Commit f34f7abc authored by Mike Hibler's avatar Mike Hibler

Tweaks to get NTP working again.

Somewhere around fedora10, our ntp.conf file was causing ntp1.emulab.net
to no longer be able to update the clock on nodes.  Needed to un-restrict
access from that server.

Also, we were not going through our ntpd startup for f10 nodes.
parent 9712e5bd
#!/usr/bin/perl -w
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2007 University of Utah and the Flux Group.
# Copyright (c) 2000-2009 University of Utah and the Flux Group.
# All rights reserved.
#
use English;
......@@ -156,6 +156,14 @@ open(NEW, "> $newfile")
open(NTP, "< $ntpfile")
or fatal("Could not open $ntpfile: $!");
#
# Some of our ntp.conf templates restrict modifications by remote hosts.
# We need to recognize this case and explicitly allow modifications by
# our designated servers/peers.
#
my $needrestrict = 0;
my %restricts = ();
while (<NTP>) {
chomp();
SWITCH1: {
......@@ -173,6 +181,14 @@ while (<NTP>) {
/^driftfile[\s]*(\/.*)$/ && do {
$driftfile = $1;
};
/^restrict\s+default\s+noserve$/ && do {
$needrestrict = 1;
};
# Make a note if there were restrict lines
/^restrict\s+(\S+)$/ && do {
$restricts{$1} = 1;
};
print NEW "$_\n";
}
}
......@@ -186,11 +202,19 @@ foreach my $line (@ntpinfo) {
SWITCH1: {
/^PEER=(.*)$/ && do {
print NEW "peer $1\n";
my $peer = $1;
if ($needrestrict && !$restricts{$peer}) {
print NEW "restrict $peer\n";
}
print NEW "peer $peer\n";
last SWITCH1;
};
/^SERVER=(.*)$/ && do {
print NEW "server $1\n";
my $server = $1;
if ($needrestrict && !$restricts{$server}) {
print NEW "restrict $server\n";
}
print NEW "server $server\n";
last SWITCH1;
};
/^DRIFT=(.*)$/ && do {
......
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2005, 2007 University of Utah and the Flux Group.
# Copyright (c) 2000-2005, 2007, 2009 University of Utah and the Flux Group.
# All rights reserved.
#
......@@ -49,6 +49,7 @@ frisbee-mfs-install: baselinux-frisbee-mfs-install
simple-install: common-install script-install bin-install
dir-install:
$(INSTALL) -m 755 -o root -g root -d $(SYSETCDIR)/init.d
baselinux-%: dir-install
(cd ../linux; $(MAKE) DESTDIR=$(DESTDIR) $(subst baselinux-,,$@))
......@@ -68,6 +69,7 @@ etc-install: dir-install sysetc-remove sysetc-install
sysetc-install: ifcfgs dir-install
$(INSTALL) -m 644 $(SRCDIR)/ntp.conf $(SYSETCDIR)/ntp.conf
$(INSTALL) -m 755 $(SRCDIR)/ntpd $(SYSETCDIR)/init.d/ntpd
$(INSTALL) -m 644 $(SRCDIR)/ifcfg-eth99 $(SYSETCDIR)/sysconfig/network-scripts
$(INSTALL) -m 644 ifcfg-eth[0-9]* $(SYSETCDIR)/sysconfig/network-scripts
......
......@@ -8,47 +8,6 @@ restrict -6 default noserve
restrict 127.0.0.1
restrict -6 ::1
# -- CLIENT NETWORK -------
# Permit systems on this network to synchronize with this
# time service. Do not permit those systems to modify the
# configuration of this service. Also, do not use those
# systems as peers for synchronization.
# restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap
# --- OUR TIMESERVERS -----
# or remove the default restrict line
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
# restrict mytrustedtimeserverip mask 255.255.255.255 nomodify notrap noquery
# server mytrustedtimeserverip
# --- NTP MULTICASTCLIENT ---
#multicastclient # listen on default 224.0.1.1
# restrict 224.0.1.1 mask 255.255.255.255 notrust nomodify notrap
# restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap
# --- GENERAL CONFIGURATION ---
#
# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available. The
# default stratum is usually 3, but in this case we elect to use stratum
# 0. Since the server line does not have the prefer keyword, this driver
# is never used for synchronization, unless no other other
# synchronization source is available. In case the local host is
# controlled by some external source, such as an external oscillator or
# another protocol, the prefer keyword would cause the local host to
# disregard all other synchronization sources, unless the kernel
# modifications are in use and declare an unsynchronized condition.
#
#server 127.127.1.0 # local clock
