NTP/PTP by default on Azure/AWS/GCP

.github/workflows/portage-stable-packages-list

@@ -424,6 +424,7 @@ net-libs/nghttp2
 net-libs/rpcsvc-proto
 
 net-misc/bridge-utils
+net-misc/chrony
 net-misc/curl
 net-misc/ethertypes
 net-misc/iperf

changelog/changes/2024-03-28-ntp-chrony.md

@@ -0,0 +1,3 @@
+- Enabled ntpd by default on AWS & GCP, enabled chronyd by default on Azure. The native time sync source is used on each cloud. ([scripts#1792](https://github.com/flatcar/scripts/pull/1792))
+- Enabled the ptp_vmw module in the kernel.
+- Switched ptp_kvm from kernel builtin to module.

sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-9999.ebuild

@@ -10,7 +10,7 @@ CROS_WORKON_REPO="https://github.com"
 if [[ "${PV}" == 9999 ]]; then
 	KEYWORDS="~amd64 ~arm ~arm64 ~x86"
 else
-	CROS_WORKON_COMMIT="7e30bf5baa1abc5113024f2238d9c235aedaf62e" # flatcar-master
+	CROS_WORKON_COMMIT="32982439c691b6de6446f82b8713edb09451d97b" # flatcar-master
 	KEYWORDS="amd64 arm arm64 x86"
 fi
 

sdk_container/src/third_party/coreos-overlay/coreos-base/misc-files/files/ntp/ntp.conf

@@ -10,6 +10,14 @@
 # Common pool for random people
 #server pool.ntp.org
 
+# AWS Time Sync Service.
+server 169.254.169.123 prefer iburst minpoll 4 maxpoll 4
+# AWS Time Sync Service IPv6:
+server fd00:ec2::123 prefer iburst minpoll 4 maxpoll 4
+
+# GCP NTP Service
+server metadata.google.internal prefer iburst
+
 # Pools for Flatcar users
 server 0.flatcar.pool.ntp.org
 server 1.flatcar.pool.ntp.org

sdk_container/src/third_party/coreos-overlay/coreos-base/oem-ami/oem-ami-3.2.985.0.ebuild → sdk_container/src/third_party/coreos-overlay/coreos-base/oem-ami/oem-ami-3.2.985.0-r1.ebuild

@@ -30,4 +30,5 @@ src_install() {
 	insinto "$(systemd_get_systemunitdir)/multi-user.target.d"
 	doins "${FILESDIR}/10-oem-ami.conf"
 
+	systemd_enable_service multi-user.target ntpd.service
 }

sdk_container/src/third_party/coreos-overlay/coreos-base/oem-azure/files/chrony-hyperv.conf

@@ -0,0 +1,4 @@
+# This should only be used when chronyd is configured to use the /dev/ptp_hyperv device
+[Unit]
+Wants=dev-ptp_hyperv.device
+After=dev-ptp_hyperv.device

sdk_container/src/third_party/coreos-overlay/coreos-base/oem-azure/files/chrony.conf

@@ -0,0 +1,65 @@
+# CLOUD_IMG: This file was created/modified by the Cloud Image build process
+# Welcome to the chrony configuration file. See chrony.conf(5) for more
+# information about usable directives.
+
+# Include configuration files found in /etc/chrony/conf.d.
+confdir /etc/chrony/conf.d
+
+# This will use (up to):
+# - 2 sources from 2.ubuntu.pool.ntp.org which is ipv6 enabled as well
+# - 1 source from [013].ubuntu.pool.ntp.org each (ipv4 only atm)
+# This means by default, up to 2 dual-stack and up to 3 additional IPv4-only
+# sources will be used.
+# At the same time it retains some protection against one of the entries being
+# down (compare to just using one of the lines).
+#
+# See http://www.pool.ntp.org/join.html for more information.
+#pool 0.flatcar.pool.ntp.org iburst maxsources 1
+#pool 1.flatcar.pool.ntp.org iburst maxsources 1
+#pool 2.flatcar.pool.ntp.org iburst maxsources 2
+#pool 3.flatcar.pool.ntp.org iburst maxsources 1
+
+# Use time sources from DHCP.
+sourcedir /run/chrony-dhcp
+
+# Use NTP sources found in /etc/chrony/sources.d.
+sourcedir /etc/chrony/sources.d
+
+# This directive specify the location of the file containing ID/key pairs for
+# NTP authentication.
+#keyfile /etc/chrony/chrony.keys
+
+# This directive specify the file into which chronyd will store the rate
+# information.
+driftfile /var/lib/chrony/chrony.drift
+
+# Save NTS keys and cookies.
+ntsdumpdir /var/lib/chrony
+
+# Uncomment the following line to turn logging on.
+#log tracking measurements statistics
+
+# Log files location.
+#logdir /var/log/chrony
+
+# Stop bad estimates upsetting machine clock.
+maxupdateskew 100.0
+
+# This directive enables kernel synchronisation (every 11 minutes) of the
+# real-time clock. Note that it can't be used along with the 'rtcfile' directive.
+rtcsync
+
+# Step the system clock instead of slewing it if the adjustment is larger than
+# one second, but only in the first three clock updates.
+makestep 1.0 -1
+
+# Get TAI-UTC offset and leap seconds from the system tz database.
+# This directive must be commented out when using time sources serving
+# leap-smeared time.
+leapsectz right/UTC
+
+# Azure hosts are synchronized to internal Microsoft time servers
+# that take their time from Microsoft-owned Stratum 1 devices.
+# The Hyper-V drivers surface this time source as a PTP-based
+# time source in the guest. This configures chrony to use it.
+refclock PHC /dev/ptp_hyperv poll 3 dpoll -2 offset 0 stratum 2

sdk_container/src/third_party/coreos-overlay/coreos-base/oem-azure/files/etc-chrony.conf

@@ -0,0 +1,3 @@
+d /etc/chrony 0755 root root  - -
+d /etc/chrony/conf.d 0755 root root - -
+L /etc/chrony/chrony.conf - - - - ../../usr/share/oem-azure/chrony.conf

sdk_container/src/third_party/coreos-overlay/coreos-base/oem-azure/files/manglefs.sh

@@ -18,5 +18,5 @@ ln -sf /usr/bin/true "${rootfs}/usr/bin/eject"
 # At runtime we need the agent to write systemd.service to /etc but during
 # package creation it needs to be /usr/lib. waagent uses the same function in
 # both cases, so mangle manually.
-mkdir -p "${rootfs}"/usr/lib/systemd
-mv "${rootfs}"/{etc,usr/lib}/systemd/system
+mkdir -p "${rootfs}"/usr/lib/systemd/system
+cp -a "${rootfs}"/{etc,usr/lib}/systemd/system/.

sdk_container/src/third_party/coreos-overlay/coreos-base/oem-azure/files/var-chrony.conf

@@ -0,0 +1 @@
+d /var/lib/chrony 0770 ntp ntp - -

sdk_container/src/third_party/coreos-overlay/coreos-base/oem-azure/oem-azure-2.9.1.1-r1.ebuild → sdk_container/src/third_party/coreos-overlay/coreos-base/oem-azure/oem-azure-2.9.1.1-r2.ebuild

@@ -3,6 +3,8 @@
 
 EAPI=8
 
+inherit systemd tmpfiles
+
 DESCRIPTION="OEM suite for Azure"
 HOMEPAGE="https://azure.microsoft.com/"
 SRC_URI=""
@@ -14,7 +16,20 @@ IUSE=""
 
 RDEPEND="
   ~app-emulation/wa-linux-agent-${PV}
+  net-misc/chrony
 "
 
 # for coreos-base/common-oem-files
 OEM_NAME="Microsoft Azure"
+
+S="${WORKDIR}"
+
+src_install() {
+	systemd_enable_service multi-user.target chronyd.service
+	insinto "$(systemd_get_systemunitdir)"/chronyd.service.d
+	doins "${FILESDIR}"/chrony-hyperv.conf
+	dotmpfiles "${FILESDIR}"/var-chrony.conf
+	dotmpfiles "${FILESDIR}"/etc-chrony.conf
+	insinto /usr/share/${PN}
+	doins "${FILESDIR}"/chrony.conf
+}

sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/oem-gce-20180823-r6.ebuild → sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/oem-gce-20180823-r7.ebuild

