create DHCP exit hook for setting NTP servers through dhclient

Bug #1578663 reported by Martin Pitt on 2016-05-05
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
systemd (Ubuntu)
High
Martin Pitt
Xenial
High
Martin Pitt
Yakkety
High
Martin Pitt

Bug Description

Similar to /etc/dhcp/dhclient-exit-hooks.d/ntpdate, we should ship a DHCP exit hook for timesyncd to update the timesyncd configuration in /run/systemd/timesyncd.conf.d/01-dhclient.conf to set the picked up NTP servers, and restart timesyncd.

SRU INFORMATION
===============
Rationale: This is a regression compared to trusty where we used ntpdate; /etc/dhcp/dhclient-exit-hooks.d/ntpdate ran ntpdate on the new NTP servers. This causes timesyncd to always try and talk to the disto configured server (ntp.ubuntu.com) which might be disallowed by firewall rules or other networking policy. Thus machines in such an environment never get a correct time sync even when they get a local NTP server advertised over DHCP (unless they use systemd-networkd, which is not done by default in Xenial).

Test case:
- Set up a DHCP server that includes NTP information. For example, you can set LXC_DHCP_CONFILE=/etc/lxc/dnsmasq.conf in /etc/default/lxc-net, and create /etc/lxc/dnsmasq.conf with "dhcp-option=option:ntp-server,4.3.2.1", restart lxc-net, and then run QEMU on lxcbr0 instead of the builtin network.
- In the client machine, disconnect and reconnect the network (e. g. "sudo ifdown ens3; sudo ifup ens3").
- Check in "systemctl status systemd-timesyncd" that timesyncd tries to sync with the given NTP server (for the bogus 4.3.2.1 it will fail, but the point is that it did try).

Regression potential: A broken dhclient-exit-hooks.d has the potential to break subsequent hooks. dhclient-scripts runs the hooks without "set -e", but syntax errors can still cause damage. Thus it should be verified that later hooks (e. g. /etc/dhcp/dhclient-exit-hooks.d/zzz_avahi-autoipd) still run. Beyond that there is little potential for regression as

Martin Pitt (pitti) on 2016-05-05
Changed in systemd (Ubuntu Yakkety):
status: New → Triaged
Changed in systemd (Ubuntu Xenial):
status: New → Triaged
Changed in systemd (Ubuntu Yakkety):
assignee: nobody → Martin Pitt (pitti)
Martin Pitt (pitti) wrote :
Changed in systemd (Ubuntu Yakkety):
status: Triaged → Fix Committed
Changed in systemd (Ubuntu Xenial):
assignee: nobody → Martin Pitt (pitti)
Martin Pitt (pitti) on 2016-05-09
Changed in systemd (Ubuntu Xenial):
status: Triaged → In Progress
Martin Pitt (pitti) on 2016-05-09
description: updated
Changed in systemd (Ubuntu Yakkety):
importance: Undecided → High
Changed in systemd (Ubuntu Xenial):
importance: Undecided → High
summary: - create DHCP exit hook for setting NTP servers
+ create DHCP exit hook for setting NTP servers through dhclient
description: updated

Hello Martin, or anyone else affected,

Accepted systemd into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/systemd/229-4ubuntu6 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in systemd (Ubuntu Xenial):
status: In Progress → Fix Committed
tags: added: verification-needed
Launchpad Janitor (janitor) wrote :
Download full text (3.4 KiB)

This bug was fixed in the package systemd - 229-6ubuntu1

---------------
systemd (229-6ubuntu1) yakkety; urgency=medium

  * Merge with Debian unstable. Remaining Ubuntu changes:
    - Hack to support system-image read-only /etc, and modify files in
      /etc/writable/ instead.

