CP-54471 Configure Dom0 NTP via XAPI

[changlei-li]

New filed: host.ntp_mode, host.ntp_custom_servers
New API: host.set_ntp_mode, host.set_ntp_custom_servers, host.get_ntp_mode, host.get_ntp_custom_servers.

ntp_mode_dhcp: In this mode, ntp uses the dhcp assigned ntp servers as sources. In Dom0, dhclient triggers chrony.sh to update the ntp servers when network event happens. It writes ntp servers to /run/chrony-dhcp/$interface.sources and the dir /run/chrony-dhcp is included in chrony.conf. The dhclient also stores dhcp lease in /var/lib/xcp/dhclient-$interface.leases, see https://github.com/xapi-project/xen-api/blob/v25.31.0/ocaml/networkd/lib/network_utils.ml#L925. When switch ntp mode to dhcp, XAPI checks the lease file and finds ntp server then fills chrony-dhcp file. The exec permission of chrony.sh is added. When swith ntp mode from dhcp to others, XAPI removes the chrony-dhcp files and the exec permission of chrony.sh. The operation is same with xsconsole https://github.com/xapi-project/xsconsole/blob/v11.1.1/XSConsoleData.py#L593. In this feature, xsconsole will change to use XenAPI to manage ntp later to avoid conflict.

ntp_mode_custom: In this mode, ntp uses host.ntp_custom_servers as sources. This is implemented by changing chrony.conf and restart chronyd. host.ntp_custom_servers is set by the user.

ntp_mode_default: In this mode, ntp uses default-ntp-servers in XAPI config file.

The dbsync, more APIs about NTP will be in following PRs.

[changlei-li]

Examles:

# xe host-param-set uuid=46a671ce-65f2-4dd4-a61a-75ff6f1274b1 ntp-custom-servers=time.apple.org,3.xenserver.pool.ntp.org
# xe host-param-get uuid=46a671ce-65f2-4dd4-a61a-75ff6f1274b1 param-name=ntp-custom-servers 
time.apple.org, 3.xenserver.pool.ntp.org
# xe host-param-set uuid=46a671ce-65f2-4dd4-a61a-75ff6f1274b1 ntp-mode=ntp_mode_custom
# chronyc sources
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^? web1.articlecontent.com       0   7     0     -     +0ns[   +0ns] +/-    0ns
^* nu.binary.net                 2   6    17     8    +79us[ +488us] +/-   51ms
# cat /etc/chrony.conf | grep ^server
server time.apple.org iburst
server 3.xenserver.pool.ntp.org iburst
# chronyc sources
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* mia03-controller              5   6    17    10  -2801ns[  -23us] +/-   34ms
# xe host-param-set uuid=46a671ce-65f2-4dd4-a61a-75ff6f1274b1 ntp-mode=ntp_mode_default
# chronyc sources
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* owners.kjsl.com               2   6     7     2   +232us[+3998us] +/-   37ms
^+ 23.157.160.168                2   6    17     0  -1998us[-1998us] +/-   50ms
^+ vps-4e90522b.vps.ovh.us       2   6     7     2  +5279us[+9045us] +/-   73ms
^+ ntp.shastacoe.net             2   6     7     2  -2803us[ +963us] +/-   61ms

[edwintorok]

# xe host-param-set uuid=46a671ce-65f2-4dd4-a61a-75ff6f1274b1 ntp-custom-servers=time.apple.org,3.xenserver.pool.ntp.org

Did you mean time.apple.com instead of time.apple.org? Both exist, but I think only the former is a time server and owned by Apple.

[psafont]

Usually scripts are added to the list of requited commands in ocaml/idl so xapi will refuse to run if any of them are missing. Is there any reason this shouldn't be the case here?

[changlei-li]

Thanks. I am not aware of this. Let me check.

[robhoes]

You mean xapi_globs.ml right?

[psafont]

Is it possible to use /etc/chrony.conf.d/99-xapi.conf instead? we don't want a situation where installing a new verison of the package overwrites the values that the user has set

[changlei-li]

For Dom0 system, it is suggested to use xapi manage the service if xapi has the API. If there is the case that the user configures chrony via ssh to Dom0 and modify the chrony.conf directly, then it is designed to overwrite it. For example, use ntp_mode_dhcp will remove all the server items in chrony.conf, even added by the user.
And it is designed in dbsync when XAPI starts (in following PRs), will read the chrony.conf and chrony.sh to sync the host.ntp_mode and host.ntp_custom_servers. The dbsync will aslo resolve the upgrade case.
I think using /etc/chrony.conf here is OK. (Also follow the current xsconsole behavior).

[psafont]

If there is the case that the user configures chrony via ssh to Dom0 and modify the chrony.conf directly

This is not the situation I'm exposing, I'm talking about the case where a user has used xapi to configure chrony.conf, and later a chrony rpm installs a new chrony.conf and overwrites the current contents of the file, maybe because whoever releases the new version of chrony is not aware that users can use xapi to change the contents of chrony.conf

Please use the custom /etc/chrony.conf.d/99-xapi.conf to avoid future problems

[changlei-li]

I understand now. But you know, in the existing Dom0 system, many other components cooperate to handle the rpm install, update, host upgrade to keep Dom0 running. It's not easy to change the convention.

[changlei-li]

I can try to make the path configurable in xapi config, then you have chance to replace it with another path.

[psafont]

That's why I asked? the convention is usually to load configuration from /etc/SERVICE.conf and /etc/SERVICE.conf.d/*

[edwintorok]

How about Active Directory? IIUC that relies on a working clock synchronization with the AD servers (which may be out of sync with NTP, e.g. we've had situations where they were 30m off).
So if AD is enabled should we have a mode where we automatically set the host to sync with the AD server? (although the problem might be that there are multiple AD servers, and their clocks aren't synchronized between them, but that is something the AD admins should fix if XS detects/reports it).