Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NTP/PTP by default on Azure/AWS/GCP #1792

Merged
merged 15 commits into from Mar 28, 2024
Merged

NTP/PTP by default on Azure/AWS/GCP #1792

merged 15 commits into from Mar 28, 2024

Conversation

jepio
Copy link
Member

@jepio jepio commented Mar 25, 2024
edited

NTP/PTP by default on Azure/AWS

This PR tackles enabling time sync to cloud provided time sync services on Azure, AWS, and GCP. On Azure this requires adding chrony to oem sysext. On AWS/GCP we enable ntpd by default and add the aws/gcp time sync service to the default server list.

Depends on:

See flatcar/Flatcar#1340.

How to use

Checked
chronyc sources on Azure and ntpq -pn on AWS/GCP.

Testing done

Checked time sync on AWS and Azure.

  • Changelog entries added in the respective changelog/ directory (user-facing change, bug fix, security fix, update)
  • Inspected CI output for image differences: /boot and /usr size, packages, list files for any missing binaries, kernel modules, config files, kernel modules, etc.

@jepio
sys-kernel/coreos-modules: Sort config symbols
c1261a6 
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
@jepio
Import net-misc/chrony ebuild from Gentoo
ca9dc79 
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
@jepio
sys-kernel/coreos-modules: Switch PTP support to modules
2a33bad 
PTP_1588_CLOCK defaults to =y, make it =m explicitly. Switch
PTP_1588_CLOCK_KVM to module as well, so tath it doesn't load on non-KVM
platforms. Enable PTP_1588_CLOCK_VMW so that PTP timesync to the host is
available there as well.

We don't need PTP support to be compiled into the kernel, it is not
essential for system boot.

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
@jepio
profiles: Disable readline support for chrony by default
2814c32 
We don't care too much for readline support and this avoids pulling
libedit into a sysext that wants to ship chrony.

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
@jepio
coreos-devel/board-packages: Add chrony to RDEPENDS
c5efeec 
Add chrony to RDEPENDS so that it is built for the board sysroot and can
be included into a sysext.

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
@jepio
sys-apps/systemd: Add hook to ensure timesyncd starts after sysexts
3c0283f 
Sysexts can includes services that have a Conflicts=systemd-timesyncd
entry. To ensure that this takes effect, start timesyncd after the
ensure-sysext.service.

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
@jepio
coreos-base/oem-azure: Add chrony to sysext
9d065d1 
Along with configuration, tmpfiles setup and service dependencies. The
files are added through normal ebuild mechanisms. The config file is
based on what Ubuntu ships on Azure.

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
@jepio
coreos-base/oem-azure: Add dropin to add chrony dependency on /dev/pt…
f1188f4 
…p_hyperv

Inspired by microsoft/azurelinux#6234, requires
a udev rule to be shipped with the OS, since udev rules in sysexts don't
quite work.

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
@jepio jepio requested a review from a team March 25, 2024 17:09
@jepio
Copy link
Member Author

jepio commented Mar 25, 2024

Jenkins CI: http://jenkins.infra.kinvolk.io:8080/job/container/job/packages_all_arches/3704/cldsv/

TODO: changelog
TODO: add chrony to auto-update package list

@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 25, 2024
edited

Test report for 3916.0.0+nightly-20240321-2100 / amd64 arm64

Platforms tested : qemu_uefi-amd64 qemu_update-amd64 qemu_uefi-arm64

ok bpf.execsnoop 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok bpf.local-gadget 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.basic 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.cgroupv1 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.cloudinit.basic 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.cloudinit.multipart-mime 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.cloudinit.script 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.disk.raid0.data 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.disk.raid0.root 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.disk.raid1.data 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.disk.raid1.root 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.etcd-member.discovery 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.etcd-member.etcdctlv3 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.etcd-member.v2-backup-restore 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.filesystem 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.flannel.udp 🟢 Succeeded: qemu_uefi-amd64 (1)

ok cl.flannel.vxlan 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.instantiated.enable-unit 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.kargs 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.luks 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.oem.indirect 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.oem.indirect.new 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.oem.regular 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.oem.regular.new 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.oem.reuse 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.oem.wipe 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.partition_on_boot_disk 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.symlink 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.translation 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.v1.btrfsroot 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.v1.ext4root 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.v1.groups 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.v1.once 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.v1.sethostname 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.v1.users 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.v1.xfsroot 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.v2.btrfsroot 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.v2.ext4root 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.v2.users 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.v2.xfsroot 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.v2_1.ext4checkexisting 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.v2_1.swap 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.ignition.v2_1.vfat 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.install.cloudinit 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.internet 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.locksmith.cluster 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.misc.falco 🟢 Succeeded: qemu_uefi-amd64 (1)

ok cl.network.initramfs.second-boot 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.network.listeners 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.network.wireguard 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.omaha.ping 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.osreset.ignition-rerun 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.overlay.cleanup 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (2) ❌ Failed: qemu_uefi-arm64 (1)

                Diagnostic output for qemu_uefi-arm64, run 1 
    L1: "  "
    L2: " Error: _harness.go:588: Found systemd unit failed to start (?[0;1;39mldconfig.service?[0m - Rebuild Dynamic Linker Cache.  ) on machine 0f78cdfe-7ce7-462a-a3e7-da2735e9bdd9 console_"
    L3: " "

ok cl.swap_activation 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.sysext.boot 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.sysext.fallbackdownload # SKIP 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.tang.nonroot 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

not ok cl.tang.root 🟢 Succeeded: qemu_uefi-amd64 (1) ❌ Failed: qemu_uefi-arm64 (1, 2, 3, 4, 5)

                Diagnostic output for qemu_uefi-arm64, run 5 
    L1: " Error: _tang.go:150: Started tang on 10.0.0.1:45625"
    L2: "harness.go:588: Found systemd unit failed to start (?[0;1;39msystemd-cryptsetup????[0myptography Setup for rootencrypted.  ) on machine 40608823-0554-4922-8d4b-282412f3130d console"
    L3: "harness.go:588: Found systemd dependency unit failed to start (?[0;1;39mcryptsetup.target?[0m - Local Encrypted Volumes.  ) on machine 40608823-0554-4922-8d4b-282412f3130d console_"
    L4: " "
                Diagnostic output for qemu_uefi-arm64, run 4 
    L1: " Error: _tang.go:150: Started tang on 10.0.0.1:39345"
    L2: "harness.go:588: Found systemd unit failed to start (?[0;1;39msystemd-cryptsetup????[0myptography Setup for rootencrypted.  ) on machine fefa9c55-06af-48d0-9804-e4fed1b6fef9 console"
    L3: "harness.go:588: Found systemd dependency unit failed to start (?[0;1;39mcryptsetup.target?[0m - Local Encrypted Volumes.  ) on machine fefa9c55-06af-48d0-9804-e4fed1b6fef9 console_"
    L4: " "
                Diagnostic output for qemu_uefi-arm64, run 3 
    L1: " Error: _tang.go:150: Started tang on 10.0.0.1:46545"
    L2: "harness.go:588: Found systemd unit failed to start (?[0;1;39msystemd-cryptsetup????[0myptography Setup for rootencrypted.  ) on machine 15aaa39d-21a1-47f4-ae73-f540d0ad284e console"
    L3: "harness.go:588: Found systemd dependency unit failed to start (?[0;1;39mcryptsetup.target?[0m - Local Encrypted Volumes.  ) on machine 15aaa39d-21a1-47f4-ae73-f540d0ad284e console_"
    L4: " "
                Diagnostic output for qemu_uefi-arm64, run 2 
    L1: " Error: _tang.go:150: Started tang on 10.0.0.1:34577"
    L2: "harness.go:588: Found systemd unit failed to start (?[0;1;39msystemd-cryptsetup????[0myptography Setup for rootencrypted.  ) on machine c036d8f6-57ad-41f6-817d-a032d1fc8e67 console"
    L3: "harness.go:588: Found systemd dependency unit failed to start (?[0;1;39mcryptsetup.target?[0m - Local Encrypted Volumes.  ) on machine c036d8f6-57ad-41f6-817d-a032d1fc8e67 console_"
    L4: " "
                Diagnostic output for qemu_uefi-arm64, run 1 
    L1: "  "
    L2: " Error: _tang.go:150: Started tang on 10.0.0.1:42423"
    L3: "harness.go:588: Found systemd unit failed to start (?[0;1;39msystemd-cryptsetup????[0myptography Setup for rootencrypted.  ) on machine 975163c6-fe47-4ce8-9b87-cc85973c3290 console"
    L4: "harness.go:588: Found systemd dependency unit failed to start (?[0;1;39mcryptsetup.target?[0m - Local Encrypted Volumes.  ) on machine 975163c6-fe47-4ce8-9b87-cc85973c3290 console_"
    L5: " "

ok cl.toolbox.dnf-install 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.tpm.nonroot 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

not ok cl.tpm.root 🟢 Succeeded: qemu_uefi-amd64 (1) ❌ Failed: qemu_uefi-arm64 (1, 2, 3, 4, 5)

                Diagnostic output for qemu_uefi-arm64, run 5 
    L1: " Error: _harness.go:588: Found systemd unit failed to start (systemd-cryptsetup@rootencrypted.service - Cryptography Setup for rootencrypted.?[0m ) on machine e9dffb1b-4bce-4484-b68e-5296f00069f6 conso?le"
    L2: "harness.go:588: Found systemd dependency unit failed to start (cryptsetup.target - Local Encrypted Volumes.?[0m ) on machine e9dffb1b-4bce-4484-b68e-5296f00069f6 console_"
    L3: " "
                Diagnostic output for qemu_uefi-arm64, run 4 
    L1: " Error: _harness.go:588: Found systemd unit failed to start (?[0;1;39msystemd-cryptsetup????[0myptography Setup for rootencrypted.  ) on machine 72363380-067e-4c56-94a1-c41249efdb74 console"
    L2: "harness.go:588: Found systemd dependency unit failed to start (?[0;1;39mcryptsetup.target?[0m - Local Encrypted Volumes.  ) on machine 72363380-067e-4c56-94a1-c41249efdb74 console_"
    L3: " "
                Diagnostic output for qemu_uefi-arm64, run 3 
    L1: " Error: _harness.go:588: Found systemd unit failed to start (?[0;1;39msystemd-cryptsetup????[0myptography Setup for rootencrypted.  ) on machine 2a74a802-d47e-4dd2-a3ad-798cdb65f3c4 console"
    L2: "harness.go:588: Found systemd dependency unit failed to start (?[0;1;39mcryptsetup.target?[0m - Local Encrypted Volumes.  ) on machine 2a74a802-d47e-4dd2-a3ad-798cdb65f3c4 console_"
    L3: " "
                Diagnostic output for qemu_uefi-arm64, run 2 
    L1: " Error: _harness.go:588: Found systemd unit failed to start (?[0;1;39msystemd-cryptsetup????[0myptography Setup for rootencrypted.  ) on machine 9a6af37c-8c98-4892-964a-d4841dc405ec console"
    L2: "harness.go:588: Found systemd dependency unit failed to start (?[0;1;39mcryptsetup.target?[0m - Local Encrypted Volumes.  ) on machine 9a6af37c-8c98-4892-964a-d4841dc405ec console_"
    L3: " "
                Diagnostic output for qemu_uefi-arm64, run 1 
    L1: "  "
    L2: " Error: _harness.go:588: Found systemd unit failed to start (?[0;1;39msystemd-cryptsetup????[0myptography Setup for rootencrypted.  ) on machine 6d12b191-204b-407a-b9e4-6d7aea8e49cf console"
    L3: "harness.go:588: Found systemd dependency unit failed to start (?[0;1;39mcryptsetup.target?[0m - Local Encrypted Volumes.  ) on machine 6d12b191-204b-407a-b9e4-6d7aea8e49cf console_"
    L4: " "

ok cl.update.badverity 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.update.grubnop 🟢 Succeeded: qemu_uefi-amd64 (1)

ok cl.update.payload 🟢 Succeeded: qemu_update-amd64 (1)