systemd (229-6) unstable; urgency=medium

  * systemd-container: Prefer renamed "btrfs-progs" package name over
    "btrfs-tools". (Closes: #822629)
  * systemd-container: Recommend libnss-mymachines. (Closes: #822615)
  * Drop systemd-dbg, in favor of debhelpers' automatic -dbgsym packages.
  * Drop Add-targets-for-compatibility-with-Debian-insserv-sy.patch; we don't
    need $x-display-manager any more as most/all DMs ship native services, and
    $mail-transport-agent is not widely used (not even by our default MTA
    exim4).
  * Unify our two patches for Debian specific configuration files.
  * Drop udev-re-enable-mount-propagation-for-udevd.patch, i. e. run udevd in
    its own slave mount name space again. laptop-mode-tools 1.68 fixed the
    original bug (#762018), thus add a Breaks: to earlier versions.
  * Ship fbdev-blacklist.conf in /lib/modprobe.d/ instead of /etc/modprobe.d/;
    remove the conffile on upgrades.
  * Replace util-Add-hidden-suffixes-for-ucf.patch with patch that got
    committed upstream.
  * Replace Stop-syslog.socket-when-entering-emergency-mode.patch with patch
    that got committed upstream.
  * debian/udev.README.Debian: Adjust documentation of MAC based naming for
    USB network cards to the udev rule, where this was moved to in 229-5.
  * debian/extra/init-functions.d/40-systemd: Invoke status command with
    --no-pager, to avoid blocking scripts that call an init.d script with
    "status" with an unexpected pager process. (Closes: #765175, LP: #1576409)
  * Add debian/extra/rules/70-debian-uaccess.rules: Make FIDO U2F dongles
    accessible to the user session. This avoids having to install libu2f-host0
    (which isn't discoverable at all) to make those devices work.
    (LP: #1387908)
  * libnss-resolve: Enable systemd-resolved.service on package installation,
    as this package makes little sense without resolved.
  * Add a DHCP exit hook for pushing received NTP servers into timesyncd.
    (LP: #1578663)
  * debian/udev.postinst: Fix migration check from the old persistent-net
    generator to not apply to chroots. (Closes: #813141)
  * Revert "enable TasksMax= for all services by default, and set it to 512".
    Introducing a default limit on number of threads broke a lot of software
    which regularly needs more, such as MySQL and RabbitMQ, or services that
    spawn off an indefinite number of subtasks that are not in a scope, like
    LXC or cron. 512 is way too much for most "simple" services, and it's way
    too little for the ones mentioned above. Effective (and much stricter)
    limits should instead be put into units individually.
    (Closes: #823530, LP: #1578080)
  * Split out udev rule to name USB network interfaces by MAC address into
    73-usb-net-by-mac.rules, so that it's easier to disable. (Closes: #824025)
  * 73-usb-net-by-mac.rules: Disable when net.ifnames=0 is specified on the
    kernel comm...

Read more...

Changed in systemd (Ubuntu Yakkety):
status: Fix Committed → Fix Released
Martin Pitt (pitti) wrote :

I set up DHCP with NTP on the host as described in the test case. With the xenial-updates systemd, timesyncd still gets the time from ntp.ubuntu.com. With xenial-proposed packages, timesyncd gets the time from the (fake) NTP server:

  May 17 21:53:57 autopkgtest systemd-timesyncd[643]: Timed out waiting for reply from 4.3.2.1:123 (4.3.2.1).

When not giving NTP over DHCP, timesyncd continues to use the default:

  May 17 21:55:48 autopkgtest systemd-timesyncd[357]: Synchronized to time server 91.189.94.4:123 (ntp.ubuntu.com).

description: updated
Martin Pitt (pitti) on 2016-05-17
tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package systemd - 229-4ubuntu6

---------------
systemd (229-4ubuntu6) xenial-proposed; urgency=medium

  * Add a DHCP exit hook for pushing received NTP servers into timesyncd.
    (LP: #1578663)
  * Revert "enable TasksMax= for all services by default, and set it to 512".
    Introducing a default limit on number of threads broke a lot of software
    which regularly needs more, such as MySQL and RabbitMQ, or services that
    spawn off an indefinite number of subtasks that are not in a scope, like
    LXC or cron. 512 is way too much for most "simple" services, and it's way
    too little for the ones mentioned above. Effective (and much stricter)
    limits should instead be put into units individually.
    (Closes: #823530, LP: #1578080)
  * debian/gbp.conf: Switch to ubuntu-xenial branch.

 -- Martin Pitt <email address hidden> Thu, 12 May 2016 10:39:30 +0200

Changed in systemd (Ubuntu Xenial):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for systemd has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers