Merge ~hloeung/ntp-charm:master into ntp-charm:master

Proposed by Haw Loeung on 2019-10-28
Status: Merged
Approved by: Barry Price on 2019-10-28
Approved revision: a7058fd46f3f428d84bbf9f128c5ccaf4f3534ba
Merged at revision: 9543527ad8a294cce74cfb77be41b92a76076525
Proposed branch: ~hloeung/ntp-charm:master
Merge into: ntp-charm:master
Diff against target: 13 lines (+2/-0)
1 file modified
templates/ntp.conf (+2/-0)
Reviewer Review Type Date Requested Status
Barry Price 2019-10-28 Approve on 2019-10-28
Canonical IS Reviewers 2019-10-28 Pending
Canonical IS Reviewers 2019-10-28 Pending
Paul Gear 2019-10-28 Pending
Review via email: mp+374768@code.launchpad.net

This proposal supersedes a proposal from 2017-08-29.

Commit message

Ignore IPv6 link-local interfaces

Description of the change

Ignore IPv6 link-local interfaces

For hosts with lots of VMs (e.g. OpenStack compute nodes), this makes
ntp listen on a bunch of interfaces and restart whenever they change.

To post a comment you must log in.
Paul Gear (paulgear) wrote : Posted in a previous version of this proposal

Can you show an example of ntp restarting when these interfaces change? As I understand it, ntpd will listen when it finds a new interface, but this shouldn't require a restart.

review: Needs Information
Haw Loeung (hloeung) wrote : Posted in a previous version of this proposal

Ah, I was mis-remembering and that was ntpdate's ifup scripts that was bouncing ntpd on interface changes - LP: #1593907.

I still think this change should be landed reducing the interfaces ntpd listens on. It's not likely hosts would query ntp servers on the same network using their link-local address.

Paul Gear (paulgear) wrote : Posted in a previous version of this proposal

I'd have to look up the exact behaviour of the 'interface ignore' directive, but it may have implications for receiving replies sent to servers on such interfaces.

Haw Loeung (hloeung) wrote : Posted in a previous version of this proposal

Revisiting this:

Oct 27 21:44:51 bagon ntpd[148367]: Listen normally on 111928 qvbd9672bb7-c2 [fe80::5c2d:6eff:fea5:ccfb%641987]:123
Oct 27 21:44:51 bagon ntpd[148367]: Listen normally on 111929 tapd9672bb7-c2 [fe80::fc16:3eff:fe03:719a%641988]:123
Oct 27 21:44:51 bagon ntpd[148367]: Deleting interface #111876 qvo9c34b0d9-ce, fe80::bcb5:97ff:fe22:bf8c%641926#123, interface stats: received=0, sent=0, dropped=0, active_time=134 secs
Oct 27 21:44:51 bagon ntpd[148367]: Deleting interface #111877 qvb9c34b0d9-ce, fe80::c58:9dff:feb9:32ee%641927#123, interface stats: received=0, sent=0, dropped=0, active_time=134 secs
Oct 27 21:44:51 bagon ntpd[148367]: Deleting interface #111891 tapa2a325c3-04, fe80::fc16:3eff:fe41:bc52%641943#123, interface stats: received=0, sent=0, dropped=0, active_time=105 secs
Oct 27 21:44:51 bagon ntpd[148367]: Deleting interface #111919 tap9c34b0d9-ce, fe80::fc16:3eff:fed0:fbd6%641976#123, interface stats: received=0, sent=0, dropped=0, active_time=41 secs
Oct 27 21:44:51 bagon ntpd[148367]: new interface(s) found: waking up resolver
Oct 27 21:44:57 bagon ntpd[148367]: ./../lib/isc/unix/ifiter_getifaddrs.c:163: INSIST(ifa->ifa_name != ((void *)0)) failed
Oct 27 21:44:57 bagon ntpd[148367]: exiting (due to assertion failure)

Canonical IS Mergebot (canonical-is-mergebot) wrote : Posted in a previous version of this proposal

This merge proposal is being monitored by mergebot. Change the status to Approved to merge.

Canonical IS Mergebot (canonical-is-mergebot) wrote : Posted in a previous version of this proposal

Unable to determine commit message from repository - please click "Set commit message" and enter the commit message manually.

Haw Loeung (hloeung) wrote : Posted in a previous version of this proposal

Oct 27 22:19:26 bagon ntpd[27598]: Listen and drop on 0 v6wildcard [::]:123
Oct 27 22:19:26 bagon ntpd[27598]: Listen and drop on 1 v4wildcard 0.0.0.0:123
Oct 27 22:19:26 bagon ntpd[27598]: Listen normally on 2 lo 127.0.0.1:123
Oct 27 22:19:26 bagon ntpd[27598]: Listen normally on 3 enP5p9s0f0 10.189.0.37:123
Oct 27 22:19:26 bagon ntpd[27598]: Listen normally on 4 enP5p9s0f1 10.189.4.40:123
Oct 27 22:19:26 bagon ntpd[27598]: Listen normally on 5 qvbc2a16872-4b [fe80::6878:b2ff:feac:1e1e%178432]:123
Oct 27 22:19:26 bagon ntpd[27598]: Listen normally on 6 lo [::1]:123
Oct 27 22:19:26 bagon ntpd[27598]: Listen normally on 7 enP5p9s0f0 [fe80::9abe:94ff:fe01:4adc%2]:123
Oct 27 22:19:26 bagon ntpd[27598]: Listen normally on 8 qvo56d9a306-7c [fe80::f012:54ff:fe37:e8ed%233731]:123
Oct 27 22:19:26 bagon ntpd[27598]: Listen normally on 9 qvoe79559da-6c [fe80::f4b7:50ff:feb7:c857%69891]:123
Oct 27 22:19:26 bagon ntpd[27598]: Listen normally on 10 enP5p9s0f1 [fe80::9abe:94ff:fe01:4add%3]:123

vs.

Oct 27 22:27:54 bagon ntpd[60944]: Listen and drop on 0 v6wildcard [::]:123
Oct 27 22:27:54 bagon ntpd[60944]: Listen and drop on 1 v4wildcard 0.0.0.0:123
Oct 27 22:27:54 bagon ntpd[60944]: Listen normally on 2 lo 127.0.0.1:123
Oct 27 22:27:54 bagon ntpd[60944]: Listen normally on 3 enP5p9s0f0 10.189.0.37:123
Oct 27 22:27:54 bagon ntpd[60944]: Listen normally on 4 enP5p9s0f1 10.189.4.40:123
Oct 27 22:27:54 bagon ntpd[60944]: Listen normally on 5 lo [::1]:123
Oct 27 22:27:54 bagon ntpd[60944]: Listening on routing socket on fd #22 for interface updates

Barry Price (barryprice) wrote : Posted in a previous version of this proposal

Makes sense, +1

review: Approve
Canonical IS Mergebot (canonical-is-mergebot) wrote : Posted in a previous version of this proposal

Merge proposal is approved, but source revision has changed, setting status to needs review.

Canonical IS Mergebot (canonical-is-mergebot) wrote : Posted in a previous version of this proposal

Merge proposal is approved, but source revision has changed, setting status to needs review.

Barry Price (barryprice) wrote :

Yup

review: Approve

This merge proposal is being monitored by mergebot. Change the status to Approved to merge.

Change successfully merged at revision 9543527ad8a294cce74cfb77be41b92a76076525

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/templates/ntp.conf b/templates/ntp.conf
2index 1a38ecf..6c64ca4 100644
3--- a/templates/ntp.conf
4+++ b/templates/ntp.conf
5@@ -14,6 +14,8 @@ restrict -6 default kod notrap nomodify nopeer noquery limited
6 restrict source notrap nomodify noquery
7 restrict 127.0.0.1
8 restrict ::1
9+interface listen all
10+interface ignore fe80::/10
11
12 {%- if is_container == 1 %}
13 # running in a container - time adjustments disabled

Subscribers

People subscribed via source and target branches