Merge "Force immediate NTP time sync with chronyd at IPA startup"

2021-07-20 09:38:59 +00:00 · 2021-07-20 09:38:59 +00:00 · 9b42b08edd
commit 9b42b08edd
parent 21c24abe61 5531d5cee7
4 changed files with 19 additions and 46 deletions
--- a/ironic_python_agent/tests/unit/extensions/test_standby.py
+++ b/ironic_python_agent/tests/unit/extensions/test_standby.py
@ -1385,15 +1385,15 @@ class TestStandbyExtension(base.IronicAgentTest):
        self.agent_extension._sync_clock()
-        calls = [mock.call('chronyd', check_exit_code=[0, 1]),
+        calls = [mock.call('chronyc', 'shutdown', check_exit_code=[0, 1]),
-                 mock.call('chronyc', 'add', 'server', '192.168.1.1'),
+                 mock.call("chronyd -q 'server 192.168.1.1 iburst'",
-                 mock.call('chronyc', 'makestep'),
+                           shell=True),
                 mock.call('hwclock', '-v', '--systohc')]
        execute_mock.assert_has_calls(calls)
        execute_mock.reset_mock()
        execute_mock.side_effect = [
-            ('', ''), ('', ''), ('', ''),
+            ('', ''), ('', ''),
            processutils.ProcessExecutionError('boop')
        ]
--- a/ironic_python_agent/tests/unit/test_utils.py
+++ b/ironic_python_agent/tests/unit/test_utils.py
@ -856,27 +856,8 @@ class TestClockSyncUtils(ironic_agent_base.IronicAgentTest):
        mock_time_method.return_value = 'chronyd'
        utils.sync_clock()
        mock_execute.assert_has_calls([
-            mock.call('chronyd', check_exit_code=[0, 1]),
+            mock.call('chronyc', 'shutdown', check_exit_code=[0, 1]),
-            mock.call('chronyc', 'add', 'server', '192.168.1.1'),
+            mock.call("chronyd -q 'server 192.168.1.1 iburst'", shell=True),
            mock.call('chronyc', 'makestep'),
        ])
    @mock.patch.object(utils, 'determine_time_method', autospec=True)
    def test_sync_clock_chrony_already_present(self, mock_time_method,
                                               mock_execute):
        self.config(ntp_server='192.168.1.1')
        mock_time_method.return_value = 'chronyd'
        mock_execute.side_effect = [
            ('', ''),
            processutils.ProcessExecutionError(
                stderr='Source already present'),
            ('', ''),
        ]
        utils.sync_clock()
        mock_execute.assert_has_calls([
            mock.call('chronyd', check_exit_code=[0, 1]),
            mock.call('chronyc', 'add', 'server', '192.168.1.1'),
            mock.call('chronyc', 'makestep'),
        ])
    @mock.patch.object(utils, 'determine_time_method', autospec=True)
@ -889,12 +870,8 @@ class TestClockSyncUtils(ironic_agent_base.IronicAgentTest):
            processutils.ProcessExecutionError(stderr='time verboten'),
        ]
        self.assertRaisesRegex(errors.CommandExecutionError,
-                               'Error occured adding ntp',
+                               'Failed to sync time using chrony to ntp '
-                               utils.sync_clock)
+                               'server:', utils.sync_clock)
        mock_execute.assert_has_calls([
            mock.call('chronyd', check_exit_code=[0, 1]),
            mock.call('chronyc', 'add', 'server', '192.168.1.1'),
        ])
    @mock.patch.object(utils, 'determine_time_method', autospec=True)
    def test_sync_clock_none(self, mock_time_method, mock_execute):
--- a/ironic_python_agent/utils.py
+++ b/ironic_python_agent/utils.py
@ -835,21 +835,11 @@ def sync_clock(ignore_errors=False):
                raise errors.CommandExecutionError(msg)
    elif method == 'chronyd':
        try:
-            # 0 should be if chronyd started
+            # stop chronyd, ignore if it ran before or not
-            # 1 if already running
+            execute('chronyc', 'shutdown', check_exit_code=[0, 1])
-            execute('chronyd', check_exit_code=[0, 1])
+            # force a time sync now
-            # NOTE(TheJulia): Once started, chronyd forks and stays in the
+            query = "server " + CONF.ntp_server + " iburst"
-            # background as a server service, it will continue to keep the
+            execute("chronyd -q \'%s\'" % query, shell=True)
            # clock in sync.
            try:
                execute('chronyc', 'add', 'server', CONF.ntp_server)
            except processutils.ProcessExecutionError as e:
                if 'Source already present' not in str(e):
                    msg = 'Error occured adding ntp server: %s' % e
                    LOG.error(msg)
                    raise errors.CommandExecutionError(msg)
            # Force the clock to sync now.
            execute('chronyc', 'makestep')
            LOG.debug('Set software clock using chrony')
        except (processutils.ProcessExecutionError,
                errors.CommandExecutionError) as e:
--- a/releasenotes/notes/fix_chronyd_time_sync-626a14b66ca37677.yaml
+++ b/releasenotes/notes/fix_chronyd_time_sync-626a14b66ca37677.yaml
@ -0,0 +1,6 @@
 ---
 fixes:
  - |
    Fixes an issue where the NTP time sync at the IPA startup via chronyd is
    not immediate (which can break time sensitive components such as the
    generation of a TLS certificate).