Add cloud ntp addresses #8312
Add cloud ntp addresses #8312
Conversation
k8s-ci-robot
added
cncf-cla: yes
|
Hi @simonmacklin. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
the
size/M
|
/ok-to-test |
k8s-ci-robot
added
ok-to-test
k8s-ci-robot
added
size/L
|
Thanks for your pull request. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 Please follow instructions at https://git.k8s.io/community/CLA.md#the-contributor-license-agreement to sign the CLA. It may take a couple minutes for the CLA signature to be fully registered; after that, please reply here with a new comment and we'll verify. Thanks.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
k8s-ci-robot
added
cncf-cla: no
|
I have made some changes requested by @johngmyers. I have tested it with the default image and all seems to be working fine. I just would like to run some more tests and double check the code before this is considered to be merged. The regex strings are not perfect either so I need to work on those. I am really short on time at the moment so I will probably not get a chance to sit and concentrate on this until Tuesday. Thanks Simon |
|
/hold |
k8s-ci-robot
added
the
do-not-merge/hold
|
@simonmacklin you may need to squash your commits and rebase in order to fix the CLA issue. It looks like this is the offending commit. |
added replace method added cloud ips updated the func params removed whitespace at gce address removed sample ntp.conf removed whitespace from gce ntp address created const var ntp type added a period at the end of the func comment and used the const vars on the case statement. Will finish sometime this weekend unexported func and const type trying to fix git email config issue changed func param
k8s-ci-robot
added
cncf-cla: yes
|
Thanks @rifelpet I think I have fixed it. I formatted my mac and forgot to set my email in the git config. Sorry about that Simon |
|
This doesn't have support for an "in house" cloud provider, so that case isn't relevant. |
|
I stand corrected. I thought KOPS supported self hosted OpenStack and VSphere. So I assume they are only the cloud offerings. Thanks |
|
Kops does support those to some extent, but this added code only acts when the provider is AWS or GCE. |
|
I am not sure you support NTP for CoreOs, as it defaults to timesyncd NTP service The way we support it is by Kops hooks: ‘’’ Type=oneshot Hope it can be supported as part of this PR |
|
I've been of the opinion that it would be better to use timesyncd instead of chrony or ntpd on all of the supported platforms in fact. |
|
timesyncd would indeed seem to be better. Still, this PR reasonably accomplishes what it is intending to do. A competing or revised PR would also be welcome. |
|
I agree but this PR was only intended to add the missing cloud NTPs. I will be more then happy to create another PR to switch over to timesyncd another time. |
| case "aws": | ||
| ntpIP = "169.254.169.123" | ||
| case "gce": | ||
| ntpIP = "time.google.com" |
There was a problem hiding this comment.
Nit: I think this should probably be metadata.google.internal or metadata.google, based on https://cloud.google.com/compute/docs/instances/managing-instances#configure_ntp_for_your_instances
There was a problem hiding this comment.
I think you are right. I got the information from this doc https://developers.google.com/time/faq but it looks like time.google.com is public for all people to use even outside of GCP.
I can't resolve metadata.google.internal from my laptop but I assume it will when running on GCP.
Shall I update?
| // updateNtpIP takes a ip and a ntpDaemon and will comment out | ||
| // the default server or pool values and append the correct cloud | ||
| // ip to the ntp config file. | ||
| func updateNtpIP(ip string, daemon ntpDaemon) ([]byte, error) { |
There was a problem hiding this comment.
We may do better to write the full ntp configuration file, but this is the less intrusive change so let's run with it!
|
Thanks @simonmacklin /approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: justinsb, simonmacklin The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
|
/retest |
|
It looks like this is causing issues on the kuberouter e2e job which uses Ubuntu 18.04.
|
|
Some research shows that Ubuntu 18.04 uses chronyd rather than ntpd so we'll probably need to update the logic to be more specific than just debian family vs rhel family. |
|
Looks like Ubuntu uses timesyncd instead. |
|
When I wrote the code back in Jan the e2e tests all passed. Has Ubuntu 18.04 recently been added to the e2e tests? |
|
@simonmacklin the e2e tests in PR are run only on Debian 9. There are more extensive e2e tests that run periodically on master: |
|
Right that makes sense. Do you think this could just be a race condition or maybe the wrong config path for ubuntu? I understand like @johngmyers said the default is timesyncd. But nodeup installs ntpd anyway https://github.com/kubernetes/kops/blob/master/nodeup/pkg/model/ntp.go#L71 So I am wondering if nodeup is trying to write the config before it installs the package. I will have a closer look when I get home tonight Simon |
|
@simonmacklin I think the problem is the Lines 110 to 119 in 2b04d7d This runs before all the tasks are created and run. The config file will not exist at all at that time if the package is not installed. IMHO, the correct solution would be to write the full config files as we do everywhere else in nodeup and as @justinsb suggested: #8312 (comment). |
|
Wouldn't line Line 107 in 2b04d7d |
|
|
Right OK thanks @hakman |
Fix NTP failures after #8312
Hi
This is a in working progress PR which will add the cloud specific NTP server into the NTP config. This will prevent clock drift which could end up in resulting in downtime. AWS as an example will prevent you speaking with there APIs once your clock is out by five minutes.
It would be great to get some feedback on whether you feel this is the best approach I am taking and also if you would prefer more parameters in the function I created rather pre determining the values inside the function with switch statements.
I used switch statements to prevent having to have the same logic again and again when determining the ntp install type.
I would like in another PR to maybe offer custom NTPs that a user could pass into the cluster spec. This might be handy when you have custom NTP servers when hosting Kubernetes on prem.
@mikesplain hope you don't mind me tagging you into this and we already sort of discussed this on slack :)
Simon