env applicable)
+  3.8 debian/watch exists
+  3.9 not depending on obsoleted packages
  
  4.1 It does not face graphical UI
  4.2 It is unfortunately not internationalized as far as I could see in the 
source
  
  5. Dependencies - there is one not in main libtomcrypt
-We don't want it in main either, instead we want to fix bug 1744328 and 
then use libnss which is in main already.
+    We don't want it in main either, instead we want to fix bug 1744328 and 
then use libnss which is in main already.
  
  6. Not found major Policy or FSH violations that would have to be fixed.
  
  7. Maintenance
-   7.1 Upstream - is maintained well (and better than ntpd it seems 
-according to some discussisons)
-   7.2 Ubuntu - Owning Team would be Ubuntu (in exchange to drop ntp)
+   7.1 Upstream - is maintained well (and better than ntpd it seems
+    according to some discussisons)
+   7.2 Ubuntu - Owning Team would be Ubuntu (in exchange to drop ntp)
  
  8. Background information:
-   Fulfills the same role as ntp, yet according to the security Team would 
-   be preferred for them.
+   Fulfills the same role as ntp, yet according to the security Team would
+   be preferred for them.
  
  --- Affected Packages ---
  
  I'll add all those as bug tasks.
  Once the MIR has passed the state of uncertainty (e.g. would it be blocked by 
one of the dependent bug being not doable at all) then please work on these 
into 18.04. Here a list what is affected in the listed packages:
  
  Maas - needs to change dependencies and maybe template
  cloud-init - needs to support writing ntp config to chrony instead of ntpd
  ceph-base - change recommends from ntpd to chrony (it only intends to get 
good time and doesn't care via which dameon that is, so that should be ok to be 
change)
  ntp charm - switch to chrony fo

[Bug 1744072] Re: MIR Chrony in 18.04

2018-01-22 Thread ChristianEhrhardt
** Description changed:

  Note: I know it is the template so far, but after the discussions at the
  sprint I want something we can start working on together.
  
  Background: after evaluation it was considered easier to maintain to
  provide a good and secure ntp experience as well as some people asking
  me if it could be preferred.
  
  --- MIR ---
  
  1. Availability: The package is Ubuntu universe and builds for the
  architectures it is designed to work on.
  
  2. Rationale: NTP in general is needed quite a lot, but we want to
  exchange ntpd which is the current implementation in main with chrony
  for 18.04.
  
  3. Security: In fact the request came in by security Team, so I guess I
  call this section done
  
  -- EVERYTHING BELOW TBD FOR NOW --
  
- Quality assurance:
+ 3. Quality assurance
+  3.1 configuration ease - works after installation
+  3.2 no high prio debconf
+  3.3 usability (no major issues in Debian nor Ubuntu)
+  asked Paul in regard to the ntp charm in comment #5
+  3.4 long-term >=high bugs (none in Debian nor Ubuntu)
+  3.5 Debian/Ubuntu bugs look reasonable maintained
+  3.6 does not deal with hard to support exotic hardware (other than ntpd 
+  btw). If used this can be done through universe package GPSD (no 
+  dependency)
+  3.7 Test suite runs on build (some skipped if not env applicable)
+  3.8 debian/watch exists
+  3.9 not depending on obsoleted packages
  
- After installing the package it must be possible to make it working with a 
reasonable effort of configuration and documentation reading.
- The package must not ask debconf questions higher than medium if it is going 
to be installed by default. The debconf questions must have reasonable defaults.
- There are no long-term outstanding bugs which affect the usability of the 
program to a major degree. To support a package, we must be reasonably 
convinced that upstream supports and cares for the package.
- The status of important bugs in Debian's, Ubuntu's, and upstream's bug 
tracking systems must be evaluated. Important bugs must be pointed out and 
discussed in the MIR report.
  
