backport NTP fix

57305344 · Louis Abel · 73beaa99 · 57305344 · 57305344
Verified Commit 57305344 authored 4 months ago by Louis Abel
--- a/ROCKY/CFG/cloud-init.cfg
+++ b/ROCKY/CFG/cloud-init.cfg
@@ -2,15 +2,24 @@ add {
  file: "ROCKY/_supporting/0001-Ensure-cloud-user-is-applied-to-Rocky-Linux.patch"
 }

+add {
+  file: "ROCKY/_supporting/0001-ntp-Fix-Rocky-Linux-NTP-configuration.patch"
+}
+
 spec_change {
  file {
    name: "0001-Ensure-cloud-user-is-applied-to-Rocky-Linux.patch"
    type: Patch
    add: true
+  }
+  file {
+    name: "0001-ntp-Fix-Rocky-Linux-NTP-configuration.patch"
+    type: Patch
+    add: true
  }
    append {
        field: "Release"
-        value: ".0.1"
+        value: ".0.2"
    }
  changelog {
    author_name: "Release Engineering"

--- a/ROCKY/_supporting/0001-ntp-Fix-Rocky-Linux-NTP-configuration.patch
+++ b/ROCKY/_supporting/0001-ntp-Fix-Rocky-Linux-NTP-configuration.patch
+From ea397bc9dad3fb3047ded5e321bfdaef5eb69ced Mon Sep 17 00:00:00 2001
+From: Louis Abel <label@rockylinux.org>
+Date: Thu, 14 Nov 2024 09:06:19 -0700
+Subject: [PATCH] ntp: Fix Rocky Linux NTP configuration
+
+---
+ cloudinit/config/cc_ntp.py       |  3 ++
+ templates/chrony.conf.rocky.tmpl | 51 +++++++++++++++++++++++++
+ templates/ntp.conf.rocky.tmpl    | 64 ++++++++++++++++++++++++++++++++
+ 3 files changed, 118 insertions(+)
+ create mode 100644 templates/chrony.conf.rocky.tmpl
+ create mode 100644 templates/ntp.conf.rocky.tmpl
+
+diff --git a/cloudinit/config/cc_ntp.py b/cloudinit/config/cc_ntp.py
+index 9eef24f..653db7d 100644
+--- a/cloudinit/config/cc_ntp.py
+++ b/cloudinit/config/cc_ntp.py
+@@ -227,6 +227,9 @@ for distro in ("opensuse-microos", "opensuse-tumbleweed", "opensuse-leap"):
+ for distro in ("sle_hpc", "sle-micro"):
+     DISTRO_CLIENT_CONFIG[distro] = DISTRO_CLIENT_CONFIG["sles"]
+ 
+for distro in ("almalinux", "cloudlinux", "rocky"):
+    DISTRO_CLIENT_CONFIG[distro] = DISTRO_CLIENT_CONFIG["rhel"]
+
+ # The schema definition for each cloud-config module is a strict contract for
+ # describing supported configuration parameters for each cloud-config section.
+ # It allows cloud-config to validate and alert users to invalid or ignored
+diff --git a/templates/chrony.conf.rocky.tmpl b/templates/chrony.conf.rocky.tmpl
+new file mode 100644
+index 0000000..43b1f5d
+--- /dev/null
+++ b/templates/chrony.conf.rocky.tmpl
+@@ -0,0 +1,51 @@
+## template:jinja
+# Use public servers from the pool.ntp.org project.
+# Please consider joining the pool (http://www.pool.ntp.org/join.html).
+{% if pools %}# pools
+{% endif %}
+{% for pool in pools -%}
+pool {{pool}} iburst
+{% endfor %}
+{%- if servers %}# servers
+{% endif %}
+{% for server in servers -%}
+server {{server}} iburst
+{% endfor %}
+{% for peer in peers -%}
+peer {{peer}}
+{% endfor %}
+{% for a in allow -%}
+allow {{a}}
+{% endfor %}
+
+# Record the rate at which the system clock gains/losses time.
+driftfile /var/lib/chrony/drift
+
+# Allow the system clock to be stepped in the first three updates
+# if its offset is larger than 1 second.
+makestep 1.0 3
+
+# Enable kernel synchronization of the real-time clock (RTC).
+rtcsync
+
+# Enable hardware timestamping on all interfaces that support it.
+#hwtimestamp *
+
+# Increase the minimum number of selectable sources required to adjust
+# the system clock.
+#minsources 2
+
+# Allow NTP client access from local network.
+#allow 192.168.0.0/16
+
+# Serve time even if not synchronized to a time source.
+#local stratum 10
+
+# Specify file containing keys for NTP authentication.
+#keyfile /etc/chrony.keys
+
+# Specify directory for log files.
+logdir /var/log/chrony
+
+# Select which information is logged.
+#log measurements statistics tracking
+diff --git a/templates/ntp.conf.rocky.tmpl b/templates/ntp.conf.rocky.tmpl
+new file mode 100644
+index 0000000..6d166aa
+--- /dev/null
+++ b/templates/ntp.conf.rocky.tmpl
+@@ -0,0 +1,64 @@
+## template:jinja
+
+# For more information about this file, see the man pages
+# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
+
+driftfile /var/lib/ntp/drift
+
+# Permit time synchronization with our time source, but do not
+# permit the source to query or modify the service on this system.
+restrict default kod nomodify notrap nopeer noquery
+restrict -6 default kod nomodify notrap nopeer noquery
+
+# Permit all access over the loopback interface.  This could
+# be tightened as well, but to do so would effect some of
+# the administrative functions.
+restrict 127.0.0.1
+restrict -6 ::1
+
+# Hosts on local network are less restricted.
+#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
+
+# Use public servers from the pool.ntp.org project.
+# Please consider joining the pool (http://www.pool.ntp.org/join.html).
+{% if pools %}# pools
+{% endif %}
+{% for pool in pools -%}
+pool {{pool}} iburst
+{% endfor %}
+{%- if servers %}# servers
+{% endif %}
+{% for server in servers -%}
+server {{server}} iburst
+{% endfor %}
+{% for peer in peers -%}
+peer {{peer}}
+{% endfor %}
+
+#broadcast 192.168.1.255 autokey	# broadcast server
+#broadcastclient			# broadcast client
+#broadcast 224.0.1.1 autokey		# multicast server
+#multicastclient 224.0.1.1		# multicast client
+#manycastserver 239.255.254.254		# manycast server
+#manycastclient 239.255.254.254 autokey # manycast client
+
+# Enable public key cryptography.
+#crypto
+
+includefile /etc/ntp/crypto/pw
+
+# Key file containing the keys and key identifiers used when operating
+# with symmetric key cryptography.
+keys /etc/ntp/keys
+
+# Specify the key identifiers which are trusted.
+#trustedkey 4 8 42
+
+# Specify the key identifier to use with the ntpdc utility.
+#requestkey 8
+
+# Specify the key identifier to use with the ntpq utility.
+#controlkey 8
+
+# Enable writing of statistics records.
+#statistics clockstats cryptostats loopstats peerstats
+-- 
+2.47.0
+