search

sonic-net / sonic-buildimage

Scripts which perform an installable binary image build for SONiC
Other
724 stars 1.38k forks source link

[ntp][dhcp] Default debian /etc/ntpsec/ntp.conf is used upon first boot #19820

Open stepanblyschak opened 1 month ago

stepanblyschak commented 1 month ago

Description

Default debian /etc/ntpsec/ntp.conf is used upon first boot

Steps to reproduce the issue:

  1. Deploy SONiC image via ONIE
  2. Wait for system complete intiialization
  3. Check for error: "ERR ntpd[9900]: CONFIG: restrict nopeer ignored" in syslog
  4. Check /run/ntpsec/ntp.dhcp.conf and compare with /etc/ntpsec/ntp.conf

Describe the results you received:

By default, in first boot, the system takes NTP through DHCP.

The DHCP hook script /etc/dhcp/dhclient-exit-hooks.d/ntp creates /run/ntpsec/ntp.dhcp.conf that derives from /etc/ntpsec/ntp.conf. At start, the /etc/ntpsec/ntp.conf contains a default configuration that comes with ntp package. Only then ntp-config.sh runs and generates /etc/ntpsec/ntp.conf from /usr/share/sonic/templates/ntp.conf.j2.

Content of /run/ntpsec/ntp.dhcp.conf:

# This file was copied from /etc/ntpsec/ntp.conf with the server options changed
# to reflect the information sent by the DHCP server.  Any changes made
# here will be lost at the next DHCP event.  Edit /etc/ntpsec/ntp.conf instead.

# NTP server entries received from DHCP server
server 10.211.0.134 iburst
server 10.211.0.124 iburst
server 10.7.77.135 iburst

# /etc/ntpsec/ntp.conf, configuration for ntpd; see ntp.conf(5) for help

driftfile /var/lib/ntpsec/ntp.drift
leapfile /usr/share/zoneinfo/leap-seconds.list

# To enable Network Time Security support as a server, obtain a certificate
# (e.g. with Let's Encrypt), configure the paths below, and uncomment:
# nts cert CERT_FILE
# nts key KEY_FILE
# nts enable

# You must create /var/log/ntpsec (owned by ntpsec:ntpsec) to enable logging.
#statsdir /var/log/ntpsec/
#statistics loopstats peerstats clockstats
#filegen loopstats file loopstats type day enable
#filegen peerstats file peerstats type day enable
#filegen clockstats file clockstats type day enable

# This should be maxclock 7, but the pool entries count towards maxclock.

# Comment this out if you have a refclock and want it to be able to discipline
# the clock by itself (e.g. if the system is not connected to the network).

# Specify one or more NTP servers.

# Public NTP servers supporting Network Time Security:
# server time.cloudflare.com nts

# pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server will
# pick a different set every time it starts up.  Please consider joining the
# pool: <https://www.pool.ntp.org/join.html>

# Access control configuration; see /usr/share/doc/ntpsec-doc/html/accopt.html
# for details.
#
# Note that "restrict" applies to both servers and clients, so a configuration
# that might be intended to block requests from certain clients could also end
# up blocking replies from your own upstream servers.

# By default, exchange time with everybody, but don't allow configuration.
restrict default kod nomodify nopeer noquery limited

# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1

It also produces the following error in the log:

ERR ntpd[9900]: CONFIG: restrict nopeer ignored

Describe the results you expected:

The expected behaviour is that DHCP hook script uses /etc/ntpsec/ntp.conf generated by ntp-config.sh and not the default debian ntp.conf.

Output of show version:

SONiC Software Version: SONiC.master.600-e2b30cc49_Internal
SONiC OS Version: 12
Distribution: Debian 12.6
Kernel: 6.1.0-11-2-amd64
Build commit: 32d138920
Build date: Mon Jul 15 10:47:14 UTC 2024
Built by: sw-r2d2-bot@r-build-sonic-ci03-242

Platform: x86_64-mlnx_msn3800-r0
HwSKU: Mellanox-SN3800-D112C8
ASIC: mellanox
ASIC Count: 1
Serial Number: MT1925X00008
Model Number: MSN3800-CS2F
Hardware Revision: A6
Uptime: 15:57:39 up  4:40,  2 users,  load average: 0.60, 0.62, 0.67
Date: Mon 05 Aug 2024 15:57:39

Docker images:
REPOSITORY                    TAG                             IMAGE ID       SIZE
docker-platform-monitor       latest                          866e4737cf6d   609MB
docker-platform-monitor       master.600-e2b30cc49_Internal   866e4737cf6d   609MB
docker-syncd-mlnx             latest                          a670d93c5fdc   845MB
docker-syncd-mlnx             master.600-e2b30cc49_Internal   a670d93c5fdc   845MB
docker-sonic-mgmt-framework   latest                          d1fa1e1c47cd   399MB
docker-sonic-mgmt-framework   master.600-e2b30cc49_Internal   d1fa1e1c47cd   399MB
docker-sonic-gnmi             latest                          dc14417e7913   397MB
docker-sonic-gnmi             master.600-e2b30cc49_Internal   dc14417e7913   397MB
docker-macsec                 latest                          c220350370ba   344MB
docker-dhcp-relay             latest                          bc7f7f6823f0   322MB
docker-teamd                  latest                          ecc9d7f3808c   341MB
docker-teamd                  master.600-e2b30cc49_Internal   ecc9d7f3808c   341MB
docker-snmp                   latest                          2523f2f975b5   352MB
docker-snmp                   master.600-e2b30cc49_Internal   2523f2f975b5   352MB
docker-sflow                  latest                          8f2df47c5591   342MB
docker-sflow                  master.600-e2b30cc49_Internal   8f2df47c5591   342MB
docker-router-advertiser      latest                          dcd202179d1d   313MB
docker-router-advertiser      master.600-e2b30cc49_Internal   dcd202179d1d   313MB
docker-orchagent              latest                          a4fc9f007dd3   354MB
docker-orchagent              master.600-e2b30cc49_Internal   a4fc9f007dd3   354MB
docker-nat                    latest                          6b6ea6057ff9   344MB
docker-nat                    master.600-e2b30cc49_Internal   6b6ea6057ff9   344MB
docker-mux                    latest                          af05c8858962   364MB
docker-mux                    master.600-e2b30cc49_Internal   af05c8858962   364MB
docker-lldp                   latest                          b04cd7ec6a43   358MB
docker-lldp                   master.600-e2b30cc49_Internal   b04cd7ec6a43   358MB
docker-fpm-frr                latest                          c9e5e3874883   373MB
docker-fpm-frr                master.600-e2b30cc49_Internal   c9e5e3874883   373MB
docker-eventd                 latest                          9e1cb03dfd0d   312MB
docker-eventd                 master.600-e2b30cc49_Internal   9e1cb03dfd0d   312MB
docker-database               latest                          790830272e6b   321MB
docker-database               master.600-e2b30cc49_Internal   790830272e6b   321MB

Output of show techsupport:

(paste your output here or download and attach the file here )

Additional information you deem important (e.g. issue happens only occasionally):

stepanblyschak commented 1 month ago

The issue is similar to https://github.com/sonic-net/sonic-buildimage/issues/17892