Don't restart ntpsec if the mgmt address gets a DHCP response

For setups where the mgmt interface address is assigned by a DHCP
server, don't restart ntpsec in those cases with any NTP information
received by the DHCP server. For SONiC, NTP configuration is (currently)
separate from any information received from DHCP. In addition, if this
happens at bootup time, there's a chance of a deadlock within systemctl
happening.

Fixes #17114.

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>

files/build_templates/sonic_debian_extension.j2

@@ -377,6 +377,7 @@ echo "ntp-config.service" | sudo tee -a $GENERATED_SERVICE_FILE
 sudo cp $IMAGE_CONFIGS/ntp/ntp-config.sh $FILESYSTEM_ROOT/usr/bin/
 sudo cp $IMAGE_CONFIGS/ntp/ntp.conf.j2 $FILESYSTEM_ROOT_USR_SHARE_SONIC_TEMPLATES/
 sudo cp $IMAGE_CONFIGS/ntp/ntp-systemd-wrapper $FILESYSTEM_ROOT/usr/libexec/ntpsec/
+sudo cp $IMAGE_CONFIGS/ntp/ntpsec.default $FILESYSTEM_ROOT_ETC/default/ntpsec
 sudo mkdir $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM/ntpsec.service.d
 sudo cp $IMAGE_CONFIGS/ntp/sonic-target.conf $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM/ntpsec.service.d/
 echo "ntpsec.service" | sudo tee -a $GENERATED_SERVICE_FILE

files/image_config/ntp/ntpsec.default

@@ -0,0 +1,10 @@
+NTPD_OPTS="-x -N"
+
+# Set to "yes" to ignore DHCP servers returned by DHCP.
+# For SONiC, NTP configuration is separate from DHCP responses on the mgmt port.
+IGNORE_DHCP="yes"
+
+# If you use certbot to obtain a certificate for ntpd, provide its name here.
+# The ntpsec deploy hook for certbot will handle copying and permissioning the
+# certificate and key files.
+NTPSEC_CERTBOT_CERT_NAME=""