Ovirt devel - Apr 2008 - [PATCH] fix ntp for the managed node and add ntp to default dhcp for dev app

ntpdate on the hosts only runs if there is something in
/etc/ntp/step-tickers.  The managed node doesn't have anything in there
presently.  If ntpdate doesn't run at startup, ntpd may refuse to
synchronize with ntp servers if the time differential is too great.  If
clocks are not synchronized, kerberos fails which in turn makes libvirt
comms fail.

This patch adds dhclient exit hooks capability for setting step-tickers
using the dhcp ntp-servers field.  In addition ovirtbr0 has PEERNTP set
which enables /etc/ntp.conf setting.

For the developer setup, the dev wui host has dhcp set to send option
ntp-servers so that nodes can get it as their ntp server (since nodes
can't access the outside world)

Signed-off-by: Perry Myers <pmyers at redhat.com>

diff --git a/ovirt-host-creator/common-post.ks
b/ovirt-host-creator/common-post.ks
index a387bdf..6ebfe2c 100644
--- a/ovirt-host-creator/common-post.ks
+++ b/ovirt-host-creator/common-post.ks
@@ -44,7 +44,7 @@ libvirt-auth-method'
             BRIDGE=ovirtbr`echo $eth | cut -b4-`
             echo -e "DEVICE=$eth\nONBOOT=yes\nBRIDGE=$BRIDGE" \
              > /etc/sysconfig/network-scripts/ifcfg-$eth
-            echo -e
"DEVICE=$BRIDGE\nBOOTPROTO=dhcp\nONBOOT=yes\nTYPE=Bridge" \
+            echo -e
"DEVICE=$BRIDGE\nBOOTPROTO=dhcp\nONBOOT=yes\nTYPE=Bridge\nPEERNTP=yes"
\
              > /etc/sysconfig/network-scripts/ifcfg-$BRIDGE
            printf 'DHCLIENTARGS="-R %s"\n' $(printf
"$dhcp_options"|tr '\n' ,)\
              >> /etc/sysconfig/network-scripts/ifcfg-$BRIDGE
@@ -136,6 +136,12 @@ if [ -n "$new_libvirt_auth_method" ]; then
         fi
     fi
 fi
+
+if [ -n "$new_ntp_servers" ]; then
+    for ntp_server in $new_ntp_servers; do
+        echo "$ntp_server" >> /etc/ntp/step-tickers
+    done
+fi
 EOF
 chmod +x /etc/dhclient-exit-hooks
 
diff --git a/wui-appliance/devel-post.ks b/wui-appliance/devel-post.ks
index 3f03dbb..77ab16d 100644
--- a/wui-appliance/devel-post.ks
+++ b/wui-appliance/devel-post.ks
@@ -23,6 +23,7 @@ option libvirt-auth-method code 202 = text;
 subnet 192.168.50.0 netmask 255.255.255.0 {
         option domain-name "priv.ovirt.org";
         option domain-name-servers 192.168.50.2;
+        option ntp-servers 192.168.50.2;
         next-server 192.168.50.2;
         option routers 192.168.50.1;
         option libvirt-auth-method "krb5:192.168.50.2:8089/config";

On Thu, Apr 03, 2008 at 08:13:01PM -0400, Perry N. Myers
wrote:
> ntpdate on the hosts only runs if there is something in
> /etc/ntp/step-tickers.  The managed node doesn't have anything in there
> presently.  If ntpdate doesn't run at startup, ntpd may refuse to
> synchronize with ntp servers if the time differential is too great.  If
> clocks are not synchronized, kerberos fails which in turn makes libvirt
> comms fail.
> 
> This patch adds dhclient exit hooks capability for setting step-tickers
> using the dhcp ntp-servers field.  In addition ovirtbr0 has PEERNTP set
> which enables /etc/ntp.conf setting.
> 
> For the developer setup, the dev wui host has dhcp set to send option
> ntp-servers so that nodes can get it as their ntp server (since nodes
> can't access the outside world)
> 
> Signed-off-by: Perry Myers <pmyers at redhat.com>
> 
> diff --git a/ovirt-host-creator/common-post.ks
b/ovirt-host-creator/common-post.ks
> index a387bdf..6ebfe2c 100644
> --- a/ovirt-host-creator/common-post.ks
> +++ b/ovirt-host-creator/common-post.ks
> @@ -44,7 +44,7 @@ libvirt-auth-method'
>              BRIDGE=ovirtbr`echo $eth | cut -b4-`
>              echo -e "DEVICE=$eth\nONBOOT=yes\nBRIDGE=$BRIDGE" \
>               > /etc/sysconfig/network-scripts/ifcfg-$eth
> -            echo -e
"DEVICE=$BRIDGE\nBOOTPROTO=dhcp\nONBOOT=yes\nTYPE=Bridge" \
> +            echo -e
"DEVICE=$BRIDGE\nBOOTPROTO=dhcp\nONBOOT=yes\nTYPE=Bridge\nPEERNTP=yes"
\
>               > /etc/sysconfig/network-scripts/ifcfg-$BRIDGE
>             printf 'DHCLIENTARGS="-R %s"\n' $(printf
"$dhcp_options"|tr '\n' ,)\
>               >> /etc/sysconfig/network-scripts/ifcfg-$BRIDGE
> @@ -136,6 +136,12 @@ if [ -n "$new_libvirt_auth_method" ]; then
>          fi
>      fi
>  fi
> +
> +if [ -n "$new_ntp_servers" ]; then
> +    for ntp_server in $new_ntp_servers; do
> +        echo "$ntp_server" >> /etc/ntp/step-tickers
> +    done
> +fi
>  EOF
>  chmod +x /etc/dhclient-exit-hooks
>  
> diff --git a/wui-appliance/devel-post.ks b/wui-appliance/devel-post.ks
> index 3f03dbb..77ab16d 100644
> --- a/wui-appliance/devel-post.ks
> +++ b/wui-appliance/devel-post.ks
> @@ -23,6 +23,7 @@ option libvirt-auth-method code 202 = text;
>  subnet 192.168.50.0 netmask 255.255.255.0 {
>          option domain-name "priv.ovirt.org";
>          option domain-name-servers 192.168.50.2;
> +        option ntp-servers 192.168.50.2;
>          next-server 192.168.50.2;
>          option routers 192.168.50.1;
>          option libvirt-auth-method
"krb5:192.168.50.2:8089/config";
Very cool... ACK

Perry N. Myers wrote:
> ntpdate on the hosts only runs if there is something in
> /etc/ntp/step-tickers.  The managed node doesn't have anything in there
> presently.  If ntpdate doesn't run at startup, ntpd may refuse to
> synchronize with ntp servers if the time differential is too great.  If
> clocks are not synchronized, kerberos fails which in turn makes libvirt
> comms fail.
> 
> This patch adds dhclient exit hooks capability for setting step-tickers
> using the dhcp ntp-servers field.  In addition ovirtbr0 has PEERNTP set
> which enables /etc/ntp.conf setting.
> 
> For the developer setup, the dev wui host has dhcp set to send option
> ntp-servers so that nodes can get it as their ntp server (since nodes
> can't access the outside world)
This one is a no-brainer.  I'm just surprised there isn't a more
"standard" way
to do it with the ifcfg scripts, but doing it in an exit-hook is fine, since we
don't need an additional dhcp option.

ACK

Chris Lalancette