search

kernelkit / infix

Linux :yellow_heart: NETCONF = Infix
https://kernelkit.org
GNU General Public License v2.0
49 stars 12 forks source link

NTP status not shown in CLI #730

Open axkar opened 4 hours ago

axkar commented 4 hours ago

Navigate to cli, enable ntp, and show the ntp configuration

admin@infix-00-00-00:/config/> set system ntp enabled 
admin@infix-00-00-00:/config/> set system ntp server pool udp address pool.ntp.org
admin@infix-00-00-00:/config/> diff
system {
+  ntp {
+    enabled true;
+    server pool {
+      udp {
+        address pool.ntp.org;
+      }
+    }
+  }
}
admin@infix-00-00-00:/config/> leave 
admin@infix-00-00-00:/> show ntp 
NTP client not enabled.

However, it is verified that the chronyd is started properly. Obs! Ensure that dhcp client is enabled as well:

admin@infix-00-00-00:/config/> set dhcp-client client-if e1
admin@infix-00-00-00:/config/> leave
axkar commented 4 hours ago

Additional findings:

When running a check for chronyc serverstats as admin user, the following error appears:

admin@infix-00-00-00:~$ chronyc serverstats
501 Not authorised

However, running the same command as root works fine:

admin@infix-00-00-00:~$ sudo chronyc serverstats
NTP packets received       : 0
NTP packets dropped        : 0
Command packets received   : 11
Command packets dropped    : 0
Client log records dropped : 0
NTS-KE connections accepted: 0
NTS-KE connections dropped : 0
Authenticated NTP packets  : 0
Interleaved NTP packets    : 0
NTP timestamps held        : 0
NTP timestamp span         : 0
NTP daemon RX timestamps   : 0
NTP daemon TX timestamps   : 0
NTP kernel RX timestamps   : 0
NTP kernel TX timestamps   : 0
NTP hardware RX timestamps : 0
NTP hardware TX timestamps : 0

Similarly, when using ntp as the admin (as described above):

admin@infix-00-00-00:/> show ntp
NTP client not enabled.
admin@infix-00-00-00:/> 
admin@infix-00-00-00:~$ /bin/ntp 
NTP client not enabled.

And again, as the root user, the command works fine:

admin@infix-00-00-00:~$ sudo clish
root@infix-00-00-00:/> show ntp 
Reference ID    : C23ACD94 (svl2.ntp.netnod.se)
Stratum         : 2
Ref time (UTC)  : Thu Oct 17 15:21:57 2024
System time     : 0.000035142 seconds fast of NTP time
Last offset     : -0.000068587 seconds
RMS offset      : 0.000068587 seconds
Frequency       : 0.434 ppm fast
Residual freq   : -0.011 ppm
Skew            : 28.615 ppm
Root delay      : 0.013573844 seconds
Root dispersion : 0.001952836 seconds
Update interval : 64.4 seconds
Leap status     : Normal

It seems there is a specific handling of user settings for chronyc, as the script fails at the initial check:

admin@infix-00-00-00:~$ cat /bin/ntp 
#!/bin/sh
# Helper script to chronyc, checks if daemon is running

if ! chronyc serverstats >/dev/null; then
   echo "NTP client not enabled."
   exit 1
fi

case $1 in
    tracking)
    chronyc tracking
    ;;
    sources)
    chronyc sources -v
    ;;
    *)
    echo "Unknown NTP command."
    ;;
esac
admin@infix-00-00-00:~$ chronyc serverstats
501 Not authorised
axkar commented 2 hours ago

The message "NTP client not enabled" is kind of misleading...

troglobit commented 2 hours ago

Please update infix.xml with a 'doas ' prefix for the backend shell command to the 'show ntp' CLI command. Similar to what has already been done for the container.xml. See src/klish-plugim-infix/xml/.