Giter Site home page Giter Site logo

sous-chefs / chrony Goto Github PK

View Code? Open in Web Editor NEW
3.0 27.0 26.0 124 KB

Development repository for the chrony cookbook

Home Page: https://supermarket.chef.io/cookbooks/chrony

License: Apache License 2.0

Ruby 87.21% HTML 12.79%
chef hacktoberfest chef-cookbook chef-resource chrony managed-by-terraform

chrony's Introduction

chrony cookbook

Cookbook Version CI State OpenCollective OpenCollective License

Configures the time synchronization application chrony as a client or master timeserver, maintaining the accuracy of the system clock (similar to NTP). Isolated networks are supported as well.

Maintainers

This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of Chef cookbook maintainers working together to maintain important cookbooks. If you’d like to know more please visit sous-chefs.org or come chat with us on the Chef Community Slack in #sous-chefs.

Requirements

Platforms

  • Debian / Ubuntu
  • CentOS / Redhat

Chef

  • Chef 13+

Recipes

client

Configures the node to use the chrony application to keep the node's clock synced. If there is a node using the chrony::master recipe, the client will attempt to sync with it, unless disabled via ['chrony']['search_masters']. If there is not an available master, the attribute list ['chrony'][:servers] is used (defaults are [0-3].debian.pool.ntp.org). If there is a master node, the ['chrony'][:allowed] will be set to allow for syncing with the master.

default

The default recipe passes through to the client recipe.

master

The node will use the chrony application to provide time to nodes using the chrony::client recipe. The master sets its own time against the attribute list ['chrony'][:servers] (defaults are [0-3].debian.pool.ntp.org). Access to this master is restricted by the ['chrony'][:allowed] attribute set in the recipe (default is to the x.y.* subnet).

Usage

Nodes using the chrony::client recipe will attempt to sync time with nodes using the chrony::master recipe. If there are no chrony::master nodes found, the contents of the attribute list ['chrony'][:servers] are used (defaults are [0-3].debian.pool.ntp.org).

The current configurations are supported:

  1. Clients with direct NTP server access
  2. A master with direct NTP server access with clients pointing to it

Contributors

This project exists thanks to all the people who contribute.

Backers

Thank you to all our backers!

https://opencollective.com/sous-chefs#backers

Sponsors

Support this project by becoming a sponsor. Your logo will show up here with a link to your website.

https://opencollective.com/sous-chefs/sponsor/0/website https://opencollective.com/sous-chefs/sponsor/1/website https://opencollective.com/sous-chefs/sponsor/2/website https://opencollective.com/sous-chefs/sponsor/3/website https://opencollective.com/sous-chefs/sponsor/4/website https://opencollective.com/sous-chefs/sponsor/5/website https://opencollective.com/sous-chefs/sponsor/6/website https://opencollective.com/sous-chefs/sponsor/7/website https://opencollective.com/sous-chefs/sponsor/8/website https://opencollective.com/sous-chefs/sponsor/9/website

chrony's People

Contributors

bisscuitt avatar damacus avatar gsreynolds avatar haidangwa avatar jeremy-clerc avatar kitchen-porter avatar mbuege avatar qubitrenegade avatar ramereth avatar renovate[bot] avatar seitanas avatar tas50 avatar xorima avatar xorimabot avatar

Stargazers

avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

jklare mbuege sspans dud225 ledgerhq cgaikwad brianvans disney haidangwa guilhox lurkingsystemsdude gsreynolds criteo-forks indygwyn isabella232 timyinshi mpurgahn-r7 qubitrenegade cotap bisscuitt seitanas seanpm2001 pa-jberanek raghu99cs

chrony's Issues

Chef should configure Chrony service before attempting to start the Chrony service.

πŸ‘» Brief Description

Chrony cookbook attempts to start the service before configuring it. This causes chef-client to fail if there are problems with the config file.