- The package is maintained well in Debian/Ubuntu (check out the Debian PTS)
- The package should not deal with exotic hardware which we cannot support.
- If the package ships a test suite, and there is no obvious reason why it 
cannot work during build (e. g. it needs root privileges or network access), it 
should be run during package build, and a failing test suite should fail the 
build.
- The package uses a debian/watch file whenever possible. In cases where this 
is not possible (e. g. native packages), the package should either provide a 
debian/README.source file or a debian/watch file (with comments only) providing 
clear instructions on how to generate the source tar file.
- The package should not rely on obsolete or about to be demoted packages. That 
currently includes package dependencies on Python2 (without providing Python3 
packages), and packages depending on GTK2.
- UI standards: (generally only for user-facing applications)
+ 4.1 It does not face graphical UI
+ 4.2 It is unfortunately not internationalized as far as I could see in the 
source
  
- End-user applications must be internationalized (translatable), using the 
standard intltool/gettext build and runtime system and produce a proper PO 
template during build.
- End-user applications must ship a standard conformant desktop file.
- Dependencies:
+ 5. Dependencies - there is one not in main libtomcrypt
+We don't want it in main either, instead we want to fix bug 1744328 and 
then use libnss which is in main already.
  
- All binary dependencies (including Recommends:) must be satisfiable in
- main (i. e. the preferred alternative must be in main). If not, these
- dependencies need a separate MIR report (this can be a separate bug or
- another task on the main MIR bug)
+ 6. Not found major Policy or FSH violations that would have to be fixed.
  
- Standards compliance: The package should meet the FHS and Debian Policy
- standards. Major violations should be documented and justified. Also,
- the source packaging should be reasonably easy to understand and
- maintain.
+ 7. Maintenance
+   7.1 Upstream - is maintained well (and better than ntpd it seems 
+according to some discussisons)
+   7.2 Ubuntu - Owning Team would be Ubuntu (in exchange to drop ntp)
  
- Maintenance: The package must have an acceptable level of maintenance
- corresponding to its complexity:
- 
- All packages must have a designated "owning" team, regardless of complexity, 
which is set as a package bug contact.
- Simple packages (e.g. language bindings, simple Perl modules, small 
command-line programs, etc.) might not need very much maintenance effort, and 
if they are maintained well in Debian we can just keep them synced
- More complex packages will usually need a developer or team of developers 
paying attention to their bugs, whether that be in Ubuntu or elsewhere

[Bug 1744072] Re: MIR Chrony in 18.04

2018-01-22 Thread ChristianEhrhardt
bug 1718227 covers the need for hook integration from ifup to systemd,
this is a soft prereq to consider it fully complete for 18.04

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1744072

Title:
  MIR Chrony in 18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chrony/+bug/1744072/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1744072] Re: MIR Chrony in 18.04

2018-01-21 Thread ChristianEhrhardt
Hi Paul,
I subscribed you as I wanted to clarify something.
Back in [1], you mentioned it was important to you to get ntpdate (single shot 
cli) and ntpd (daemon) to work together nicely for the ntp charm.

Now if the ntp charm would be modified to use chrony from 18.04 onward,
would that break it completely as chrony has no direct ntpdate
counterpart that I'd know of?

[1]: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1706818

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1744072

Title:
  MIR Chrony in 18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chrony/+bug/1744072/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1744072] Re: MIR Chrony in 18.04

2018-01-19 Thread ChristianEhrhardt
Discussion about usability of libnss forked into bug 1744328

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1744072

Title:
  MIR Chrony in 18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chrony/+bug/1744072/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1744072] Re: MIR Chrony in 18.04

2018-01-18 Thread ChristianEhrhardt
TOOD: add docs like serverguide to move to chrony

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1744072

Title:
  MIR Chrony in 18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chrony/+bug/1744072/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1744072] Re: MIR Chrony in 18.04

2018-01-18 Thread ChristianEhrhardt
TODO: add tasks for charms by paul geer

** Description changed:

  Note: I know it is the template so far, but after the discussions at the
  sprint I want something we can start working on together.
  
  Background: after evaluation it was considered easier to maintain to
  provide a good and secure ntp experience as well as some people asking
  me if it could be preferred.
  
