** Description changed: Similar to /etc/dhcp/dhclient-exit-hooks.d/ntpdate, we should ship a DHCP exit hook for timesyncd to update the timesyncd configuration in /run/systemd/timesyncd.conf.d/01-dhclient.conf to set the picked up NTP servers, and restart timesyncd. + + SRU INFORMATION + =============== + Rationale: This is a regression compared to trusty where we used ntpdate; /etc/dhcp/dhclient-exit-hooks.d/ntpdate ran ntpdate on the new NTP servers. This causes timesyncd to always try and talk to the disto configured server (ntp.ubuntu.com) which might be disallowed by firewall rules or other networking policy. Thus machines in such an environment never get a correct time sync even when they get a local NTP server advertised over DHCP. + + Test case: + - Set up a DHCP server that includes NTP information. For example, you can set LXC_DHCP_CONFILE=/etc/lxc/dnsmasq.conf in /etc/default/lxc-net, and create /etc/lxc/dnsmasq.conf with "dhcp-option=option:ntp-server,4.3.2.1", and then run QEMU on lxcbr0 instead of the builtin network. + - In the client machine, disconnect and reconnect the network (e. g. "sudo ifdown ens3; sudo ifup ens3"). + - Check in "systemctl status systemd-timesyncd" that timesyncd tries to sync with the given NTP server (for the bogus 4.3.2.1 it will fail, but the point is that it did try). + + Regression potential: A broken dhclient-exit-hooks.d has the potential + to break subsequent hooks. dhclient-scripts runs the hooks without "set + -e", but syntax errors can still cause damage. Thus it should be + verified that later hooks (e. g. /etc/dhcp/dhclient-exit-hooks.d + /zzz_avahi-autoipd) still run. Beyond that there is little potential for + regression as
** Changed in: systemd (Ubuntu Yakkety) Importance: Undecided => High ** Changed in: systemd (Ubuntu Xenial) Importance: Undecided => High ** Summary changed: - create DHCP exit hook for setting NTP servers + create DHCP exit hook for setting NTP servers through dhclient ** Description changed: Similar to /etc/dhcp/dhclient-exit-hooks.d/ntpdate, we should ship a DHCP exit hook for timesyncd to update the timesyncd configuration in /run/systemd/timesyncd.conf.d/01-dhclient.conf to set the picked up NTP servers, and restart timesyncd. SRU INFORMATION =============== - Rationale: This is a regression compared to trusty where we used ntpdate; /etc/dhcp/dhclient-exit-hooks.d/ntpdate ran ntpdate on the new NTP servers. This causes timesyncd to always try and talk to the disto configured server (ntp.ubuntu.com) which might be disallowed by firewall rules or other networking policy. Thus machines in such an environment never get a correct time sync even when they get a local NTP server advertised over DHCP. + Rationale: This is a regression compared to trusty where we used ntpdate; /etc/dhcp/dhclient-exit-hooks.d/ntpdate ran ntpdate on the new NTP servers. This causes timesyncd to always try and talk to the disto configured server (ntp.ubuntu.com) which might be disallowed by firewall rules or other networking policy. Thus machines in such an environment never get a correct time sync even when they get a local NTP server advertised over DHCP (unless they use systemd-networkd, which is not done by default in Xenial). Test case: - Set up a DHCP server that includes NTP information. For example, you can set LXC_DHCP_CONFILE=/etc/lxc/dnsmasq.conf in /etc/default/lxc-net, and create /etc/lxc/dnsmasq.conf with "dhcp-option=option:ntp-server,4.3.2.1", and then run QEMU on lxcbr0 instead of the builtin network. - In the client machine, disconnect and reconnect the network (e. g. "sudo ifdown ens3; sudo ifup ens3"). - Check in "systemctl status systemd-timesyncd" that timesyncd tries to sync with the given NTP server (for the bogus 4.3.2.1 it will fail, but the point is that it did try). Regression potential: A broken dhclient-exit-hooks.d has the potential to break subsequent hooks. dhclient-scripts runs the hooks without "set -e", but syntax errors can still cause damage. Thus it should be verified that later hooks (e. g. /etc/dhcp/dhclient-exit-hooks.d /zzz_avahi-autoipd) still run. Beyond that there is little potential for regression as -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1578663 Title: create DHCP exit hook for setting NTP servers through dhclient To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1578663/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
