Browse Source

Try a timesync as part of first boot

We're running into issues where if someone creates a firstboot script
that touches a file that will eventually be mounted into a container, it
can fail if the time of the file ends up being in the future due to a
later timesync. Let's try a basic timesync bootstrap as part of
cloud-init to address the case of configuration changes occuring prior
to the host_prep_tasks where we traditionally configure chrony/ntp

NOTE: For queens, the overcloud.j2.yaml change lives in
puppet/role.role.j2.yaml. Also we use ntp instead of chrony.

Conflicts:
	overcloud.j2.yaml

Change-Id: I294eba826b98c5793336815282f766e3d2e60a51
Related-Bug: #1776869
(cherry picked from commit eafe390853)
changes/67/660767/3
Alex Schultz 2 years ago
parent
commit
35fc35bc1f
3 changed files with 109 additions and 0 deletions
  1. +97
    -0
      firstboot/userdata_timesync.yaml
  2. +4
    -0
      overcloud-resource-registry-puppet.j2.yaml
  3. +8
    -0
      puppet/role.role.j2.yaml

+ 97
- 0
firstboot/userdata_timesync.yaml View File

@ -0,0 +1,97 @@
heat_template_version: queens
parameters:
NtpServer:
default: ['pool.ntp.org']
description: NTP servers list. Defaulted to pool.ntp.org in order to
have a sane default for Pacemaker deployments when
not configuring this parameter by default.
type: comma_delimited_list
NtpPool:
default: []
description: NTP pool list. Defaults to [], so only NtpServer is used by
default.
type: comma_delimited_list
NtpService:
default: ntp
description: NTP Service to use for the timesync bootstrap.
type: string
description: >
Uses cloud-init to bootstrap timesync configuration to ensure it is done
as soon as possible. We do additional and more complex configurations as
part of the deployment itself.
conditions:
use_chrony: {equals: [{get_param: NtpService}, 'chrony']}
resources:
userdata:
type: OS::Heat::MultipartMime
properties:
parts:
- config: {get_resource: timesync_chrony}
- config: {get_resource: timesync_sync}
# chrony sync needs chrony to be configured, if not chrony just exit
timesync_chrony:
type: OS::Heat::SoftwareConfig
properties:
config:
str_replace:
template: |
#!/bin/bash
if [ "$service" != "chrony" ]; then
exit 0
fi
set -x
SERVERS="$ntp_servers"
POOLS="$ntp_pools"
systemctl is-active --quiet chronyd || systemctl start chronyd
for server in $SERVERS; do
chronyc add server "${server}" iburst
done
for pool in $POOLS; do
chronyc add server "${pool}" iburst
done
chronyc sources
params:
$ntp_servers:
list_join: [' ', {get_param: NtpServer}]
$ntp_pools:
list_join: [' ', {get_param: NtpPool}]
$service: {get_param: NtpService}
# attempt a timesync on boot to ensure the time has been synced
timesync_sync:
type: OS::Heat::SoftwareConfig
properties:
config:
str_replace:
template: |
#!/bin/bash
set -x
if [ "$service" = "chrony" ]; then
if command -v chronyc >/dev/null; then
chronyc waitsync 20
else
echo "No chronyc available, skipping sync"
fi
elif [ "$service" = "ntp" ]; then
if command -v ntpdate >/dev/null; then
ntpdate -u $ntp_servers
else
echo "No ntpdate available, skipping sync"
fi
fi
hwclock --systohc --utc
params:
$service: {get_param: NtpService}
$ntp_servers:
list_join: [' ', {get_param: NtpServer}]
outputs:
OS::stack_id:
value: {get_resource: userdata}

+ 4
- 0
overcloud-resource-registry-puppet.j2.yaml View File

@ -53,6 +53,10 @@ resource_registry:
# To disable, replace with firstboot/userdata_default.yaml
OS::TripleO::NodeAdminUserData: firstboot/userdata_heat_admin.yaml
# This bootstraps the timesync configuration for any subsequent deployment
# operations. To disable, replace with firstboot/userdata_default.yaml
OS::TripleO::NodeTimesyncUserData: firstboot/userdata_timesync.yaml
# Hooks for operator extra config
# NodeUserData == Cloud-init additional user-data, e.g cloud-config
# role::NodeUserData == Role specific cloud-init additional user-data


+ 8
- 0
puppet/role.role.j2.yaml View File

@ -373,6 +373,8 @@ resources:
parts:
- config: {get_resource: NodeAdminUserData}
type: multipart
- config: {get_resource: NodeTimesyncUserData}
type: multipart
- config: {get_resource: NodeUserData}
type: multipart
- config: {get_resource: RoleUserData}
@ -383,6 +385,12 @@ resources:
NodeAdminUserData:
type: OS::TripleO::NodeAdminUserData
# Bootstraps an ntp configuration and includes a hardware clock sync to
# for containers.
# Should return a OS::Heat::MultipartMime reference via OS::stack_id
NodeTimesyncUserData:
type: OS::TripleO::NodeTimesyncUserData
# For optional operator additional userdata
# Should return a OS::Heat::MultipartMime reference via OS::stack_id
NodeUserData:


Loading…
Cancel
Save