Allow undercloud to be used as NTP Server with chrony

Bug #1858096 reported by Rabi Mishra
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Medium
Rabi Mishra

Bug Description

chronyd on undercloud runs as client and does not allow any connections.

The default configured /etc/chrony.conf

=========================================
[stack@osp-df-4 ~]$ cat /etc/chrony.conf
# Do not manually edit this file.
# Managed by ansible-role-chrony
server 0.pool.ntp.org iburst minpoll 6 maxpoll 10
server 1.pool.ntp.org iburst minpoll 6 maxpoll 10
server 2.pool.ntp.org iburst minpoll 6 maxpoll 10
server 3.pool.ntp.org iburst minpoll 6 maxpoll 10
bindcmdaddress 127.0.0.1
bindcmdaddress ::1
deny all
driftfile /var/lib/chrony/drift
logdir /var/log/chrony
rtcsync
makestep 1.0 3
=========================================

I think we should allow overcloud ctlplane subnets instead.

Rabi Mishra (rabi)
Changed in tripleo:
assignee: nobody → Rabi Mishra (rabi)
importance: Undecided → Medium
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to python-tripleoclient (master)

Fix proposed to branch: master
Review: https://review.opendev.org/700889

Changed in tripleo:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to python-tripleoclient (master)

Reviewed: https://review.opendev.org/700889
Committed: https://git.openstack.org/cgit/openstack/python-tripleoclient/commit/?id=9e5c1103effd04979f5d1c1bf56416fd4816eb46
Submitter: Zuul
Branch: master

commit 9e5c1103effd04979f5d1c1bf56416fd4816eb46
Author: Rabi Mishra <email address hidden>
Date: Thu Jan 2 15:58:21 2020 +0530

    Allow ctlplane subnets in undercloud chrony acl rules

    At present chronyd runs as client and can't be used as NTP server
    by the overcloud nodes. It would be good to allow the ctlplane
    subnets for it to be used by the overcloud.

    Change-Id: If5911de750a284ae513b343daa4886bb2f547b29
    Closes-Bug: #1858096

Changed in tripleo:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to python-tripleoclient (stable/train)

Fix proposed to branch: stable/train
Review: https://review.opendev.org/701053

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to python-tripleoclient (stable/train)

Reviewed: https://review.opendev.org/701053
Committed: https://git.openstack.org/cgit/openstack/python-tripleoclient/commit/?id=13e24cdc42ca855184d25bcd0bf6ad19324bddb2
Submitter: Zuul
Branch: stable/train

commit 13e24cdc42ca855184d25bcd0bf6ad19324bddb2
Author: Rabi Mishra <email address hidden>
Date: Thu Jan 2 15:58:21 2020 +0530

    Allow ctlplane subnets in undercloud chrony acl rules

    At present chronyd runs as client and can't be used as NTP server
    by the overcloud nodes. It would be good to allow the ctlplane
    subnets for it to be used by the overcloud.

    Change-Id: If5911de750a284ae513b343daa4886bb2f547b29
    Closes-Bug: #1858096
    (cherry picked from commit 9e5c1103effd04979f5d1c1bf56416fd4816eb46)

tags: added: in-stable-train
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to tripleo-heat-templates (stable/train)

Related fix proposed to branch: stable/train
Review: https://review.opendev.org/708107

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to tripleo-heat-templates (stable/stein)

Related fix proposed to branch: stable/stein
Review: https://review.opendev.org/708311

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/python-tripleoclient 13.1.0

This issue was fixed in the openstack/python-tripleoclient 13.1.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to tripleo-heat-templates (stable/stein)

Reviewed: https://review.opendev.org/708311
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=41f8acd4ee5792910257662731b210bad67eb15c
Submitter: Zuul
Branch: stable/stein

commit 41f8acd4ee5792910257662731b210bad67eb15c
Author: Rabi Mishra <email address hidden>
Date: Mon Feb 17 16:54:06 2020 +0530

    [stable only] Use service_name in heira for firewall rules

    We look for tripleo::${service_name}::firewall_rules hiera when
    configuring firewall for services using puppet.

    Change-Id: I552449dcae725f84d9c131cb97a5c1ad168b8661
    Related-Bug: #1858096
    (cherry picked from commit a9c6cd058fc30c621e56049924719dba17cf0863)

tags: added: in-stable-stein
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/python-tripleoclient 12.4.0

This issue was fixed in the openstack/python-tripleoclient 12.4.0 release.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers