Move chrony config from generator to systemd service

With latest changes from systemd, we now run certain steps before NetworkManager.service to access and write to /etc/sysconfig/network. Issue: coreos/fedora-coreos-tracker#1402
coreos · Mar 3, 2023 · 8080055 · 8080055
1 parent 129880b
commit 8080055
Show file tree

Hide file tree

Showing 5 changed files with 41 additions and 39 deletions.
diff --git a/overlay.d/20platform-chrony/usr/lib/systemd/system-preset/20-fcos.preset b/overlay.d/20platform-chrony/usr/lib/systemd/system-preset/20-fcos.preset
@@ -0,0 +1,2 @@
+# To inspect the platform and configure chrony
+enable coreos-platform-chrony-config.service
diff --git a/....d/20platform-chrony/usr/lib/systemd/system/chronyd.service.d/coreos-platform-chrony.conf b/....d/20platform-chrony/usr/lib/systemd/system/chronyd.service.d/coreos-platform-chrony.conf
@@ -0,0 +1,4 @@
+# Override chrony configuration with the output of
+# coreos-platform-chrony-config.service.
+[Service]
+EnvironmentFile=-/run/sysconfig-coreos-chrony
diff --git a/overlay.d/20platform-chrony/usr/lib/systemd/system/coreos-platform-chrony-config.service b/overlay.d/20platform-chrony/usr/lib/systemd/system/coreos-platform-chrony-config.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Configure chrony based on the platform
+ConditionKernelCommandLine=|ignition.platform.id=azurestack
+ConditionKernelCommandLine=|ignition.platform.id=azure
+ConditionKernelCommandLine=|ignition.platform.id=aws
+ConditionKernelCommandLine=|ignition.platform.id=gcp
+Before=NetworkManager.service
+Before=chronyd.service
+
+[Service]
+Type=oneshot
+ExecStart=/usr/libexec/coreos-platform-chrony-config
+RemainAfterExit=yes
diff --git a/.../system-generators/coreos-platform-chrony → ...usr/libexec/coreos-platform-chrony-config b/.../system-generators/coreos-platform-chrony → ...usr/libexec/coreos-platform-chrony-config
@@ -3,37 +3,37 @@ set -euo pipefail
 # Configuring the timeserver for the platform is often handled
 # by pre-baking a config into a particular image for a platform, but
 # that doesn't work for us because we have a single update stream.  Hence
-# this generator dynamically inspects the platform and reconfigures chrony.
+# this service dynamically inspects the platform and reconfigures chrony.
 #
 # AWS: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/set-time.html
 # Azure: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/time-sync
 # GCP: https://cloud.google.com/compute/docs/instances/managing-instances#configure-ntp
 #
 # Originally spawned from discussion in https://github.com/openshift/installer/pull/3513
 
-. /usr/lib/coreos/generator-lib.sh
 
-self=$(basename $0)
-confpath=/run/coreos-platform-chrony.conf
-
-platform=$(karg ignition.platform.id)
-case "${platform}" in
-    azure|azurestack|aws|gcp) ;;  # OK, this is a platform we know how to support
-    *) exit 0 ;;
-esac
-
-# Exit early if we have already been run once
-if [[ -f "${confpath}" ]]; then
-    echo "$self: ${confpath} already exists; skipping"
-    exit 0
-fi
+self=$(basename "$0")
 
-# Exit early if chrony configuration as been changed from the image default
+# Exit early if chrony configuration has been changed from the image default
 if ! cmp {/usr,}/etc/chrony.conf >/dev/null; then
     echo "$self: /etc/chrony.conf is modified; not changing the default"
     exit 0
 fi
 
+confpath=/run/coreos-platform-chrony.conf
+altenvfilepath=/run/sysconfig-coreos-chrony
+cmdline=( $(</proc/cmdline) )
+cmdline_arg() {
+    local name="$1" value
+    for arg in "${cmdline[@]}"; do
+        if [[ "${arg%%=*}" == "${name}" ]]; then
+            value="${arg#*=}"
+        fi
+    done
+    echo "${value}"
+}
+platform=$(cmdline_arg ignition.platform.id)
+
 # If not set already (by host customization or this script), set
 # PEERNTP=no so that DHCP-provided NTP servers are not added to chrony.
 # By doing this we assume the better NTP server choice is the
@@ -82,14 +82,11 @@ esac
 # Policy doesn't allow chronyd to read run_t
 chcon --reference=/etc/chrony.conf "${confpath}"
 
-UNIT_DIR="${1:-/tmp}"
 
-unitconfpath="${UNIT_DIR}/chronyd.service.d/coreos-platform-chrony.conf"
-mkdir -p $(dirname "${unitconfpath}")
-cat >"${unitconfpath}" << EOF
-[Service]
-ExecStart=
-ExecStart=/usr/sbin/chronyd -f ${confpath} \$OPTIONS
-EOF
+# Read in the existing $OPTIONS variable setting from /etc/sysconfig/chrony
+# and write out a new $OPTIONS variable (with specified new configuration path)
+# to /run/sysconfig-coreos-chrony
+source ${altenvfilepath}
+echo "OPTIONS='${OPTIONS} -f ${confpath}'" > ${altenvfilepath}
 
 echo "$self: Updated chrony to use ${platform} configuration ${confpath}"
diff --git a/tests/kola/ntp/chrony/coreos-platform-chrony-generator-permissions b/tests/kola/ntp/chrony/coreos-platform-chrony-generator-permissions