ntp servers should be configurable on snappy

Bug #1504657 reported by Jamie Strandboge on 2015-10-09
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Snappy
Medium
Oliver Grawert
ubuntu-core-config (Ubuntu)
Medium
Oliver Grawert

Bug Description

Currently ntp servers are not configurable on snappy. This is useful for example when running a snappy image on an internal network with egress filtering. Ntp is currently handled by systemd-timesyncd via /etc/systemd/timesyncd.conf. See http://www.freedesktop.org/software/systemd/man/timesyncd.conf.html

It would be great if snappy config could configure these. Eg:

$ snappy config ubuntu-core
...
config:
  ubuntu-core:
    ntp-servers: 10.0.0.1

This could adjust /etc/systemd/timesyncd.conf to have:
NTP=10.0.0.1

Also, on a related note, the system is currently configured with empty NTP and FallbackNTP and timesyncd appears to try N.debian.pool.ntp.org servers when these aren't specified. I imagine these should be changed to the ubuntu pool.

summary: - please make /etc/systemd/timesyncd.conf a writable path
+ ntp servers should be configurable on snappy
description: updated
Oliver Grawert (ogra) on 2015-10-10
Changed in snappy:
importance: Undecided → Medium
assignee: nobody → Oliver Grawert (ogra)
status: New → Confirmed
Changed in ubuntu-core-config (Ubuntu):
status: New → Confirmed
importance: Undecided → Medium
assignee: nobody → Oliver Grawert (ogra)
Changed in snappy:
assignee: Oliver Grawert (ogra) → nobody
Simon Eisenmann (longsleep) wrote :

This is actually pretty important for me. Any idea when this will be possible?

Simon Eisenmann (longsleep) wrote :

Please also add the option to disable timesyncd ntp synchronization alltogether. It is insecure as it has no means to verify the correctness of the time (eg. by using TLS handshakes).

Agree on the importance, is it something you'd be willing to wait for
the LTS for?

Mark

Michael Vogt (mvo) wrote :

Closing the ubuntu-core-config task, the other task is still valid

Changed in ubuntu-core-config (Ubuntu):
status: Confirmed → Won't Fix
Jamie Strandboge (jdstrand) wrote :

Assigning the snappy task to ogra based on IRC conversation. Thanks Oliver! :)

Changed in snappy:
assignee: nobody → Oliver Grawert (ogra)
Oliver Grawert (ogra) wrote :

snap set core service.systemd-timesyncd.disable=true
and respectively:
snap set core service.systemd-timesyncd.disable=false

are working now in the latest edge build of the core snap should also be usable from a gadget.yaml config now)
what we are now missing is write access in the core-support interface to be allowed to modify /etc/systemd/timesyncd.conf, then i can add script snippets to teh hook to actually manage the file.

Michael Vogt (mvo) on 2017-02-07
Changed in snappy:
status: Confirmed → Fix Committed
Mark Shuttleworth (sabdfl) wrote :

Will we have some sort of yaml representation of the desired NTP config,
rather than just "write access to the file"?

Mark

Oliver Grawert (ogra) wrote :

@mark: there will be "snap set core timeserver=123.456.7.89" (or some different option name, i'll discuss that in the team first), i just need the infrastructure in place first before being able to add a function to the configure hook for it.

i belive that autmatically translates to something like:

config:
  core:
    timeserver: 123.456.7.89

in yaml then (at least as i understood the config implementation)

Mark Shuttleworth (sabdfl) wrote :

That's right, but I think you want to do a slightly deeper analysis of
NTP config, and make sure that the schema you start with can evolve to
be more complete in future.

I think a list of timeservers is a fine starting point. I also think the
default behaviour should be to use a pool backed by ntp.ubuntu.com.

So I think you want to start with something a little more like:

  config:
    core:
      ntp:
        enabled: auto | off | custom # auto uses pool+ubuntu in addition
to any time servers configured
        timeservers: [ list, of, custom, servers ]

The default would be auto. If I add time servers then those get added to
pool+ntp.ubuntu.com, if I say custom then I only get the servers I
explicitly list.

That's a quick starting point and can definitely be improved so consider
it a straw man and feel free to poke at it.

And if you want to get fancy, I have a personal interest in enabling
hardware devices like GPS and PPS pins on weekend time :)

Mark

Oliver Grawert (ogra) wrote :

well, we currently dont have ntpd/ntpdate installed at all, time syncing is done by systemd-timesyncd. what i want to provide as first stop-gap is that a manufacturer can provide his own ntp snap bundled with the image and for this timesyncd needs to be disabled (that covers simons use-case above).

additionally i planned to add the ability to configure time servers ...

i didnt think about "auto" though, since that makes our existing service management implementation more complex but will try to come up with something here.

we should not call the config option ntp to not add confusion about the used technology though.

Oliver Grawert (ogra) wrote :

to be a little more clear with the existing implementation it would be like:

config:
  core:
    service:
      systemd-timesyncd:
        disable: true
      rsyslog:
        disable: true
      ssh:
        disable: false
    systemd-timesyncd:
      timeserver: 123.456.7.89

i.e. the service management is already in its own global "service" category ...
if we want that more task based (all timesyncd bits in one group instead of global service mgmt) we need to change some things in the hook.

Mark Shuttleworth (sabdfl) wrote :

OK, auto would make sense with your schema as well. off | servername |
ip | auto.

Good point on keeping ntp as a separate snap.

Mark

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers