ntp servers should be configurable on snappy
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | Snappy |
Medium
|
Oliver Grawert | ||
| | ubuntu-core-config (Ubuntu) |
Medium
|
Oliver Grawert | ||
Bug Description
Currently ntp servers are not configurable on snappy. This is useful for example when running a snappy image on an internal network with egress filtering. Ntp is currently handled by systemd-timesyncd via /etc/systemd/
It would be great if snappy config could configure these. Eg:
$ snappy config ubuntu-core
...
config:
ubuntu-core:
ntp-servers: 10.0.0.1
This could adjust /etc/systemd/
NTP=10.0.0.1
Also, on a related note, the system is currently configured with empty NTP and FallbackNTP and timesyncd appears to try N.debian.
| summary: |
- please make /etc/systemd/timesyncd.conf a writable path + ntp servers should be configurable on snappy |
| description: | updated |
| Changed in snappy: | |
| importance: | Undecided → Medium |
| assignee: | nobody → Oliver Grawert (ogra) |
| status: | New → Confirmed |
| Changed in ubuntu-core-config (Ubuntu): | |
| status: | New → Confirmed |
| importance: | Undecided → Medium |
| assignee: | nobody → Oliver Grawert (ogra) |
| Changed in snappy: | |
| assignee: | Oliver Grawert (ogra) → nobody |
| Simon Eisenmann (longsleep) wrote : | #1 |
| Simon Eisenmann (longsleep) wrote : | #2 |
Please also add the option to disable timesyncd ntp synchronization alltogether. It is insecure as it has no means to verify the correctness of the time (eg. by using TLS handshakes).
| Mark Shuttleworth (sabdfl) wrote : Re: [Bug 1504657] Re: ntp servers should be configurable on snappy | #3 |
Agree on the importance, is it something you'd be willing to wait for
the LTS for?
Mark
| Michael Vogt (mvo) wrote : | #4 |
Closing the ubuntu-core-config task, the other task is still valid
| Changed in ubuntu-core-config (Ubuntu): | |
| status: | Confirmed → Won't Fix |
| Jamie Strandboge (jdstrand) wrote : | #5 |
Assigning the snappy task to ogra based on IRC conversation. Thanks Oliver! :)
| Changed in snappy: | |
| assignee: | nobody → Oliver Grawert (ogra) |
| Oliver Grawert (ogra) wrote : | #6 |
snap set core service.
and respectively:
snap set core service.
are working now in the latest edge build of the core snap should also be usable from a gadget.yaml config now)
what we are now missing is write access in the core-support interface to be allowed to modify /etc/systemd/
| Changed in snappy: | |
| status: | Confirmed → Fix Committed |
| Mark Shuttleworth (sabdfl) wrote : | #7 |
Will we have some sort of yaml representation of the desired NTP config,
rather than just "write access to the file"?
Mark
| Oliver Grawert (ogra) wrote : | #8 |
@mark: there will be "snap set core timeserver=
i belive that autmatically translates to something like:
config:
core:
timeserver: 123.456.7.89
in yaml then (at least as i understood the config implementation)
| Mark Shuttleworth (sabdfl) wrote : | #9 |
That's right, but I think you want to do a slightly deeper analysis of
NTP config, and make sure that the schema you start with can evolve to
be more complete in future.
I think a list of timeservers is a fine starting point. I also think the
default behaviour should be to use a pool backed by ntp.ubuntu.com.
So I think you want to start with something a little more like:
config:
core:
ntp:
enabled: auto | off | custom # auto uses pool+ubuntu in addition
to any time servers configured
The default would be auto. If I add time servers then those get added to
pool+ntp.
explicitly list.
That's a quick starting point and can definitely be improved so consider
it a straw man and feel free to poke at it.
And if you want to get fancy, I have a personal interest in enabling
hardware devices like GPS and PPS pins on weekend time :)
Mark
| Oliver Grawert (ogra) wrote : | #10 |
well, we currently dont have ntpd/ntpdate installed at all, time syncing is done by systemd-timesyncd. what i want to provide as first stop-gap is that a manufacturer can provide his own ntp snap bundled with the image and for this timesyncd needs to be disabled (that covers simons use-case above).
additionally i planned to add the ability to configure time servers ...
i didnt think about "auto" though, since that makes our existing service management implementation more complex but will try to come up with something here.
we should not call the config option ntp to not add confusion about the used technology though.
| Oliver Grawert (ogra) wrote : | #11 |
to be a little more clear with the existing implementation it would be like:
config:
core:
service:
systemd-
disable: true
rsyslog:
disable: true
ssh:
disable: false
systemd-
timeserver: 123.456.7.89
i.e. the service management is already in its own global "service" category ...
if we want that more task based (all timesyncd bits in one group instead of global service mgmt) we need to change some things in the hook.
| Mark Shuttleworth (sabdfl) wrote : | #12 |
OK, auto would make sense with your schema as well. off | servername |
ip | auto.
Good point on keeping ntp as a separate snap.
Mark
| Gustavo Niemeyer (niemeyer) wrote : | #13 |
This is actually pretty important for me. Any idea when this will be possible?