Merge "Add chrony config"

manifests/function/ephemeral/replacements/networking.yaml

@@ -49,3 +49,44 @@ replacements:
       name: ephemeral-bmc-secret
       kind: Secret
     fieldrefs: ["stringData.userData%REPLACEMENT_POD_CIDR%"]
+# Replace the k8s controlplane NTP servers
+- source:
+    objref:
+      kind: NetworkCatalogue
+      name: networking
+    fieldref: spec.ntp.servers[0]
+  target:
+    objref:
+      name: ephemeral-bmc-secret
+      kind: Secret
+    fieldrefs: ["stringData.userData%REPLACEMENT_NTP_SERVER1%"]
+- source:
+    objref:
+      kind: NetworkCatalogue
+      name: networking
+    fieldref: spec.ntp.servers[1]
+  target:
+    objref:
+      name: ephemeral-bmc-secret
+      kind: Secret
+    fieldrefs: ["stringData.userData%REPLACEMENT_NTP_SERVER2%"]
+- source:
+    objref:
+      kind: NetworkCatalogue
+      name: networking
+    fieldref: spec.ntp.servers[2]
+  target:
+    objref:
+      name: ephemeral-bmc-secret
+      kind: Secret
+    fieldrefs: ["stringData.userData%REPLACEMENT_NTP_SERVER3%"]
+- source:
+    objref:
+      kind: NetworkCatalogue
+      name: networking
+    fieldref: spec.ntp.servers[3]
+  target:
+    objref:
+      name: ephemeral-bmc-secret
+      kind: Secret
+    fieldrefs: ["stringData.userData%REPLACEMENT_NTP_SERVER4%"]

manifests/function/ephemeral/secret.yaml

@@ -34,6 +34,43 @@ stringData:
     - kubeadm init --config /tmp/kubeadm.yaml
     - mkdir -p /opt/metal3-dev-env/ironic/html/images
     write_files:
+    - path: "/etc/chrony/chrony.conf"
+      permissions: '0644'
+      owner: root:root
+      content: |
+        # This directive specify the location of the file containing ID/key pairs for
+        # NTP authentication.
+        keyfile /etc/chrony/chrony.keys
+
+        # This directive specify the file into which chronyd will store the rate
+        # information.
+        driftfile /var/lib/chrony/chrony.drift
+
+        # Uncomment the following line to turn logging on.
+        #log tracking measurements statistics
+
+        # Log files location.
+        logdir /var/log/chrony
+
+        # Stop bad estimates upsetting machine clock.
+        maxupdateskew 100.0
+
+        # This directive enables kernel synchronisation (every 11 minutes) of the
+        # real-time clock. Note that it can’t be used along with the 'rtcfile' directive.
+        rtcsync
+
+        # Step the system clock instead of slewing it if the adjustment is larger than
+        # one second, but only in the first three clock updates.
+        makestep 1 3
+
+        server REPLACEMENT_NTP_SERVER1 iburst
+        server REPLACEMENT_NTP_SERVER2 iburst
+        server REPLACEMENT_NTP_SERVER3 iburst
+        server REPLACEMENT_NTP_SERVER4 iburst
+
+        #Enable Chrony to operate as an NTP server for local applications e.g. Prometheus.
+        allow 127.0.0.0/8
+
     - path: /etc/systemd/system/docker.service.d/http-proxy.conf
       permissions: '0644'
       owner: root:root

manifests/function/k8scontrol/controlplane.yaml

@@ -24,6 +24,40 @@ spec:
       # any adjustments and settings for docker anymore. However, if for
       # some reason docker has to be presented in the system, we need to
       # create http-proxy.conf.
+      - path: "/etc/chrony/chrony.conf"
+        content: |
+          # This directive specify the location of the file containing ID/key pairs for
+          # NTP authentication.
+          keyfile /etc/chrony/chrony.keys
+
+          # This directive specify the file into which chronyd will store the rate
+          # information.
+          driftfile /var/lib/chrony/chrony.drift
+
+          # Uncomment the following line to turn logging on.
+          #log tracking measurements statistics
+
+          # Log files location.
+          logdir /var/log/chrony
+
+          # Stop bad estimates upsetting machine clock.
+          maxupdateskew 100.0
+
+          # This directive enables kernel synchronisation (every 11 minutes) of the
+          # real-time clock. Note that it can’t be used along with the 'rtcfile' directive.
+          rtcsync
+
+          # Step the system clock instead of slewing it if the adjustment is larger than
+          # one second, but only in the first three clock updates.
+          makestep 1 3
+
+          server REPLACEMENT_NTP_SERVER1 iburst
+          server REPLACEMENT_NTP_SERVER2 iburst
+          server REPLACEMENT_NTP_SERVER3 iburst
+          server REPLACEMENT_NTP_SERVER4 iburst
+
+          #Enable Chrony to operate as an NTP server for local applications e.g. Prometheus.
+          allow 127.0.0.0/8
     # TODO: add download sources to the versions catalogue
     preKubeadmCommands:
       # Restart docker to apply any proxy settings
@@ -32,6 +66,8 @@ spec:
       - containerd config default | sed -r -e '/\[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc\]$/a\          SystemdCgroup = true' | tee /etc/containerd/config.toml
       - systemctl daemon-reload
       - systemctl restart containerd
+      - systemctl restart chrony.service
+      - systemctl is-active --quiet chrony.service && echo "Chrony service was restarted!"
     initConfiguration:
       nodeRegistration:
         name: '{{ ds.meta_data.local_hostname }}'
@@ -49,12 +85,7 @@ spec:
           cgroup-driver: "systemd"
           container-runtime: remote
         criSocket: "unix:///run/containerd/containerd.sock"
-    ntp:
-       servers:
-          - 0.pool.ntp.org
-          - 1.pool.ntp.org
-          - 2.pool.ntp.org
-          - 3.pool.ntp.org
+
     users:
     - name: deployer
       sshAuthorizedKeys:

