[MIR] Chrony in 18.04
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
NTP Charm |
Fix Released
|
Medium
|
Paul Gear | ||
Ubuntu Server Guide |
Fix Released
|
Undecided
|
Unassigned | ||
ceph (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
chrony (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
cloud-init (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
maas (Ubuntu) |
Fix Released
|
Critical
|
Andres Rodriguez |
Bug Description
--- MIR ---
1. Availability: The package is Ubuntu universe and builds for the architectures it is designed to work on.
2. Rationale:
2.1 NTP in general is needed quite a lot, but we want to exchange ntpd
which is the current implementation in main with chrony for 18.04.
2.2 Security: chrony was considered easier to be maintained easier in
terms of security and provide a more modern ntp experience as well.
2.3 Efficiency: Furthermore several cloud people seem to be interested to
change to chrony in the guests for its lower memoy/cpu footprint
(efficiency I guess).
2.4 related to this MIR 6 years ago this is the same but for Fedora.
See: https:/
IIRC some limitations that were present have been eliminated since, so
it is even better than it was back then.
2.5 In general one has to realize that in a systemd-timesync world
ntp/chrony are mostly for the "serving" portion of an ntp service, and
not so much about the client (unless you the better accuracy vs
timesyncd is needed).
3. Security: In fact the request came in by security Team, so I guess I call this section done
3. Quality assurance
3.1 configuration ease - works after installation
3.2 no high prio debconf
3.3 usability (no major issues in Debian nor Ubuntu)
asked Paul in regard to the ntp charm in comment #5
3.4 long-term >=high bugs (none in Debian nor Ubuntu)
3.5 Debian/Ubuntu bugs look reasonable maintained
3.6 does not deal with hard to support exotic hardware (other than ntpd
btw). If used this can be done through universe package GPSD (no
dependency)
3.7 Test suite runs on build (some skipped if not env applicable)
3.8 debian/watch exists
3.9 not depending on obsoleted packages
4.1 It does not face graphical UI
4.2 It is unfortunately not internationalized as far as I could see in the source
5. Dependencies - there is one not in main libtomcrypt
We don't want it in main either, instead we want to fix bug 1744328 and then use libnss which is in main already.
6. Not found major Policy or FSH violations that would have to be fixed.
7. Maintenance
7.1 Upstream - is maintained well (and better than ntpd it seems
according to some discussisons)
7.2 Ubuntu - Owning Team would be Ubuntu (in exchange to drop ntp)
8. Background information:
Fulfills the same role as ntp, yet according to the security Team would
be preferred for them.
--- Affected Packages ---
I'll add all those as bug tasks.
Once the MIR has passed the state of uncertainty (e.g. would it be blocked by one of the dependent bug being not doable at all) then please work on these into 18.04. Here a list what is affected in the listed packages:
Maas - needs to change dependencies and maybe template
cloud-init - needs to support writing ntp config to chrony instead of ntpd
ceph-base - change recommends from ntpd to chrony (it only intends to get good time and doesn't care via which dameon that is, so that should be ok to be change)
ntp charm - switch to chrony for >=18.04
chrony - MIR itself (discussion here and eventually seeding)
--- Depending on further Bugs ---
In my initial evaluation I uncovered (and filed) a set of bugs that I consider requirement to make it fully ready:
Reminder - tracking state here might be out of sync, I'll only change them to Done once complete and not care about interim status changes.
DONE - bug 1744662 - add chrony apparmor profile
DONE - bug 1744328 - make src:libnss libfreebl3 usable by other programs
COMMITTED - bug 1744664 - use Ubuntu time servers
COMMITTED - bug 1744072 - d/control: use to nss instead of tomcrypt
Some more cleanups in Chrony are optional but useful.
Other Related Bugs
* https:/
Related branches
- Doug Smythies: Approve
-
Diff: 380 lines (+161/-66)2 files modifiedserverguide/C/network-auth.xml (+4/-4)
serverguide/C/network-config.xml (+157/-62)
- Stuart Bishop (community): Approve
-
Diff: 488 lines (+288/-58)7 files modifiedconfig.yaml (+16/-14)
hooks/ntp_hooks.py (+38/-33)
hooks/ntp_implementation.py (+132/-0)
templates/chrony.conf (+58/-0)
templates/chrony.default (+13/-0)
templates/ntp.conf (+29/-11)
templates/ntp.default (+2/-0)
- Blake Rouse (community): Approve
- MAAS Lander: Approve
-
Diff: 240 lines (+53/-81)8 files modifieddebian/control (+4/-4)
debian/extras/99-maas-common-sudoers (+3/-3)
debian/maas-common.dirs (+0/-1)
dev/null (+0/-65)
snap/bin/run-chronyd (+4/-4)
snap/conf/chrony.conf (+38/-0)
snap/conf/supervisord.conf.template (+2/-2)
snap/snapcraft.yaml (+2/-2)
- Christian Ehrhardt (community): Approve
- Blake Rouse (community): Approve
- MAAS Lander: Approve
-
Diff: 488 lines (+102/-145)13 files modifieddev/null (+0/-66)
run-skel/etc/chrony/.keep (+0/-0)
run-skel/etc/chrony/chrony.conf (+38/-0)
scripts/maas-write-file (+2/-2)
src/maasserver/regiondservices/ntp.py (+1/-1)
src/maasserver/service_monitor.py (+1/-1)
src/maastesting/fixtures.py (+6/-5)
src/provisioningserver/ntp/config.py (+20/-11)
src/provisioningserver/ntp/tests/test_config.py (+30/-55)
src/provisioningserver/rackdservices/ntp.py (+1/-1)
src/provisioningserver/service_monitor.py (+1/-1)
src/provisioningserver/tests/test_service_monitor.py (+1/-1)
utilities/setup-devel-environment (+1/-1)
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
Changed in chrony (Ubuntu): | |
assignee: | nobody → Nish Aravamudan (nacc) |
status: | New → In Progress |
Changed in maas (Ubuntu): | |
importance: | Undecided → Critical |
Changed in ceph (Ubuntu): | |
status: | Confirmed → In Progress |
Changed in serverguide: | |
status: | New → Fix Committed |
Changed in maas (Ubuntu): | |
assignee: | nobody → Andres Rodriguez (andreserl) |
status: | Confirmed → In Progress |
Changed in maas (Ubuntu): | |
status: | In Progress → Fix Committed |
status: | Fix Committed → In Progress |
Changed in serverguide: | |
status: | Fix Committed → Fix Released |
Changed in ntp-charm: | |
status: | In Progress → Fix Committed |
Changed in ntp-charm: | |
status: | Fix Committed → Fix Released |
Current TODOs to get the MIR started:
1. complete the template
2. check dependencies and file MIRs as needed
3. Add bug tasks for all other affected packages