ok cl.update.reboot 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.users.shells 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok cl.verity 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok coreos.auth.verify 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok coreos.ignition.groups 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok coreos.ignition.once 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok coreos.ignition.resource.local 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok coreos.ignition.resource.remote 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok coreos.ignition.resource.s3.versioned 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok coreos.ignition.security.tls 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok coreos.ignition.sethostname 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok coreos.ignition.systemd.enable-service 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok coreos.locksmith.reboot 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok coreos.locksmith.tls 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok coreos.selinux.boolean 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok coreos.selinux.enforce 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok coreos.tls.fetch-urls 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok coreos.update.badusr 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok devcontainer.docker 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok devcontainer.systemd-nspawn 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok docker.base 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok docker.btrfs-storage 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok docker.containerd-restart 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok docker.devicemapper-storage 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok docker.enable-service.sysext 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok docker.lib-coreos-dockerd-compat 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok docker.network 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok docker.selinux 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok docker.userns 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok extra-test.[first_dual].cl.update.docker-btrfs-compat 🟢 Succeeded: qemu_update-amd64 (1)

ok extra-test.[first_dual].cl.update.payload 🟢 Succeeded: qemu_update-amd64 (1)

ok kubeadm.v1.27.2.calico.base 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok kubeadm.v1.27.2.calico.cgroupv1.base 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok kubeadm.v1.27.2.cilium.base 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok kubeadm.v1.27.2.cilium.cgroupv1.base 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok kubeadm.v1.27.2.flannel.base 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok kubeadm.v1.27.2.flannel.cgroupv1.base 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok kubeadm.v1.28.1.calico.base 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok kubeadm.v1.28.1.cilium.base 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok kubeadm.v1.28.1.flannel.base 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok kubeadm.v1.29.2.calico.base 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok kubeadm.v1.29.2.cilium.base 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok kubeadm.v1.29.2.flannel.base 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok linux.nfs.v3 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok linux.nfs.v4 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok linux.ntp 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok misc.fips 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok packages 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok sysext.custom-docker.sysext 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok sysext.custom-oem 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok sysext.disable-containerd 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok sysext.disable-docker 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok sysext.simple 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok systemd.journal.remote 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok systemd.journal.user 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

ok systemd.sysusers.gshadow 🟢 Succeeded: qemu_uefi-amd64 (1); qemu_uefi-arm64 (1)

pothos
pothos approved these changes Mar 26, 2024
View reviewed changes
Copy link
Member

@pothos pothos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you, looks very clean :) I just wonder if we can plan for a IPv6-ready default behavior without having the user to enable the entry.

@jepio
coreos-base/oem-azure: Bump ebuild revision
81ca149 
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
@jepio
coreos-base/coreos-init: Bump commit for /dev/ptp_hyperv systemd unit…
d99606f 
… rule

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
@jepio
coreos-base/misc-files: Add AWS/GPC time sync service to default ntp.…
e35e22e 
…conf

The goal is to enable ntpd by default on AWS/GCP with using the cloud provided
ntp endpoint.  Enabling ntpd.service is the easy part. Enabling the correct ntp
server is trickier. I would love to ship an OEM specific ntp.conf, but this
might interfere with user modifications to either ntpd.service or ntp.conf.

The safest way to implement this is to add the AWS/GCP time sync address
(which are link-local address) to the default ntp.conf. This will work
on AWS/GCP where ntpd will be enabled by default, and if a user on another
platform enables ntpd they will simply have a non-responsive source in
their server list - which is not a problem for ntpd.

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
@jepio
coreos-base/oem-ami: Enable ntpd by default
cfc6d00 
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
@jepio
coreos-base/oem-gce: Enable ntpd by default
feb6a36 
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
@jepio jepio changed the title NTP/PTP by default on Azure/AWS NTP/PTP by default on Azure/AWS/GCP Mar 26, 2024
@jepio
.github: Add chrony to package sync list
db12d27 
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
@jepio
changelog: Add entry for PTP/NTP changes
d93f080 
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
@jepio jepio merged commit dd9e030 into main Mar 28, 2024
1 check failed
@jepio jepio deleted the jepio/clock branch March 28, 2024 11:14
@jepio jepio mentioned this pull request Mar 28, 2024
Open
@github-actions github-actions bot mentioned this pull request Apr 22, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@krnowak krnowak krnowak left review comments

@pothos pothos pothos approved these changes

Assignees
No one assigned
Labels
main
Projects
Flatcar tactical, release planning, and roadmap
Status: Implemented
Milestone
No milestone
4 participants
@jepio @krnowak @pothos @dongsupark