diff --git a/build_debian.sh b/build_debian.sh index 3102c45edcbd..9c5378fdc6d9 100755 --- a/build_debian.sh +++ b/build_debian.sh @@ -161,12 +161,10 @@ sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install pigz sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install busybox linux-base echo '[INFO] Install SONiC linux kernel image' ## Note: duplicate apt-get command to ensure every line return zero -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/initramfs-tools-core_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/initramfs-tools_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/linux-image-${LINUX_KERNEL_VERSION}-*_${CONFIGURED_ARCH}.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f +sudo cp $debs_path/initramfs-tools-core_*.deb $debs_path/initramfs-tools_*.deb $debs_path/linux-image-${LINUX_KERNEL_VERSION}-*_${CONFIGURED_ARCH}.deb $FILESYSTEM_ROOT +basename_deb_packages=$(basename -a $debs_path/initramfs-tools-core_*.deb $debs_path/initramfs-tools_*.deb $debs_path/linux-image-${LINUX_KERNEL_VERSION}-*_${CONFIGURED_ARCH}.deb | sed 's,^,./,') +sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt -y install $basename_deb_packages +( cd $FILESYSTEM_ROOT; sudo rm -f $basename_deb_packages ) sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install acl if [[ $CONFIGURED_ARCH == amd64 ]]; then sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install hdparm @@ -233,7 +231,6 @@ echo '[INFO] Install docker' ## Install apparmor utils since they're missing and apparmor is enabled in the kernel ## Otherwise Docker will fail to start sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install apparmor -sudo cp files/image_config/ntp/ntp-apparmor $FILESYSTEM_ROOT/etc/apparmor.d/local/usr.sbin.ntpd sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install apt-transport-https \ ca-certificates \ curl @@ -333,7 +330,6 @@ sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y in vim \ tcpdump \ dbus \ - ntpstat \ openssh-server \ python3-apt \ traceroute \ @@ -434,7 +430,7 @@ sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y in picocom \ systemd \ systemd-sysv \ - ntp + chrony if [[ $TARGET_BOOTLOADER == grub ]]; then if [[ $CONFIGURED_ARCH == amd64 ]]; then diff --git a/files/build_templates/dhcp_relay.service.j2 b/files/build_templates/dhcp_relay.service.j2 index d87186e4dce1..bd99940ab15c 100644 --- a/files/build_templates/dhcp_relay.service.j2 +++ b/files/build_templates/dhcp_relay.service.j2 @@ -4,7 +4,6 @@ Requires=config-setup.service After=config-setup.service swss.service syncd.service teamd.service BindsTo=sonic.target After=sonic.target -Before=ntp-config.service StartLimitIntervalSec=1200 StartLimitBurst=3 diff --git a/files/build_templates/gnmi.service.j2 b/files/build_templates/gnmi.service.j2 index 7710a8fd0d04..3959640131c0 100644 --- a/files/build_templates/gnmi.service.j2 +++ b/files/build_templates/gnmi.service.j2 @@ -2,7 +2,6 @@ Description=GNMI container Requires=database.service After=database.service swss.service syncd.service -Before=ntp-config.service BindsTo=sonic.target After=sonic.target StartLimitIntervalSec=1200 diff --git a/files/build_templates/lldp.service.j2 b/files/build_templates/lldp.service.j2 deleted file mode 120000 index 1adb318b9154..000000000000 --- a/files/build_templates/lldp.service.j2 +++ /dev/null @@ -1 +0,0 @@ -per_namespace/lldp.service.j2 \ No newline at end of file diff --git a/files/build_templates/mgmt-framework.service.j2 b/files/build_templates/mgmt-framework.service.j2 index ff99afe62bc1..b6b6968210da 100644 --- a/files/build_templates/mgmt-framework.service.j2 +++ b/files/build_templates/mgmt-framework.service.j2 @@ -4,7 +4,6 @@ Requires=database.service After=database.service swss.service syncd.service BindsTo=sonic.target After=sonic.target -Before=ntp-config.service [Service] User={{ sonicadmin_user }} diff --git a/files/build_templates/nat.service.j2 b/files/build_templates/nat.service.j2 index 095bcd40cf4a..507c6de76d15 100644 --- a/files/build_templates/nat.service.j2 +++ b/files/build_templates/nat.service.j2 @@ -4,7 +4,6 @@ Requires=config-setup.service After=config-setup.service swss.service syncd.service BindsTo=sonic.target After=sonic.target -Before=ntp-config.service StartLimitIntervalSec=1200 StartLimitBurst=3 diff --git a/files/build_templates/p4rt.service.j2 b/files/build_templates/p4rt.service.j2 index b4adce5332d1..5a06a02c2156 100644 --- a/files/build_templates/p4rt.service.j2 +++ b/files/build_templates/p4rt.service.j2 @@ -4,7 +4,6 @@ Requires=database.service After=database.service swss.service BindsTo=sonic.target After=sonic.target -Before=ntp-config.service StartLimitIntervalSec=1200 StartLimitBurst=3 diff --git a/files/build_templates/per_namespace/bgp.service.j2 b/files/build_templates/per_namespace/bgp.service.j2 index 52d7d1084606..2b8497265bc5 100644 --- a/files/build_templates/per_namespace/bgp.service.j2 +++ b/files/build_templates/per_namespace/bgp.service.j2 @@ -6,7 +6,6 @@ Requires=config-setup.service After=config-setup.service BindsTo=sonic.target After=sonic.target -Before=ntp-config.service After=swss{% if multi_instance == 'true' %}@%i{% endif %}.service After=interfaces-config.service StartLimitIntervalSec=1200 diff --git a/files/build_templates/per_namespace/gbsyncd.service.j2 b/files/build_templates/per_namespace/gbsyncd.service.j2 index 7a6de8c7d1e9..876161c65dfe 100644 --- a/files/build_templates/per_namespace/gbsyncd.service.j2 +++ b/files/build_templates/per_namespace/gbsyncd.service.j2 @@ -7,7 +7,6 @@ After=interfaces-config.service After=swss{% if multi_instance == 'true' %}@%i{% endif %}.service BindsTo=sonic.target After=sonic.target -Before=ntp-config.service [Service] User=root diff --git a/files/build_templates/per_namespace/lldp.service.j2 b/files/build_templates/per_namespace/lldp.service.j2 index 95d938472ea2..ac8f4ae7661a 100644 --- a/files/build_templates/per_namespace/lldp.service.j2 +++ b/files/build_templates/per_namespace/lldp.service.j2 @@ -10,7 +10,6 @@ BindsTo=sonic.target After=sonic.target BindsTo=sonic.target After=sonic.target -Before=ntp-config.service StartLimitIntervalSec=1200 StartLimitBurst=3 diff --git a/files/build_templates/per_namespace/swss.service.j2 b/files/build_templates/per_namespace/swss.service.j2 index b0560aabc57a..9e07f78d79d2 100644 --- a/files/build_templates/per_namespace/swss.service.j2 +++ b/files/build_templates/per_namespace/swss.service.j2 @@ -13,7 +13,6 @@ Requires=config-setup.service After=config-setup.service BindsTo=sonic.target After=sonic.target -Before=ntp-config.service StartLimitIntervalSec=1200 StartLimitBurst=3 diff --git a/files/build_templates/per_namespace/syncd.service.j2 b/files/build_templates/per_namespace/syncd.service.j2 index 842eaebc756e..5a3e4891a3b2 100644 --- a/files/build_templates/per_namespace/syncd.service.j2 +++ b/files/build_templates/per_namespace/syncd.service.j2 @@ -18,7 +18,6 @@ Requires=config-setup.service After=config-setup.service BindsTo=sonic.target After=sonic.target -Before=ntp-config.service {% if sonic_asic_platform == 'mellanox' %} Requires=nv-syncd-shared.service After=nv-syncd-shared.service diff --git a/files/build_templates/per_namespace/teamd.service.j2 b/files/build_templates/per_namespace/teamd.service.j2 index ddf6691eae98..2ec784a483fd 100644 --- a/files/build_templates/per_namespace/teamd.service.j2 +++ b/files/build_templates/per_namespace/teamd.service.j2 @@ -9,7 +9,6 @@ Requires=config-setup.service After=config-setup.service BindsTo=sonic.target After=sonic.target -Before=ntp-config.service StartLimitIntervalSec=1200 StartLimitBurst=3 diff --git a/files/build_templates/pmon.service.j2 b/files/build_templates/pmon.service.j2 index b2cd75ac70a9..75a997ce2580 100644 --- a/files/build_templates/pmon.service.j2 +++ b/files/build_templates/pmon.service.j2 @@ -7,7 +7,6 @@ After=syncd.service {% endif %} BindsTo=sonic.target After=sonic.target -Before=ntp-config.service StartLimitIntervalSec=1200 StartLimitBurst=3 diff --git a/files/build_templates/radv.service.j2 b/files/build_templates/radv.service.j2 index 4c414a83c386..4205abc0aa3a 100644 --- a/files/build_templates/radv.service.j2 +++ b/files/build_templates/radv.service.j2 @@ -2,7 +2,6 @@ Description=Router advertiser container Requires=config-setup.service After=config-setup.service swss.service syncd.service -Before=ntp-config.service BindsTo=sonic.target After=sonic.target StartLimitIntervalSec=1200 diff --git a/files/build_templates/restapi.service.j2 b/files/build_templates/restapi.service.j2 index c82510238a83..49d436193ec9 100644 --- a/files/build_templates/restapi.service.j2 +++ b/files/build_templates/restapi.service.j2 @@ -4,7 +4,6 @@ Requires=config-setup.service After=config-setup.service BindsTo=sonic.target After=sonic.target -Before=ntp-config.service [Service] User={{ sonicadmin_user }} diff --git a/files/build_templates/sflow.service.j2 b/files/build_templates/sflow.service.j2 index b83e7e594be7..5c78311a2523 100644 --- a/files/build_templates/sflow.service.j2 +++ b/files/build_templates/sflow.service.j2 @@ -4,7 +4,6 @@ Requisite=swss.service After=swss.service syncd.service hostcfgd.service interfaces-config.service BindsTo=sonic.target After=sonic.target -Before=ntp-config.service StartLimitIntervalSec=1200 StartLimitBurst=3 diff --git a/files/build_templates/snmp.service.j2 b/files/build_templates/snmp.service.j2 index db3ac1907f6c..3b608d6e332a 100644 --- a/files/build_templates/snmp.service.j2 +++ b/files/build_templates/snmp.service.j2 @@ -5,7 +5,6 @@ Requisite=swss.service After=config-setup.service swss.service syncd.service interfaces-config.service BindsTo=sonic.target After=sonic.target -Before=ntp-config.service StartLimitIntervalSec=1200 StartLimitBurst=3 diff --git a/files/build_templates/sonic_debian_extension.j2 b/files/build_templates/sonic_debian_extension.j2 index e959fb24f931..555f29b20ad9 100644 --- a/files/build_templates/sonic_debian_extension.j2 +++ b/files/build_templates/sonic_debian_extension.j2 @@ -77,6 +77,41 @@ else sudo chroot $FILESYSTEM_ROOT $DOCKER_CTL_SCRIPT start fi +install_pip_package() { + pip_wheel=$1 + if [[ -z "$pip_wheel" ]]; then + return + fi + sudo cp $pip_wheel $FILESYSTEM_ROOT/ + basename_pip_wheel=$(basename -a $@) + sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install $basename_pip_wheel + ( cd $FILESYSTEM_ROOT; sudo rm -f $basename_pip_wheel ) +} + +install_deb_package() { + deb_packages=$@ + if [[ -z "$deb_packages" ]]; then + return + fi + sudo cp $deb_packages $FILESYSTEM_ROOT/ + basename_deb_packages=$(basename -a $@) + sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT dpkg -i $basename_deb_packages || \ + sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f + ( cd $FILESYSTEM_ROOT; sudo rm -f $basename_deb_packages ) +} + +install_deb_package_lazy() { + deb_packages=$@ + if [[ -z "$deb_packages" ]]; then + return + fi + sudo cp $deb_packages $FILESYSTEM_ROOT/ + basename_deb_packages=$(basename -a $@) + sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT dpkg -i $basename_deb_packages || \ + sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f --download-only + ( cd $FILESYSTEM_ROOT; sudo rm -f $basename_deb_packages ) +} + # Update apt's snapshot of its repos sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get update @@ -100,8 +135,7 @@ sudo mkdir -p $FILESYSTEM_ROOT_USR_SHARE_SONIC_FIRMWARE/ sudo mkdir -p $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM # Install sonic-nettools -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/sonic-nettools_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f +install_deb_package $debs_path/sonic-nettools_*.deb sudo setcap 'cap_net_raw=+ep' $FILESYSTEM_ROOT/usr/bin/wol # This is needed for moving monit logs, state and logrotate status to tmpfs @@ -110,13 +144,7 @@ sudo bash -c "echo \"d /dev/shm/logrotate/ 0755 root root\" > $FILESYSTEM_ROOT/e # Install a patched version of ifupdown2 (and its dependencies via 'apt-get -y install -f') -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/ifupdown2_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f - -# Install a patched version of ntp (and its dependencies via 'apt-get -y install -f') -sudo dpkg --root=$FILESYSTEM_ROOT --force-confdef --force-confold -i $debs_path/ntp_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y \ - -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install -f +install_deb_package $debs_path/ifupdown2_*.deb # Install dependencies for SONiC config engine sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install \ @@ -130,10 +158,8 @@ sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install "redis # Install redis-dump-load Python 3 package # Note: the scripts will be overwritten by corresponding Python 2 package -REDIS_DUMP_LOAD_PY3_WHEEL_NAME=$(basename {{redis_dump_load_py3_wheel_path}}) -sudo cp {{redis_dump_load_py3_wheel_path}} $FILESYSTEM_ROOT/$REDIS_DUMP_LOAD_PY3_WHEEL_NAME -sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install $REDIS_DUMP_LOAD_PY3_WHEEL_NAME -sudo rm -rf $FILESYSTEM_ROOT/$REDIS_DUMP_LOAD_PY3_WHEEL_NAME + +install_pip_package {{redis_dump_load_py3_wheel_path}} # Install Python module for psutil sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install psutil @@ -151,10 +177,7 @@ if [[ $CONFIGURED_ARCH == amd64 || $CONFIGURED_ARCH == arm64 ]]; then fi # Install sonic-py-common Python 3 package -SONIC_PY_COMMON_PY3_WHEEL_NAME=$(basename {{sonic_py_common_py3_wheel_path}}) -sudo cp {{sonic_py_common_py3_wheel_path}} $FILESYSTEM_ROOT/$SONIC_PY_COMMON_PY3_WHEEL_NAME -sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install $SONIC_PY_COMMON_PY3_WHEEL_NAME -sudo rm -rf $FILESYSTEM_ROOT/$SONIC_PY_COMMON_PY3_WHEEL_NAME +install_pip_package {{sonic_py_common_py3_wheel_path}} # Install dependency pkgs for SONiC config engine Python 2 package if [[ $CONFIGURED_ARCH == armhf || $CONFIGURED_ARCH == arm64 ]]; then @@ -162,18 +185,11 @@ if [[ $CONFIGURED_ARCH == armhf || $CONFIGURED_ARCH == arm64 ]]; then fi # Install sonic-yang-models Python 3 package, install dependencies -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/libyang_*.deb $debs_path/libyang-cpp_*.deb $debs_path/python3-yang_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f -SONIC_YANG_MODEL_PY3_WHEEL_NAME=$(basename {{sonic_yang_models_py3_wheel_path}}) -sudo cp {{sonic_yang_models_py3_wheel_path}} $FILESYSTEM_ROOT/$SONIC_YANG_MODEL_PY3_WHEEL_NAME -sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install $SONIC_YANG_MODEL_PY3_WHEEL_NAME -sudo rm -rf $FILESYSTEM_ROOT/$SONIC_YANG_MODEL_PY3_WHEEL_NAME +install_deb_package $debs_path/libyang_*.deb $debs_path/libyang-cpp_*.deb $debs_path/python3-yang_*.deb +install_pip_package {{sonic_yang_models_py3_wheel_path}} # Install sonic-yang-mgmt Python3 package -SONIC_YANG_MGMT_PY3_WHEEL_NAME=$(basename {{sonic_yang_mgmt_py3_wheel_path}}) -sudo cp {{sonic_yang_mgmt_py3_wheel_path}} $FILESYSTEM_ROOT/$SONIC_YANG_MGMT_PY3_WHEEL_NAME -sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install $SONIC_YANG_MGMT_PY3_WHEEL_NAME -sudo rm -rf $FILESYSTEM_ROOT/$SONIC_YANG_MGMT_PY3_WHEEL_NAME +install_pip_package {{sonic_yang_mgmt_py3_wheel_path}} # For sonic-config-engine Python 3 package # Install pyangbind here, outside sonic-config-engine dependencies, as pyangbind causes enum34 to be installed. @@ -184,24 +200,15 @@ sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install pyangb sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 uninstall -y enum34 # Install SONiC config engine Python 3 package -CONFIG_ENGINE_PY3_WHEEL_NAME=$(basename {{config_engine_py3_wheel_path}}) -sudo cp {{config_engine_py3_wheel_path}} $FILESYSTEM_ROOT/$CONFIG_ENGINE_PY3_WHEEL_NAME -sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install $CONFIG_ENGINE_PY3_WHEEL_NAME -sudo rm -rf $FILESYSTEM_ROOT/$CONFIG_ENGINE_PY3_WHEEL_NAME +install_pip_package {{config_engine_py3_wheel_path}} # Install sonic-platform-common Python 3 package -PLATFORM_COMMON_PY3_WHEEL_NAME=$(basename {{platform_common_py3_wheel_path}}) -sudo cp {{platform_common_py3_wheel_path}} $FILESYSTEM_ROOT/$PLATFORM_COMMON_PY3_WHEEL_NAME -sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install $PLATFORM_COMMON_PY3_WHEEL_NAME -sudo rm -rf $FILESYSTEM_ROOT/$PLATFORM_COMMON_PY3_WHEEL_NAME +install_pip_package {{platform_common_py3_wheel_path}} {% if pddf_support == "y" %} # Install pddf-platform-api-base Python 3 package -PLATFORM_PDDF_COMMON_PY3_WHEEL_NAME=$(basename {{pddf_platform_api_base_py3_wheel_path}}) -sudo cp {{pddf_platform_api_base_py3_wheel_path}} $FILESYSTEM_ROOT/$PLATFORM_PDDF_COMMON_PY3_WHEEL_NAME -sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install $PLATFORM_PDDF_COMMON_PY3_WHEEL_NAME -sudo rm -rf $FILESYSTEM_ROOT/$PLATFORM_PDDF_COMMON_PY3_WHEEL_NAME +install_pip_package {{pddf_platform_api_base_py3_wheel_path}} {% endif %} {# Barefoot platform vendors' sonic_platform packages import the Python 'thrift' library #} @@ -210,10 +217,7 @@ sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install thrift {% endif %} # Install system-health Python 3 package -SYSTEM_HEALTH_PY3_WHEEL_NAME=$(basename {{system_health_py3_wheel_path}}) -sudo cp {{system_health_py3_wheel_path}} $FILESYSTEM_ROOT/$SYSTEM_HEALTH_PY3_WHEEL_NAME -sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install $SYSTEM_HEALTH_PY3_WHEEL_NAME -sudo rm -rf $FILESYSTEM_ROOT/$SYSTEM_HEALTH_PY3_WHEEL_NAME +install_pip_package {{system_health_py3_wheel_path}} # Install m2crypto, cryptography, cffi, and pynacl packages, used by sonic-utilities sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install python3-m2crypto python3-cryptography python3-cffi python3-nacl @@ -222,18 +226,13 @@ sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y in sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install libffi-dev # Install SONiC Utilities Python package -SONIC_UTILITIES_PY3_WHEEL_NAME=$(basename {{sonic_utilities_py3_wheel_path}}) -sudo cp {{sonic_utilities_py3_wheel_path}} $FILESYSTEM_ROOT/$SONIC_UTILITIES_PY3_WHEEL_NAME -sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install $SONIC_UTILITIES_PY3_WHEEL_NAME -sudo rm -rf $FILESYSTEM_ROOT/$SONIC_UTILITIES_PY3_WHEEL_NAME +install_pip_package {{sonic_utilities_py3_wheel_path}} # Install sonic-utilities data files (and any dependencies via 'apt-get -y install -f') -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/sonic-utilities-data_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f +install_deb_package $debs_path/sonic-utilities-data_*.deb # Install customized bash version to patch bash plugin support. -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/bash_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f +install_deb_package $debs_path/bash_*.deb # sonic-utilities-data installs bash-completion as a dependency. However, it is disabled by default # in bash.bashrc, so we copy a version of the file with it enabled here. @@ -263,32 +262,25 @@ if [[ $CONFIGURED_ARCH == armhf ]]; then fi # Install SONiC host services package -SONIC_HOST_SERVICES_PY3_WHEEL_NAME=$(basename {{sonic_host_services_py3_wheel_path}}) -sudo cp {{sonic_host_services_py3_wheel_path}} $FILESYSTEM_ROOT/$SONIC_HOST_SERVICES_PY3_WHEEL_NAME -sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install $SONIC_HOST_SERVICES_PY3_WHEEL_NAME -sudo rm -rf $FILESYSTEM_ROOT/$SONIC_HOST_SERVICES_PY3_WHEEL_NAME +install_pip_package {{sonic_host_services_py3_wheel_path}} # Install SONiC host services data files (and any dependencies via 'apt-get -y install -f') -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/sonic-host-services-data_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f +install_deb_package $debs_path/sonic-host-services-data_*.deb {% if enable_ztp == "y" %} # Install ZTP (and its dependencies via 'apt-get -y install -f') -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/sonic-ztp_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f +install_deb_package $debs_path/sonic-ztp_*.deb {% endif %} {% for machine_debs in lazy_build_installer_debs.strip().split() -%} {% set machine, pkgname = machine_debs.split('|') %} if [[ -z "{{machine}}" || -n "{{machine}}" && $TARGET_MACHINE == "{{machine}}" ]]; then -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/{{pkgname}} || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f +install_deb_package $debs_path/{{pkgname}} fi {% endfor %} # Install SONiC Device Data (and its dependencies via 'apt-get -y install -f') -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/sonic-device-data_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f +install_deb_package $debs_path/sonic-device-data_*.deb # package for supporting password hardening sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install libpam-pwquality @@ -307,18 +299,13 @@ sudo LANG=C chroot $FILESYSTEM_ROOT systemctl stop nslcd.service sudo LANG=C chroot $FILESYSTEM_ROOT systemctl mask nslcd.service # Install pam-tacplus and nss-tacplus -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/libtac2_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/libpam-tacplus_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/libnss-tacplus_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f +install_deb_package $debs_path/libtac2_*.deb +install_deb_package $debs_path/libpam-tacplus_*.deb +install_deb_package $debs_path/libnss-tacplus_*.deb # Install bash-tacplus -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/bash-tacplus_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f +install_deb_package $debs_path/bash-tacplus_*.deb # Install audisp-tacplus -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/audisp-tacplus_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f +install_deb_package $debs_path/audisp-tacplus_*.deb # Disable tacplus and LDAP by default ## NOTE: this syntax of pam-auth-update is meant to be used when the package gets removed, not for specifying ## some local configuration of a PAM module. Currently, there's no clean way of noninteractively specifying @@ -330,10 +317,8 @@ sudo LANG=C chroot $FILESYSTEM_ROOT pam-auth-update --remove tacplus ldap sudo sed -i -e '/^passwd/s/ tacplus//' $FILESYSTEM_ROOT/etc/nsswitch.conf # Install pam-radius-auth and nss-radius -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/libpam-radius-auth_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/libnss-radius_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f +install_deb_package $debs_path/libpam-radius-auth_*.deb +install_deb_package $debs_path/libnss-radius_*.deb # Disable radius by default # radius does not have any profiles #sudo LANG=C chroot $FILESYSTEM_ROOT pam-auth-update --remove radius tacplus @@ -341,8 +326,7 @@ sudo sed -i -e '/^passwd/s/ radius//' $FILESYSTEM_ROOT/etc/nsswitch.conf # Install a custom version of kdump-tools (and its dependencies via 'apt-get -y install -f') if [ "$TARGET_BOOTLOADER" != uboot ]; then -sudo DEBIAN_FRONTEND=noninteractive dpkg --root=$FILESYSTEM_ROOT -i $debs_path/kdump-tools_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true chroot $FILESYSTEM_ROOT apt-get -q --no-install-suggests --no-install-recommends install + install_deb_package $debs_path/kdump-tools_*.deb cat $IMAGE_CONFIGS/kdump/kdump-tools | sudo tee -a $FILESYSTEM_ROOT/etc/default/kdump-tools > /dev/null for kernel_release in $(ls $FILESYSTEM_ROOT/lib/modules/); do @@ -354,24 +338,21 @@ fi # Install python-swss-common package and all its dependent packages {% if python_swss_debs.strip() -%} {% for deb in python_swss_debs.strip().split(' ') -%} -sudo dpkg --root=$FILESYSTEM_ROOT -i {{deb}} || sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f +install_deb_package {{deb}} {% endfor %} {% endif %} # Install sonic-db-cli -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/sonic-db-cli_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f +install_deb_package $debs_path/sonic-db-cli_*.deb {% if include_system_eventd == "y" and build_reduce_image_size != "y" %} # Install sonic-rsyslog-plugin -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/sonic-rsyslog-plugin_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f +install_deb_package $debs_path/sonic-rsyslog-plugin_*.deb {% endif %} # Install custom-built monit package and SONiC configuration files -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/monit_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f +install_deb_package $debs_path/monit_*.deb sudo cp $IMAGE_CONFIGS/monit/monitrc $FILESYSTEM_ROOT/etc/monit/ sudo chmod 600 $FILESYSTEM_ROOT/etc/monit/monitrc sudo cp $IMAGE_CONFIGS/monit/conf.d/* $FILESYSTEM_ROOT/etc/monit/conf.d/ @@ -395,29 +376,27 @@ sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y in sudo cp $IMAGE_CONFIGS/smartmontools/smartmontools $FILESYSTEM_ROOT/etc/default/smartmontools # Install custom-built openssh sshd -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/openssh-server_${OPENSSH_VERSION_FULL}_*.deb $debs_path/openssh-client_${OPENSSH_VERSION_FULL}_*.deb $debs_path/openssh-sftp-server_${OPENSSH_VERSION_FULL}_*.deb +install_deb_package $debs_path/openssh-server_${OPENSSH_VERSION_FULL}_*.deb $debs_path/openssh-client_${OPENSSH_VERSION_FULL}_*.deb $debs_path/openssh-sftp-server_${OPENSSH_VERSION_FULL}_*.deb {% if sonic_asic_platform == 'broadcom' %} # Install custom-built flashrom -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/flashrom_*.deb +install_deb_package $debs_path/flashrom_*.deb {% endif %} # Copy crontabs sudo cp -f $IMAGE_CONFIGS/cron.d/* $FILESYSTEM_ROOT/etc/cron.d/ # Copy NTP configuration files and templates -sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT \ - apt-get -y install ntpdate -sudo rm -f $FILESYSTEM_ROOT/etc/network/if-up.d/ntpsec-ntpdate -sudo cp $IMAGE_CONFIGS/ntp/ntp-config.service $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM -echo "ntp-config.service" | sudo tee -a $GENERATED_SERVICE_FILE -sudo cp $IMAGE_CONFIGS/ntp/ntp-config.sh $FILESYSTEM_ROOT/usr/bin/ -sudo cp $IMAGE_CONFIGS/ntp/ntp.conf.j2 $FILESYSTEM_ROOT_USR_SHARE_SONIC_TEMPLATES/ -sudo cp $IMAGE_CONFIGS/ntp/ntp.keys.j2 $FILESYSTEM_ROOT_USR_SHARE_SONIC_TEMPLATES/ -sudo cp $IMAGE_CONFIGS/ntp/ntp-systemd-wrapper $FILESYSTEM_ROOT/usr/libexec/ntpsec/ -sudo mkdir $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM/ntpsec.service.d -sudo cp $IMAGE_CONFIGS/ntp/sonic-target.conf $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM/ntpsec.service.d/ -echo "ntpsec.service" | sudo tee -a $GENERATED_SERVICE_FILE +sudo cp $IMAGE_CONFIGS/chrony/chrony-config.sh $FILESYSTEM_ROOT/usr/bin/ +sudo cp $IMAGE_CONFIGS/chrony/chrony.conf.j2 $FILESYSTEM_ROOT_USR_SHARE_SONIC_TEMPLATES/ +sudo cp $IMAGE_CONFIGS/chrony/chrony.keys.j2 $FILESYSTEM_ROOT_USR_SHARE_SONIC_TEMPLATES/ +sudo cp $IMAGE_CONFIGS/chrony/chronyd-starter.sh $FILESYSTEM_ROOT/usr/local/sbin/ +sudo cp $IMAGE_CONFIGS/chrony/check_ntp_status.sh $FILESYSTEM_ROOT/usr/local/bin/ +sudo mkdir $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM/chrony.service.d +# Don't start chrony with multi-user.target, add our override, and start it with sonic.target +sudo LANG=C chroot $FILESYSTEM_ROOT systemctl disable chrony.service +sudo cp $IMAGE_CONFIGS/chrony/override.conf $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM/chrony.service.d/ +sudo LANG=C chroot $FILESYSTEM_ROOT systemctl enable chrony.service # Copy DNS templates sudo cp $BUILD_TEMPLATES/dns.j2 $FILESYSTEM_ROOT_USR_SHARE_SONIC_TEMPLATES/ @@ -518,8 +497,7 @@ sudo chmod og-rw $FILESYSTEM_ROOT_ETC_SONIC/core_analyzer.rc.json if [[ $CONFIGURED_ARCH == amd64 ]]; then # Install rasdaemon package # NOTE: Can be installed from debian directly when we move to trixie - sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/rasdaemon_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f + install_deb_package $debs_path/rasdaemon_*.deb # Rasdaemon service configuration. Use timer to start rasdaemon with a delay for better fast/warm boot performance sudo cp $IMAGE_CONFIGS/rasdaemon/rasdaemon.timer $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM @@ -751,7 +729,7 @@ fi {% if installer_debs.strip() -%} {% for deb in installer_debs.strip().split(' ') -%} -sudo dpkg --root=$FILESYSTEM_ROOT -i {{deb}} || sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f +install_deb_package {{deb}} {% endfor %} {% endif %} @@ -765,7 +743,7 @@ PACKAGE_NAME=$(dpkg-deb -f {{deb}} Package) PACKAGE_VERSION=$(dpkg-deb -f {{deb}} Version) INSTALLED_VERSION=$(dpkg-query --showformat='${Version}' --show $PACKAGE_NAME || true) if [ "$INSTALLED_VERSION" != "" ] && [ "$INSTALLED_VERSION" != "$PACKAGE_VERSION" ]; then - sudo dpkg --root=$FILESYSTEM_ROOT -i {{deb}} + install_deb_package {{deb}} fi ## SONiC packages may have lower version than Debian offical package, install offical Debian package will break feature @@ -787,7 +765,7 @@ sudo LANG=C chroot $FILESYSTEM_ROOT depmod -a {{kversion}} {% set debfilename = deb.split('/')|last -%} {% set debname = debfilename.split('_')|first -%} -sudo dpkg --root=$FILESYSTEM_ROOT -i {{deb}} || sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f --download-only +install_deb_package_lazy {{deb}} sudo mkdir -p $FILESYSTEM_ROOT/$PLATFORM_DIR/{{dev}} sudo mkdir -p $FILESYSTEM_ROOT/$PLATFORM_DIR/common @@ -798,7 +776,7 @@ for f in $(find $FILESYSTEM_ROOT/var/cache/apt/archives -name "*.deb"); do sudo ln -sf "../common/$(basename $f)" "$FILESYSTEM_ROOT/$PLATFORM_DIR/{{dev}}/$(basename $f)" done -sudo dpkg --root=$FILESYSTEM_ROOT -P {{ debname }} +sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT dpkg -P {{ debname }} {% endfor %} # create a trivial apt repo if any of the debs have dependencies, including between lazy debs @@ -1106,10 +1084,7 @@ j2 platform/mellanox/mlnx-fw-upgrade.j2 | sudo tee $FILESYSTEM_ROOT/usr/bin/mlnx sudo chmod 755 $FILESYSTEM_ROOT/usr/bin/mlnx-fw-upgrade.sh # Install mlnx-sonic-platform Python 3 package -MLNX_SONIC_PLATFORM_PY3_WHEEL_NAME=$(basename {{mlnx_platform_api_py3_wheel_path}}) -sudo cp {{mlnx_platform_api_py3_wheel_path}} $FILESYSTEM_ROOT/$MLNX_SONIC_PLATFORM_PY3_WHEEL_NAME -sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install $MLNX_SONIC_PLATFORM_PY3_WHEEL_NAME -sudo rm -rf $FILESYSTEM_ROOT/$MLNX_SONIC_PLATFORM_PY3_WHEEL_NAME +install_pip_package {{mlnx_platform_api_py3_wheel_path}} # Install service that manages Nvidia specific shared storage sudo cp platform/mellanox/nv-syncd-shared/nv-syncd-shared.service $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM/ @@ -1153,14 +1128,10 @@ sudo install -m 755 platform/nvidia-bluefield/byo/sonic-byo.py $FILESYSTEM_ROOT/ SONIC_PLATFORM={{sonic_asic_platform}} j2 platform/mellanox/mlnx-fw-upgrade.j2 | sudo tee $FILESYSTEM_ROOT/usr/bin/mlnx-fw-upgrade.sh sudo chmod 755 $FILESYSTEM_ROOT/usr/bin/mlnx-fw-upgrade.sh -SONIC_PLATFORM_PY3_WHEEL_NAME=$(basename {{platform_api_py3_wheel_path}}) -sudo cp {{platform_api_py3_wheel_path}} $FILESYSTEM_ROOT/$SONIC_PLATFORM_PY3_WHEEL_NAME -sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install $SONIC_PLATFORM_PY3_WHEEL_NAME -sudo rm -rf $FILESYSTEM_ROOT/$SONIC_PLATFORM_PY3_WHEEL_NAME +install_pip_package {{platform_api_py3_wheel_path}} -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/libdashapi_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f +install_deb_package $debs_path/libdashapi_*.deb sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install xmlstarlet @@ -1188,7 +1159,7 @@ sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y in if [ "$INCLUDE_FIPS" == y ]; then {% if installer_python_debs.strip() -%} {% for deb in installer_python_debs.strip().split(' ') -%} - sudo dpkg --root=$FILESYSTEM_ROOT -i {{deb}} + install_deb_package {{deb}} {% endfor %} {% endif %} fi diff --git a/files/build_templates/telemetry.service.j2 b/files/build_templates/telemetry.service.j2 index ebdd484dc877..97b622fc67c3 100644 --- a/files/build_templates/telemetry.service.j2 +++ b/files/build_templates/telemetry.service.j2 @@ -2,7 +2,6 @@ Description=Telemetry container Requires=database.service After=database.service swss.service syncd.service -Before=ntp-config.service BindsTo=sonic.target After=sonic.target StartLimitIntervalSec=1200 diff --git a/files/image_config/chrony/check_ntp_status.sh b/files/image_config/chrony/check_ntp_status.sh new file mode 100755 index 000000000000..1cb556057a36 --- /dev/null +++ b/files/image_config/chrony/check_ntp_status.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +if chronyc -c tracking | grep -q "Not synchronised"; then + echo "NTP is not synchronized with servers" + exit 1 +fi diff --git a/files/image_config/chrony/chrony-config.sh b/files/image_config/chrony/chrony-config.sh new file mode 100755 index 000000000000..7d5e9b937d7a --- /dev/null +++ b/files/image_config/chrony/chrony-config.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +sonic-cfggen -d -t /usr/share/sonic/templates/chrony.conf.j2 >/etc/chrony/chrony.conf +sonic-cfggen -d -t /usr/share/sonic/templates/chrony.keys.j2 >/etc/chrony/chrony.keys +chmod o-r /etc/chrony/chrony.keys diff --git a/files/image_config/ntp/ntp.conf.j2 b/files/image_config/chrony/chrony.conf.j2 similarity index 58% rename from files/image_config/ntp/ntp.conf.j2 rename to files/image_config/chrony/chrony.conf.j2 index a3b0f0909728..a41e68451580 100644 --- a/files/image_config/ntp/ntp.conf.j2 +++ b/files/image_config/chrony/chrony.conf.j2 @@ -1,24 +1,19 @@ ############################################################################### # This file was AUTOMATICALLY GENERATED. DO NOT MODIFY. -# Controlled by ntp-config.service +# Controlled by chrony-config.sh ############################################################################### -# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help +# Welcome to the chrony configuration file. See chrony.conf(5) for more +# information about usable directives. -# To avoid ntpd from panic and exit if the drift between new time and -# current system time is large. -tinker panic 0 - -driftfile /var/lib/ntpsec/ntp.drift -leapfile /usr/share/zoneinfo/leap-seconds.list +# Include configuration files found in /etc/chrony/conf.d. +confdir /etc/chrony/conf.d {# Getting NTP global configuration -#} {% set global = (NTP | d({})).get('global', {}) -%} -{# Adding NTP servers. We need to know if we have some pools, to set proper -config -#} +{# Adding NTP servers. We need to know if we have some pools, to set proper config -#} {% set ns = namespace(is_pools=false) %} -{% set ip_ver_ns = namespace(ipv4_server=false, ipv6_server=false) %} {% for server in NTP_SERVER if NTP_SERVER[server].admin_state != 'disabled' -%} {% set config = NTP_SERVER[server] -%} {# Server options -#} @@ -53,38 +48,16 @@ config -#} {% endif -%} {{ association_type }} {{ resolve_as }}{{ soptions }} -{% if global.server_role == 'disabled' %} -restrict {{ resolve_as }} kod limited nomodify noquery -{% endif %} - -{% if resolve_as | ipv4 -%} - {% set ip_ver_ns.ipv4_server = true %} -{% elif resolve_as | ipv6 %} - {% set ip_ver_ns.ipv6_server = true %} -{% endif -%} - {% endfor -%} -{% set trusted_keys_arr = [] -%} -{% for key in NTP_KEY -%} - {% set keydata = NTP_KEY[key] -%} - {% if keydata.trusted == 'yes' -%} - {% set trusted_keys_arr = trusted_keys_arr.append(key) -%} - {% endif -%} -{% endfor %} - -{% if global.authentication == 'enabled' %} -keys /etc/ntpsec/ntp.keys -{% if trusted_keys_arr != [] %} -trustedkey {{ trusted_keys_arr|join(' ') }} -{% endif %} -{% endif %} +{# Enable NTP server functionality if server_role is enabled or DHCP configuration is enabled -#} +{# {% if global.server_role == 'enabled' or global.dhcp == 'enabled' -%} +allow +{% endif -%} #} -{# listen on source interface if configured, else only listen on MGMT_INTERFACE, -LOOPBACK_INTERFACE ip when MGMT_INTERFACE is not defined, or eth0 if we don't -have both of them (default is to listen on all ip addresses) -#} -interface ignore wildcard +{# use source interface if configured to send NTP requests, else use eth0 if running in mgmt +vrf (default is not to listen on anything) -#} {# Set interface to listen on: * Set global variable for configured source interface name. @@ -123,41 +96,61 @@ interface ignore wildcard {%- endif %} {% endif %} -{% if ns.source_intf_ip == 'true' %} -interface listen {{ns.source_intf}} -{% elif (NTP) and NTP['global']['vrf'] == 'mgmt' %} -interface listen eth0 -{% elif MGMT_INTERFACE %} -{% for (mgmt_intf, mgmt_prefix) in MGMT_INTERFACE|pfx_filter %} -interface listen {{ mgmt_prefix | ip }} -{% endfor %} -{% elif LOOPBACK_INTERFACE %} -{% for (name, prefix) in LOOPBACK_INTERFACE|pfx_filter %} -{% if name == 'Loopback0' %} -{% if prefix | ipv4 and ip_ver_ns.ipv4_server or prefix | ipv6 and ip_ver_ns.ipv6_server %} -interface listen {{ prefix | ip }} -{% endif %} -{% endif %} -{% endfor %} -{% else %} -interface listen eth0 +{% if ns.source_intf_ip == 'true' -%} +bindacqdevice {{ns.source_intf}} +{% elif (NTP) and NTP['global']['vrf'] == 'mgmt' -%} +bindacqdevice eth0 {% endif %} -interface listen 127.0.0.1 -{# Access control options -#} -{% set options = '' -%} +# Use time sources from DHCP. +sourcedir /run/chrony-dhcp -{# Disable NTP server functionality. Should stay on when dhcp is enabled -#} -{# {% if global.server_role == 'disabled' and global.dhcp == 'disabled' -%} - {% set options = options ~ ' ignore' -%} -{% endif -%} #} +# Use NTP sources found in /etc/chrony/sources.d. +sourcedir /etc/chrony/sources.d -# Access control configuration -# By default, exchange time with everybody, but don't allow configuration. -# NTPsec doesn't establish peer associations, and so nopeer has no effect, and -# has been removed from here -restrict default kod nomodify noquery limited{{ options }} +{% if global.authentication == 'enabled' %} +# This directive specify the location of the file containing ID/key pairs for +# NTP authentication. +keyfile /etc/chrony/chrony.keys +{% endif %} -# Local users may interrogate the ntp server more closely. -restrict 127.0.0.1 -restrict ::1 +# This directive specify the file into which chronyd will store the rate +# information. +driftfile /var/lib/chrony/chrony.drift + +# Save NTS keys and cookies. +ntsdumpdir /var/lib/chrony + +# Uncomment the following line to turn logging on. +#log tracking measurements statistics + +# Log files location. +logdir /var/log/chrony + +# Stop bad estimates upsetting machine clock. +maxupdateskew 100.0 + +# This directive enables kernel synchronisation (every 11 minutes) of the +# real-time clock. Note that it can’t be used along with the 'rtcfile' directive. +#rtcsync + +# Instead of having the kernel manage the real-time clock, have chrony do this +# instead. The reason for this is that if the system time and the real-time clock +# are signficantly different from the actual time, then the system time must be +# slewed, while the real-time clock can be stepped to the actual time. That way, +# when the device next reboots (whether it be cold, warm, or fast), it will come +# up with the actual time from the real-time clock. +rtcfile /var/lib/chrony/rtc +hwclockfile /etc/adjtime +rtcautotrim 15 + +# Step the system clock instead of slewing it if the adjustment is larger than +# one second, but only in the first three clock updates. +# +# Disabled because we don't want chrony to do any clock steps; it should only slew +#makestep 1 3 + +# Get TAI-UTC offset and leap seconds from the system tz database. +# This directive must be commented out when using time sources serving +# leap-smeared time. +leapsectz right/UTC diff --git a/files/image_config/ntp/ntp.keys.j2 b/files/image_config/chrony/chrony.keys.j2 similarity index 87% rename from files/image_config/ntp/ntp.keys.j2 rename to files/image_config/chrony/chrony.keys.j2 index 961fc7532694..14f190bfdb39 100644 --- a/files/image_config/ntp/ntp.keys.j2 +++ b/files/image_config/chrony/chrony.keys.j2 @@ -1,6 +1,6 @@ ############################################################################### # This file was AUTOMATICALLY GENERATED. DO NOT MODIFY. -# Controlled by ntp-config.service +# Controlled by chrony-config.sh ############################################################################### {# We can connect only to the servers we trust. Determine those servers -#} @@ -14,5 +14,5 @@ {% set trusted_str = ' ' ~ trusted_arr|join(',') -%} {% for keyid in NTP_KEY if NTP_KEY[keyid].type and NTP_KEY[keyid].value %} {% set keyval = NTP_KEY[keyid].value | b64decode %} -{{ keyid }} {{ NTP_KEY[keyid].type }} {{ keyval }}{{trusted_str}} +{{ keyid }} {{ NTP_KEY[keyid].type | upper }} {{ keyval }}{{trusted_str}} {% endfor -%} diff --git a/files/image_config/chrony/chronyd-starter.sh b/files/image_config/chrony/chronyd-starter.sh new file mode 100755 index 000000000000..e8b999ec03a9 --- /dev/null +++ b/files/image_config/chrony/chronyd-starter.sh @@ -0,0 +1,16 @@ +#!/bin/sh + +VRF_ENABLED=$(/usr/local/bin/sonic-cfggen -d -v 'MGMT_VRF_CONFIG["vrf_global"]["mgmtVrfEnabled"]' 2> /dev/null) +if [ "$VRF_ENABLED" = "true" ]; then + VRF_CONFIGURED=$(/usr/local/bin/sonic-cfggen -d -v 'NTP["global"]["vrf"]' 2> /dev/null) + if [ "$VRF_CONFIGURED" = "default" ]; then + echo "Starting NTP server in default-vrf for default set as NTP vrf" + exec /usr/sbin/chronyd $DAEMON_OPTS + else + echo "Starting NTP server in mgmt-vrf" + exec ip vrf exec mgmt /usr/sbin/chronyd $DAEMON_OPTS + fi +else + echo "Starting NTP server in default-vrf" + exec /usr/sbin/chronyd $DAEMON_OPTS +fi diff --git a/files/image_config/ntp/ntp-config.service b/files/image_config/chrony/override.conf similarity index 50% rename from files/image_config/ntp/ntp-config.service rename to files/image_config/chrony/override.conf index 97ee960bdad2..0b9c664cf7ae 100644 --- a/files/image_config/ntp/ntp-config.service +++ b/files/image_config/chrony/override.conf @@ -1,16 +1,16 @@ [Unit] -Description=Update NTP configuration Requires=config-setup.service After=config-setup.service BindsTo=sonic.target After=sonic.target -Before=ntp.service -StartLimitIntervalSec=0 [Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/usr/bin/ntp-config.sh +ExecStartPre=!/usr/bin/chrony-config.sh +ExecStart= +ExecStart=!/usr/local/sbin/chronyd-starter.sh +ProtectControlGroups=no +ProcSubset=all [Install] +WantedBy= WantedBy=sonic.target diff --git a/files/image_config/monit/conf.d/sonic-host b/files/image_config/monit/conf.d/sonic-host index 6a16d4e1bdf1..30d539464b29 100644 --- a/files/image_config/monit/conf.d/sonic-host +++ b/files/image_config/monit/conf.d/sonic-host @@ -70,3 +70,7 @@ check program controlPlaneDropCheck with path "/usr/bin/control_plane_drop_check check program mgmtOperStatus with path "/usr/bin/mgmt_oper_status.py" every 1 cycles if status != 0 for 3 cycle then alert repeat every 1 cycles + +# check if NTP is synchronized +#check program ntp with path "/usr/local/bin/check_ntp_status.sh" +# if status != 0 for 3 cycle then alert repeat every 5 cycles diff --git a/files/image_config/ntp/ntp-apparmor b/files/image_config/ntp/ntp-apparmor deleted file mode 100644 index 78edef66a51f..000000000000 --- a/files/image_config/ntp/ntp-apparmor +++ /dev/null @@ -1,9 +0,0 @@ -# Apparmor configuration -# /etc/apparmor.d/local/usr.sbin.ntpd - - # Allow read access to "rw" mount path of fs.squashfs - # Eg: /host/image-HEAD-sonic.../rw/usr/sbin - /**/{,s}bin/ r, - /**/usr/{,s}bin/ r, - /**/usr/local/{,s}bin/ r, - diff --git a/files/image_config/ntp/ntp-config.sh b/files/image_config/ntp/ntp-config.sh deleted file mode 100755 index 13469c58966b..000000000000 --- a/files/image_config/ntp/ntp-config.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash - -ntp_default_file='/etc/default/ntpsec' -ntp_temp_file='/tmp/ntp.orig' - -reboot_type='cold' - -function get_database_reboot_type() -{ - SYSTEM_WARM_START=`sonic-db-cli STATE_DB hget "WARM_RESTART_ENABLE_TABLE|system" enable` - SYSTEM_FAST_START=`sonic-db-cli STATE_DB hget "FAST_RESTART_ENABLE_TABLE|system" enable` - - if [[ x"${SYSTEM_WARM_START}" == x"true" ]]; then - reboot_type='warm' - elif [[ x"${SYSTEM_FAST_START}" == x"true" ]]; then - reboot_type='fast' - fi -} - -function modify_ntp_default -{ - cp ${ntp_default_file} ${ntp_temp_file} - sed -e "$1" ${ntp_temp_file} >${ntp_default_file} -} - -sonic-cfggen -d -t /usr/share/sonic/templates/ntp.conf.j2 >/etc/ntpsec/ntp.conf -sonic-cfggen -d -t /usr/share/sonic/templates/ntp.keys.j2 >/etc/ntpsec/ntp.keys -chmod o-r /etc/ntp.keys - -get_database_reboot_type -echo "Disabling NTP long jump for reboot type ${reboot_type} ..." -modify_ntp_default "s/NTPD_OPTS=\"-g -N\"/NTPD_OPTS=\"-x -N\"/" - -systemctl --no-block restart ntp diff --git a/files/image_config/ntp/ntp-systemd-wrapper b/files/image_config/ntp/ntp-systemd-wrapper deleted file mode 100644 index 71e061ed512c..000000000000 --- a/files/image_config/ntp/ntp-systemd-wrapper +++ /dev/null @@ -1,65 +0,0 @@ -#!/bin/sh - -# This file was originally created automatically as part of default NTP application installation from debian package. -# This is now manually modified for supporting NTP in management VRF. -# When management VRF is enabled, the NTP application should be started using "ip vrf exec mgmt". -# Check has been added to verify the management VRF enabled status and use "ip vrf exec mgmt" when it is enabled. -# This file will be copied to /usr/libexec/ntpsec/ntp-systemd-wrapper file that gets created during build process. -DAEMON=/usr/sbin/ntpd -PIDFILE=/run/ntpd.pid -LOCKFILE=/run/lock/ntpsec-ntpdate -NTPLOGDIR=/var/log/ntpsec - -if [ -r /etc/default/ntpsec ]; then - . /etc/default/ntpsec -fi - -dhcp=$(/usr/local/bin/sonic-cfggen -d -v 'NTP["global"]["dhcp"]' 2> /dev/null) -if [ "$IGNORE_DHCP" != "yes" ] && [ -e /run/ntpsec/ntp.conf.dhcp ] && [ "$dhcp" = "enabled" ]; then - NTPD_OPTS="$NTPD_OPTS -c /run/ntpsec/ntp.conf.dhcp" -else - # List the default -c first, so if the admin has specified -c in - # NTPD_OPTS, it is honored. - NTPD_OPTS="-c /etc/ntpsec/ntp.conf $NTPD_OPTS" -fi - -NTPD_OPTS="$NTPD_OPTS -u ntpsec:ntpsec" - -if [ ! -e $NTPLOGDIR ]; then - mkdir $NTPLOGDIR - chmod 777 $NTPLOGDIR -fi - -# Protect the service startup against concurrent ntpdate ifup hooks -( - if flock -w 180 9; then - ntpEnabled=$(/usr/local/bin/sonic-cfggen -d -v 'NTP["global"]["admin_state"]' 2> /dev/null) - if [ "$ntpEnabled" = "disabled" ] - then - echo "Stopping NTP daemon" - kill -9 $(cat $PIDFILE) - exit 0 - fi - - # when mgmt vrf is configured, ntp starts in mgmt vrf by default unless user configures otherwise - vrfEnabled=$(/usr/local/bin/sonic-cfggen -d -v 'MGMT_VRF_CONFIG["vrf_global"]["mgmtVrfEnabled"]' 2> /dev/null) - vrfConfigured=$(/usr/local/bin/sonic-cfggen -d -v 'NTP["global"]["vrf"]' 2> /dev/null) - if [ "$vrfEnabled" = "true" ] - then - if [ "$vrfConfigured" = "default" ] - then - echo "Starting NTP server in default-vrf for default set as NTP vrf" - exec $DAEMON -p $PIDFILE $NTPD_OPTS - else - echo "Starting NTP server in mgmt-vrf" - exec ip vrf exec mgmt $DAEMON -p $PIDFILE $NTPD_OPTS - fi - else - echo "Starting NTP server in default-vrf" - exec $DAEMON -p $PIDFILE $NTPD_OPTS - fi - else - echo "Timeout waiting for $LOCKFILE" - exit 1 - fi -) 9>$LOCKFILE diff --git a/files/image_config/ntp/sonic-target.conf b/files/image_config/ntp/sonic-target.conf deleted file mode 100644 index 83dd118fe5e9..000000000000 --- a/files/image_config/ntp/sonic-target.conf +++ /dev/null @@ -1,3 +0,0 @@ -[Unit] -BindsTo=sonic.target -After=sonic.target diff --git a/rules/docker-dhcp-relay.mk b/rules/docker-dhcp-relay.mk index 0ea0fe3db060..a9bc5b45f6d3 100644 --- a/rules/docker-dhcp-relay.mk +++ b/rules/docker-dhcp-relay.mk @@ -25,7 +25,6 @@ $(DOCKER_DHCP_RELAY)_PACKAGE_DEPENDS = database^1.0.0 $(DOCKER_DHCP_RELAY)_SERVICE_REQUIRES = config-setup $(DOCKER_DHCP_RELAY)_SERVICE_AFTER = swss syncd teamd -$(DOCKER_DHCP_RELAY)_SERVICE_BEFORE = ntp-config $(DOCKER_DHCP_RELAY)_SERVICE_DEPENDENT_OF = swss SONIC_DOCKER_IMAGES += $(DOCKER_DHCP_RELAY) diff --git a/rules/ntp.dep b/rules/ntp.dep deleted file mode 100644 index c261482f9327..000000000000 --- a/rules/ntp.dep +++ /dev/null @@ -1,10 +0,0 @@ - -SPATH := $($(NTP)_SRC_PATH) -DEP_FILES := $(SONIC_COMMON_FILES_LIST) rules/ntp.mk rules/ntp.dep -DEP_FILES += $(SONIC_COMMON_BASE_FILES_LIST) -DEP_FILES += $(shell git ls-files $(SPATH)) - -$(NTP)_CACHE_MODE := GIT_CONTENT_SHA -$(NTP)_DEP_FLAGS := $(SONIC_COMMON_FLAGS_LIST) -$(NTP)_DEP_FILES := $(DEP_FILES) - diff --git a/rules/ntp.mk b/rules/ntp.mk deleted file mode 100644 index 52e7db516138..000000000000 --- a/rules/ntp.mk +++ /dev/null @@ -1,11 +0,0 @@ -# ntp package - -NTP_VERSION = 4.2.8p15+dfsg -export NTP_VERSION - -NTP = ntp_$(NTP_VERSION)-1+deb10u2_$(CONFIGURED_ARCH).deb -$(NTP)_SRC_PATH = $(SRC_PATH)/ntp -SONIC_MAKE_DEBS += $(NTP) -SONIC_STRETCH_DEBS += $(NTP) - -export NTP diff --git a/src/ntp/.gitignore b/src/ntp/.gitignore deleted file mode 100644 index 1b46fe753f41..000000000000 --- a/src/ntp/.gitignore +++ /dev/null @@ -1,5 +0,0 @@ -*+dfsg -*.buildinfo -*.changes -*.xz -*.deb diff --git a/src/ntp/Makefile b/src/ntp/Makefile deleted file mode 100644 index f449d2125bc7..000000000000 --- a/src/ntp/Makefile +++ /dev/null @@ -1,61 +0,0 @@ -.ONESHELL: -SHELL = /bin/bash -.SHELLFLAGS += -e - -MAIN_TARGET = $(NTP) - -$(addprefix $(DEST)/, $(MAIN_TARGET)): $(DEST)/% : - # Remove any stale files - rm -rf ./ntp-$(NTP_VERSION) ./ntp_$(NTP_VERSION).orig.tar.xz ./ntp_$(NTP_VERSION)-4.debian.tar.xz - - # Get ntp release, debian files - wget http://deb.debian.org/debian/pool/main/n/ntp/ntp_$(NTP_VERSION).orig.tar.xz - wget http://deb.debian.org/debian/pool/main/n/ntp/ntp_$(NTP_VERSION)-1.debian.tar.xz - - # UnTar ntp release - xzcat ntp_$(NTP_VERSION).orig.tar.xz | tar -xvf - - - pushd ./ntp-4.2.8p15 - - # UnTar debian files - xzcat ../ntp_$(NTP_VERSION)-1.debian.tar.xz | tar -xvf - - - # Add the additional patch - cp ../patch/bug1970-UNLINK_EXPR_SLIST_empty_list.patch debian/patches/ - cp ../patch/update_ENOBUFS_log_level.patch debian/patches/ - cat ../patch/series >> debian/patches/series - - # Update the changelog - cat ../patch/changelog debian/changelog > debian/changelog.new - rm debian/changelog ; mv debian/changelog.new debian/changelog - - # The debian mirror build likely took place on a system without - # libevent installed, thus adding the below for SONiC - sed -i 's/--with-locfile=legacy/--with-locfile=legacy --enable-local-libevent/' debian/rules - - # Fix the apparmor profile to avoid the following message - # "Failed name lookup - disconnected path" - # and go into learning mode. - sed -i 's/\/usr\/sbin\/ntpd {/\/usr\/sbin\/ntpd flags=(attach_disconnected complain) {/' debian/apparmor-profile - -ifeq ($(CROSS_BUILD_ENVIRON), y) - sed -i 's/dh_auto_configure \--/dh_auto_configure -- --with-yielding-select=yes /g' debian/rules - echo ". $(CONFIG_SITE)" > fix.ntp.cross-config.$(CONFIGURED_ARCH) - echo "unset with_openssl_libdir" >> fix.ntp.cross-config.$(CONFIGURED_ARCH) - echo "unset with_openssl_incdir" >> fix.ntp.cross-config.$(CONFIGURED_ARCH) - rm -f cross-config.cache - ln -s /etc/dpkg-cross/cross-config.cache cross-config.cache -endif - - # Build source and Debian packages with the symbols -ifeq ($(CROSS_BUILD_ENVIRON), y) - CONFIG_SITE=`pwd`/fix.ntp.cross-config.$(CONFIGURED_ARCH) dpkg-buildpackage -rfakeroot -b -us -uc -a$(CONFIGURED_ARCH) -Pcross,nocheck -j$(SONIC_CONFIG_MAKE_JOBS) --admindir $(SONIC_DPKG_ADMINDIR) -else - dpkg-buildpackage -rfakeroot -b -us -uc -j$(SONIC_CONFIG_MAKE_JOBS) --admindir $(SONIC_DPKG_ADMINDIR) -endif - - popd - - # Move the newly-built .deb packages to the destination directory - mv $* $(DEST)/ - diff --git a/src/ntp/patch/bug1970-UNLINK_EXPR_SLIST_empty_list.patch b/src/ntp/patch/bug1970-UNLINK_EXPR_SLIST_empty_list.patch deleted file mode 100644 index 701dc0103944..000000000000 --- a/src/ntp/patch/bug1970-UNLINK_EXPR_SLIST_empty_list.patch +++ /dev/null @@ -1,26 +0,0 @@ -Bug 1970 UNLINK_EXPR_SLIST() causes crash if list is empty - -From: Arun Barboza - - ---- - include/ntp_lists.h | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/include/ntp_lists.h b/include/ntp_lists.h -index d741974..f90bf23 100644 ---- a/include/ntp_lists.h -+++ b/include/ntp_lists.h -@@ -184,7 +184,11 @@ do { \ - do { \ - entrytype **ppentry; \ - \ -- ppentry = &(listhead); \ -+ if (!listhead) { \ -+ (punlinked) = NULL; \ -+ break; \ -+ } \ -+ else ppentry = &(listhead); \ - \ - while (!(expr)) \ - if (*ppentry != NULL && \ diff --git a/src/ntp/patch/changelog b/src/ntp/patch/changelog deleted file mode 100644 index ce5fb6096276..000000000000 --- a/src/ntp/patch/changelog +++ /dev/null @@ -1,12 +0,0 @@ -ntp (1:4.2.8p15+dfsg-1+deb10u2) bullseye; urgency=medium - - * Adjust the ENOBUFS syslog level on the Netlink routing to LOG_WARNING. - - -- Arun Barboza Mon, 09 Sep 2019 10:15:35 -0700 - -ntp (1:4.2.8p15+dfsg-1+deb10u1) bullseye; urgency=medium - - * Apply Bug1970 fix for UNLINK_EXPR_SLIST_empty_list from dev branch. - - -- Arun Barboza Tue, 25 Jun 2019 14:35:24 -0700 - diff --git a/src/ntp/patch/series b/src/ntp/patch/series deleted file mode 100644 index 9ce40f13e21a..000000000000 --- a/src/ntp/patch/series +++ /dev/null @@ -1,3 +0,0 @@ -# This series applies on GIT commit d09f041a49c61971f59fc29f505446c63aea51b1 -bug1970-UNLINK_EXPR_SLIST_empty_list.patch -update_ENOBUFS_log_level.patch diff --git a/src/ntp/patch/update_ENOBUFS_log_level.patch b/src/ntp/patch/update_ENOBUFS_log_level.patch deleted file mode 100644 index 618fc323b105..000000000000 --- a/src/ntp/patch/update_ENOBUFS_log_level.patch +++ /dev/null @@ -1,22 +0,0 @@ -Adjust the ENOBUFS syslog level on the Netlink routing to LOG_WARNING. - -From: Arun Barboza - - ---- - ntpd/ntp_io.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Index: b/ntpd/ntp_io.c -=================================================================== ---- a/ntpd/ntp_io.c -+++ b/ntpd/ntp_io.c -@@ -4709,7 +4709,7 @@ process_routing_msgs(struct asyncio_read - - if (cnt < 0) { - if (errno == ENOBUFS) { -- msyslog(LOG_ERR, -+ msyslog(LOG_WARNING, - "routing socket reports: %m"); - } else { - msyslog(LOG_ERR, diff --git a/src/sonic-config-engine/tests/chrony.conf.j2 b/src/sonic-config-engine/tests/chrony.conf.j2 new file mode 120000 index 000000000000..9a0a82701026 --- /dev/null +++ b/src/sonic-config-engine/tests/chrony.conf.j2 @@ -0,0 +1 @@ +../../../files/image_config/chrony/chrony.conf.j2 \ No newline at end of file diff --git a/src/sonic-config-engine/tests/chrony.keys.j2 b/src/sonic-config-engine/tests/chrony.keys.j2 new file mode 120000 index 000000000000..1b9b69cc38c4 --- /dev/null +++ b/src/sonic-config-engine/tests/chrony.keys.j2 @@ -0,0 +1 @@ +../../../files/image_config/chrony/chrony.keys.j2 \ No newline at end of file diff --git a/src/sonic-config-engine/tests/ntp.conf.j2 b/src/sonic-config-engine/tests/ntp.conf.j2 deleted file mode 120000 index bc52df834e26..000000000000 --- a/src/sonic-config-engine/tests/ntp.conf.j2 +++ /dev/null @@ -1 +0,0 @@ -../../../files/image_config/ntp/ntp.conf.j2 \ No newline at end of file diff --git a/src/sonic-config-engine/tests/ntp.keys.j2 b/src/sonic-config-engine/tests/ntp.keys.j2 deleted file mode 120000 index a95603db8be2..000000000000 --- a/src/sonic-config-engine/tests/ntp.keys.j2 +++ /dev/null @@ -1 +0,0 @@ -../../../files/image_config/ntp/ntp.keys.j2 \ No newline at end of file diff --git a/src/sonic-config-engine/tests/sample_output/py2/chrony.conf b/src/sonic-config-engine/tests/sample_output/py2/chrony.conf new file mode 120000 index 000000000000..bea8857385f4 --- /dev/null +++ b/src/sonic-config-engine/tests/sample_output/py2/chrony.conf @@ -0,0 +1 @@ +../py3/chrony.conf \ No newline at end of file diff --git a/src/sonic-config-engine/tests/sample_output/py2/chrony.keys b/src/sonic-config-engine/tests/sample_output/py2/chrony.keys new file mode 120000 index 000000000000..3292bd003b12 --- /dev/null +++ b/src/sonic-config-engine/tests/sample_output/py2/chrony.keys @@ -0,0 +1 @@ +../py3/chrony.keys \ No newline at end of file diff --git a/src/sonic-config-engine/tests/sample_output/py2/ntp.conf b/src/sonic-config-engine/tests/sample_output/py2/ntp.conf deleted file mode 120000 index 5ebe399367a6..000000000000 --- a/src/sonic-config-engine/tests/sample_output/py2/ntp.conf +++ /dev/null @@ -1 +0,0 @@ -../py3/ntp.conf \ No newline at end of file diff --git a/src/sonic-config-engine/tests/sample_output/py2/ntp.keys b/src/sonic-config-engine/tests/sample_output/py2/ntp.keys deleted file mode 120000 index 5f1ab315e5a5..000000000000 --- a/src/sonic-config-engine/tests/sample_output/py2/ntp.keys +++ /dev/null @@ -1 +0,0 @@ -../py3/ntp.keys \ No newline at end of file diff --git a/src/sonic-config-engine/tests/sample_output/py3/chrony.conf b/src/sonic-config-engine/tests/sample_output/py3/chrony.conf new file mode 100644 index 000000000000..539d08f34a89 --- /dev/null +++ b/src/sonic-config-engine/tests/sample_output/py3/chrony.conf @@ -0,0 +1,69 @@ +############################################################################### +# This file was AUTOMATICALLY GENERATED. DO NOT MODIFY. +# Controlled by chrony-config.sh +############################################################################### + +# Welcome to the chrony configuration file. See chrony.conf(5) for more +# information about usable directives. + +# Include configuration files found in /etc/chrony/conf.d. +confdir /etc/chrony/conf.d + +server 10.20.30.50 key 42 iburst version 3 + +pool pool.ntp.org iburst version 3 + + + + + +# Use time sources from DHCP. +sourcedir /run/chrony-dhcp + +# Use NTP sources found in /etc/chrony/sources.d. +sourcedir /etc/chrony/sources.d + +# This directive specify the location of the file containing ID/key pairs for +# NTP authentication. +keyfile /etc/chrony/chrony.keys + +# This directive specify the file into which chronyd will store the rate +# information. +driftfile /var/lib/chrony/chrony.drift + +# Save NTS keys and cookies. +ntsdumpdir /var/lib/chrony + +# Uncomment the following line to turn logging on. +#log tracking measurements statistics + +# Log files location. +logdir /var/log/chrony + +# Stop bad estimates upsetting machine clock. +maxupdateskew 100.0 + +# This directive enables kernel synchronisation (every 11 minutes) of the +# real-time clock. Note that it can’t be used along with the 'rtcfile' directive. +#rtcsync + +# Instead of having the kernel manage the real-time clock, have chrony do this +# instead. The reason for this is that if the system time and the real-time clock +# are signficantly different from the actual time, then the system time must be +# slewed, while the real-time clock can be stepped to the actual time. That way, +# when the device next reboots (whether it be cold, warm, or fast), it will come +# up with the actual time from the real-time clock. +rtcfile /var/lib/chrony/rtc +hwclockfile /etc/adjtime +rtcautotrim 15 + +# Step the system clock instead of slewing it if the adjustment is larger than +# one second, but only in the first three clock updates. +# +# Disabled because we don't want chrony to do any clock steps; it should only slew +#makestep 1 3 + +# Get TAI-UTC offset and leap seconds from the system tz database. +# This directive must be commented out when using time sources serving +# leap-smeared time. +leapsectz right/UTC diff --git a/src/sonic-config-engine/tests/sample_output/py3/ntp.keys b/src/sonic-config-engine/tests/sample_output/py3/chrony.keys similarity index 75% rename from src/sonic-config-engine/tests/sample_output/py3/ntp.keys rename to src/sonic-config-engine/tests/sample_output/py3/chrony.keys index 4a1a37b693eb..3a9bb0cd7f7e 100644 --- a/src/sonic-config-engine/tests/sample_output/py3/ntp.keys +++ b/src/sonic-config-engine/tests/sample_output/py3/chrony.keys @@ -1,8 +1,8 @@ ############################################################################### # This file was AUTOMATICALLY GENERATED. DO NOT MODIFY. -# Controlled by ntp-config.service +# Controlled by chrony-config.sh ############################################################################### -1 md5 blabla -42 sha1 the_answer +1 MD5 blabla +42 SHA1 the_answer diff --git a/src/sonic-config-engine/tests/sample_output/py3/ntp.conf b/src/sonic-config-engine/tests/sample_output/py3/ntp.conf deleted file mode 100644 index 412d06cfd4aa..000000000000 --- a/src/sonic-config-engine/tests/sample_output/py3/ntp.conf +++ /dev/null @@ -1,41 +0,0 @@ -############################################################################### -# This file was AUTOMATICALLY GENERATED. DO NOT MODIFY. -# Controlled by ntp-config.service -############################################################################### - -# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help - -# To avoid ntpd from panic and exit if the drift between new time and -# current system time is large. -tinker panic 0 - -driftfile /var/lib/ntpsec/ntp.drift -leapfile /usr/share/zoneinfo/leap-seconds.list - -server 10.20.30.50 key 42 iburst version 3 -restrict 10.20.30.50 kod limited nomodify noquery - -pool pool.ntp.org iburst version 3 -restrict pool.ntp.org kod limited nomodify noquery - - -keys /etc/ntpsec/ntp.keys -trustedkey 42 - -interface ignore wildcard - - - -interface listen eth0 -interface listen 127.0.0.1 - - -# Access control configuration -# By default, exchange time with everybody, but don't allow configuration. -# NTPsec doesn't establish peer associations, and so nopeer has no effect, and -# has been removed from here -restrict default kod nomodify noquery limited - -# Local users may interrogate the ntp server more closely. -restrict 127.0.0.1 -restrict ::1 diff --git a/src/sonic-config-engine/tests/test_j2files.py b/src/sonic-config-engine/tests/test_j2files.py index 30fc9f0e30bc..02ddf60e7536 100644 --- a/src/sonic-config-engine/tests/test_j2files.py +++ b/src/sonic-config-engine/tests/test_j2files.py @@ -806,18 +806,18 @@ def test_ndppd_conf(self): assert utils.cmp(expected, self.output_file), self.run_diff(expected, self.output_file) def test_ntp_conf(self): - conf_template = os.path.join(self.test_dir, "ntp.conf.j2") + conf_template = os.path.join(self.test_dir, "chrony.conf.j2") config_db_ntp_json = os.path.join(self.test_dir, "data", "ntp", "ntp_interfaces.json") - expected = os.path.join(self.test_dir, "sample_output", utils.PYvX_DIR, "ntp.conf") + expected = os.path.join(self.test_dir, "sample_output", utils.PYvX_DIR, "chrony.conf") argument = ['-j', config_db_ntp_json, '-t', conf_template] self.run_script(argument, output_file=self.output_file) assert utils.cmp(expected, self.output_file), self.run_diff(expected, self.output_file) def test_ntp_keys(self): - conf_template = os.path.join(self.test_dir, "ntp.keys.j2") + conf_template = os.path.join(self.test_dir, "chrony.keys.j2") config_db_ntp_json = os.path.join(self.test_dir, "data", "ntp", "ntp_interfaces.json") - expected = os.path.join(self.test_dir, "sample_output", utils.PYvX_DIR, "ntp.keys") + expected = os.path.join(self.test_dir, "sample_output", utils.PYvX_DIR, "chrony.keys") argument = ['-j', config_db_ntp_json, '-t', conf_template] self.run_script(argument, output_file=self.output_file) diff --git a/src/sonic-host-services b/src/sonic-host-services index 4d8aed086b5b..f915122aaa3a 160000 --- a/src/sonic-host-services +++ b/src/sonic-host-services @@ -1 +1 @@ -Subproject commit 4d8aed086b5bdca04c8aeaa07cc82cc0efc4e18b +Subproject commit f915122aaa3a82f7e643b6597c0a94174a4bd79c diff --git a/src/sonic-utilities b/src/sonic-utilities index fd43d513e7b4..a740ecc0ede4 160000 --- a/src/sonic-utilities +++ b/src/sonic-utilities @@ -1 +1 @@ -Subproject commit fd43d513e7b4084e6dbeff28f4b442d93c175a62 +Subproject commit a740ecc0ede48ce3c7de700bf27b23892b714f1d