#fudge 127.127.1.0 stratum 10
#
# Drift file. Put this in a directory which the daemon can write to.
# No symbolic links allowed, either, since the daemon updates the file
......@@ -58,22 +17,6 @@ restrict -6 ::1
driftfile /var/lib/ntp/drift
broadcastdelay 0.008
#
# Authentication delay. If you use, or plan to use someday, the
# authentication facility you should make the programs in the auth_stuff
# directory and figure out what this number should be on your machine.
#
#authenticate yes
#
# Keys file. If you want to diddle your server at run time, make a
# keys file (mode 600 for sure) and define the key number to be
# used for making requests.
#
# PLEASE DO NOT USE THE DEFAULT VALUES HERE. Pick your own, or remote
# systems might be able to reset your clock at will. Note also that
# ntpd is started with a -A flag, disabling authentication, that
# will have to be removed as well.
#
#keys /etc/ntp/keys
# Permit all access from the Emulab server
restrict ntp1.emulab.net
server ntp1.emulab.net
#!/bin/bash
#
# ntpd This shell script takes care of starting and stopping
# ntpd (NTPv4 daemon).
#
# chkconfig: - 58 74
# description: ntpd is the NTPv4 daemon. \
# The Network Time Protocol (NTP) is used to synchronize the time of \
# a computer client or server to another server or reference time source, \
# such as a radio or satellite receiver or modem.
### BEGIN INIT INFO
# Provides: ntpd
# Required-Start: $network $local_fs $remote_fs
# Required-Stop: $network $local_fs $remote_fs
# Should-Start: $syslog $named ntpdate
# Should-Stop: $syslog $named
# Short-Description: start and stop ntpd
# Description: ntpd is the NTPv4 daemon. The Network Time Protocol (NTP)
# is used to synchronize the time of a computer client or
# server to another server or reference time source, such
# as a radio or satellite receiver or modem.
### END INIT INFO
# Source function library.
. /etc/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
prog=ntpd
lockfile=/var/lock/subsys/$prog
# Emulab changes
NTPD=$prog
if [ -f /etc/emulab/paths.sh ]; then
. /etc/emulab/paths.sh
if [ -x $BINDIR/ntpstart ]; then
NTPD="--check ntpd $BINDIR/ntpstart /usr/sbin/ntpd";
fi
fi
start() {
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 1
[ -x /usr/sbin/ntpd ] || exit 5
[ -f /etc/sysconfig/ntpd ] || exit 6
. /etc/sysconfig/ntpd
# Start daemons.
echo -n $"Starting $prog: "
daemon $NTPD $OPTIONS
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch $lockfile
return $RETVAL
}
stop() {
echo -n $"Shutting down $prog: "
killproc $prog
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f $lockfile
return $RETVAL
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status $prog
;;
restart|force-reload)
stop
start
;;
try-restart|condrestart)
if status $prog > /dev/null; then
stop
start
fi
;;
reload)
exit 3
;;
*)
echo $"Usage: $0 {start|stop|status|restart|try-restart|force-reload}"
exit 2
esac
#!/usr/bin/perl -w
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2007 University of Utah and the Flux Group.
# Copyright (c) 2000-2007, 2009 University of Utah and the Flux Group.
# All rights reserved.
#
use English;
......@@ -23,7 +23,8 @@ my $LOGDIR = "/var/log";
my $RUNDIR = "/var/run";
my $HISTORY = ".bash_history";
my $MAILFILE = "/var/spool/mail/root";
my $NTPDRIFT = "/etc/ntp/drift";
my $NTPDRIFT1 = "/etc/ntp/drift";
my $NTPDRIFT2 = "/var/lib/ntp/drift";
my $SFSUSERS = "/etc/sfs/sfs_users";
my $SFSHOSTKEY = "/etc/sfs/sfs_host_key";
my $VARACCTDIR = "/var/account";
......@@ -240,10 +241,14 @@ if ( -f $IFTAB ) {
# so set it to zero instead. Not ideal, but at least the clock will
# stabilize eventually this way.
#
print "Resetting drift in $NTPDRIFT ...\n";
if (-f $NTPDRIFT) {
open(DRIFT, ">$NTPDRIFT") or
die("Could not open $NTPDRIFT: $!");
print "Resetting NTP drift ...\n";
my $driftfile = $NTPDRIFT1;
if (! -f $driftfile) {
$driftfile = $NTPDRIFT2;
}
if (-f $driftfile) {
open(DRIFT, ">$driftfile") or
die("Could not open $driftfile: $!");
print DRIFT "0\n";
close(DRIFT);
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment