Default debian /etc/ntpsec/ntp.conf is used upon first boot
Steps to reproduce the issue:
Deploy SONiC image via ONIE
Wait for system complete intiialization
Check for error: "ERR ntpd[9900]: CONFIG: restrict nopeer ignored" in syslog
Check /run/ntpsec/ntp.dhcp.conf and compare with /etc/ntpsec/ntp.conf
Describe the results you received:
By default, in first boot, the system takes NTP through DHCP.
The DHCP hook script /etc/dhcp/dhclient-exit-hooks.d/ntp creates /run/ntpsec/ntp.dhcp.conf that derives from /etc/ntpsec/ntp.conf. At start, the /etc/ntpsec/ntp.conf contains a default configuration that comes with ntp package. Only then ntp-config.sh runs and generates /etc/ntpsec/ntp.conf from /usr/share/sonic/templates/ntp.conf.j2.
Content of /run/ntpsec/ntp.dhcp.conf:
# This file was copied from /etc/ntpsec/ntp.conf with the server options changed
# to reflect the information sent by the DHCP server. Any changes made
# here will be lost at the next DHCP event. Edit /etc/ntpsec/ntp.conf instead.
# NTP server entries received from DHCP server
server 10.211.0.134 iburst
server 10.211.0.124 iburst
server 10.7.77.135 iburst
# /etc/ntpsec/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
driftfile /var/lib/ntpsec/ntp.drift
leapfile /usr/share/zoneinfo/leap-seconds.list
# To enable Network Time Security support as a server, obtain a certificate
# (e.g. with Let's Encrypt), configure the paths below, and uncomment:
# nts cert CERT_FILE
# nts key KEY_FILE
# nts enable
# You must create /var/log/ntpsec (owned by ntpsec:ntpsec) to enable logging.
#statsdir /var/log/ntpsec/
#statistics loopstats peerstats clockstats
#filegen loopstats file loopstats type day enable
#filegen peerstats file peerstats type day enable
#filegen clockstats file clockstats type day enable
# This should be maxclock 7, but the pool entries count towards maxclock.
# Comment this out if you have a refclock and want it to be able to discipline
# the clock by itself (e.g. if the system is not connected to the network).
# Specify one or more NTP servers.
# Public NTP servers supporting Network Time Security:
# server time.cloudflare.com nts
# pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will
# pick a different set every time it starts up. Please consider joining the
# pool: <https://www.pool.ntp.org/join.html>
# Access control configuration; see /usr/share/doc/ntpsec-doc/html/accopt.html
# for details.
#
# Note that "restrict" applies to both servers and clients, so a configuration
# that might be intended to block requests from certain clients could also end
# up blocking replies from your own upstream servers.
# By default, exchange time with everybody, but don't allow configuration.
restrict default kod nomodify nopeer noquery limited
# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1
It also produces the following error in the log:
ERR ntpd[9900]: CONFIG: restrict nopeer ignored
Describe the results you expected:
The expected behaviour is that DHCP hook script uses /etc/ntpsec/ntp.conf generated by ntp-config.sh and not the default debian ntp.conf.
Description
Default debian /etc/ntpsec/ntp.conf is used upon first boot
Steps to reproduce the issue:
Describe the results you received:
By default, in first boot, the system takes NTP through DHCP.
The DHCP hook script
/etc/dhcp/dhclient-exit-hooks.d/ntp
creates/run/ntpsec/ntp.dhcp.conf
that derives from/etc/ntpsec/ntp.conf
. At start, the/etc/ntpsec/ntp.conf
contains a default configuration that comes with ntp package. Only thenntp-config.sh
runs and generates/etc/ntpsec/ntp.conf
from/usr/share/sonic/templates/ntp.conf.j2
.Content of /run/ntpsec/ntp.dhcp.conf:
It also produces the following error in the log:
Describe the results you expected:
The expected behaviour is that DHCP hook script uses
/etc/ntpsec/ntp.conf
generated byntp-config.sh
and not the default debianntp.conf
.Output of
show version
:Output of
show techsupport
:Additional information you deem important (e.g. issue happens only occasionally):