  --- MIR ---
  
  1. Availability: The package is Ubuntu universe and builds for the
  architectures it is designed to work on.
  
  2. Rationale: NTP in general is needed quite a lot, but we want to
  exchange ntpd which is the current implementation in main with chrony
  for 18.04.
  
  3. Security: In fact the request came in by security Team, so I guess I
  call this section done
- 
  
  -- EVERYTHING BELOW TBD FOR NOW --
  
  Quality assurance:
  
  After installing the package it must be possible to make it working with a 
reasonable effort of configuration and documentation reading.
  The package must not ask debconf questions higher than medium if it is going 
to be installed by default. The debconf questions must have reasonable defaults.
  There are no long-term outstanding bugs which affect the usability of the 
program to a major degree. To support a package, we must be reasonably 
convinced that upstream supports and cares for the package.
  The status of important bugs in Debian's, Ubuntu's, and upstream's bug 
tracking systems must be evaluated. Important bugs must be pointed out and 
discussed in the MIR report.
  
  The package is maintained well in Debian/Ubuntu (check out the Debian PTS)
  The package should not deal with exotic hardware which we cannot support.
  If the package ships a test suite, and there is no obvious reason why it 
cannot work during build (e. g. it needs root privileges or network access), it 
should be run during package build, and a failing test suite should fail the 
build.
  The package uses a debian/watch file whenever possible. In cases where this 
is not possible (e. g. native packages), the package should either provide a 
debian/README.source file or a debian/watch file (with comments only) providing 
clear instructions on how to generate the source tar file.
  The package should not rely on obsolete or about to be demoted packages. That 
currently includes package dependencies on Python2 (without providing Python3 
packages), and packages depending on GTK2.
  UI standards: (generally only for user-facing applications)
  
  End-user applications must be internationalized (translatable), using the 
standard intltool/gettext build and runtime system and produce a proper PO 
template during build.
  End-user applications must ship a standard conformant desktop file.
  Dependencies:
  
  All binary dependencies (including Recommends:) must be satisfiable in
  main (i. e. the preferred alternative must be in main). If not, these
  dependencies need a separate MIR report (this can be a separate bug or
  another task on the main MIR bug)
  
  Standards compliance: The package should meet the FHS and Debian Policy
  standards. Major violations should be documented and justified. Also,
  the source packaging should be reasonably easy to understand and
  maintain.
  
  Maintenance: The package must have an acceptable level of maintenance
  corresponding to its complexity:
  
  All packages must have a designated "owning" team, regardless of complexity, 
which is set as a package bug contact.
  Simple packages (e.g. language bindings, simple Perl modules, small 
command-line programs, etc.) might not need very much maintenance effort, and 
if they are maintained well in Debian we can just keep them synced
  More complex packages will usually need a developer or team of developers 
paying attention to their bugs, whether that be in Ubuntu or elsewhere (often 
Debian). Packages that deliver major new headline features in Ubuntu need to 
have commitment from Ubuntu developers willing to spend substantial time on 
them.
  Background information:
  
  The package descriptions should explain the general purpose and context of 
the package. Additional explanations/justifications should be done in the MIR 
report.
  If the package was renamed recently, or has a different upstream name, this 
needs to be explained in the MIR report.
  
  --- Affected Packages ---
  
  Maas - needs to change dependencies and maybe template
  cloud-init - needs to support writing ntp config to chrony instead of ntpd
  ceph-base - change recommends from ntpd to chrony (it only intends to get 
good time, so that should be ok)
  seeds - remove seeding of ntp
- chrony - MIR itself (seeding)
+ chrony - MIR itself (not pre-install, but pull it into supported)
  chrony - add default enabled apparmor profile

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1744072

Title:
  MIR Chrony in 18.04

To manage notifications about this bug 

[Bug 1744072] Re: MIR Chrony in 18.04

2018-01-18 Thread ChristianEhrhardt
Current TODOs to get the MIR started:
1. complete the template
2. check dependencies and file MIRs as needed
3. Add bug tasks for all other affected packages

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1744072

Title:
  MIR Chrony in 18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chrony/+bug/1744072/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs