From 86e1558558296bfa21bac9d08d06a0b4032fff04 Mon Sep 17 00:00:00 2001 From: Saikrishna Arcot Date: Tue, 30 Jul 2024 18:06:52 -0700 Subject: [PATCH 01/23] Add some initial changes for using chrony instead of NTP Signed-off-by: Saikrishna Arcot --- build_debian.sh | 3 +- .../build_templates/sonic_debian_extension.j2 | 19 ++-- files/image_config/chrony/chrony-config.sh | 5 + files/image_config/chrony/chrony.conf.j2 | 107 ++++++++++++++++++ files/image_config/chrony/chrony.keys.j2 | 18 +++ files/image_config/chrony/sonic-target.conf | 3 + rules/ntp.dep | 10 -- rules/ntp.mk | 11 -- src/ntp/.gitignore | 5 - src/ntp/Makefile | 61 ---------- ...bug1970-UNLINK_EXPR_SLIST_empty_list.patch | 26 ----- src/ntp/patch/changelog | 12 -- src/ntp/patch/series | 3 - src/ntp/patch/update_ENOBUFS_log_level.patch | 22 ---- 14 files changed, 141 insertions(+), 164 deletions(-) create mode 100755 files/image_config/chrony/chrony-config.sh create mode 100644 files/image_config/chrony/chrony.conf.j2 create mode 100644 files/image_config/chrony/chrony.keys.j2 create mode 100644 files/image_config/chrony/sonic-target.conf delete mode 100644 rules/ntp.dep delete mode 100644 rules/ntp.mk delete mode 100644 src/ntp/.gitignore delete mode 100644 src/ntp/Makefile delete mode 100644 src/ntp/patch/bug1970-UNLINK_EXPR_SLIST_empty_list.patch delete mode 100644 src/ntp/patch/changelog delete mode 100644 src/ntp/patch/series delete mode 100644 src/ntp/patch/update_ENOBUFS_log_level.patch diff --git a/build_debian.sh b/build_debian.sh index 8c767d619196..211d9ee1a674 100755 --- a/build_debian.sh +++ b/build_debian.sh @@ -233,7 +233,6 @@ echo '[INFO] Install docker' ## Install apparmor utils since they're missing and apparmor is enabled in the kernel ## Otherwise Docker will fail to start sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install apparmor -sudo cp files/image_config/ntp/ntp-apparmor $FILESYSTEM_ROOT/etc/apparmor.d/local/usr.sbin.ntpd sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install apt-transport-https \ ca-certificates \ curl @@ -426,7 +425,7 @@ sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y in picocom \ systemd \ systemd-sysv \ - ntp + chrony if [[ $TARGET_BOOTLOADER == grub ]]; then if [[ $CONFIGURED_ARCH == amd64 ]]; then diff --git a/files/build_templates/sonic_debian_extension.j2 b/files/build_templates/sonic_debian_extension.j2 index 1845f9b8c18e..4958b39ed04a 100644 --- a/files/build_templates/sonic_debian_extension.j2 +++ b/files/build_templates/sonic_debian_extension.j2 @@ -415,18 +415,13 @@ sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/flashrom_*.deb sudo cp -f $IMAGE_CONFIGS/cron.d/* $FILESYSTEM_ROOT/etc/cron.d/ # Copy NTP configuration files and templates -sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT \ - apt-get -y install ntpdate -sudo rm -f $FILESYSTEM_ROOT/etc/network/if-up.d/ntpsec-ntpdate -sudo cp $IMAGE_CONFIGS/ntp/ntp-config.service $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM -echo "ntp-config.service" | sudo tee -a $GENERATED_SERVICE_FILE -sudo cp $IMAGE_CONFIGS/ntp/ntp-config.sh $FILESYSTEM_ROOT/usr/bin/ -sudo cp $IMAGE_CONFIGS/ntp/ntp.conf.j2 $FILESYSTEM_ROOT_USR_SHARE_SONIC_TEMPLATES/ -sudo cp $IMAGE_CONFIGS/ntp/ntp.keys.j2 $FILESYSTEM_ROOT_USR_SHARE_SONIC_TEMPLATES/ -sudo cp $IMAGE_CONFIGS/ntp/ntp-systemd-wrapper $FILESYSTEM_ROOT/usr/libexec/ntpsec/ -sudo mkdir $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM/ntpsec.service.d -sudo cp $IMAGE_CONFIGS/ntp/sonic-target.conf $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM/ntpsec.service.d/ -echo "ntpsec.service" | sudo tee -a $GENERATED_SERVICE_FILE +sudo cp $IMAGE_CONFIGS/chrony/chrony-config.sh $FILESYSTEM_ROOT/usr/bin/ +sudo cp $IMAGE_CONFIGS/chrony/chrony.conf.j2 $FILESYSTEM_ROOT_USR_SHARE_SONIC_TEMPLATES/ +sudo cp $IMAGE_CONFIGS/chrony/chrony.keys.j2 $FILESYSTEM_ROOT_USR_SHARE_SONIC_TEMPLATES/ +sudo cp $IMAGE_CONFIGS/chrony/chronyd-starter.sh $FILESYSTEM_ROOT/usr/lib/systemd/scripts/ +sudo mkdir $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM/chrony.service.d +sudo cp $IMAGE_CONFIGS/chrony/override.conf $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM/chrony.service.d/ +echo "chrony.service" | sudo tee -a $GENERATED_SERVICE_FILE # Copy DNS templates sudo cp $BUILD_TEMPLATES/dns.j2 $FILESYSTEM_ROOT_USR_SHARE_SONIC_TEMPLATES/ diff --git a/files/image_config/chrony/chrony-config.sh b/files/image_config/chrony/chrony-config.sh new file mode 100755 index 000000000000..7d5e9b937d7a --- /dev/null +++ b/files/image_config/chrony/chrony-config.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +sonic-cfggen -d -t /usr/share/sonic/templates/chrony.conf.j2 >/etc/chrony/chrony.conf +sonic-cfggen -d -t /usr/share/sonic/templates/chrony.keys.j2 >/etc/chrony/chrony.keys +chmod o-r /etc/chrony/chrony.keys diff --git a/files/image_config/chrony/chrony.conf.j2 b/files/image_config/chrony/chrony.conf.j2 new file mode 100644 index 000000000000..1de549795cc8 --- /dev/null +++ b/files/image_config/chrony/chrony.conf.j2 @@ -0,0 +1,107 @@ +############################################################################### +# This file was AUTOMATICALLY GENERATED. DO NOT MODIFY. +# Controlled by ntp-config.service +############################################################################### + +# Welcome to the chrony configuration file. See chrony.conf(5) for more +# information about usable directives. + +# Include configuration files found in /etc/chrony/conf.d. +confdir /etc/chrony/conf.d + +{# Getting NTP global configuration -#} +{% set global = (NTP | d({})).get('global', {}) -%} + +{# Adding NTP servers. We need to know if we have some pools, to set proper config -#} +{% set ns = namespace(is_pools=false) %} +{% for server in NTP_SERVER if NTP_SERVER[server].admin_state != 'disabled' -%} + {% set config = NTP_SERVER[server] -%} + {# Server options -#} + {% set soptions = '' -%} + + {# Define defaults if not defined -#} + {% set association_type = config.association_type | d('server') -%} + {% set resolve_as = config.resolve_as | d(server) -%} + + {# Authentication key -#} + {% if global.authentication == 'enabled' -%} + {% if config.key -%} + {% set soptions = soptions ~ ' key ' ~ config.key -%} + {% endif -%} + {% endif -%} + + {# Aggressive polling -#} + {% if config.iburst -%} + {% set soptions = soptions ~ ' iburst' -%} + {% endif -%} + + {# Protocol version -#} + {% if config.version -%} + {% set soptions = soptions ~ ' version ' ~ config.version -%} + {% endif -%} + + {# Check if there are any pool configured. BTW it doesn't matter what was + configured as "resolve_as" for pools. If they were configured with FQDN they + must remain like that -#} + {% if association_type == 'pool' -%} + {% set resolve_as = server -%} + {% endif -%} + +{{ association_type }} {{ resolve_as }}{{ soptions }} + +{% endfor -%} + +{# Access control options -#} +{% set options = '' -%} + +{# Disable NTP server functionality. Should stay on when dhcp is enabled -#} +{# {% if global.server_role == 'disabled' and global.dhcp == 'disabled' -%} + {% set options = options ~ ' ignore' -%} +{% endif -%} #} + +# Access control configuration +# By default, exchange time with everybody, but don't allow configuration. +# NTPsec doesn't establish peer associations, and so nopeer has no effect, and +# has been removed from here +restrict default kod nomodify noquery limited{{ options }} + +# Use time sources from DHCP. +sourcedir /run/chrony-dhcp + +# Use NTP sources found in /etc/chrony/sources.d. +sourcedir /etc/chrony/sources.d + +{% if global.authentication == 'enabled' %} +# This directive specify the location of the file containing ID/key pairs for +# NTP authentication. +keyfile /etc/chrony/chrony.keys +{% endif %} + +# This directive specify the file into which chronyd will store the rate +# information. +driftfile /var/lib/chrony/chrony.drift + +# Save NTS keys and cookies. +ntsdumpdir /var/lib/chrony + +# Uncomment the following line to turn logging on. +#log tracking measurements statistics + +# Log files location. +logdir /var/log/chrony + +# Stop bad estimates upsetting machine clock. +maxupdateskew 100.0 + +# This directive enables kernel synchronisation (every 11 minutes) of the +# real-time clock. Note that it can’t be used along with the 'rtcfile' directive. +rtcsync + +# Step the system clock instead of slewing it if the adjustment is larger than +# one second, but only in the first three clock updates. +makestep 1 3 + +# Get TAI-UTC offset and leap seconds from the system tz database. +# This directive must be commented out when using time sources serving +# leap-smeared time. +leapsectz right/UTC diff --git a/files/image_config/chrony/chrony.keys.j2 b/files/image_config/chrony/chrony.keys.j2 new file mode 100644 index 000000000000..4d362b5c2819 --- /dev/null +++ b/files/image_config/chrony/chrony.keys.j2 @@ -0,0 +1,18 @@ +############################################################################### +# This file was AUTOMATICALLY GENERATED. DO NOT MODIFY. +# Controlled by ntp-config.service +############################################################################### + +{# We can connect only to the servers we trust. Determine those servers -#} +{% set trusted_arr = [] -%} +{% for server in NTP_SERVER if NTP_SERVER[server].trusted == 'yes' and + NTP_SERVER[server].resolve_as -%} + {% set _ = trusted_arr.append(NTP_SERVER[server].resolve_as) -%} +{% endfor -%} + +{# Define authentication keys inventory -#} +{% set trusted_str = ' ' ~ trusted_arr|join(',') -%} +{% for keyid in NTP_KEY if NTP_KEY[keyid].type and NTP_KEY[keyid].value %} +{% set keyval = NTP_KEY[keyid].value | b64decode %} +{{ keyid }} {{ NTP_KEY[keyid].type | upper }} {{ keyval }}{{trusted_str}} +{% endfor -%} diff --git a/files/image_config/chrony/sonic-target.conf b/files/image_config/chrony/sonic-target.conf new file mode 100644 index 000000000000..83dd118fe5e9 --- /dev/null +++ b/files/image_config/chrony/sonic-target.conf @@ -0,0 +1,3 @@ +[Unit] +BindsTo=sonic.target +After=sonic.target diff --git a/rules/ntp.dep b/rules/ntp.dep deleted file mode 100644 index c261482f9327..000000000000 --- a/rules/ntp.dep +++ /dev/null @@ -1,10 +0,0 @@ - -SPATH := $($(NTP)_SRC_PATH) -DEP_FILES := $(SONIC_COMMON_FILES_LIST) rules/ntp.mk rules/ntp.dep -DEP_FILES += $(SONIC_COMMON_BASE_FILES_LIST) -DEP_FILES += $(shell git ls-files $(SPATH)) - -$(NTP)_CACHE_MODE := GIT_CONTENT_SHA -$(NTP)_DEP_FLAGS := $(SONIC_COMMON_FLAGS_LIST) -$(NTP)_DEP_FILES := $(DEP_FILES) - diff --git a/rules/ntp.mk b/rules/ntp.mk deleted file mode 100644 index 52e7db516138..000000000000 --- a/rules/ntp.mk +++ /dev/null @@ -1,11 +0,0 @@ -# ntp package - -NTP_VERSION = 4.2.8p15+dfsg -export NTP_VERSION - -NTP = ntp_$(NTP_VERSION)-1+deb10u2_$(CONFIGURED_ARCH).deb -$(NTP)_SRC_PATH = $(SRC_PATH)/ntp -SONIC_MAKE_DEBS += $(NTP) -SONIC_STRETCH_DEBS += $(NTP) - -export NTP diff --git a/src/ntp/.gitignore b/src/ntp/.gitignore deleted file mode 100644 index 1b46fe753f41..000000000000 --- a/src/ntp/.gitignore +++ /dev/null @@ -1,5 +0,0 @@ -*+dfsg -*.buildinfo -*.changes -*.xz -*.deb diff --git a/src/ntp/Makefile b/src/ntp/Makefile deleted file mode 100644 index f449d2125bc7..000000000000 --- a/src/ntp/Makefile +++ /dev/null @@ -1,61 +0,0 @@ -.ONESHELL: -SHELL = /bin/bash -.SHELLFLAGS += -e - -MAIN_TARGET = $(NTP) - -$(addprefix $(DEST)/, $(MAIN_TARGET)): $(DEST)/% : - # Remove any stale files - rm -rf ./ntp-$(NTP_VERSION) ./ntp_$(NTP_VERSION).orig.tar.xz ./ntp_$(NTP_VERSION)-4.debian.tar.xz - - # Get ntp release, debian files - wget http://deb.debian.org/debian/pool/main/n/ntp/ntp_$(NTP_VERSION).orig.tar.xz - wget http://deb.debian.org/debian/pool/main/n/ntp/ntp_$(NTP_VERSION)-1.debian.tar.xz - - # UnTar ntp release - xzcat ntp_$(NTP_VERSION).orig.tar.xz | tar -xvf - - - pushd ./ntp-4.2.8p15 - - # UnTar debian files - xzcat ../ntp_$(NTP_VERSION)-1.debian.tar.xz | tar -xvf - - - # Add the additional patch - cp ../patch/bug1970-UNLINK_EXPR_SLIST_empty_list.patch debian/patches/ - cp ../patch/update_ENOBUFS_log_level.patch debian/patches/ - cat ../patch/series >> debian/patches/series - - # Update the changelog - cat ../patch/changelog debian/changelog > debian/changelog.new - rm debian/changelog ; mv debian/changelog.new debian/changelog - - # The debian mirror build likely took place on a system without - # libevent installed, thus adding the below for SONiC - sed -i 's/--with-locfile=legacy/--with-locfile=legacy --enable-local-libevent/' debian/rules - - # Fix the apparmor profile to avoid the following message - # "Failed name lookup - disconnected path" - # and go into learning mode. - sed -i 's/\/usr\/sbin\/ntpd {/\/usr\/sbin\/ntpd flags=(attach_disconnected complain) {/' debian/apparmor-profile - -ifeq ($(CROSS_BUILD_ENVIRON), y) - sed -i 's/dh_auto_configure \--/dh_auto_configure -- --with-yielding-select=yes /g' debian/rules - echo ". $(CONFIG_SITE)" > fix.ntp.cross-config.$(CONFIGURED_ARCH) - echo "unset with_openssl_libdir" >> fix.ntp.cross-config.$(CONFIGURED_ARCH) - echo "unset with_openssl_incdir" >> fix.ntp.cross-config.$(CONFIGURED_ARCH) - rm -f cross-config.cache - ln -s /etc/dpkg-cross/cross-config.cache cross-config.cache -endif - - # Build source and Debian packages with the symbols -ifeq ($(CROSS_BUILD_ENVIRON), y) - CONFIG_SITE=`pwd`/fix.ntp.cross-config.$(CONFIGURED_ARCH) dpkg-buildpackage -rfakeroot -b -us -uc -a$(CONFIGURED_ARCH) -Pcross,nocheck -j$(SONIC_CONFIG_MAKE_JOBS) --admindir $(SONIC_DPKG_ADMINDIR) -else - dpkg-buildpackage -rfakeroot -b -us -uc -j$(SONIC_CONFIG_MAKE_JOBS) --admindir $(SONIC_DPKG_ADMINDIR) -endif - - popd - - # Move the newly-built .deb packages to the destination directory - mv $* $(DEST)/ - diff --git a/src/ntp/patch/bug1970-UNLINK_EXPR_SLIST_empty_list.patch b/src/ntp/patch/bug1970-UNLINK_EXPR_SLIST_empty_list.patch deleted file mode 100644 index 701dc0103944..000000000000 --- a/src/ntp/patch/bug1970-UNLINK_EXPR_SLIST_empty_list.patch +++ /dev/null @@ -1,26 +0,0 @@ -Bug 1970 UNLINK_EXPR_SLIST() causes crash if list is empty - -From: Arun Barboza - - ---- - include/ntp_lists.h | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/include/ntp_lists.h b/include/ntp_lists.h -index d741974..f90bf23 100644 ---- a/include/ntp_lists.h -+++ b/include/ntp_lists.h -@@ -184,7 +184,11 @@ do { \ - do { \ - entrytype **ppentry; \ - \ -- ppentry = &(listhead); \ -+ if (!listhead) { \ -+ (punlinked) = NULL; \ -+ break; \ -+ } \ -+ else ppentry = &(listhead); \ - \ - while (!(expr)) \ - if (*ppentry != NULL && \ diff --git a/src/ntp/patch/changelog b/src/ntp/patch/changelog deleted file mode 100644 index ce5fb6096276..000000000000 --- a/src/ntp/patch/changelog +++ /dev/null @@ -1,12 +0,0 @@ -ntp (1:4.2.8p15+dfsg-1+deb10u2) bullseye; urgency=medium - - * Adjust the ENOBUFS syslog level on the Netlink routing to LOG_WARNING. - - -- Arun Barboza Mon, 09 Sep 2019 10:15:35 -0700 - -ntp (1:4.2.8p15+dfsg-1+deb10u1) bullseye; urgency=medium - - * Apply Bug1970 fix for UNLINK_EXPR_SLIST_empty_list from dev branch. - - -- Arun Barboza Tue, 25 Jun 2019 14:35:24 -0700 - diff --git a/src/ntp/patch/series b/src/ntp/patch/series deleted file mode 100644 index 9ce40f13e21a..000000000000 --- a/src/ntp/patch/series +++ /dev/null @@ -1,3 +0,0 @@ -# This series applies on GIT commit d09f041a49c61971f59fc29f505446c63aea51b1 -bug1970-UNLINK_EXPR_SLIST_empty_list.patch -update_ENOBUFS_log_level.patch diff --git a/src/ntp/patch/update_ENOBUFS_log_level.patch b/src/ntp/patch/update_ENOBUFS_log_level.patch deleted file mode 100644 index 618fc323b105..000000000000 --- a/src/ntp/patch/update_ENOBUFS_log_level.patch +++ /dev/null @@ -1,22 +0,0 @@ -Adjust the ENOBUFS syslog level on the Netlink routing to LOG_WARNING. - -From: Arun Barboza - - ---- - ntpd/ntp_io.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Index: b/ntpd/ntp_io.c -=================================================================== ---- a/ntpd/ntp_io.c -+++ b/ntpd/ntp_io.c -@@ -4709,7 +4709,7 @@ process_routing_msgs(struct asyncio_read - - if (cnt < 0) { - if (errno == ENOBUFS) { -- msyslog(LOG_ERR, -+ msyslog(LOG_WARNING, - "routing socket reports: %m"); - } else { - msyslog(LOG_ERR, From 74b00845e56f16294df5cdf69982a63ba8e3a7c4 Mon Sep 17 00:00:00 2001 From: Saikrishna Arcot Date: Mon, 2 Sep 2024 09:20:03 -0700 Subject: [PATCH 02/23] Revert "[boot] Refactor: All services which start Docker containers start before ntp-config service (#2335)" Supervisor now handles the case where the time jumps back, now that supervisor/supervisor#1047 has been merged. This reverts commit 298d2ad8f47facf751467e8d3f828a483c23e086. --- files/build_templates/dhcp_relay.service.j2 | 1 - files/build_templates/gnmi.service.j2 | 1 - files/build_templates/lldp.service.j2 | 1 - files/build_templates/mgmt-framework.service.j2 | 1 - files/build_templates/nat.service.j2 | 1 - files/build_templates/p4rt.service.j2 | 1 - files/build_templates/per_namespace/bgp.service.j2 | 1 - files/build_templates/per_namespace/gbsyncd.service.j2 | 1 - files/build_templates/per_namespace/lldp.service.j2 | 1 - files/build_templates/per_namespace/swss.service.j2 | 1 - files/build_templates/per_namespace/syncd.service.j2 | 1 - files/build_templates/per_namespace/teamd.service.j2 | 1 - files/build_templates/pmon.service.j2 | 1 - files/build_templates/radv.service.j2 | 1 - files/build_templates/restapi.service.j2 | 1 - files/build_templates/sflow.service.j2 | 1 - files/build_templates/snmp.service.j2 | 1 - files/build_templates/telemetry.service.j2 | 1 - rules/docker-dhcp-relay.mk | 1 - 19 files changed, 19 deletions(-) delete mode 120000 files/build_templates/lldp.service.j2 diff --git a/files/build_templates/dhcp_relay.service.j2 b/files/build_templates/dhcp_relay.service.j2 index d87186e4dce1..bd99940ab15c 100644 --- a/files/build_templates/dhcp_relay.service.j2 +++ b/files/build_templates/dhcp_relay.service.j2 @@ -4,7 +4,6 @@ Requires=config-setup.service After=config-setup.service swss.service syncd.service teamd.service BindsTo=sonic.target After=sonic.target -Before=ntp-config.service StartLimitIntervalSec=1200 StartLimitBurst=3 diff --git a/files/build_templates/gnmi.service.j2 b/files/build_templates/gnmi.service.j2 index 7710a8fd0d04..3959640131c0 100644 --- a/files/build_templates/gnmi.service.j2 +++ b/files/build_templates/gnmi.service.j2 @@ -2,7 +2,6 @@ Description=GNMI container Requires=database.service After=database.service swss.service syncd.service -Before=ntp-config.service BindsTo=sonic.target After=sonic.target StartLimitIntervalSec=1200 diff --git a/files/build_templates/lldp.service.j2 b/files/build_templates/lldp.service.j2 deleted file mode 120000 index 1adb318b9154..000000000000 --- a/files/build_templates/lldp.service.j2 +++ /dev/null @@ -1 +0,0 @@ -per_namespace/lldp.service.j2 \ No newline at end of file diff --git a/files/build_templates/mgmt-framework.service.j2 b/files/build_templates/mgmt-framework.service.j2 index ff99afe62bc1..b6b6968210da 100644 --- a/files/build_templates/mgmt-framework.service.j2 +++ b/files/build_templates/mgmt-framework.service.j2 @@ -4,7 +4,6 @@ Requires=database.service After=database.service swss.service syncd.service BindsTo=sonic.target After=sonic.target -Before=ntp-config.service [Service] User={{ sonicadmin_user }} diff --git a/files/build_templates/nat.service.j2 b/files/build_templates/nat.service.j2 index 095bcd40cf4a..507c6de76d15 100644 --- a/files/build_templates/nat.service.j2 +++ b/files/build_templates/nat.service.j2 @@ -4,7 +4,6 @@ Requires=config-setup.service After=config-setup.service swss.service syncd.service BindsTo=sonic.target After=sonic.target -Before=ntp-config.service StartLimitIntervalSec=1200 StartLimitBurst=3 diff --git a/files/build_templates/p4rt.service.j2 b/files/build_templates/p4rt.service.j2 index b4adce5332d1..5a06a02c2156 100644 --- a/files/build_templates/p4rt.service.j2 +++ b/files/build_templates/p4rt.service.j2 @@ -4,7 +4,6 @@ Requires=database.service After=database.service swss.service BindsTo=sonic.target After=sonic.target -Before=ntp-config.service StartLimitIntervalSec=1200 StartLimitBurst=3 diff --git a/files/build_templates/per_namespace/bgp.service.j2 b/files/build_templates/per_namespace/bgp.service.j2 index 52d7d1084606..2b8497265bc5 100644 --- a/files/build_templates/per_namespace/bgp.service.j2 +++ b/files/build_templates/per_namespace/bgp.service.j2 @@ -6,7 +6,6 @@ Requires=config-setup.service After=config-setup.service BindsTo=sonic.target After=sonic.target -Before=ntp-config.service After=swss{% if multi_instance == 'true' %}@%i{% endif %}.service After=interfaces-config.service StartLimitIntervalSec=1200 diff --git a/files/build_templates/per_namespace/gbsyncd.service.j2 b/files/build_templates/per_namespace/gbsyncd.service.j2 index 7a6de8c7d1e9..876161c65dfe 100644 --- a/files/build_templates/per_namespace/gbsyncd.service.j2 +++ b/files/build_templates/per_namespace/gbsyncd.service.j2 @@ -7,7 +7,6 @@ After=interfaces-config.service After=swss{% if multi_instance == 'true' %}@%i{% endif %}.service BindsTo=sonic.target After=sonic.target -Before=ntp-config.service [Service] User=root diff --git a/files/build_templates/per_namespace/lldp.service.j2 b/files/build_templates/per_namespace/lldp.service.j2 index 95d938472ea2..ac8f4ae7661a 100644 --- a/files/build_templates/per_namespace/lldp.service.j2 +++ b/files/build_templates/per_namespace/lldp.service.j2 @@ -10,7 +10,6 @@ BindsTo=sonic.target After=sonic.target BindsTo=sonic.target After=sonic.target -Before=ntp-config.service StartLimitIntervalSec=1200 StartLimitBurst=3 diff --git a/files/build_templates/per_namespace/swss.service.j2 b/files/build_templates/per_namespace/swss.service.j2 index b0560aabc57a..9e07f78d79d2 100644 --- a/files/build_templates/per_namespace/swss.service.j2 +++ b/files/build_templates/per_namespace/swss.service.j2 @@ -13,7 +13,6 @@ Requires=config-setup.service After=config-setup.service BindsTo=sonic.target After=sonic.target -Before=ntp-config.service StartLimitIntervalSec=1200 StartLimitBurst=3 diff --git a/files/build_templates/per_namespace/syncd.service.j2 b/files/build_templates/per_namespace/syncd.service.j2 index 842eaebc756e..5a3e4891a3b2 100644 --- a/files/build_templates/per_namespace/syncd.service.j2 +++ b/files/build_templates/per_namespace/syncd.service.j2 @@ -18,7 +18,6 @@ Requires=config-setup.service After=config-setup.service BindsTo=sonic.target After=sonic.target -Before=ntp-config.service {% if sonic_asic_platform == 'mellanox' %} Requires=nv-syncd-shared.service After=nv-syncd-shared.service diff --git a/files/build_templates/per_namespace/teamd.service.j2 b/files/build_templates/per_namespace/teamd.service.j2 index ddf6691eae98..2ec784a483fd 100644 --- a/files/build_templates/per_namespace/teamd.service.j2 +++ b/files/build_templates/per_namespace/teamd.service.j2 @@ -9,7 +9,6 @@ Requires=config-setup.service After=config-setup.service BindsTo=sonic.target After=sonic.target -Before=ntp-config.service StartLimitIntervalSec=1200 StartLimitBurst=3 diff --git a/files/build_templates/pmon.service.j2 b/files/build_templates/pmon.service.j2 index b2cd75ac70a9..75a997ce2580 100644 --- a/files/build_templates/pmon.service.j2 +++ b/files/build_templates/pmon.service.j2 @@ -7,7 +7,6 @@ After=syncd.service {% endif %} BindsTo=sonic.target After=sonic.target -Before=ntp-config.service StartLimitIntervalSec=1200 StartLimitBurst=3 diff --git a/files/build_templates/radv.service.j2 b/files/build_templates/radv.service.j2 index 4c414a83c386..4205abc0aa3a 100644 --- a/files/build_templates/radv.service.j2 +++ b/files/build_templates/radv.service.j2 @@ -2,7 +2,6 @@ Description=Router advertiser container Requires=config-setup.service After=config-setup.service swss.service syncd.service -Before=ntp-config.service BindsTo=sonic.target After=sonic.target StartLimitIntervalSec=1200 diff --git a/files/build_templates/restapi.service.j2 b/files/build_templates/restapi.service.j2 index c82510238a83..49d436193ec9 100644 --- a/files/build_templates/restapi.service.j2 +++ b/files/build_templates/restapi.service.j2 @@ -4,7 +4,6 @@ Requires=config-setup.service After=config-setup.service BindsTo=sonic.target After=sonic.target -Before=ntp-config.service [Service] User={{ sonicadmin_user }} diff --git a/files/build_templates/sflow.service.j2 b/files/build_templates/sflow.service.j2 index b83e7e594be7..5c78311a2523 100644 --- a/files/build_templates/sflow.service.j2 +++ b/files/build_templates/sflow.service.j2 @@ -4,7 +4,6 @@ Requisite=swss.service After=swss.service syncd.service hostcfgd.service interfaces-config.service BindsTo=sonic.target After=sonic.target -Before=ntp-config.service StartLimitIntervalSec=1200 StartLimitBurst=3 diff --git a/files/build_templates/snmp.service.j2 b/files/build_templates/snmp.service.j2 index db3ac1907f6c..3b608d6e332a 100644 --- a/files/build_templates/snmp.service.j2 +++ b/files/build_templates/snmp.service.j2 @@ -5,7 +5,6 @@ Requisite=swss.service After=config-setup.service swss.service syncd.service interfaces-config.service BindsTo=sonic.target After=sonic.target -Before=ntp-config.service StartLimitIntervalSec=1200 StartLimitBurst=3 diff --git a/files/build_templates/telemetry.service.j2 b/files/build_templates/telemetry.service.j2 index ebdd484dc877..97b622fc67c3 100644 --- a/files/build_templates/telemetry.service.j2 +++ b/files/build_templates/telemetry.service.j2 @@ -2,7 +2,6 @@ Description=Telemetry container Requires=database.service After=database.service swss.service syncd.service -Before=ntp-config.service BindsTo=sonic.target After=sonic.target StartLimitIntervalSec=1200 diff --git a/rules/docker-dhcp-relay.mk b/rules/docker-dhcp-relay.mk index 6462b4d41165..2bc675a74948 100644 --- a/rules/docker-dhcp-relay.mk +++ b/rules/docker-dhcp-relay.mk @@ -25,7 +25,6 @@ $(DOCKER_DHCP_RELAY)_PACKAGE_DEPENDS = database^1.0.0 $(DOCKER_DHCP_RELAY)_SERVICE_REQUIRES = config-setup $(DOCKER_DHCP_RELAY)_SERVICE_AFTER = swss syncd teamd -$(DOCKER_DHCP_RELAY)_SERVICE_BEFORE = ntp-config $(DOCKER_DHCP_RELAY)_SERVICE_DEPENDENT_OF = swss SONIC_DOCKER_IMAGES += $(DOCKER_DHCP_RELAY) From 0db82feeb1985332655c7fccb10f80eff4207ce8 Mon Sep 17 00:00:00 2001 From: Saikrishna Arcot Date: Mon, 2 Sep 2024 09:21:47 -0700 Subject: [PATCH 03/23] Remove config files for NTP Signed-off-by: Saikrishna Arcot --- files/image_config/ntp/ntp-apparmor | 9 -- files/image_config/ntp/ntp-config.service | 16 --- files/image_config/ntp/ntp-config.sh | 34 ----- files/image_config/ntp/ntp-systemd-wrapper | 59 -------- files/image_config/ntp/ntp.conf.j2 | 153 --------------------- files/image_config/ntp/ntp.keys.j2 | 18 --- files/image_config/ntp/sonic-target.conf | 3 - 7 files changed, 292 deletions(-) delete mode 100644 files/image_config/ntp/ntp-apparmor delete mode 100644 files/image_config/ntp/ntp-config.service delete mode 100755 files/image_config/ntp/ntp-config.sh delete mode 100644 files/image_config/ntp/ntp-systemd-wrapper delete mode 100644 files/image_config/ntp/ntp.conf.j2 delete mode 100644 files/image_config/ntp/ntp.keys.j2 delete mode 100644 files/image_config/ntp/sonic-target.conf diff --git a/files/image_config/ntp/ntp-apparmor b/files/image_config/ntp/ntp-apparmor deleted file mode 100644 index 78edef66a51f..000000000000 --- a/files/image_config/ntp/ntp-apparmor +++ /dev/null @@ -1,9 +0,0 @@ -# Apparmor configuration -# /etc/apparmor.d/local/usr.sbin.ntpd - - # Allow read access to "rw" mount path of fs.squashfs - # Eg: /host/image-HEAD-sonic.../rw/usr/sbin - /**/{,s}bin/ r, - /**/usr/{,s}bin/ r, - /**/usr/local/{,s}bin/ r, - diff --git a/files/image_config/ntp/ntp-config.service b/files/image_config/ntp/ntp-config.service deleted file mode 100644 index 97ee960bdad2..000000000000 --- a/files/image_config/ntp/ntp-config.service +++ /dev/null @@ -1,16 +0,0 @@ -[Unit] -Description=Update NTP configuration -Requires=config-setup.service -After=config-setup.service -BindsTo=sonic.target -After=sonic.target -Before=ntp.service -StartLimitIntervalSec=0 - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/usr/bin/ntp-config.sh - -[Install] -WantedBy=sonic.target diff --git a/files/image_config/ntp/ntp-config.sh b/files/image_config/ntp/ntp-config.sh deleted file mode 100755 index 13469c58966b..000000000000 --- a/files/image_config/ntp/ntp-config.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash - -ntp_default_file='/etc/default/ntpsec' -ntp_temp_file='/tmp/ntp.orig' - -reboot_type='cold' - -function get_database_reboot_type() -{ - SYSTEM_WARM_START=`sonic-db-cli STATE_DB hget "WARM_RESTART_ENABLE_TABLE|system" enable` - SYSTEM_FAST_START=`sonic-db-cli STATE_DB hget "FAST_RESTART_ENABLE_TABLE|system" enable` - - if [[ x"${SYSTEM_WARM_START}" == x"true" ]]; then - reboot_type='warm' - elif [[ x"${SYSTEM_FAST_START}" == x"true" ]]; then - reboot_type='fast' - fi -} - -function modify_ntp_default -{ - cp ${ntp_default_file} ${ntp_temp_file} - sed -e "$1" ${ntp_temp_file} >${ntp_default_file} -} - -sonic-cfggen -d -t /usr/share/sonic/templates/ntp.conf.j2 >/etc/ntpsec/ntp.conf -sonic-cfggen -d -t /usr/share/sonic/templates/ntp.keys.j2 >/etc/ntpsec/ntp.keys -chmod o-r /etc/ntp.keys - -get_database_reboot_type -echo "Disabling NTP long jump for reboot type ${reboot_type} ..." -modify_ntp_default "s/NTPD_OPTS=\"-g -N\"/NTPD_OPTS=\"-x -N\"/" - -systemctl --no-block restart ntp diff --git a/files/image_config/ntp/ntp-systemd-wrapper b/files/image_config/ntp/ntp-systemd-wrapper deleted file mode 100644 index 0704a8e92bdb..000000000000 --- a/files/image_config/ntp/ntp-systemd-wrapper +++ /dev/null @@ -1,59 +0,0 @@ -#!/bin/sh - -# This file was originally created automatically as part of default NTP application installation from debian package. -# This is now manually modified for supporting NTP in management VRF. -# When management VRF is enabled, the NTP application should be started using "ip vrf exec mgmt". -# Check has been added to verify the management VRF enabled status and use "ip vrf exec mgmt" when it is enabled. -# This file will be copied to /usr/libexec/ntpsec/ntp-systemd-wrapper file that gets created during build process. -DAEMON=/usr/sbin/ntpd -PIDFILE=/run/ntpd.pid -LOCKFILE=/run/lock/ntpsec-ntpdate - -if [ -r /etc/default/ntpsec ]; then - . /etc/default/ntpsec -fi - -dhcp=$(/usr/local/bin/sonic-cfggen -d -v 'NTP["global"]["dhcp"]' 2> /dev/null) -if [ "$IGNORE_DHCP" != "yes" ] && [ -e /run/ntpsec/ntp.conf.dhcp ] && [ "$dhcp" = "enabled" ]; then - NTPD_OPTS="$NTPD_OPTS -c /run/ntpsec/ntp.conf.dhcp" -else - # List the default -c first, so if the admin has specified -c in - # NTPD_OPTS, it is honored. - NTPD_OPTS="-c /etc/ntpsec/ntp.conf $NTPD_OPTS" -fi - -NTPD_OPTS="$NTPD_OPTS -u ntpsec:ntpsec" - -# Protect the service startup against concurrent ntpdate ifup hooks -( - if flock -w 180 9; then - ntpEnabled=$(/usr/local/bin/sonic-cfggen -d -v 'NTP["global"]["admin_state"]' 2> /dev/null) - if [ "$ntpEnabled" = "disabled" ] - then - echo "Stopping NTP daemon" - kill -9 $(cat $PIDFILE) - exit 0 - fi - - # when mgmt vrf is configured, ntp starts in mgmt vrf by default unless user configures otherwise - vrfEnabled=$(/usr/local/bin/sonic-cfggen -d -v 'MGMT_VRF_CONFIG["vrf_global"]["mgmtVrfEnabled"]' 2> /dev/null) - vrfConfigured=$(/usr/local/bin/sonic-cfggen -d -v 'NTP["global"]["vrf"]' 2> /dev/null) - if [ "$vrfEnabled" = "true" ] - then - if [ "$vrfConfigured" = "default" ] - then - echo "Starting NTP server in default-vrf for default set as NTP vrf" - exec $DAEMON -p $PIDFILE $NTPD_OPTS - else - echo "Starting NTP server in mgmt-vrf" - exec ip vrf exec mgmt $DAEMON -p $PIDFILE $NTPD_OPTS - fi - else - echo "Starting NTP server in default-vrf" - exec $DAEMON -p $PIDFILE $NTPD_OPTS - fi - else - echo "Timeout waiting for $LOCKFILE" - exit 1 - fi -) 9>$LOCKFILE diff --git a/files/image_config/ntp/ntp.conf.j2 b/files/image_config/ntp/ntp.conf.j2 deleted file mode 100644 index e50822a67a9d..000000000000 --- a/files/image_config/ntp/ntp.conf.j2 +++ /dev/null @@ -1,153 +0,0 @@ -############################################################################### -# This file was AUTOMATICALLY GENERATED. DO NOT MODIFY. -# Controlled by ntp-config.service -############################################################################### - -# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help - -# To avoid ntpd from panic and exit if the drift between new time and -# current system time is large. -tinker panic 0 - -driftfile /var/lib/ntpsec/ntp.drift -leapfile /usr/share/zoneinfo/leap-seconds.list - -{# Getting NTP global configuration -#} -{% set global = (NTP | d({})).get('global', {}) -%} - -{# Adding NTP servers. We need to know if we have some pools, to set proper -config -#} -{% set ns = namespace(is_pools=false) %} -{% for server in NTP_SERVER if NTP_SERVER[server].admin_state != 'disabled' -%} - {% set config = NTP_SERVER[server] -%} - {# Server options -#} - {% set soptions = '' -%} - - {# Define defaults if not defined -#} - {% set association_type = config.association_type | d('server') -%} - {% set resolve_as = config.resolve_as | d(server) -%} - - {# Authentication key -#} - {% if global.authentication == 'enabled' -%} - {% if config.key -%} - {% set soptions = soptions ~ ' key ' ~ config.key -%} - {% endif -%} - {% endif -%} - - {# Aggressive polling -#} - {% if config.iburst -%} - {% set soptions = soptions ~ ' iburst' -%} - {% endif -%} - - {# Protocol version -#} - {% if config.version -%} - {% set soptions = soptions ~ ' version ' ~ config.version -%} - {% endif -%} - - {# Check if there are any pool configured. BTW it doesn't matter what was - configured as "resolve_as" for pools. If they were configured with FQDN they - must remain like that -#} - {% if association_type == 'pool' -%} - {% set resolve_as = server -%} - {% endif -%} - -{{ association_type }} {{ resolve_as }}{{ soptions }} -{% if global.server_role == 'disabled' %} -restrict {{ resolve_as }} kod limited nomodify noquery -{% endif %} - -{% endfor -%} - -{% set trusted_keys_arr = [] -%} -{% for key in NTP_KEY -%} - {% set keydata = NTP_KEY[key] -%} - {% if keydata.trusted == 'yes' -%} - {% set trusted_keys_arr = trusted_keys_arr.append(key) -%} - {% endif -%} -{% endfor %} - -{% if global.authentication == 'enabled' %} -keys /etc/ntpsec/ntp.keys -{% if trusted_keys_arr != [] %} -trustedkey {{ trusted_keys_arr|join(' ') }} -{% endif %} -{% endif %} - -{# listen on source interface if configured, else only listen on MGMT_INTERFACE, -LOOPBACK_INTERFACE ip when MGMT_INTERFACE is not defined, or eth0 if we don't -have both of them (default is to listen on all ip addresses) -#} -interface ignore wildcard - -{# Set interface to listen on: - * Set global variable for configured source interface name. - * Set global boolean to indicate if the ip of the configured source - interface is configured. - * If the source interface is configured but no ip on that - interface, then listen on another interface based on existing logic. -#} -{%- macro check_ip_on_interface(interface_name, table_name) %} - {%- set ns = namespace(valid_intf = 'false') %} - {%- if table_name %} - {%- for (name, source_prefix) in table_name|pfx_filter %} - {%- if source_prefix and name == interface_name %} - {%- set ns.valid_intf = 'true' %} - {%- endif %} - {%- endfor %} - {%- endif %} -{{ ns.valid_intf }} -{%- endmacro %} - -{% set ns = namespace(source_intf = "") %} -{%- set ns = namespace(source_intf_ip = 'false') %} -{%- if global.src_intf %} - {%- set ns.source_intf = global.src_intf %} - {%- if ns.source_intf != "" %} - {%- if ns.source_intf == "eth0" %} - {%- set ns.source_intf_ip = 'true' %} - {%- elif ns.source_intf.startswith('Vlan') %} - {%- set ns.source_intf_ip = check_ip_on_interface(ns.source_intf, VLAN_INTERFACE) %} - {%- elif ns.source_intf.startswith('Ethernet') %} - {%- set ns.source_intf_ip = check_ip_on_interface(ns.source_intf, INTERFACE) %} - {%- elif ns.source_intf.startswith('PortChannel') %} - {%- set ns.source_intf_ip = check_ip_on_interface(ns.source_intf, PORTCHANNEL_INTERFACE) %} - {%- elif ns.source_intf.startswith('Loopback') %} - {%- set ns.source_intf_ip = check_ip_on_interface(ns.source_intf, LOOPBACK_INTERFACE) %} - {%- endif %} - {%- endif %} -{% endif %} - -{% if ns.source_intf_ip == 'true' %} -interface listen {{ns.source_intf}} -{% elif (NTP) and NTP['global']['vrf'] == 'mgmt' %} -interface listen eth0 -{% elif MGMT_INTERFACE %} -{% for (mgmt_intf, mgmt_prefix) in MGMT_INTERFACE|pfx_filter %} -interface listen {{ mgmt_prefix | ip }} -{% endfor %} -{% elif LOOPBACK_INTERFACE %} -{% for (name, prefix) in LOOPBACK_INTERFACE|pfx_filter %} -{% if prefix | ipv4 and name == 'Loopback0' %} -interface listen {{ prefix | ip }} -{% endif %} -{% endfor %} -{% else %} -interface listen eth0 -{% endif %} -interface listen 127.0.0.1 - -{# Access control options -#} -{% set options = '' -%} - -{# Disable NTP server functionality. Should stay on when dhcp is enabled -#} -{# {% if global.server_role == 'disabled' and global.dhcp == 'disabled' -%} - {% set options = options ~ ' ignore' -%} -{% endif -%} #} - -# Access control configuration -# By default, exchange time with everybody, but don't allow configuration. -# NTPsec doesn't establish peer associations, and so nopeer has no effect, and -# has been removed from here -restrict default kod nomodify noquery limited{{ options }} - -# Local users may interrogate the ntp server more closely. -restrict 127.0.0.1 -restrict ::1 diff --git a/files/image_config/ntp/ntp.keys.j2 b/files/image_config/ntp/ntp.keys.j2 deleted file mode 100644 index 961fc7532694..000000000000 --- a/files/image_config/ntp/ntp.keys.j2 +++ /dev/null @@ -1,18 +0,0 @@ -############################################################################### -# This file was AUTOMATICALLY GENERATED. DO NOT MODIFY. -# Controlled by ntp-config.service -############################################################################### - -{# We can connect only to the servers we trust. Determine those servers -#} -{% set trusted_arr = [] -%} -{% for server in NTP_SERVER if NTP_SERVER[server].trusted == 'yes' and - NTP_SERVER[server].resolve_as -%} - {% set _ = trusted_arr.append(NTP_SERVER[server].resolve_as) -%} -{% endfor -%} - -{# Define authentication keys inventory -#} -{% set trusted_str = ' ' ~ trusted_arr|join(',') -%} -{% for keyid in NTP_KEY if NTP_KEY[keyid].type and NTP_KEY[keyid].value %} -{% set keyval = NTP_KEY[keyid].value | b64decode %} -{{ keyid }} {{ NTP_KEY[keyid].type }} {{ keyval }}{{trusted_str}} -{% endfor -%} diff --git a/files/image_config/ntp/sonic-target.conf b/files/image_config/ntp/sonic-target.conf deleted file mode 100644 index 83dd118fe5e9..000000000000 --- a/files/image_config/ntp/sonic-target.conf +++ /dev/null @@ -1,3 +0,0 @@ -[Unit] -BindsTo=sonic.target -After=sonic.target From 48d2d73600fccf59c53f61608c680adf4913f5fb Mon Sep 17 00:00:00 2001 From: Saikrishna Arcot Date: Mon, 2 Sep 2024 11:55:23 -0700 Subject: [PATCH 04/23] Update sonic-config-engine tests Signed-off-by: Saikrishna Arcot --- files/image_config/chrony/chrony.conf.j2 | 2 +- files/image_config/chrony/chrony.keys.j2 | 2 +- src/sonic-config-engine/tests/chrony.conf.j2 | 1 + src/sonic-config-engine/tests/chrony.keys.j2 | 1 + src/sonic-config-engine/tests/ntp.conf.j2 | 1 - src/sonic-config-engine/tests/ntp.keys.j2 | 1 - .../tests/sample_output/py2/chrony.conf | 1 + .../tests/sample_output/py2/chrony.keys | 1 + .../tests/sample_output/py2/ntp.conf | 1 - .../tests/sample_output/py2/ntp.keys | 1 - .../tests/sample_output/py3/chrony.conf | 61 +++++++++++++++++++ .../py3/{ntp.keys => chrony.keys} | 7 +-- .../tests/sample_output/py3/ntp.conf | 41 ------------- src/sonic-config-engine/tests/test_j2files.py | 8 +-- 14 files changed, 74 insertions(+), 55 deletions(-) create mode 120000 src/sonic-config-engine/tests/chrony.conf.j2 create mode 120000 src/sonic-config-engine/tests/chrony.keys.j2 delete mode 120000 src/sonic-config-engine/tests/ntp.conf.j2 delete mode 120000 src/sonic-config-engine/tests/ntp.keys.j2 create mode 120000 src/sonic-config-engine/tests/sample_output/py2/chrony.conf create mode 120000 src/sonic-config-engine/tests/sample_output/py2/chrony.keys delete mode 120000 src/sonic-config-engine/tests/sample_output/py2/ntp.conf delete mode 120000 src/sonic-config-engine/tests/sample_output/py2/ntp.keys create mode 100644 src/sonic-config-engine/tests/sample_output/py3/chrony.conf rename src/sonic-config-engine/tests/sample_output/py3/{ntp.keys => chrony.keys} (75%) delete mode 100644 src/sonic-config-engine/tests/sample_output/py3/ntp.conf diff --git a/files/image_config/chrony/chrony.conf.j2 b/files/image_config/chrony/chrony.conf.j2 index 1de549795cc8..66d85e9701dc 100644 --- a/files/image_config/chrony/chrony.conf.j2 +++ b/files/image_config/chrony/chrony.conf.j2 @@ -1,6 +1,6 @@ ############################################################################### # This file was AUTOMATICALLY GENERATED. DO NOT MODIFY. -# Controlled by ntp-config.service +# Controlled by chrony-config.sh ############################################################################### # Welcome to the chrony configuration file. See chrony.conf(5) for more diff --git a/files/image_config/chrony/chrony.keys.j2 b/files/image_config/chrony/chrony.keys.j2 index 4d362b5c2819..14f190bfdb39 100644 --- a/files/image_config/chrony/chrony.keys.j2 +++ b/files/image_config/chrony/chrony.keys.j2 @@ -1,6 +1,6 @@ ############################################################################### # This file was AUTOMATICALLY GENERATED. DO NOT MODIFY. -# Controlled by ntp-config.service +# Controlled by chrony-config.sh ############################################################################### {# We can connect only to the servers we trust. Determine those servers -#} diff --git a/src/sonic-config-engine/tests/chrony.conf.j2 b/src/sonic-config-engine/tests/chrony.conf.j2 new file mode 120000 index 000000000000..9a0a82701026 --- /dev/null +++ b/src/sonic-config-engine/tests/chrony.conf.j2 @@ -0,0 +1 @@ +../../../files/image_config/chrony/chrony.conf.j2 \ No newline at end of file diff --git a/src/sonic-config-engine/tests/chrony.keys.j2 b/src/sonic-config-engine/tests/chrony.keys.j2 new file mode 120000 index 000000000000..1b9b69cc38c4 --- /dev/null +++ b/src/sonic-config-engine/tests/chrony.keys.j2 @@ -0,0 +1 @@ +../../../files/image_config/chrony/chrony.keys.j2 \ No newline at end of file diff --git a/src/sonic-config-engine/tests/ntp.conf.j2 b/src/sonic-config-engine/tests/ntp.conf.j2 deleted file mode 120000 index bc52df834e26..000000000000 --- a/src/sonic-config-engine/tests/ntp.conf.j2 +++ /dev/null @@ -1 +0,0 @@ -../../../files/image_config/ntp/ntp.conf.j2 \ No newline at end of file diff --git a/src/sonic-config-engine/tests/ntp.keys.j2 b/src/sonic-config-engine/tests/ntp.keys.j2 deleted file mode 120000 index a95603db8be2..000000000000 --- a/src/sonic-config-engine/tests/ntp.keys.j2 +++ /dev/null @@ -1 +0,0 @@ -../../../files/image_config/ntp/ntp.keys.j2 \ No newline at end of file diff --git a/src/sonic-config-engine/tests/sample_output/py2/chrony.conf b/src/sonic-config-engine/tests/sample_output/py2/chrony.conf new file mode 120000 index 000000000000..bea8857385f4 --- /dev/null +++ b/src/sonic-config-engine/tests/sample_output/py2/chrony.conf @@ -0,0 +1 @@ +../py3/chrony.conf \ No newline at end of file diff --git a/src/sonic-config-engine/tests/sample_output/py2/chrony.keys b/src/sonic-config-engine/tests/sample_output/py2/chrony.keys new file mode 120000 index 000000000000..3292bd003b12 --- /dev/null +++ b/src/sonic-config-engine/tests/sample_output/py2/chrony.keys @@ -0,0 +1 @@ +../py3/chrony.keys \ No newline at end of file diff --git a/src/sonic-config-engine/tests/sample_output/py2/ntp.conf b/src/sonic-config-engine/tests/sample_output/py2/ntp.conf deleted file mode 120000 index 5ebe399367a6..000000000000 --- a/src/sonic-config-engine/tests/sample_output/py2/ntp.conf +++ /dev/null @@ -1 +0,0 @@ -../py3/ntp.conf \ No newline at end of file diff --git a/src/sonic-config-engine/tests/sample_output/py2/ntp.keys b/src/sonic-config-engine/tests/sample_output/py2/ntp.keys deleted file mode 120000 index 5f1ab315e5a5..000000000000 --- a/src/sonic-config-engine/tests/sample_output/py2/ntp.keys +++ /dev/null @@ -1 +0,0 @@ -../py3/ntp.keys \ No newline at end of file diff --git a/src/sonic-config-engine/tests/sample_output/py3/chrony.conf b/src/sonic-config-engine/tests/sample_output/py3/chrony.conf new file mode 100644 index 000000000000..214a573db59f --- /dev/null +++ b/src/sonic-config-engine/tests/sample_output/py3/chrony.conf @@ -0,0 +1,61 @@ +############################################################################### +# This file was AUTOMATICALLY GENERATED. DO NOT MODIFY. +# Controlled by chrony-config.sh +############################################################################### + +# Welcome to the chrony configuration file. See chrony.conf(5) for more +# information about usable directives. + +# Include configuration files found in /etc/chrony/conf.d. +confdir /etc/chrony/conf.d + +server 10.20.30.50 key 42 iburst version 3 +restrict 10.20.30.50 kod limited nomodify noquery + +pool pool.ntp.org iburst version 3 + + +# Access control configuration +# By default, exchange time with everybody, but don't allow configuration. +# NTPsec doesn't establish peer associations, and so nopeer has no effect, and +# has been removed from here +restrict default kod nomodify noquery limited + +# Use time sources from DHCP. +sourcedir /run/chrony-dhcp + +# Use NTP sources found in /etc/chrony/sources.d. +sourcedir /etc/chrony/sources.d + +# This directive specify the location of the file containing ID/key pairs for +# NTP authentication. +keyfile /etc/chrony/chrony.keys + +# This directive specify the file into which chronyd will store the rate +# information. +driftfile /var/lib/chrony/chrony.drift + +# Save NTS keys and cookies. +ntsdumpdir /var/lib/chrony + +# Uncomment the following line to turn logging on. +#log tracking measurements statistics + +# Log files location. +logdir /var/log/chrony + +# Stop bad estimates upsetting machine clock. +maxupdateskew 100.0 + +# This directive enables kernel synchronisation (every 11 minutes) of the +# real-time clock. Note that it can’t be used along with the 'rtcfile' directive. +rtcsync + +# Step the system clock instead of slewing it if the adjustment is larger than +# one second, but only in the first three clock updates. +makestep 1 3 + +# Get TAI-UTC offset and leap seconds from the system tz database. +# This directive must be commented out when using time sources serving +# leap-smeared time. +leapsectz right/UTC diff --git a/src/sonic-config-engine/tests/sample_output/py3/ntp.keys b/src/sonic-config-engine/tests/sample_output/py3/chrony.keys similarity index 75% rename from src/sonic-config-engine/tests/sample_output/py3/ntp.keys rename to src/sonic-config-engine/tests/sample_output/py3/chrony.keys index 4a1a37b693eb..e15eeb3fb3c9 100644 --- a/src/sonic-config-engine/tests/sample_output/py3/ntp.keys +++ b/src/sonic-config-engine/tests/sample_output/py3/chrony.keys @@ -1,8 +1,7 @@ ############################################################################### # This file was AUTOMATICALLY GENERATED. DO NOT MODIFY. -# Controlled by ntp-config.service +# Controlled by chrony-config.sh ############################################################################### -1 md5 blabla -42 sha1 the_answer - +1 MD5 blabla +42 SHA1 the_answer diff --git a/src/sonic-config-engine/tests/sample_output/py3/ntp.conf b/src/sonic-config-engine/tests/sample_output/py3/ntp.conf deleted file mode 100644 index 412d06cfd4aa..000000000000 --- a/src/sonic-config-engine/tests/sample_output/py3/ntp.conf +++ /dev/null @@ -1,41 +0,0 @@ -############################################################################### -# This file was AUTOMATICALLY GENERATED. DO NOT MODIFY. -# Controlled by ntp-config.service -############################################################################### - -# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help - -# To avoid ntpd from panic and exit if the drift between new time and -# current system time is large. -tinker panic 0 - -driftfile /var/lib/ntpsec/ntp.drift -leapfile /usr/share/zoneinfo/leap-seconds.list - -server 10.20.30.50 key 42 iburst version 3 -restrict 10.20.30.50 kod limited nomodify noquery - -pool pool.ntp.org iburst version 3 -restrict pool.ntp.org kod limited nomodify noquery - - -keys /etc/ntpsec/ntp.keys -trustedkey 42 - -interface ignore wildcard - - - -interface listen eth0 -interface listen 127.0.0.1 - - -# Access control configuration -# By default, exchange time with everybody, but don't allow configuration. -# NTPsec doesn't establish peer associations, and so nopeer has no effect, and -# has been removed from here -restrict default kod nomodify noquery limited - -# Local users may interrogate the ntp server more closely. -restrict 127.0.0.1 -restrict ::1 diff --git a/src/sonic-config-engine/tests/test_j2files.py b/src/sonic-config-engine/tests/test_j2files.py index ed8ed58e488a..7cb7916a1107 100644 --- a/src/sonic-config-engine/tests/test_j2files.py +++ b/src/sonic-config-engine/tests/test_j2files.py @@ -763,18 +763,18 @@ def test_ndppd_conf(self): assert utils.cmp(expected, self.output_file), self.run_diff(expected, self.output_file) def test_ntp_conf(self): - conf_template = os.path.join(self.test_dir, "ntp.conf.j2") + conf_template = os.path.join(self.test_dir, "chrony.conf.j2") config_db_ntp_json = os.path.join(self.test_dir, "data", "ntp", "ntp_interfaces.json") - expected = os.path.join(self.test_dir, "sample_output", utils.PYvX_DIR, "ntp.conf") + expected = os.path.join(self.test_dir, "sample_output", utils.PYvX_DIR, "chrony.conf") argument = ['-j', config_db_ntp_json, '-t', conf_template] self.run_script(argument, output_file=self.output_file) assert utils.cmp(expected, self.output_file), self.run_diff(expected, self.output_file) def test_ntp_keys(self): - conf_template = os.path.join(self.test_dir, "ntp.keys.j2") + conf_template = os.path.join(self.test_dir, "chrony.keys.j2") config_db_ntp_json = os.path.join(self.test_dir, "data", "ntp", "ntp_interfaces.json") - expected = os.path.join(self.test_dir, "sample_output", utils.PYvX_DIR, "ntp.keys") + expected = os.path.join(self.test_dir, "sample_output", utils.PYvX_DIR, "chrony.keys") argument = ['-j', config_db_ntp_json, '-t', conf_template] self.run_script(argument, output_file=self.output_file) From 7cb9f40dd028fe7e5b1b64def795a4730fdc2983 Mon Sep 17 00:00:00 2001 From: Saikrishna Arcot Date: Mon, 16 Sep 2024 14:32:06 -0700 Subject: [PATCH 05/23] Clean up config generation and update test output Signed-off-by: Saikrishna Arcot --- files/image_config/chrony/chrony.conf.j2 | 15 +++------------ .../tests/sample_output/py3/chrony.conf | 7 ------- .../tests/sample_output/py3/chrony.keys | 5 +++-- 3 files changed, 6 insertions(+), 21 deletions(-) diff --git a/files/image_config/chrony/chrony.conf.j2 b/files/image_config/chrony/chrony.conf.j2 index 66d85e9701dc..350ef93a6e29 100644 --- a/files/image_config/chrony/chrony.conf.j2 +++ b/files/image_config/chrony/chrony.conf.j2 @@ -51,20 +51,11 @@ confdir /etc/chrony/conf.d {% endfor -%} -{# Access control options -#} -{% set options = '' -%} - -{# Disable NTP server functionality. Should stay on when dhcp is enabled -#} -{# {% if global.server_role == 'disabled' and global.dhcp == 'disabled' -%} - {% set options = options ~ ' ignore' -%} +{# Enable NTP server functionality if server_role is enabled or DHCP configuration is enabled -#} +{# {% if global.server_role == 'enabled' or global.dhcp == 'enabled' -%} +allow {% endif -%} #} -# Access control configuration -# By default, exchange time with everybody, but don't allow configuration. -# NTPsec doesn't establish peer associations, and so nopeer has no effect, and -# has been removed from here -restrict default kod nomodify noquery limited{{ options }} - # Use time sources from DHCP. sourcedir /run/chrony-dhcp diff --git a/src/sonic-config-engine/tests/sample_output/py3/chrony.conf b/src/sonic-config-engine/tests/sample_output/py3/chrony.conf index 214a573db59f..a5337259b8a6 100644 --- a/src/sonic-config-engine/tests/sample_output/py3/chrony.conf +++ b/src/sonic-config-engine/tests/sample_output/py3/chrony.conf @@ -10,17 +10,10 @@ confdir /etc/chrony/conf.d server 10.20.30.50 key 42 iburst version 3 -restrict 10.20.30.50 kod limited nomodify noquery pool pool.ntp.org iburst version 3 -# Access control configuration -# By default, exchange time with everybody, but don't allow configuration. -# NTPsec doesn't establish peer associations, and so nopeer has no effect, and -# has been removed from here -restrict default kod nomodify noquery limited - # Use time sources from DHCP. sourcedir /run/chrony-dhcp diff --git a/src/sonic-config-engine/tests/sample_output/py3/chrony.keys b/src/sonic-config-engine/tests/sample_output/py3/chrony.keys index e15eeb3fb3c9..3a9bb0cd7f7e 100644 --- a/src/sonic-config-engine/tests/sample_output/py3/chrony.keys +++ b/src/sonic-config-engine/tests/sample_output/py3/chrony.keys @@ -3,5 +3,6 @@ # Controlled by chrony-config.sh ############################################################################### -1 MD5 blabla -42 SHA1 the_answer +1 MD5 blabla +42 SHA1 the_answer + From a4d7a092d40be9d09cd512e8765b7bdc62272dde Mon Sep 17 00:00:00 2001 From: Saikrishna Arcot Date: Wed, 25 Sep 2024 13:17:25 -0700 Subject: [PATCH 06/23] Change whl and deb package installations to happen within chroot Currently, for deb package installations, the --root argument is passed into dpkg to install packages in a custom root directory. However, this doesn't seem to do a full chroot, because there are some user/group name checks that appear to be done before the chroot has taken place. This becomes an issue with the chrony installation; if chrony doesn't happen to be installed on the host system, then installing any pacakge after chrony is installed in the fsroot that we're building will fail with the following error: ``` + sudo DEBIAN_FRONTEND=noninteractive dpkg --root=./fsroot-vs -i target/debs/bookworm/kdump-tools_1.8.1_amd64.deb dpkg: unrecoverable fatal error, aborting: unknown system group '_chrony' in statoverride file; the system group got removed before the override, which is most probably a packaging bug, to recover you can remove the override manually with dpkg-statoverride ``` Therefore, for deb (and whl) package installations, define a bash function that will copy the file into the fsroot, chroot into it, install the pacakge, and then remove it. Replace all existing deb and whl installations with code to call this function, so that it's consolidated. Signed-off-by: Saikrishna Arcot --- build_debian.sh | 9 +- .../build_templates/sonic_debian_extension.j2 | 179 ++++++++---------- 2 files changed, 80 insertions(+), 108 deletions(-) diff --git a/build_debian.sh b/build_debian.sh index 211d9ee1a674..49ce5ad56ee4 100755 --- a/build_debian.sh +++ b/build_debian.sh @@ -161,12 +161,11 @@ sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install pigz sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install busybox linux-base echo '[INFO] Install SONiC linux kernel image' ## Note: duplicate apt-get command to ensure every line return zero -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/initramfs-tools-core_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/initramfs-tools_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/linux-image-${LINUX_KERNEL_VERSION}-*_${CONFIGURED_ARCH}.deb || \ +sudo cp $debs_path/initramfs-tools-core_*.deb $debs_path/initramfs-tools_*.deb $debs_path/linux-image-${LINUX_KERNEL_VERSION}-*_${CONFIGURED_ARCH}.deb $FILESYSTEM_ROOT +basename_deb_packages=$(basename -a $debs_path/initramfs-tools-core_*.deb $debs_path/initramfs-tools_*.deb $debs_path/linux-image-${LINUX_KERNEL_VERSION}-*_${CONFIGURED_ARCH}.deb) +sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT dpkg -i $basename_deb_packages || \ sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f +( cd $FILESYSTEM_ROOT; sudo rm -f $basename_deb_packages ) sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install acl if [[ $CONFIGURED_ARCH == amd64 ]]; then sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install dmidecode hdparm diff --git a/files/build_templates/sonic_debian_extension.j2 b/files/build_templates/sonic_debian_extension.j2 index 4958b39ed04a..10fb57660e64 100644 --- a/files/build_templates/sonic_debian_extension.j2 +++ b/files/build_templates/sonic_debian_extension.j2 @@ -77,6 +77,41 @@ else sudo chroot $FILESYSTEM_ROOT $DOCKER_CTL_SCRIPT start fi +install_pip_package() { + pip_wheel=$1 + if [[ -z "$pip_wheel" ]]; then + return + fi + sudo cp $pip_wheel $FILESYSTEM_ROOT/ + basename_pip_wheel=$(basename -a $@) + sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install $basename_pip_wheel + ( cd $FILESYSTEM_ROOT; sudo rm -f $basename_pip_wheel ) +} + +install_deb_package() { + deb_packages=$@ + if [[ -z "$deb_packages" ]]; then + return + fi + sudo cp $deb_packages $FILESYSTEM_ROOT/ + basename_deb_packages=$(basename -a $@) + sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT dpkg -i $basename_deb_packages || \ + sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f + ( cd $FILESYSTEM_ROOT; sudo rm -f $basename_deb_packages ) +} + +install_deb_package_lazy() { + deb_packages=$@ + if [[ -z "$deb_packages" ]]; then + return + fi + sudo cp $deb_packages $FILESYSTEM_ROOT/ + basename_deb_packages=$(basename -a $@) + sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT dpkg -i $basename_deb_packages || \ + sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f --download-only + ( cd $FILESYSTEM_ROOT; sudo rm -f $basename_deb_packages ) +} + # Update apt's snapshot of its repos sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get update @@ -100,22 +135,14 @@ sudo mkdir -p $FILESYSTEM_ROOT_USR_SHARE_SONIC_FIRMWARE/ sudo mkdir -p $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM # Install sonic-nettools -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/sonic-nettools_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f +install_deb_package $debs_path/sonic-nettools_*.deb sudo setcap 'cap_net_raw=+ep' $FILESYSTEM_ROOT/usr/bin/wol # Install a patched version of ifupdown2 (and its dependencies via 'apt-get -y install -f') -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/ifupdown2_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f +install_deb_package $debs_path/ifupdown2_*.deb # Install a patched version of ipmitool (and its dependencies via 'apt-get -y install -f') -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/ipmitool_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f - -# Install a patched version of ntp (and its dependencies via 'apt-get -y install -f') -sudo dpkg --root=$FILESYSTEM_ROOT --force-confdef --force-confold -i $debs_path/ntp_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y \ - -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install -f +install_deb_package $debs_path/ipmitool_*.deb # Install dependencies for SONiC config engine sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install \ @@ -129,10 +156,8 @@ sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install "redis # Install redis-dump-load Python 3 package # Note: the scripts will be overwritten by corresponding Python 2 package -REDIS_DUMP_LOAD_PY3_WHEEL_NAME=$(basename {{redis_dump_load_py3_wheel_path}}) -sudo cp {{redis_dump_load_py3_wheel_path}} $FILESYSTEM_ROOT/$REDIS_DUMP_LOAD_PY3_WHEEL_NAME -sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install $REDIS_DUMP_LOAD_PY3_WHEEL_NAME -sudo rm -rf $FILESYSTEM_ROOT/$REDIS_DUMP_LOAD_PY3_WHEEL_NAME + +install_pip_package {{redis_dump_load_py3_wheel_path}} # Install Python module for psutil sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install psutil @@ -150,10 +175,7 @@ if [[ $CONFIGURED_ARCH == amd64 ]]; then fi # Install sonic-py-common Python 3 package -SONIC_PY_COMMON_PY3_WHEEL_NAME=$(basename {{sonic_py_common_py3_wheel_path}}) -sudo cp {{sonic_py_common_py3_wheel_path}} $FILESYSTEM_ROOT/$SONIC_PY_COMMON_PY3_WHEEL_NAME -sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install $SONIC_PY_COMMON_PY3_WHEEL_NAME -sudo rm -rf $FILESYSTEM_ROOT/$SONIC_PY_COMMON_PY3_WHEEL_NAME +install_pip_package {{sonic_py_common_py3_wheel_path}} # Install dependency pkgs for SONiC config engine Python 2 package if [[ $CONFIGURED_ARCH == armhf || $CONFIGURED_ARCH == arm64 ]]; then @@ -161,18 +183,11 @@ if [[ $CONFIGURED_ARCH == armhf || $CONFIGURED_ARCH == arm64 ]]; then fi # Install sonic-yang-models Python 3 package, install dependencies -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/libyang_*.deb $debs_path/libyang-cpp_*.deb $debs_path/python3-yang_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f -SONIC_YANG_MODEL_PY3_WHEEL_NAME=$(basename {{sonic_yang_models_py3_wheel_path}}) -sudo cp {{sonic_yang_models_py3_wheel_path}} $FILESYSTEM_ROOT/$SONIC_YANG_MODEL_PY3_WHEEL_NAME -sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install $SONIC_YANG_MODEL_PY3_WHEEL_NAME -sudo rm -rf $FILESYSTEM_ROOT/$SONIC_YANG_MODEL_PY3_WHEEL_NAME +install_deb_package $debs_path/libyang_*.deb $debs_path/libyang-cpp_*.deb $debs_path/python3-yang_*.deb +install_pip_package {{sonic_yang_models_py3_wheel_path}} # Install sonic-yang-mgmt Python3 package -SONIC_YANG_MGMT_PY3_WHEEL_NAME=$(basename {{sonic_yang_mgmt_py3_wheel_path}}) -sudo cp {{sonic_yang_mgmt_py3_wheel_path}} $FILESYSTEM_ROOT/$SONIC_YANG_MGMT_PY3_WHEEL_NAME -sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install $SONIC_YANG_MGMT_PY3_WHEEL_NAME -sudo rm -rf $FILESYSTEM_ROOT/$SONIC_YANG_MGMT_PY3_WHEEL_NAME +install_pip_package {{sonic_yang_mgmt_py3_wheel_path}} # For sonic-config-engine Python 3 package # Install pyangbind here, outside sonic-config-engine dependencies, as pyangbind causes enum34 to be installed. @@ -183,24 +198,15 @@ sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install pyangb sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 uninstall -y enum34 # Install SONiC config engine Python 3 package -CONFIG_ENGINE_PY3_WHEEL_NAME=$(basename {{config_engine_py3_wheel_path}}) -sudo cp {{config_engine_py3_wheel_path}} $FILESYSTEM_ROOT/$CONFIG_ENGINE_PY3_WHEEL_NAME -sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install $CONFIG_ENGINE_PY3_WHEEL_NAME -sudo rm -rf $FILESYSTEM_ROOT/$CONFIG_ENGINE_PY3_WHEEL_NAME +install_pip_package {{config_engine_py3_wheel_path}} # Install sonic-platform-common Python 3 package -PLATFORM_COMMON_PY3_WHEEL_NAME=$(basename {{platform_common_py3_wheel_path}}) -sudo cp {{platform_common_py3_wheel_path}} $FILESYSTEM_ROOT/$PLATFORM_COMMON_PY3_WHEEL_NAME -sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install $PLATFORM_COMMON_PY3_WHEEL_NAME -sudo rm -rf $FILESYSTEM_ROOT/$PLATFORM_COMMON_PY3_WHEEL_NAME +install_pip_package {{platform_common_py3_wheel_path}} {% if pddf_support == "y" %} # Install pddf-platform-api-base Python 3 package -PLATFORM_PDDF_COMMON_PY3_WHEEL_NAME=$(basename {{pddf_platform_api_base_py3_wheel_path}}) -sudo cp {{pddf_platform_api_base_py3_wheel_path}} $FILESYSTEM_ROOT/$PLATFORM_PDDF_COMMON_PY3_WHEEL_NAME -sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install $PLATFORM_PDDF_COMMON_PY3_WHEEL_NAME -sudo rm -rf $FILESYSTEM_ROOT/$PLATFORM_PDDF_COMMON_PY3_WHEEL_NAME +install_pip_package {{pddf_platform_api_base_py3_wheel_path}} {% endif %} {# Barefoot platform vendors' sonic_platform packages import the Python 'thrift' library #} @@ -209,10 +215,7 @@ sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install thrift {% endif %} # Install system-health Python 3 package -SYSTEM_HEALTH_PY3_WHEEL_NAME=$(basename {{system_health_py3_wheel_path}}) -sudo cp {{system_health_py3_wheel_path}} $FILESYSTEM_ROOT/$SYSTEM_HEALTH_PY3_WHEEL_NAME -sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install $SYSTEM_HEALTH_PY3_WHEEL_NAME -sudo rm -rf $FILESYSTEM_ROOT/$SYSTEM_HEALTH_PY3_WHEEL_NAME +install_pip_package {{system_health_py3_wheel_path}} # Install m2crypto, cryptography, cffi, and pynacl packages, used by sonic-utilities sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install python3-m2crypto python3-cryptography python3-cffi python3-nacl @@ -221,18 +224,13 @@ sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y in sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install libffi-dev # Install SONiC Utilities Python package -SONIC_UTILITIES_PY3_WHEEL_NAME=$(basename {{sonic_utilities_py3_wheel_path}}) -sudo cp {{sonic_utilities_py3_wheel_path}} $FILESYSTEM_ROOT/$SONIC_UTILITIES_PY3_WHEEL_NAME -sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install $SONIC_UTILITIES_PY3_WHEEL_NAME -sudo rm -rf $FILESYSTEM_ROOT/$SONIC_UTILITIES_PY3_WHEEL_NAME +install_pip_package {{sonic_utilities_py3_wheel_path}} # Install sonic-utilities data files (and any dependencies via 'apt-get -y install -f') -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/sonic-utilities-data_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f +install_deb_package $debs_path/sonic-utilities-data_*.deb # Install customized bash version to patch bash plugin support. -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/bash_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f +install_deb_package $debs_path/bash_*.deb # sonic-utilities-data installs bash-completion as a dependency. However, it is disabled by default # in bash.bashrc, so we copy a version of the file with it enabled here. @@ -262,32 +260,25 @@ if [[ $CONFIGURED_ARCH == armhf ]]; then fi # Install SONiC host services package -SONIC_HOST_SERVICES_PY3_WHEEL_NAME=$(basename {{sonic_host_services_py3_wheel_path}}) -sudo cp {{sonic_host_services_py3_wheel_path}} $FILESYSTEM_ROOT/$SONIC_HOST_SERVICES_PY3_WHEEL_NAME -sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install $SONIC_HOST_SERVICES_PY3_WHEEL_NAME -sudo rm -rf $FILESYSTEM_ROOT/$SONIC_HOST_SERVICES_PY3_WHEEL_NAME +install_pip_package {{sonic_host_services_py3_wheel_path}} # Install SONiC host services data files (and any dependencies via 'apt-get -y install -f') -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/sonic-host-services-data_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f +install_deb_package $debs_path/sonic-host-services-data_*.deb {% if enable_ztp == "y" %} # Install ZTP (and its dependencies via 'apt-get -y install -f') -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/sonic-ztp_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f +install_deb_package $debs_path/sonic-ztp_*.deb {% endif %} {% for machine_debs in lazy_build_installer_debs.strip().split() -%} {% set machine, pkgname = machine_debs.split('|') %} if [[ -z "{{machine}}" || -n "{{machine}}" && $TARGET_MACHINE == "{{machine}}" ]]; then -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/{{pkgname}} || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f +install_deb_package $debs_path/{{pkgname}} fi {% endfor %} # Install SONiC Device Data (and its dependencies via 'apt-get -y install -f') -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/sonic-device-data_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f +install_deb_package $debs_path/sonic-device-data_*.deb # package for supporting password hardening sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install libpam-pwquality @@ -306,18 +297,13 @@ sudo LANG=C chroot $FILESYSTEM_ROOT systemctl stop nslcd.service sudo LANG=C chroot $FILESYSTEM_ROOT systemctl mask nslcd.service # Install pam-tacplus and nss-tacplus -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/libtac2_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/libpam-tacplus_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/libnss-tacplus_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f +install_deb_package $debs_path/libtac2_*.deb +install_deb_package $debs_path/libpam-tacplus_*.deb +install_deb_package $debs_path/libnss-tacplus_*.deb # Install bash-tacplus -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/bash-tacplus_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f +install_deb_package $debs_path/bash-tacplus_*.deb # Install audisp-tacplus -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/audisp-tacplus_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f +install_deb_package $debs_path/audisp-tacplus_*.deb # Disable tacplus and LDAP by default ## NOTE: this syntax of pam-auth-update is meant to be used when the package gets removed, not for specifying ## some local configuration of a PAM module. Currently, there's no clean way of noninteractively specifying @@ -329,10 +315,8 @@ sudo LANG=C chroot $FILESYSTEM_ROOT pam-auth-update --remove tacplus ldap sudo sed -i -e '/^passwd/s/ tacplus//' $FILESYSTEM_ROOT/etc/nsswitch.conf # Install pam-radius-auth and nss-radius -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/libpam-radius-auth_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/libnss-radius_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f +install_deb_package $debs_path/libpam-radius-auth_*.deb +install_deb_package $debs_path/libnss-radius_*.deb # Disable radius by default # radius does not have any profiles #sudo LANG=C chroot $FILESYSTEM_ROOT pam-auth-update --remove radius tacplus @@ -340,8 +324,7 @@ sudo sed -i -e '/^passwd/s/ radius//' $FILESYSTEM_ROOT/etc/nsswitch.conf # Install a custom version of kdump-tools (and its dependencies via 'apt-get -y install -f') if [ "$TARGET_BOOTLOADER" != uboot ]; then -sudo DEBIAN_FRONTEND=noninteractive dpkg --root=$FILESYSTEM_ROOT -i $debs_path/kdump-tools_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true chroot $FILESYSTEM_ROOT apt-get -q --no-install-suggests --no-install-recommends install + install_deb_package $debs_path/kdump-tools_*.deb cat $IMAGE_CONFIGS/kdump/kdump-tools | sudo tee -a $FILESYSTEM_ROOT/etc/default/kdump-tools > /dev/null for kernel_release in $(ls $FILESYSTEM_ROOT/lib/modules/); do @@ -353,19 +336,17 @@ fi # Install python-swss-common package and all its dependent packages {% if python_swss_debs.strip() -%} {% for deb in python_swss_debs.strip().split(' ') -%} -sudo dpkg --root=$FILESYSTEM_ROOT -i {{deb}} || sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f +install_deb_package {{deb}} {% endfor %} {% endif %} # Install sonic-db-cli -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/sonic-db-cli_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f +install_deb_package $debs_path/sonic-db-cli_*.deb {% if include_system_eventd == "y" and build_reduce_image_size != "y" %} # Install sonic-rsyslog-plugin -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/sonic-rsyslog-plugin_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f +install_deb_package $debs_path/sonic-rsyslog-plugin_*.deb # Generate host conf for rsyslog_plugin j2 -f json $BUILD_TEMPLATES/rsyslog_plugin.conf.j2 $BUILD_TEMPLATES/events_info.json | sudo tee $FILESYSTEM_ROOT_ETC/rsyslog.d/host_events.conf @@ -385,8 +366,7 @@ sudo cp $BUILD_TEMPLATES/syncd_regex.json $FILESYSTEM_ROOT_ETC/rsyslog.d/ {% endif %} # Install custom-built monit package and SONiC configuration files -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/monit_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f +install_deb_package $debs_path/monit_*.deb sudo cp $IMAGE_CONFIGS/monit/monitrc $FILESYSTEM_ROOT/etc/monit/ sudo chmod 600 $FILESYSTEM_ROOT/etc/monit/monitrc sudo cp $IMAGE_CONFIGS/monit/conf.d/* $FILESYSTEM_ROOT/etc/monit/conf.d/ @@ -404,11 +384,11 @@ sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y in sudo cp $IMAGE_CONFIGS/smartmontools/smartmontools $FILESYSTEM_ROOT/etc/default/smartmontools # Install custom-built openssh sshd -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/openssh-server_${OPENSSH_VERSION_FULL}_*.deb $debs_path/openssh-client_${OPENSSH_VERSION_FULL}_*.deb $debs_path/openssh-sftp-server_${OPENSSH_VERSION_FULL}_*.deb +install_deb_package $debs_path/openssh-server_${OPENSSH_VERSION_FULL}_*.deb $debs_path/openssh-client_${OPENSSH_VERSION_FULL}_*.deb $debs_path/openssh-sftp-server_${OPENSSH_VERSION_FULL}_*.deb {% if sonic_asic_platform == 'broadcom' %} # Install custom-built flashrom -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/flashrom_*.deb +install_deb_package $debs_path/flashrom_*.deb {% endif %} # Copy crontabs @@ -513,8 +493,7 @@ sudo chmod og-rw $FILESYSTEM_ROOT_ETC_SONIC/core_analyzer.rc.json if [[ $CONFIGURED_ARCH == amd64 ]]; then # Install rasdaemon package # NOTE: Can be installed from debian directly when we move to trixie - sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/rasdaemon_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f + install_deb_package $debs_path/rasdaemon_*.deb # Rasdaemon service configuration. Use timer to start rasdaemon with a delay for better fast/warm boot performance sudo cp $IMAGE_CONFIGS/rasdaemon/rasdaemon.timer $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM @@ -742,7 +721,7 @@ fi {% if installer_debs.strip() -%} {% for deb in installer_debs.strip().split(' ') -%} -sudo dpkg --root=$FILESYSTEM_ROOT -i {{deb}} || sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f +install_deb_package {{deb}} {% endfor %} {% endif %} @@ -758,7 +737,7 @@ sudo LANG=C chroot $FILESYSTEM_ROOT depmod -a {{kversion}} {% set debfilename = deb.split('/')|last -%} {% set debname = debfilename.split('_')|first -%} -sudo dpkg --root=$FILESYSTEM_ROOT -i {{deb}} || sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f --download-only +install_deb_package_lazy {{deb}} sudo mkdir -p $FILESYSTEM_ROOT/$PLATFORM_DIR/{{dev}} sudo mkdir -p $FILESYSTEM_ROOT/$PLATFORM_DIR/common @@ -769,7 +748,7 @@ for f in $(find $FILESYSTEM_ROOT/var/cache/apt/archives -name "*.deb"); do sudo ln -sf "../common/$(basename $f)" "$FILESYSTEM_ROOT/$PLATFORM_DIR/{{dev}}/$(basename $f)" done -sudo dpkg --root=$FILESYSTEM_ROOT -P {{ debname }} +sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT dpkg -P {{ debname }} {% endfor %} # create a trivial apt repo if any of the debs have dependencies, including between lazy debs @@ -1070,10 +1049,7 @@ j2 platform/mellanox/mlnx-fw-upgrade.j2 | sudo tee $FILESYSTEM_ROOT/usr/bin/mlnx sudo chmod 755 $FILESYSTEM_ROOT/usr/bin/mlnx-fw-upgrade.sh # Install mlnx-sonic-platform Python 3 package -MLNX_SONIC_PLATFORM_PY3_WHEEL_NAME=$(basename {{mlnx_platform_api_py3_wheel_path}}) -sudo cp {{mlnx_platform_api_py3_wheel_path}} $FILESYSTEM_ROOT/$MLNX_SONIC_PLATFORM_PY3_WHEEL_NAME -sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install $MLNX_SONIC_PLATFORM_PY3_WHEEL_NAME -sudo rm -rf $FILESYSTEM_ROOT/$MLNX_SONIC_PLATFORM_PY3_WHEEL_NAME +install_pip_package {{mlnx_platform_api_py3_wheel_path}} # Install service that manages Nvidia specific shared storage sudo cp platform/mellanox/nv-syncd-shared/nv-syncd-shared.service $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM/ @@ -1103,10 +1079,7 @@ for fw_file_name in ${!FW_FILE_MAP[@]}; do sudo ln -s /host/image-$SONIC_IMAGE_VERSION/$PLATFORM_DIR/fw/dpu/${FW_FILE_MAP[$fw_file_name]} $FILESYSTEM_ROOT/etc/bluefield/${FW_FILE_MAP[$fw_file_name]} done -SONIC_PLATFORM_PY3_WHEEL_NAME=$(basename {{platform_api_py3_wheel_path}}) -sudo cp {{platform_api_py3_wheel_path}} $FILESYSTEM_ROOT/$SONIC_PLATFORM_PY3_WHEEL_NAME -sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install $SONIC_PLATFORM_PY3_WHEEL_NAME -sudo rm -rf $FILESYSTEM_ROOT/$SONIC_PLATFORM_PY3_WHEEL_NAME +install_pip_package {{platform_api_py3_wheel_path}} {% endif %} {%- if SONIC_ROUTING_STACK == "frr" %} From 70a2f3b14478fcca6463df3608eb14c5dc686088 Mon Sep 17 00:00:00 2001 From: Saikrishna Arcot Date: Wed, 25 Sep 2024 13:23:03 -0700 Subject: [PATCH 07/23] Remove ntpstat, it doesn't work with chrony Signed-off-by: Saikrishna Arcot --- build_debian.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/build_debian.sh b/build_debian.sh index 49ce5ad56ee4..275f34686d11 100755 --- a/build_debian.sh +++ b/build_debian.sh @@ -331,7 +331,6 @@ sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y in vim \ tcpdump \ dbus \ - ntpstat \ openssh-server \ python3-apt \ traceroute \ From 5f4168fd0b18f194cccbc3f1b191825aeeb34ab5 Mon Sep 17 00:00:00 2001 From: Saikrishna Arcot Date: Thu, 26 Sep 2024 17:10:20 -0700 Subject: [PATCH 08/23] Listen on interface if source interface is specified or running in vrf Signed-off-by: Saikrishna Arcot --- files/image_config/chrony/chrony.conf.j2 | 46 +++++++++++++++++++ .../tests/sample_output/py3/chrony.conf | 3 ++ 2 files changed, 49 insertions(+) diff --git a/files/image_config/chrony/chrony.conf.j2 b/files/image_config/chrony/chrony.conf.j2 index 350ef93a6e29..4681afc06aab 100644 --- a/files/image_config/chrony/chrony.conf.j2 +++ b/files/image_config/chrony/chrony.conf.j2 @@ -56,6 +56,52 @@ confdir /etc/chrony/conf.d allow {% endif -%} #} +{# use source interface if configured to send NTP requests, else use eth0 if running in mgmt +vrf (default is not to listen on anything) -#} + +{# Set interface to listen on: + * Set global variable for configured source interface name. + * Set global boolean to indicate if the ip of the configured source + interface is configured. + * If the source interface is configured but no ip on that + interface, then listen on another interface based on existing logic. -#} +{%- macro check_ip_on_interface(interface_name, table_name) %} + {%- set ns = namespace(valid_intf = 'false') %} + {%- if table_name %} + {%- for (name, source_prefix) in table_name|pfx_filter %} + {%- if source_prefix and name == interface_name %} + {%- set ns.valid_intf = 'true' %} + {%- endif %} + {%- endfor %} + {%- endif %} +{{ ns.valid_intf }} +{%- endmacro %} + +{% set ns = namespace(source_intf = "") %} +{%- set ns = namespace(source_intf_ip = 'false') %} +{%- if global.src_intf %} + {%- set ns.source_intf = global.src_intf %} + {%- if ns.source_intf != "" %} + {%- if ns.source_intf == "eth0" %} + {%- set ns.source_intf_ip = check_ip_on_interface(ns.source_intf, MGMT_INTERFACE) %} + {%- elif ns.source_intf.startswith('Vlan') %} + {%- set ns.source_intf_ip = check_ip_on_interface(ns.source_intf, VLAN_INTERFACE) %} + {%- elif ns.source_intf.startswith('Ethernet') %} + {%- set ns.source_intf_ip = check_ip_on_interface(ns.source_intf, INTERFACE) %} + {%- elif ns.source_intf.startswith('PortChannel') %} + {%- set ns.source_intf_ip = check_ip_on_interface(ns.source_intf, PORTCHANNEL_INTERFACE) %} + {%- elif ns.source_intf.startswith('Loopback') %} + {%- set ns.source_intf_ip = check_ip_on_interface(ns.source_intf, LOOPBACK_INTERFACE) %} + {%- endif %} + {%- endif %} +{% endif %} + +{% if ns.source_intf_ip == 'true' -%} +bindacqdevice {{ns.source_intf}} +{% elif (NTP) and NTP['global']['vrf'] == 'mgmt' -%} +bindacqdevice eth0 +{% endif %} + # Use time sources from DHCP. sourcedir /run/chrony-dhcp diff --git a/src/sonic-config-engine/tests/sample_output/py3/chrony.conf b/src/sonic-config-engine/tests/sample_output/py3/chrony.conf index a5337259b8a6..2e7e2453d8e8 100644 --- a/src/sonic-config-engine/tests/sample_output/py3/chrony.conf +++ b/src/sonic-config-engine/tests/sample_output/py3/chrony.conf @@ -14,6 +14,9 @@ server 10.20.30.50 key 42 iburst version 3 pool pool.ntp.org iburst version 3 + + + # Use time sources from DHCP. sourcedir /run/chrony-dhcp From 2f5912deb1b08aab5168f0a00e1e48ea9518a4d6 Mon Sep 17 00:00:00 2001 From: Saikrishna Arcot Date: Wed, 2 Oct 2024 15:45:31 -0700 Subject: [PATCH 09/23] Add startup script to chrony This should hopefully let it start in a custom VRF. Signed-off-by: Saikrishna Arcot --- files/build_templates/sonic_debian_extension.j2 | 2 +- files/image_config/chrony/chronyd-starter.sh | 16 ++++++++++++++++ files/image_config/chrony/override.conf | 13 +++++++++++++ files/image_config/chrony/sonic-target.conf | 3 --- 4 files changed, 30 insertions(+), 4 deletions(-) create mode 100755 files/image_config/chrony/chronyd-starter.sh create mode 100644 files/image_config/chrony/override.conf delete mode 100644 files/image_config/chrony/sonic-target.conf diff --git a/files/build_templates/sonic_debian_extension.j2 b/files/build_templates/sonic_debian_extension.j2 index 10fb57660e64..93cbc439eac2 100644 --- a/files/build_templates/sonic_debian_extension.j2 +++ b/files/build_templates/sonic_debian_extension.j2 @@ -398,7 +398,7 @@ sudo cp -f $IMAGE_CONFIGS/cron.d/* $FILESYSTEM_ROOT/etc/cron.d/ sudo cp $IMAGE_CONFIGS/chrony/chrony-config.sh $FILESYSTEM_ROOT/usr/bin/ sudo cp $IMAGE_CONFIGS/chrony/chrony.conf.j2 $FILESYSTEM_ROOT_USR_SHARE_SONIC_TEMPLATES/ sudo cp $IMAGE_CONFIGS/chrony/chrony.keys.j2 $FILESYSTEM_ROOT_USR_SHARE_SONIC_TEMPLATES/ -sudo cp $IMAGE_CONFIGS/chrony/chronyd-starter.sh $FILESYSTEM_ROOT/usr/lib/systemd/scripts/ +sudo cp $IMAGE_CONFIGS/chrony/chronyd-starter.sh $FILESYSTEM_ROOT/usr/local/sbin/ sudo mkdir $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM/chrony.service.d sudo cp $IMAGE_CONFIGS/chrony/override.conf $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM/chrony.service.d/ echo "chrony.service" | sudo tee -a $GENERATED_SERVICE_FILE diff --git a/files/image_config/chrony/chronyd-starter.sh b/files/image_config/chrony/chronyd-starter.sh new file mode 100755 index 000000000000..e8b999ec03a9 --- /dev/null +++ b/files/image_config/chrony/chronyd-starter.sh @@ -0,0 +1,16 @@ +#!/bin/sh + +VRF_ENABLED=$(/usr/local/bin/sonic-cfggen -d -v 'MGMT_VRF_CONFIG["vrf_global"]["mgmtVrfEnabled"]' 2> /dev/null) +if [ "$VRF_ENABLED" = "true" ]; then + VRF_CONFIGURED=$(/usr/local/bin/sonic-cfggen -d -v 'NTP["global"]["vrf"]' 2> /dev/null) + if [ "$VRF_CONFIGURED" = "default" ]; then + echo "Starting NTP server in default-vrf for default set as NTP vrf" + exec /usr/sbin/chronyd $DAEMON_OPTS + else + echo "Starting NTP server in mgmt-vrf" + exec ip vrf exec mgmt /usr/sbin/chronyd $DAEMON_OPTS + fi +else + echo "Starting NTP server in default-vrf" + exec /usr/sbin/chronyd $DAEMON_OPTS +fi diff --git a/files/image_config/chrony/override.conf b/files/image_config/chrony/override.conf new file mode 100644 index 000000000000..fb06440451a0 --- /dev/null +++ b/files/image_config/chrony/override.conf @@ -0,0 +1,13 @@ +[Unit] +Requires=config-setup.service +After=config-setup.service +BindsTo=sonic.target +After=sonic.target + +[Service] +ExecStartPre=!/usr/bin/chrony-config.sh +ExecStart= +ExecStart=!/usr/local/sbin/chronyd-starter.sh + +[Install] +WantedBy=sonic.target diff --git a/files/image_config/chrony/sonic-target.conf b/files/image_config/chrony/sonic-target.conf deleted file mode 100644 index 83dd118fe5e9..000000000000 --- a/files/image_config/chrony/sonic-target.conf +++ /dev/null @@ -1,3 +0,0 @@ -[Unit] -BindsTo=sonic.target -After=sonic.target From 2176e9cbba9365272a8d9add865ef5185f071a23 Mon Sep 17 00:00:00 2001 From: Saikrishna Arcot Date: Wed, 2 Oct 2024 15:46:03 -0700 Subject: [PATCH 10/23] Don't let chrony step the clock Signed-off-by: Saikrishna Arcot --- files/image_config/chrony/chrony.conf.j2 | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/files/image_config/chrony/chrony.conf.j2 b/files/image_config/chrony/chrony.conf.j2 index 4681afc06aab..805933a7a8cb 100644 --- a/files/image_config/chrony/chrony.conf.j2 +++ b/files/image_config/chrony/chrony.conf.j2 @@ -136,7 +136,9 @@ rtcsync # Step the system clock instead of slewing it if the adjustment is larger than # one second, but only in the first three clock updates. -makestep 1 3 +# +# Disabled because we don't want chrony to do any clock steps; it should only slew +#makestep 1 3 # Get TAI-UTC offset and leap seconds from the system tz database. # This directive must be commented out when using time sources serving From 88c79ecc42f4a3f55e0af037681b3682bcb7c153 Mon Sep 17 00:00:00 2001 From: Saikrishna Arcot Date: Tue, 8 Oct 2024 19:01:17 -0700 Subject: [PATCH 11/23] Fix chrony not getting started with `config reload` Signed-off-by: Saikrishna Arcot --- files/build_templates/sonic_debian_extension.j2 | 4 +++- files/image_config/chrony/override.conf | 1 + 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/files/build_templates/sonic_debian_extension.j2 b/files/build_templates/sonic_debian_extension.j2 index 2c1e195c724c..8801d57d0782 100644 --- a/files/build_templates/sonic_debian_extension.j2 +++ b/files/build_templates/sonic_debian_extension.j2 @@ -399,8 +399,10 @@ sudo cp $IMAGE_CONFIGS/chrony/chrony.conf.j2 $FILESYSTEM_ROOT_USR_SHARE_SONIC_TE sudo cp $IMAGE_CONFIGS/chrony/chrony.keys.j2 $FILESYSTEM_ROOT_USR_SHARE_SONIC_TEMPLATES/ sudo cp $IMAGE_CONFIGS/chrony/chronyd-starter.sh $FILESYSTEM_ROOT/usr/local/sbin/ sudo mkdir $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM/chrony.service.d +# Don't start chrony with multi-user.target, add our override, and start it with sonic.target +sudo LANG=C chroot $FILESYSTEM_ROOT systemctl disable chrony.service sudo cp $IMAGE_CONFIGS/chrony/override.conf $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM/chrony.service.d/ -echo "chrony.service" | sudo tee -a $GENERATED_SERVICE_FILE +sudo LANG=C chroot $FILESYSTEM_ROOT systemctl enable chrony.service # Copy DNS templates sudo cp $BUILD_TEMPLATES/dns.j2 $FILESYSTEM_ROOT_USR_SHARE_SONIC_TEMPLATES/ diff --git a/files/image_config/chrony/override.conf b/files/image_config/chrony/override.conf index fb06440451a0..60632ab7867c 100644 --- a/files/image_config/chrony/override.conf +++ b/files/image_config/chrony/override.conf @@ -10,4 +10,5 @@ ExecStart= ExecStart=!/usr/local/sbin/chronyd-starter.sh [Install] +WantedBy= WantedBy=sonic.target From 608b593d21071a070492cb1efa78b83514aac70f Mon Sep 17 00:00:00 2001 From: Saikrishna Arcot Date: Tue, 8 Oct 2024 19:01:40 -0700 Subject: [PATCH 12/23] Remove unused config Signed-off-by: Saikrishna Arcot --- files/image_config/chrony/chrony.conf.j2 | 8 -------- 1 file changed, 8 deletions(-) diff --git a/files/image_config/chrony/chrony.conf.j2 b/files/image_config/chrony/chrony.conf.j2 index d3b5a0cf51fa..805933a7a8cb 100644 --- a/files/image_config/chrony/chrony.conf.j2 +++ b/files/image_config/chrony/chrony.conf.j2 @@ -14,7 +14,6 @@ confdir /etc/chrony/conf.d {# Adding NTP servers. We need to know if we have some pools, to set proper config -#} {% set ns = namespace(is_pools=false) %} -{% set ip_ver_ns = namespace(ipv4_server=false, ipv6_server=false) %} {% for server in NTP_SERVER if NTP_SERVER[server].admin_state != 'disabled' -%} {% set config = NTP_SERVER[server] -%} {# Server options -#} @@ -50,13 +49,6 @@ confdir /etc/chrony/conf.d {{ association_type }} {{ resolve_as }}{{ soptions }} -{% if resolve_as | ipv4 -%} - {% set ip_ver_ns.ipv4_server = true %} -{% elif resolve_as | ipv6 %} - {% set ip_ver_ns.ipv6_server = true %} -{% endif -%} - - {% endfor -%} {# Enable NTP server functionality if server_role is enabled or DHCP configuration is enabled -#} From abcd875446cd9308f38ad45d3b6ea2e96e1649ce Mon Sep 17 00:00:00 2001 From: Saikrishna Arcot Date: Tue, 8 Oct 2024 19:02:00 -0700 Subject: [PATCH 13/23] Update test output Signed-off-by: Saikrishna Arcot --- src/sonic-config-engine/tests/sample_output/py3/chrony.conf | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/sonic-config-engine/tests/sample_output/py3/chrony.conf b/src/sonic-config-engine/tests/sample_output/py3/chrony.conf index 2e7e2453d8e8..3d5bc09ade9c 100644 --- a/src/sonic-config-engine/tests/sample_output/py3/chrony.conf +++ b/src/sonic-config-engine/tests/sample_output/py3/chrony.conf @@ -49,7 +49,9 @@ rtcsync # Step the system clock instead of slewing it if the adjustment is larger than # one second, but only in the first three clock updates. -makestep 1 3 +# +# Disabled because we don't want chrony to do any clock steps; it should only slew +#makestep 1 3 # Get TAI-UTC offset and leap seconds from the system tz database. # This directive must be commented out when using time sources serving From 695385d9ecf0e75e9ee27e4f2139330bb013cf89 Mon Sep 17 00:00:00 2001 From: Saikrishna Arcot Date: Sun, 13 Oct 2024 23:23:08 -0700 Subject: [PATCH 14/23] Update sonic-host-services and sonic-utilities for chrony changes Signed-off-by: Saikrishna Arcot --- src/sonic-host-services | 2 +- src/sonic-utilities | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/sonic-host-services b/src/sonic-host-services index b7f26d4eaf12..37db80688048 160000 --- a/src/sonic-host-services +++ b/src/sonic-host-services @@ -1 +1 @@ -Subproject commit b7f26d4eaf125af4c889a9dbadeebacbeb9e9271 +Subproject commit 37db80688048631f80ff7915d05700b7ceb3129b diff --git a/src/sonic-utilities b/src/sonic-utilities index 66b41e5f3a4f..5ae9cbe64182 160000 --- a/src/sonic-utilities +++ b/src/sonic-utilities @@ -1 +1 @@ -Subproject commit 66b41e5f3a4f2ece1cf849a3810aeada602f6f7d +Subproject commit 5ae9cbe64182eda4904194966127564fd453836f From 2bdec26f178ad271aa57c71148a9c893da0961f9 Mon Sep 17 00:00:00 2001 From: Saikrishna Arcot Date: Thu, 24 Oct 2024 09:11:58 -0700 Subject: [PATCH 15/23] Have chrony manage the RTC instead of the kernel This lets the RTC reflect the correct time even if the system time is still catching up. Signed-off-by: Saikrishna Arcot --- files/image_config/chrony/chrony.conf.j2 | 12 +++++++++++- .../tests/sample_output/py3/chrony.conf | 12 +++++++++++- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/files/image_config/chrony/chrony.conf.j2 b/files/image_config/chrony/chrony.conf.j2 index 805933a7a8cb..a41e68451580 100644 --- a/files/image_config/chrony/chrony.conf.j2 +++ b/files/image_config/chrony/chrony.conf.j2 @@ -132,7 +132,17 @@ maxupdateskew 100.0 # This directive enables kernel synchronisation (every 11 minutes) of the # real-time clock. Note that it can’t be used along with the 'rtcfile' directive. -rtcsync +#rtcsync + +# Instead of having the kernel manage the real-time clock, have chrony do this +# instead. The reason for this is that if the system time and the real-time clock +# are signficantly different from the actual time, then the system time must be +# slewed, while the real-time clock can be stepped to the actual time. That way, +# when the device next reboots (whether it be cold, warm, or fast), it will come +# up with the actual time from the real-time clock. +rtcfile /var/lib/chrony/rtc +hwclockfile /etc/adjtime +rtcautotrim 15 # Step the system clock instead of slewing it if the adjustment is larger than # one second, but only in the first three clock updates. diff --git a/src/sonic-config-engine/tests/sample_output/py3/chrony.conf b/src/sonic-config-engine/tests/sample_output/py3/chrony.conf index 3d5bc09ade9c..539d08f34a89 100644 --- a/src/sonic-config-engine/tests/sample_output/py3/chrony.conf +++ b/src/sonic-config-engine/tests/sample_output/py3/chrony.conf @@ -45,7 +45,17 @@ maxupdateskew 100.0 # This directive enables kernel synchronisation (every 11 minutes) of the # real-time clock. Note that it can’t be used along with the 'rtcfile' directive. -rtcsync +#rtcsync + +# Instead of having the kernel manage the real-time clock, have chrony do this +# instead. The reason for this is that if the system time and the real-time clock +# are signficantly different from the actual time, then the system time must be +# slewed, while the real-time clock can be stepped to the actual time. That way, +# when the device next reboots (whether it be cold, warm, or fast), it will come +# up with the actual time from the real-time clock. +rtcfile /var/lib/chrony/rtc +hwclockfile /etc/adjtime +rtcautotrim 15 # Step the system clock instead of slewing it if the adjustment is larger than # one second, but only in the first three clock updates. From 0995ae1e5a142c2a3c0b74a5db6d4f9b2346678d Mon Sep 17 00:00:00 2001 From: Saikrishna Arcot Date: Thu, 7 Nov 2024 13:57:43 -0800 Subject: [PATCH 16/23] Add monit config to check NTP status Signed-off-by: Saikrishna Arcot --- files/build_templates/sonic_debian_extension.j2 | 1 + files/image_config/chrony/check_ntp_status.sh | 6 ++++++ files/image_config/monit/conf.d/sonic-host | 4 ++++ 3 files changed, 11 insertions(+) create mode 100755 files/image_config/chrony/check_ntp_status.sh diff --git a/files/build_templates/sonic_debian_extension.j2 b/files/build_templates/sonic_debian_extension.j2 index 5cc60ca31e52..f3dad09e492b 100644 --- a/files/build_templates/sonic_debian_extension.j2 +++ b/files/build_templates/sonic_debian_extension.j2 @@ -400,6 +400,7 @@ sudo cp $IMAGE_CONFIGS/chrony/chrony-config.sh $FILESYSTEM_ROOT/usr/bin/ sudo cp $IMAGE_CONFIGS/chrony/chrony.conf.j2 $FILESYSTEM_ROOT_USR_SHARE_SONIC_TEMPLATES/ sudo cp $IMAGE_CONFIGS/chrony/chrony.keys.j2 $FILESYSTEM_ROOT_USR_SHARE_SONIC_TEMPLATES/ sudo cp $IMAGE_CONFIGS/chrony/chronyd-starter.sh $FILESYSTEM_ROOT/usr/local/sbin/ +sudo cp $IMAGE_CONFIGS/chrony/check_ntp_status.sh $FILESYSTEM_ROOT/usr/local/bin/ sudo mkdir $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM/chrony.service.d # Don't start chrony with multi-user.target, add our override, and start it with sonic.target sudo LANG=C chroot $FILESYSTEM_ROOT systemctl disable chrony.service diff --git a/files/image_config/chrony/check_ntp_status.sh b/files/image_config/chrony/check_ntp_status.sh new file mode 100755 index 000000000000..1cb556057a36 --- /dev/null +++ b/files/image_config/chrony/check_ntp_status.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +if chronyc -c tracking | grep -q "Not synchronised"; then + echo "NTP is not synchronized with servers" + exit 1 +fi diff --git a/files/image_config/monit/conf.d/sonic-host b/files/image_config/monit/conf.d/sonic-host index e71c082e9061..72257265447c 100644 --- a/files/image_config/monit/conf.d/sonic-host +++ b/files/image_config/monit/conf.d/sonic-host @@ -60,3 +60,7 @@ check program memory_check with path "/usr/local/bin/memory_threshold_check.py" # arp_update_checker tool that verifies that arp_update script is not stuck on ping command every 10 minutes check program arp_update_checker with path "/usr/bin/arp_update_checker" every 10 cycles if status != 0 for 3 times within 3 cycles then alert repeat every 1 cycles + +# check if NTP is synchronized +check program ntp with path "/usr/local/bin/check_ntp_status.sh" + if status != 0 for 3 cycle then alert repeat every 5 cycles From c287263c1aa38d4e4f80ac039631b21de89734f7 Mon Sep 17 00:00:00 2001 From: Saikrishna Arcot Date: Thu, 23 Jan 2025 17:27:24 -0800 Subject: [PATCH 17/23] Fix starting chrony in mgmt VRF by removing some protections For chrony to start in another VRF, it needs to access `/proc/mounts` and it needs to create cgroups. The default systemd service restricts access to both. Disable those restrictions so that this works. Signed-off-by: Saikrishna Arcot --- files/image_config/chrony/override.conf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/files/image_config/chrony/override.conf b/files/image_config/chrony/override.conf index 60632ab7867c..0b9c664cf7ae 100644 --- a/files/image_config/chrony/override.conf +++ b/files/image_config/chrony/override.conf @@ -8,6 +8,8 @@ After=sonic.target ExecStartPre=!/usr/bin/chrony-config.sh ExecStart= ExecStart=!/usr/local/sbin/chronyd-starter.sh +ProtectControlGroups=no +ProcSubset=all [Install] WantedBy= From fb911bb82be82867d30d5135559d48d4c2e00570 Mon Sep 17 00:00:00 2001 From: Saikrishna Arcot Date: Sun, 23 Feb 2025 17:25:11 -0800 Subject: [PATCH 18/23] Bring in sonic-utilities changes Signed-off-by: Saikrishna Arcot --- src/sonic-utilities | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/sonic-utilities b/src/sonic-utilities index a76d008f12b7..8d0fe4c7f299 160000 --- a/src/sonic-utilities +++ b/src/sonic-utilities @@ -1 +1 @@ -Subproject commit a76d008f12b7dd28e0ff44ee24b6b7fcb641fc6f +Subproject commit 8d0fe4c7f299388a06758ea4756c79144183714e From d6568a4cf1d208b0ff760f6b02607d9b7ccf15de Mon Sep 17 00:00:00 2001 From: Saikrishna Arcot Date: Tue, 25 Feb 2025 22:05:29 -0800 Subject: [PATCH 19/23] Fix package installation Signed-off-by: Saikrishna Arcot --- files/build_templates/sonic_debian_extension.j2 | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/files/build_templates/sonic_debian_extension.j2 b/files/build_templates/sonic_debian_extension.j2 index 7409dc8b4035..e64752cbf5f6 100644 --- a/files/build_templates/sonic_debian_extension.j2 +++ b/files/build_templates/sonic_debian_extension.j2 @@ -743,7 +743,7 @@ PACKAGE_NAME=$(dpkg-deb -f {{deb}} Package) PACKAGE_VERSION=$(dpkg-deb -f {{deb}} Version) INSTALLED_VERSION=$(dpkg-query --showformat='${Version}' --show $PACKAGE_NAME || true) if [ "$INSTALLED_VERSION" != "" ] && [ "$INSTALLED_VERSION" != "$PACKAGE_VERSION" ]; then - sudo dpkg --root=$FILESYSTEM_ROOT -i {{deb}} + install_deb_package {{deb}} fi ## SONiC packages may have lower version than Debian offical package, install offical Debian package will break feature @@ -1129,8 +1129,7 @@ sudo chmod 755 $FILESYSTEM_ROOT/usr/bin/mlnx-fw-upgrade.sh install_pip_package {{platform_api_py3_wheel_path}} -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/libdashapi_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f +install_deb_package $debs_path/libdashapi_*.deb sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install xmlstarlet @@ -1158,7 +1157,7 @@ sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y in if [ "$INCLUDE_FIPS" == y ]; then {% if installer_python_debs.strip() -%} {% for deb in installer_python_debs.strip().split(' ') -%} - sudo dpkg --root=$FILESYSTEM_ROOT -i {{deb}} + install_deb_package {{deb}} {% endfor %} {% endif %} fi From e01673a7fd5a9ab72f532e2e0eda0be55a0babe3 Mon Sep 17 00:00:00 2001 From: Saikrishna Arcot Date: Wed, 5 Mar 2025 15:14:22 -0800 Subject: [PATCH 20/23] Update sonic-utilities to bring in `sudo config ntp add` fix Signed-off-by: Saikrishna Arcot --- src/sonic-utilities | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/sonic-utilities b/src/sonic-utilities index 46fc7b6dea11..83d19382265b 160000 --- a/src/sonic-utilities +++ b/src/sonic-utilities @@ -1 +1 @@ -Subproject commit 46fc7b6dea11510c55121fe16c54830108ad97e4 +Subproject commit 83d19382265bbec96b4f302900dffacac304ef29 From fdfdab1eaedc77a068e909ed50566df5cb289d84 Mon Sep 17 00:00:00 2001 From: Saikrishna Arcot Date: Thu, 6 Mar 2025 09:16:29 -0800 Subject: [PATCH 21/23] Fix initramfs installation Signed-off-by: Saikrishna Arcot --- build_debian.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/build_debian.sh b/build_debian.sh index d813a303eb0d..9c5378fdc6d9 100755 --- a/build_debian.sh +++ b/build_debian.sh @@ -162,9 +162,8 @@ sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install busybox linux-base echo '[INFO] Install SONiC linux kernel image' ## Note: duplicate apt-get command to ensure every line return zero sudo cp $debs_path/initramfs-tools-core_*.deb $debs_path/initramfs-tools_*.deb $debs_path/linux-image-${LINUX_KERNEL_VERSION}-*_${CONFIGURED_ARCH}.deb $FILESYSTEM_ROOT -basename_deb_packages=$(basename -a $debs_path/initramfs-tools-core_*.deb $debs_path/initramfs-tools_*.deb $debs_path/linux-image-${LINUX_KERNEL_VERSION}-*_${CONFIGURED_ARCH}.deb) -sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT dpkg -i $basename_deb_packages || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f +basename_deb_packages=$(basename -a $debs_path/initramfs-tools-core_*.deb $debs_path/initramfs-tools_*.deb $debs_path/linux-image-${LINUX_KERNEL_VERSION}-*_${CONFIGURED_ARCH}.deb | sed 's,^,./,') +sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt -y install $basename_deb_packages ( cd $FILESYSTEM_ROOT; sudo rm -f $basename_deb_packages ) sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install acl if [[ $CONFIGURED_ARCH == amd64 ]]; then From 8f5039c9ee309ea0ae9e26b6565f6d58d58a28f9 Mon Sep 17 00:00:00 2001 From: Saikrishna Arcot Date: Thu, 6 Mar 2025 22:10:56 -0800 Subject: [PATCH 22/23] Disable ntp check in monit KVM environments might not have an NTP server available (or running in the PTF container). Signed-off-by: Saikrishna Arcot --- files/image_config/monit/conf.d/sonic-host | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/files/image_config/monit/conf.d/sonic-host b/files/image_config/monit/conf.d/sonic-host index 930091f293de..30d539464b29 100644 --- a/files/image_config/monit/conf.d/sonic-host +++ b/files/image_config/monit/conf.d/sonic-host @@ -72,5 +72,5 @@ check program mgmtOperStatus with path "/usr/bin/mgmt_oper_status.py" if status != 0 for 3 cycle then alert repeat every 1 cycles # check if NTP is synchronized -check program ntp with path "/usr/local/bin/check_ntp_status.sh" - if status != 0 for 3 cycle then alert repeat every 5 cycles +#check program ntp with path "/usr/local/bin/check_ntp_status.sh" +# if status != 0 for 3 cycle then alert repeat every 5 cycles From 9a7d4a089e30deb6f9c9e798bf4a3245ecb42bce Mon Sep 17 00:00:00 2001 From: Saikrishna Arcot Date: Fri, 7 Mar 2025 12:13:30 -0800 Subject: [PATCH 23/23] Fix ntp config CLI Signed-off-by: Saikrishna Arcot --- src/sonic-utilities | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/sonic-utilities b/src/sonic-utilities index 83d19382265b..706f7d2d2740 160000 --- a/src/sonic-utilities +++ b/src/sonic-utilities @@ -1 +1 @@ -Subproject commit 83d19382265bbec96b4f302900dffacac304ef29 +Subproject commit 706f7d2d27402a66ba1b1941ba25842ebe4e2a1b