[NTP] Add NTP extended configuration #15058

fastiuk · 2023-05-13T10:12:39Z

hld #1296
closes #1254
depends-on #60, #781, #2835, #10749

Why I did it

To cover the next AIs:

Configure NTP global parameters
Add/remove new NTP servers
Change the configuration for NTP servers
Show NTP status
Show NTP configuration

Work item tracking

Microsoft ADO (number only):

How I did it

Add YANG model for a new configuration
Extend configuration templates to support new knobs

How to verify it

Which release branch to backport (provide reason below if selected)

202205
202211
202305
202311

Tested branch (Please provide the tested image version)

Description for the changelog

Add ability to configure NTP global parameters such as authentication, dhcp, admin state
Change the configuration for NTP servers
Add an ability to show NTP configuration

Link to config_db schema for YANG module changes

NTP configuration

A picture of a cute animal (it is my cat Finn)

fastiuk · 2023-06-19T12:10:16Z

/azpw run Azure.sonic-buildimage

mssonicbld · 2023-06-19T12:10:18Z

/AzurePipelines run Azure.sonic-buildimage

azure-pipelines · 2023-06-19T12:10:23Z

Pull request contains merge conflicts.

fastiuk · 2023-06-23T16:00:55Z

The test failed because the code sonic-net/sonic-host-services#60 should be merged.
Tested locally with an image - test case works fine.

files/image_config/ntp/ntp.conf.j2

src/sonic-yang-models/yang-models/sonic-ntp.yang

saiarcot895 · 2023-07-03T17:05:33Z

files/image_config/ntp/ntp-systemd-wrapper

@@ -27,21 +28,29 @@ fi

 (
        flock -w 180 9
+        ntpEnabled=$(/usr/local/bin/sonic-cfggen -d -v 'NTP["global"]["admin_state"]' 2> /dev/null)
+        if [ "$ntpEnabled" = "disabled" ]


Can ExecCondition= in the systemd service file be used to check this condition instead? That way the service status will accurately reflect that a condition check failed.

There also shoudn't be another ntp daemon running at this point of time, so there shouldn't be anything that needs to be stopped.

hmm. nice idea, I guess it will work. I will try it and let you know the result here

Any update here on whether this worked?

Hey. I tried it with another daemon and it actually works fine. I tried to rework it here, but it won't work here in a couple of reasons:

It is not a one-line solution and will basically make this implementation more complex.

We are using lock here, which will be much harder to use in the service file.

We need to use ExecStopPost condition to stop the daemon.

Other reasons I don't like this option:

We need to modify ntp service file which is controlled by open source community and not modified by us.

That ntp-systemd-wrapper script was created exactly to customize the control of ntp daemon.

So I would like to avoid of such changes

Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com>

…access for other. Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com>

Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com>

qiluo-msft · 2023-12-02T00:41:31Z

+@ganglyu to review SONiC Yang model

ganglyu · 2023-12-02T02:15:52Z

src/sonic-yang-models/yang-models/sonic-ntp.yang

@@ -68,6 +105,9 @@ module sonic-ntp {
                        type leafref {
                            path /mprt:sonic-mgmt_port/mprt:MGMT_PORT/mprt:MGMT_PORT_LIST/mprt:name;
                        }
+                        type string {
+                            pattern 'eth0';
+                        }


why do you need this type?
I think eth0 is the management port

Exactly, eth0 will be covered by MGMT_PORT, but if it is undefined in MGMT_PORT (which is possible, at first boot, for example) it will fail during build, because it checks for init_cfg conforms YANG model. So my logic here: src_intf is either port from MGMT_PORT, or eth0, or port from other leafref.

ganglyu · 2023-12-02T02:21:55Z

would you please update src/sonic-yang-models/tests/files/sample_config_db.json?

Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com>

fastiuk · 2023-12-02T23:28:35Z

would you please update src/sonic-yang-models/tests/files/sample_config_db.json?

updated

fastiuk · 2023-12-06T15:20:17Z

@qiluo-msft all comments resolved. Can we proceed with that?

In sonic-net#15058, the NTP server configuration was modified to add additional options, such as conditionally enabling iburst, specifying the association type, and specifying the NTP version. One side effect of this was that the iburst option which was previously always enabled now requires it to be explicitly enabled in the config_db. To restore the old behavior, when loading from minigraph, add `"iburst": "true"` for each NTP server loaded from minigraph. Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>

Why I did it In #15058, the NTP server configuration was modified to add additional options, such as conditionally enabling iburst, specifying the association type, and specifying the NTP version. One side effect of this was that the iburst option which was previously always enabled now requires it to be explicitly enabled in the config_db. Fixes #19425. How I did it To restore the old behavior, when loading from minigraph, add "iburst": "true" for each NTP server loaded from minigraph. How to verify it Tested on a KVM setup, verified that the generated ntp.conf file had the iburst option. Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>

…#19424) Why I did it In sonic-net#15058, the NTP server configuration was modified to add additional options, such as conditionally enabling iburst, specifying the association type, and specifying the NTP version. One side effect of this was that the iburst option which was previously always enabled now requires it to be explicitly enabled in the config_db. Fixes sonic-net#19425. How I did it To restore the old behavior, when loading from minigraph, add "iburst": "true" for each NTP server loaded from minigraph. How to verify it Tested on a KVM setup, verified that the generated ntp.conf file had the iburst option. Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>

…19741) Why I did it In #15058, the NTP server configuration was modified to add additional options, such as conditionally enabling iburst, specifying the association type, and specifying the NTP version. One side effect of this was that the iburst option which was previously always enabled now requires it to be explicitly enabled in the config_db. Fixes #19425. How I did it To restore the old behavior, when loading from minigraph, add "iburst": "true" for each NTP server loaded from minigraph. How to verify it Tested on a KVM setup, verified that the generated ntp.conf file had the iburst option. Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>

…#19424) Why I did it In sonic-net#15058, the NTP server configuration was modified to add additional options, such as conditionally enabling iburst, specifying the association type, and specifying the NTP version. One side effect of this was that the iburst option which was previously always enabled now requires it to be explicitly enabled in the config_db. Fixes sonic-net#19425. How I did it To restore the old behavior, when loading from minigraph, add "iburst": "true" for each NTP server loaded from minigraph. How to verify it Tested on a KVM setup, verified that the generated ntp.conf file had the iburst option. Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>

Why I did it In #15058, the NTP server configuration was modified to add additional options, such as conditionally enabling iburst, specifying the association type, and specifying the NTP version. One side effect of this was that the iburst option which was previously always enabled now requires it to be explicitly enabled in the config_db. Fixes #19425. How I did it To restore the old behavior, when loading from minigraph, add "iburst": "true" for each NTP server loaded from minigraph. How to verify it Tested on a KVM setup, verified that the generated ntp.conf file had the iburst option. Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>

…#19424) Why I did it In sonic-net#15058, the NTP server configuration was modified to add additional options, such as conditionally enabling iburst, specifying the association type, and specifying the NTP version. One side effect of this was that the iburst option which was previously always enabled now requires it to be explicitly enabled in the config_db. Fixes sonic-net#19425. How I did it To restore the old behavior, when loading from minigraph, add "iburst": "true" for each NTP server loaded from minigraph. How to verify it Tested on a KVM setup, verified that the generated ntp.conf file had the iburst option. Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>

fastiuk requested review from qiluo-msft and lguohan as code owners May 13, 2023 10:12

fastiuk self-assigned this May 13, 2023

fastiuk mentioned this pull request May 13, 2023

Initial NTP HLD sonic-net/SONiC#1296

Merged

fastiuk force-pushed the dev-ntp-configuration branch 3 times, most recently from ac7c66f to 235778b Compare June 3, 2023 19:15

fastiuk closed this Jun 21, 2023

fastiuk reopened this Jun 21, 2023

fastiuk force-pushed the dev-ntp-configuration branch from 235778b to f06adf4 Compare June 21, 2023 19:43