πŸ₯ž Cookbook version

1.1.2

πŸ‘©β€πŸ³ Chef-Infra Version

Chef Workstation version: 21.11.679
Cookstyle version: 7.25.9
Chef Infra Client version: 17.7.29
Chef InSpec version: 4.49.0
Chef CLI version: 5.4.2
Chef Habitat version: 1.6.420
Test Kitchen version: 3.1.1

🎩 Platform details

All

Steps To Reproduce

  • Edit /etc/chrony.conf by hand, make error
  • systemctl stop chrony
  • run cookbook

πŸš“ Expected behavior

Chef should fix the config file and restart the service.

βž• Additional context

It's a bit of a weird state to get in, but regardless, the service should be started after the config file is written.

In this specific case, it was a template that had an incorrect /etc/chrony.conf config, so when the machine booted it couldn't start Chrony and chef can't fix it because it's perpetually trying to start chrony before configuring the config.

Support for rhel8 platforms

Cookbook version

0.2.1

Chef-client version

14.x and 15.x

Platform Details

Redhat 8

Scenario:

This cookbook lists support for Debian and Ubuntu only. However, in Red Hat Enterprise Linux 8, the NTP protocol is implemented by the chronyd daemon, available from the repositories in the chrony package.

Updated the kitchen.yml to run in kitchen-dokken and centos-8 was added:

platforms:
  - name: ubuntu-16.04
  - name: centos-7
  - name: centos-8

Actual result:

Running this in test kitchen, I found that the cookbook converges on centos-7 and centos-8, anyway, but it failed to converge. The current kitchen.yml in master seems to try to test with centos-7. Perhaps the original intent was to support this platform family, but the work needs to be completed?

-----> Converging <default-centos-8>...
       Creating kitchen sandbox in /Users/nguyd106/.dokken/kitchen_sandbox/069746cd0e-default-centos-8
       Preparing dna.json
       Resolving cookbook dependencies with Berkshelf 7.0.8...
       Removing non-cookbook files before transfer
       Preparing secret
       Preparing validation.pem
       Preparing client.rb
[2019-10-25T16:21:48+00:00] WARN: Please install an English UTF-8 locale for Chef to use, falling back to C locale and disabling UTF-8 support.
+---------------------------------------------+
βœ” 2 product licenses accepted.
+---------------------------------------------+
Starting Chef Infra Client, version 15.4.21
Creating a new client identity for default-centos-8 using the validator key.
resolving cookbooks for run list: ["chrony::default"]
Synchronizing Cookbooks:
  - chrony (0.2.2)
Installing Cookbook Gems:
Compiling Cookbooks...
Converging 3 resources
Recipe: chrony::client
  * dnf_package[chrony] action install
    - install version 0:3.3-3.el8.x86_64 of package chrony
  * service[chrony] action enable
    * service[chrony]: Service is not known to chkconfig.
    ================================================================================
    Error executing action `enable` on resource 'service[chrony]'
    ================================================================================
    
    Chef::Exceptions::Service
    -------------------------
    service[chrony]: Service is not known to chkconfig.
    
    Resource Declaration:
    ---------------------
    # In /opt/kitchen/cache/cookbooks/chrony/recipes/client.rb
    
     22: service 'chrony' do
     23:   supports restart: true, status: true, reload: true
     24:   action [ :enable ]
     25: end
     26: 
    
    Compiled Resource:
    ------------------
    # Declared in /opt/kitchen/cache/cookbooks/chrony/recipes/client.rb:22:in `from_file'
    
    service("chrony") do
      action [:enable]
      default_guard_interpreter :default
      declared_type :service
      cookbook_name "chrony"
      recipe_name "client"
      supports {:restart=>true, :status=>true, :reload=>true}
      service_name "chrony"
    end
    
    System Info:
    ------------
    chef_version=15.4.21
    platform=centos
    platform_version=8.0.1905
    ruby=ruby 2.6.4p104 (2019-08-28 revision 67798) [x86_64-linux]
    program_name=/opt/chef/embedded/bin/chef-client
    executable=/opt/chef/embedded/bin/chef-client
    

Running handlers:
[2019-10-25T16:22:16+00:00] ERROR: Running exception handlers
Running handlers complete
[2019-10-25T16:22:16+00:00] ERROR: Exception handlers complete
Chef Infra Client failed. 1 resources updated in 27 seconds

supermarket links to gh repo broken

Just a quick thing - the links on the supermarket page - https://github.com/chef-cookbook/chrony etc - to this repo are broken. I think it's just a matter of the repo name in the link being chef-cookbook vs chef-cookbooks (plural)

Test Kitchen fails

Cookbook version

0.2.1

Chef-client version

15.4.21

Platform Details

Ubuntu 16.04

Scenario:

Run Test Kitchen under ubuntu

Steps to Reproduce:

Run kitchen test ubuntu

Expected Result:

tests pass

Actual Result:

The client fails to converge.

Starting Chef Infra Client, version 15.4.21
[2019-10-25T16:38:55+00:00] WARN: Plugin Network: unable to detect ipaddress
Creating a new client identity for default-ubuntu-1604 using the validator key.
resolving cookbooks for run list: ["chrony::default"]
Synchronizing Cookbooks:
  - chrony (0.2.2)
Installing Cookbook Gems:
Compiling Cookbooks...
Converging 3 resources
Recipe: chrony::client
  * apt_package[chrony] action install
    * No candidate version available for chrony
    ================================================================================
    Error executing action `install` on resource 'apt_package[chrony]'
    ================================================================================
    
    Chef::Exceptions::Package
    -------------------------
    No candidate version available for chrony
    
    Resource Declaration:
    ---------------------
    # In /opt/kitchen/cache/cookbooks/chrony/recipes/client.rb
    
     20: package 'chrony'
     21: 
    
    Compiled Resource:
    ------------------
    # Declared in /opt/kitchen/cache/cookbooks/chrony/recipes/client.rb:20:in `from_file'
    
    apt_package("chrony") do
      package_name "chrony"
      action [:install]
      default_guard_interpreter :default
      declared_type :package
      cookbook_name "chrony"
      recipe_name "client"
    end
    
    System Info:
    ------------
    chef_version=15.4.21
    platform=ubuntu
    platform_version=16.04
    ruby=ruby 2.6.4p104 (2019-08-28 revision 67798) [x86_64-linux]
    program_name=/opt/chef/embedded/bin/chef-client
    executable=/opt/chef/embedded/bin/chef-client
    

Running handlers:
[2019-10-25T16:38:56+00:00] ERROR: Running exception handlers
Running handlers complete
[2019-10-25T16:38:56+00:00] ERROR: Exception handlers complete
Chef Infra Client failed. 0 resources updated in 01 seconds

Make pool entry in chrony.conf as a variable

We have recommendation from security as part of CIS to use server in chrony.conf rather than pool. Would be nice to remove the hardcoded entry "pool" in chrony.conf template .

Run tests with kitchen-dokken

Cookbook version

0.2.1

Chef-client version

14.x and 15.x

Platform Details

Test Kitchen

Scenario:

Test Kitchen is being run with vagrant.

Since this cookbook is setup with travis-ci already, running with kitchen-dokken seems to make sense, as some other Chef-owned community cookbooks are doing so already.

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

This repository currently has no open or pending branches.

Detected dependencies

github-actions
.github/workflows/ci.yml
  • sous-chefs/.github 3.1.1
  • actions/checkout v4
  • actionshub/chef-install 3.0.0
  • actionshub/test-kitchen 3.0.0
.github/workflows/stale.yml
  • actions/stale v9
  • Check this box to trigger a request for Renovate to run again on this repository

Add pools to config

Hello,

please add pool options to config.
This feature can add many servers for using.

Debian 10 is missing /usr/lib/systemd/scripts/chronyd-starter.sh

Cookbook version

0.3.0

Chef-client version

15.7.32

Platform Details

Debian 10

Scenario:

Add the default recipe to a Debian 10 node.

Steps to Reproduce:

Add - name: debian-10 to the kitchen.yml

       Recipe: chrony::client
         * apt_package[chrony] action install
           - install version 3.4-4 of package chrony
         * file[/etc/systemd/system/multi-user.target.wants/chronyd.service] action delete (up to date)
         * systemd_unit[chrony.service] action create
         Recipe: <Dynamically Defined Resource>
           * file[/etc/systemd/system/chrony.service] action create
             - create new file /etc/systemd/system/chrony.service
             - update content in file /etc/systemd/system/chrony.service from none to a9ea1b
             --- /etc/systemd/system/chrony.service	2020-02-10 06:15:10.986892953 +0000
             +++ /etc/systemd/system/.chef-chrony20200210-1053-3aq73q.service	2020-02-10 06:15:10.986892953 +0000
             @@ -1 +1,21 @@
             +[Unit]
             +Description = NTP client/server
             +Documentation = man:chronyd(8) man:chrony.conf(5)
             +After = ntpdate.service sntp.service ntpd.service
             +Conflicts = ntpd.service systemd-timesyncd.service
             +ConditionCapability = CAP_SYS_TIME
             +
             +[Service]
             +Type = forking
             +PrivateTmp = yes
             +ProtectHome = yes
             +ProtectSystem = full
             +PIDFile = /run/chronyd.pid
             +EnvironmentFile = -/etc/default/chrony
             +ExecStart = /usr/lib/systemd/scripts/chronyd-starter.sh $DAEMON_OPTS
             +ExecStartPost = -/usr/lib/chrony/chrony-helper update-daemon
             +
             +[Install]
             +Alias = chrony.service
             +WantedBy = multi-user.target
             - change mode from '' to '0644'
             - change owner from '' to 'root'
             - change group from '' to 'root'
           - creating unit: chrony.service
       Recipe: chrony::client
         * systemd_unit[chrony.service] action enable (up to date)
         * service[chrony] action start (up to date)
         * service[chrony] action enable (up to date)
         * template[chrony.conf] action create
           - update content in file /etc/chrony/chrony.conf from 1cb8f5 to f0e5ed
           --- /etc/chrony/chrony.conf	2019-03-18 18:35:34.000000000 +0000
           +++ /etc/chrony/.chef-chrony20200210-1053-2dr8s8.conf	2020-02-10 06:15:11.543161924 +0000
           @@ -1,29 +1,24 @@
           -# Welcome to the chrony configuration file. See chrony.conf(5) for more
           -# information about usuable directives.
           -pool 2.debian.pool.ntp.org iburst
           +# Generated by Chef Infra Client. Do not hand edit
            
           -# This directive specify the location of the file containing ID/key pairs for
           -# NTP authentication.
           -keyfile /etc/chrony/chrony.keys
           +# Use public servers from the pool.ntp.org project.
           +# Please consider joining the pool (http://www.pool.ntp.org/join.html).
           +# See https://chrony.tuxfamily.org/faq.html#_what_is_the_minimum_recommended_configuration_for_an_ntp_client
           +# for explanations for these configuration settings
           +pool pool.ntp.org iburst
            
           -# This directive specify the file into which chronyd will store the rate
           -# information.
           -driftfile /var/lib/chrony/chrony.drift
           +# Record the rate at which the system clock gains/losses time.
           +driftfile /var/lib/chrony/drift
            
           -# Uncomment the following line to turn logging on.
           -#log tracking measurements statistics
           +# Allow the system clock to be stepped in the first three updates
           +# if its offset is larger than 1 second.
           +makestep 1 3
            
           -# Log files location.
           -logdir /var/log/chrony
           -
           -# Stop bad estimates upsetting machine clock.
           -maxupdateskew 100.0
           -
           -# This directive enables kernel synchronisation (every 11 minutes) of the
           -# real-time clock. Note that it can’t be used along with the 'rtcfile' directive.
           +# Enable kernel synchronization of the real-time clock (RTC).
            rtcsync
            
           -# Step the system clock instead of slewing it if the adjustment is larger than
           -# one second, but only in the first three clock updates.
           -makestep 1 3
           +# Specify directory for log files.
           +logdir /var/log/chrony
           +
           +# Select which information is logged.
           +#log measurements statistics tracking
         * service[chrony] action restart
           
           ================================================================================
           Error executing action `restart` on resource 'service[chrony]'
           ================================================================================
           
           Mixlib::ShellOut::ShellCommandFailed
           ------------------------------------
           Expected process to exit with [0], but received '1'
           ---- Begin output of /usr/bin/systemctl --system restart chrony ----
           STDOUT: 
           STDERR: Job for chrony.service failed because the control process exited with error code.
           See "systemctl status chrony.service" and "journalctl -xe" for details.
           ---- End output of /usr/bin/systemctl --system restart chrony ----
           Ran /usr/bin/systemctl --system restart chrony returned 1
           
           Resource Declaration:
           ---------------------
           # In /tmp/kitchen/cache/cookbooks/chrony/recipes/client.rb
           
            35: service 'chrony' do
            36:   service_name chrony_service_name
            37:   supports restart: true, status: true, reload: true
            38:   if systemd? && docker?
            39:     start_command "systemctl --no-block start #{chrony_service_name}"
            40:     restart_command "systemctl --no-block restart #{chrony_service_name}"
            41:   end
            42:   action %i(start enable)
            43: end
            44: 
           
           Compiled Resource:
           ------------------
           # Declared in /tmp/kitchen/cache/cookbooks/chrony/recipes/client.rb:35:in `from_file'
           
           service("chrony") do
             action [:start, :enable]
             default_guard_interpreter :default
             declared_type :service
             cookbook_name "chrony"
             recipe_name "client"
             service_name "chrony"
             supports {:restart=>true, :status=>true, :reload=>true}
             running true
             enabled true
             masked false
           end
           
           System Info:
           ------------
           chef_version=15.7.32
           platform=debian
           platform_version=10
           ruby=ruby 2.6.5p114 (2019-10-01 revision 67812) [x86_64-linux]
           program_name=/opt/chef/bin/chef-client
           executable=/opt/chef/bin/chef-client
           
       
       Running handlers:
       [2020-02-10T06:15:11+00:00] ERROR: Running exception handlers
       Running handlers complete
       [2020-02-10T06:15:11+00:00] ERROR: Exception handlers complete
       Chef Infra Client failed. 4 resources updated in 06 seconds
       [2020-02-10T06:15:11+00:00] FATAL: Stacktrace dumped to /tmp/kitchen/cache/chef-stacktrace.out
       [2020-02-10T06:15:11+00:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
       [2020-02-10T06:15:11+00:00] FATAL: Mixlib::ShellOut::ShellCommandFailed: service[chrony] (chrony::client line 35) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received '1'
       ---- Begin output of /usr/bin/systemctl --system restart chrony ----
       STDOUT: 
       STDERR: Job for chrony.service failed because the control process exited with error code.
       See "systemctl status chrony.service" and "journalctl -xe" for details.
       ---- End output of /usr/bin/systemctl --system restart chrony ----
       Ran /usr/bin/systemctl --system restart chrony returned 1

Logging into the kitchen instance shows that /usr/lib/systemd/scripts/chronyd-starter.sh does not exist.

Chrony service not starting after reboot in rhel7

The link file /etc/systemd/system/multi-user.target.wants/chronyd.service has been deleted as per recipe . Cookbook behaves as below when running chef-client

  • file[/etc/systemd/system/multi-user.target.wants/chronyd.service] action delete (up to date)
  • systemd_unit[chronyd.service] action create (up to date)
  • systemd_unit[chronyd.service] action enable (up to date)
  • service[chrony] action start (up to date)
  • service[chrony] action enable (up to date)

Chronyd service is showing as enabled , however as link is not created to multi-user.target.wants its not started at boot.

systemctl is-enabled chronyd

enabled

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    πŸ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. πŸ“ŠπŸ“ˆπŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❀️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.