manifests/function/k8scontrol/replacements/networking.yaml

@@ -54,3 +54,39 @@ replacements:
     objref:
       kind: KubeadmControlPlane
     fieldrefs: ["spec.kubeadmConfigSpec.ntp"]
+- source:
+    objref:
+      kind: NetworkCatalogue
+      name: networking
+    fieldref: spec.ntp.servers[0]
+  target:
+    objref:
+      kind: KubeadmControlPlane
+    fieldrefs: ["spec.kubeadmConfigSpec.files[*].content%REPLACEMENT_NTP_SERVER1%"]
+- source:
+    objref:
+      kind: NetworkCatalogue
+      name: networking
+    fieldref: spec.ntp.servers[1]
+  target:
+    objref:
+      kind: KubeadmControlPlane
+    fieldrefs: ["spec.kubeadmConfigSpec.files[*].content%REPLACEMENT_NTP_SERVER2%"]
+- source:
+    objref:
+      kind: NetworkCatalogue
+      name: networking
+    fieldref: spec.ntp.servers[2]
+  target:
+    objref:
+      kind: KubeadmControlPlane
+    fieldrefs: ["spec.kubeadmConfigSpec.files[*].content%REPLACEMENT_NTP_SERVER3%"]
+- source:
+    objref:
+      kind: NetworkCatalogue
+      name: networking
+    fieldref: spec.ntp.servers[3]
+  target:
+    objref:
+      kind: KubeadmControlPlane
+    fieldrefs: ["spec.kubeadmConfigSpec.files[*].content%REPLACEMENT_NTP_SERVER4%"]

manifests/function/workers-capm3/kubeadmconfigtemplate.yaml

@@ -26,6 +26,40 @@ spec:
       # any adjustments and settings for docker anymore. However, if for
       # some reason docker has to be presented in the system, we need to
       # create http-proxy.conf.
+        - path: "/etc/chrony/chrony.conf"
+          content: |
+            # This directive specify the location of the file containing ID/key pairs for
+            # NTP authentication.
+            keyfile /etc/chrony/chrony.keys
+
+            # This directive specify the file into which chronyd will store the rate
+            # information.
+            driftfile /var/lib/chrony/chrony.drift
+
+            # Uncomment the following line to turn logging on.
+            #log tracking measurements statistics
+
+            # Log files location.
+            logdir /var/log/chrony
+
+            # Stop bad estimates upsetting machine clock.
+            maxupdateskew 100.0
+
+            # This directive enables kernel synchronisation (every 11 minutes) of the
+            # real-time clock. Note that it can’t be used along with the 'rtcfile' directive.
+            rtcsync
+
+            # Step the system clock instead of slewing it if the adjustment is larger than
+            # one second, but only in the first three clock updates.
+            makestep 1 3
+
+            server REPLACEMENT_NTP_SERVER1 iburst
+            server REPLACEMENT_NTP_SERVER2 iburst
+            server REPLACEMENT_NTP_SERVER3 iburst
+            server REPLACEMENT_NTP_SERVER4 iburst
+
+            #Enable Chrony to operate as an NTP server for local applications e.g. Prometheus.
+            allow 127.0.0.0/8
       preKubeadmCommands:
         # Restart docker and containerd to apply any proxy settings
         - export HOME=/root
@@ -33,6 +67,8 @@ spec:
         - containerd config default | sed -r -e '/\[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc\]$/a\          SystemdCgroup = true' | tee /etc/containerd/config.toml
         - systemctl daemon-reload
         - systemctl restart containerd
+        - systemctl restart chrony.service
+        - systemctl is-active --quiet chrony.service && echo "Chrony service was restarted!"
       users:
         - name: deployer
           sshAuthorizedKeys:

manifests/function/workers-capm3/replacements/networking.yaml

@@ -17,3 +17,43 @@ replacements:
       kind: KubeadmConfigTemplate
       name: worker-1
     fieldrefs: ["spec.template.spec.ntp"]
+- source:
+    objref:
+      kind: NetworkCatalogue
+      name: networking
+    fieldref: spec.ntp.servers[0]
+  target:
+    objref:
+      kind: KubeadmConfigTemplate
+      name: worker-1
+    fieldrefs: ["spec.template.spec.files[*].content%REPLACEMENT_NTP_SERVER1%"]
+- source:
+    objref:
+      kind: NetworkCatalogue
+      name: networking
+    fieldref: spec.ntp.servers[1]
+  target:
+    objref:
+      kind: KubeadmConfigTemplate
+      name: worker-1
+    fieldrefs: ["spec.template.spec.files[*].content%REPLACEMENT_NTP_SERVER2%"]
+- source:
+    objref:
+      kind: NetworkCatalogue
+      name: networking
+    fieldref: spec.ntp.servers[2]
+  target:
+    objref:
+      kind: KubeadmConfigTemplate
+      name: worker-1
+    fieldrefs: ["spec.template.spec.files[*].content%REPLACEMENT_NTP_SERVER3%"]
+- source:
+    objref:
+      kind: NetworkCatalogue
+      name: networking
+    fieldref: spec.ntp.servers[3]
+  target:
+    objref:
+      kind: KubeadmConfigTemplate
+      name: worker-1
+    fieldrefs: ["spec.template.spec.files[*].content%REPLACEMENT_NTP_SERVER4%"]