[systemd-devel] Upstream service file for NTP daemon chrony

Paul Menzel paulepanter at users.sourceforge.net
Sun Jul 1 04:27:18 PDT 2012 

Dear systemd folks,


Am Samstag, den 30.06.2012, 01:00 +0200 schrieb Paul Menzel:

> Am Freitag, den 22.06.2012, 11:57 +0200 schrieb Paul Menzel:
> 
> > Fedora ships systemd service files for chrony [1][2].
> > 
> > • chrony-wait.service:
> > 
> >    1 [Unit]
> >    2 Description=Wait for chrony to synchronize system clock
> >    3 After=chronyd.service
> >    4 Requires=chronyd.service
> >    5 Before=time-sync.target
> >    6 Wants=time-sync.target
> >    7 
> >    8 [Service]
> >    9 Type=oneshot
> >   10 # Wait up to ~10 minutes for chronyd to synchronize and the remaining
> >   11 # clock correction to be less than 0.1 seconds
> >   12 ExecStart=/usr/bin/chronyc waitsync 60 0.1
> >   13 RemainAfterExit=yes
> >   14 
> >   15 [Install]
> >   16 WantedBy=multi-user.target
> > 
> > • chronyd.service:
> > 
> >    1 [Unit]
> >    2 Description=NTP client/server
> >    3 After=syslog.target ntpdate.service
> >    4 Conflicts=ntpd.service
> >    5 BindTo=systemd-timedated-ntp.target
> >    6 
> >    7 [Service]
> >    8 Type=forking
> >    9 EnvironmentFile=-/etc/sysconfig/chronyd
> >   10 ExecStartPre=/usr/libexec/chrony-helper generate-commandkey
> >   11 ExecStart=/usr/sbin/chronyd -u chrony $OPTIONS
> >   12 ExecStartPost=/usr/libexec/chrony-helper add-dhclient-servers
> >   13 
> >   14 [Install]
> >   15 WantedBy=multi-user.target
> > 
> > Do these look good enough to get upstream? `systemd-arch-units` refused
> > a pull request [3].
> 
> It was pointed out that the service files above are very Fedora
> specific. Mantas pointed out that Arch Linux now ships unit files
> directly [4]
> 
>         [Unit]
>         Description=Chrony Network Time Daemon
>         
>         [Service]
>         Type=forking
>         ExecStart=/usr/sbin/chronyd
>         PIDFile=/var/run/chronyd.pid
>         
>         [Install]
>         WantedBy=multi-user.target
> 
> and therefore the pull request above was rejected. Furthermore David had
> some great ideas whose result is quite similar to the service file in
> Arch Linux.
> 
>         [Unit]
>         Description=Chrony Network Time Daemon
>         After=nss-lockup.target syslog.target
> 
>         [Service]
>         ExecStart=/usr/sbin/chronyd -n
> 
>         [Install]
>         WantedBy=multi-user.target
> 
> David suggested that a separate system user could be used for this
> daemon too and systemd should do this.
> 
> But it looks like that Arch Linux or Debian assume `chronyd` is run as
> `root` and do not set up devices or certain files for time setting to be
> used by a different user than root.
> 
> Additionally `After=nss-lockup.target` should be set, so that the NTP
> daemon actually finds a NTP server.
> 
> And lastly, in the directory `units/` of the systemd source tree
> contains `time-sync.target` and the Fedora services use that too. But
> reading the manual of systemd.special, my take on this is this is just a
> compatibility file and should not be used in a systemd service file.
> 
> So does the last service file look reasonable and should be used for
> upstream inclusion?

Another problem, upstream cannot decide and each distribution has to, is
that when chronyd starts it starts as offline. I have not found a way to
start the daemon as online.

Therefore normally some kind of init.d script is run to read the
password from `/etc/chrony/chrony.keys` (in Debian) and to execute the
client `chronyc` and passes the command online to put the NTP server
sources online [5].

I do not know how Arch Linux is doing this, but in their Wiki suggests
to put some scripts under `/etc/NetworkManager/dispatcher.d/`
NetworkManager can execute when an interface goes up or down [6].

Under Debian NetworkManager ships a compatibility script to run scripts
`/etc/network/if-{up,down}.d/` and I successfully put some scripts in
there to put chrony online or offline.

But these are some problems I see that upstreaming unit files which all
distributions can use will be difficult.


Thanks,

Paul


> > [1] http://pkgs.fedoraproject.org/gitweb/?p=chrony.git;a=blob;f=chrony-wait.service;h=3958160098eae926aaf7136d7b5b8bab42a6aa35;hb=HEAD
> > [2] http://pkgs.fedoraproject.org/gitweb/?p=chrony.git;a=blob;f=chronyd.service;h=167332e37511f19019aabc32f82a47ef80656cd5;hb=HEAD
> > [3] https://github.com/falconindy/systemd-arch-units/issues/98
> [4] https://projects.archlinux.org/svntogit/community.git/tree/trunk/service?h=packages/chrony
[5] http://chrony.tuxfamily.org/manual.html#Usage-reference
[6] https://wiki.archlinux.org/index.php/Chrony#Using_NetworkManager_to_let_chronyd_go_online
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20120701/56aaab0b/attachment.pgp>

More information about the systemd-devel mailing list