From c9d3f980bb8a931775c7c2a3b275f0a8db9cdf6f Mon Sep 17 00:00:00 2001 From: Marek Skrobacki Date: Wed, 13 Nov 2024 11:25:41 +0000 Subject: [PATCH 1/2] fix: chrony NTP settings The time.rackspace.net does not exist anymore, it has to be region specific now. This change also includes fallback to two other NTP pools. --- components/chrony/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/chrony/deployment.yaml b/components/chrony/deployment.yaml index e5f5e599..33f4802f 100644 --- a/components/chrony/deployment.yaml +++ b/components/chrony/deployment.yaml @@ -18,6 +18,6 @@ spec: image: dockurr/chrony@sha256:7dc19aa12f5e5da7aaa3640c6700012087d0eedd5bd4ece2a25cf42088637d62 env: - name: NTP_SERVERS - value: time.rackspace.net + value: time.iad.rackspace.net,0.pool.ntp.org,1.pool.ntp.org restartPolicy: Always dnsPolicy: ClusterFirst From ee0240bb5ea605c2f864f74504cb87ef9b73b215 Mon Sep 17 00:00:00 2001 From: Marek Skrobacki Date: Wed, 13 Nov 2024 13:14:14 +0000 Subject: [PATCH 2/2] IPA: add chrony.conf with no default NTP pools This removes unnecessary attempts to contact random NTP servers on the internet. --- ironic-images/ipa-debian-bookworm.yaml | 1 + ironic-images/static/etc/chrony/chrony.conf | 41 +++++++++++++++++++++ 2 files changed, 42 insertions(+) create mode 100644 ironic-images/static/etc/chrony/chrony.conf diff --git a/ironic-images/ipa-debian-bookworm.yaml b/ironic-images/ipa-debian-bookworm.yaml index ba9ab7b9..e9cd7560 100644 --- a/ironic-images/ipa-debian-bookworm.yaml +++ b/ironic-images/ipa-debian-bookworm.yaml @@ -6,3 +6,4 @@ - journal-to-console - package-installs - undercloud-ipa + - install-static diff --git a/ironic-images/static/etc/chrony/chrony.conf b/ironic-images/static/etc/chrony/chrony.conf new file mode 100644 index 00000000..72602079 --- /dev/null +++ b/ironic-images/static/etc/chrony/chrony.conf @@ -0,0 +1,41 @@ +# Include configuration files found in /etc/chrony/conf.d. +confdir /etc/chrony/conf.d + +# Do not Use Debian vendor zone. +# This was commented out to make sure that we only use NTP sources +# configured through DHCP. +# pool 2.debian.pool.ntp.org iburst + +# Use time sources from DHCP. +sourcedir /run/chrony-dhcp + +# Use NTP sources found in /etc/chrony/sources.d. +sourcedir /etc/chrony/sources.d + +# This directive specify the location of the file containing ID/key pairs for +# NTP authentication. +keyfile /etc/chrony/chrony.keys + +# This directive specify the file into which chronyd will store the rate +# information. +driftfile /var/lib/chrony/chrony.drift + +# Save NTS keys and cookies. +ntsdumpdir /var/lib/chrony + +# Uncomment the following line to turn logging on. +#log tracking measurements statistics + +# Log files location. +logdir /var/log/chrony + +# Stop bad estimates upsetting machine clock. +maxupdateskew 100.0 + +# This directive enables kernel synchronisation (every 11 minutes) of the +# real-time clock. Note that it can't be used along with the 'rtcfile' directive. +rtcsync + +# Step the system clock instead of slewing it if the adjustment is larger than +# one second, but only in the first three clock updates. +makestep 1 3