sonic-buildimage/files/image_config/ntp/ntp-systemd-wrapper

58 lines
2.5 KiB
Plaintext
Raw Normal View History

#!/bin/sh
# This file was originally created automatically as part of default NTP application installation from debian package.
# This is now manually modified for supporting NTP in management VRF.
# When management VRF is enabled, the NTP application should be started using "ip vrf exec mgmt".
# Check has been added to verify the management VRF enabled status and use "ip vrf exec mgmt" when it is enabled.
# This file will be copied to /usr/lib/ntp/ntp-systemd-wrapper file that gets created during build process.
DAEMON=/usr/sbin/ntpd
PIDFILE=/var/run/ntpd.pid
if [ -r /etc/default/ntp ]; then
. /etc/default/ntp
fi
[202311][cherry-pick][NTP] Add NTP extended configuration (#17487) * Add NTP YANG model Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Extend NTP config generation mechanism Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Add NTP YANG nodel tests Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Add test for NTP Jinja templates Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Add ntpdate package Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Fix 'bad' when auth disabled Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * [NTP] Changed owner for ntp keys config file to root and remove read access for other. Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Fix NTP warnings after restarting the service Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Add ability to encrypt/decrypt NTP keys Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Update Configuration reference Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Fix NTP configuration template * Align the description for setting interface * Fix the usage of scoped variable Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Fix YANG model description and tests Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Align NTP test according to fixed condition Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Allow eth0 to be as source ifc without defining it Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Update sample config with NTP config Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> --------- Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com>
2023-12-21 11:45:29 -06:00
dhcp=$(/usr/local/bin/sonic-cfggen -d -v 'NTP["global"]["dhcp"]' 2> /dev/null)
if [ -e /run/ntp.conf.dhcp ] && [ "$dhcp" = "enabled" ]; then
NTPD_OPTS="$NTPD_OPTS -c /run/ntp.conf.dhcp"
fi
LOCKFILE=/run/lock/ntpdate
RUNASUSER=ntp
UGID=$(getent passwd $RUNASUSER | cut -f 3,4 -d:) || true
if test "$(uname -s)" = "Linux"; then
NTPD_OPTS="$NTPD_OPTS -u $UGID"
fi
(
flock -w 180 9
[202311][cherry-pick][NTP] Add NTP extended configuration (#17487) * Add NTP YANG model Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Extend NTP config generation mechanism Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Add NTP YANG nodel tests Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Add test for NTP Jinja templates Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Add ntpdate package Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Fix 'bad' when auth disabled Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * [NTP] Changed owner for ntp keys config file to root and remove read access for other. Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Fix NTP warnings after restarting the service Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Add ability to encrypt/decrypt NTP keys Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Update Configuration reference Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Fix NTP configuration template * Align the description for setting interface * Fix the usage of scoped variable Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Fix YANG model description and tests Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Align NTP test according to fixed condition Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Allow eth0 to be as source ifc without defining it Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Update sample config with NTP config Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> --------- Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com>
2023-12-21 11:45:29 -06:00
ntpEnabled=$(/usr/local/bin/sonic-cfggen -d -v 'NTP["global"]["admin_state"]' 2> /dev/null)
if [ "$ntpEnabled" = "disabled" ]
then
logger -p INFO -t "ntpd" "Stopping NTP daemon"
start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE
exit 0
fi
# when mgmt vrf is configured, ntp starts in mgmt vrf by default unless user configures otherwise
vrfEnabled=$(/usr/local/bin/sonic-cfggen -d -v 'MGMT_VRF_CONFIG["vrf_global"]["mgmtVrfEnabled"]' 2> /dev/null)
vrfConfigured=$(/usr/local/bin/sonic-cfggen -d -v 'NTP["global"]["vrf"]' 2> /dev/null)
if [ "$vrfEnabled" = "true" ]
then
if [ "$vrfConfigured" = "default" ]
then
[202311][cherry-pick][NTP] Add NTP extended configuration (#17487) * Add NTP YANG model Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Extend NTP config generation mechanism Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Add NTP YANG nodel tests Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Add test for NTP Jinja templates Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Add ntpdate package Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Fix 'bad' when auth disabled Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * [NTP] Changed owner for ntp keys config file to root and remove read access for other. Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Fix NTP warnings after restarting the service Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Add ability to encrypt/decrypt NTP keys Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Update Configuration reference Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Fix NTP configuration template * Align the description for setting interface * Fix the usage of scoped variable Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Fix YANG model description and tests Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Align NTP test according to fixed condition Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Allow eth0 to be as source ifc without defining it Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Update sample config with NTP config Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> --------- Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com>
2023-12-21 11:45:29 -06:00
logger -p INFO -t "ntpd" "Starting NTP server in default-vrf for default set as NTP vrf" "ntpd"
start-stop-daemon --start --quiet --oknodo --pidfile $PIDFILE --startas $DAEMON -- -p $PIDFILE $NTPD_OPTS
else
[202311][cherry-pick][NTP] Add NTP extended configuration (#17487) * Add NTP YANG model Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Extend NTP config generation mechanism Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Add NTP YANG nodel tests Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Add test for NTP Jinja templates Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Add ntpdate package Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Fix 'bad' when auth disabled Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * [NTP] Changed owner for ntp keys config file to root and remove read access for other. Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Fix NTP warnings after restarting the service Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Add ability to encrypt/decrypt NTP keys Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Update Configuration reference Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Fix NTP configuration template * Align the description for setting interface * Fix the usage of scoped variable Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Fix YANG model description and tests Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Align NTP test according to fixed condition Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Allow eth0 to be as source ifc without defining it Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Update sample config with NTP config Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> --------- Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com>
2023-12-21 11:45:29 -06:00
logger -p INFO -t "ntpd" "Starting NTP server in mgmt-vrf"
ip vrf exec mgmt start-stop-daemon --start --quiet --oknodo --pidfile $PIDFILE --startas $DAEMON -- -p $PIDFILE $NTPD_OPTS
fi
else
[202311][cherry-pick][NTP] Add NTP extended configuration (#17487) * Add NTP YANG model Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Extend NTP config generation mechanism Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Add NTP YANG nodel tests Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Add test for NTP Jinja templates Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Add ntpdate package Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Fix 'bad' when auth disabled Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * [NTP] Changed owner for ntp keys config file to root and remove read access for other. Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Fix NTP warnings after restarting the service Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Add ability to encrypt/decrypt NTP keys Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Update Configuration reference Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Fix NTP configuration template * Align the description for setting interface * Fix the usage of scoped variable Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Fix YANG model description and tests Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Align NTP test according to fixed condition Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Allow eth0 to be as source ifc without defining it Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> * Update sample config with NTP config Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com> --------- Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com>
2023-12-21 11:45:29 -06:00
logger -p INFO -t "ntpd" "Starting NTP server in default-vrf"
start-stop-daemon --start --quiet --oknodo --pidfile $PIDFILE --startas $DAEMON -- -p $PIDFILE $NTPD_OPTS
fi
) 9>$LOCKFILE