@@ -30,6 +30,7 @@ src_install() {
     systemd_dounit "${FILESDIR}/units/oem-gce-enable-oslogin.service"
     systemd_dounit "${FILESDIR}/units/setup-oem.service"
     systemd_install_dropin "multi-user.target" "${FILESDIR}/units/10-oem-gce.conf"
+    systemd_enable_service "multi-user.target" "ntpd.service"
 
     dobin "${FILESDIR}/bin/enable-oslogin"
     dobin "${FILESDIR}/bin/init.sh"

sdk_container/src/third_party/coreos-overlay/coreos-devel/board-packages/board-packages-0.0.1.ebuild

@@ -34,5 +34,6 @@ RDEPEND="
 	coreos-base/coreos
 	coreos-base/coreos-dev
 	coreos-base/flatcar-eks
+	net-misc/chrony
 	sys-fs/zfs
 	"

sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-apps/systemd

@@ -0,0 +1,13 @@
+cros_post_src_install_timesync() {
+  local dir="${D}$(systemd_get_systemunitdir)/systemd-timesyncd.service.d"
+  mkdir -p "${dir}"
+  pushd "${dir}"
+  cat <<EOF >flatcar.conf || die
+# Allow sysexts to ship timesyncd replacements which can have
+# a Conflicts=systemd-timesyncd directive that would result
+# in systemd-timesyncd not being started.
+[Unit]
+After=ensure-sysext.service
+EOF
+  popd
+}

sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.use

@@ -47,3 +47,6 @@ app-emulation/open-vm-tools -fuse fuse3 -icu pam -resolutionkms
 
 # no suid binaries, please
 sys-fs/fuse -suid
+
+# skip dependency for this sysext package
+net-misc/chrony -readline

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/amd64_defconfig-6.6

@@ -96,6 +96,7 @@ CONFIG_PMIC_OPREGION=y
 # CONFIG_PNP_DEBUG_MESSAGES is not set
 CONFIG_POWERCAP=y
 CONFIG_PREEMPT_VOLUNTARY=y
+CONFIG_PTP_1588_CLOCK_VMW=m
 CONFIG_PVPANIC=y
 CONFIG_PVPANIC_MMIO=m
 CONFIG_SCHED_TRACER=y

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.6

@@ -125,14 +125,12 @@ CONFIG_CPU_FREQ_GOV_USERSPACE=m
 CONFIG_CPU_FREQ_STAT=y
 # CONFIG_CROSS_MEMORY_ATTACH is not set
 CONFIG_CRYPTO_CTS=m
+CONFIG_CRYPTO_DES=m
 CONFIG_CRYPTO_FIPS=y
 CONFIG_CRYPTO_GCM=m
 CONFIG_CRYPTO_HMAC=y
-CONFIG_CRYPTO_LZO=m
-# CONFIG_RPCSEC_GSS_KRB5 requires some older crypto modules
 CONFIG_CRYPTO_LIB_DES=m
-CONFIG_CRYPTO_DES=m
-CONFIG_RPCSEC_GSS_KRB5=m
+CONFIG_CRYPTO_LZO=m
 # CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set
 CONFIG_CRYPTO_SHA1=y
 CONFIG_CRYPTO_USER_API_HASH=m
@@ -280,8 +278,8 @@ CONFIG_INFINIBAND_MTHCA=m
 CONFIG_INFINIBAND_OCRDMA=m
 CONFIG_INFINIBAND_SRP=m
 CONFIG_INFINIBAND_USER_MAD=m
-CONFIG_INIT_STACK_NONE=y
 CONFIG_INITRAMFS_COMPRESSION_ZSTD=y
+CONFIG_INIT_STACK_NONE=y
 CONFIG_INPUT_EVDEV=m
 CONFIG_INPUT_MISC=y
 CONFIG_INPUT_MOUSEDEV=m
@@ -751,6 +749,8 @@ CONFIG_PROC_KCORE=y
 CONFIG_PROFILING=y
 CONFIG_PSI=y
 # CONFIG_PSI_DEFAULT_DISABLED is not set
+CONFIG_PTP_1588_CLOCK=m
+CONFIG_PTP_1588_CLOCK_KVM=m
 CONFIG_QED=m
 CONFIG_QEDE=m
 CONFIG_QEDF=m
@@ -772,6 +772,8 @@ CONFIG_RDS_TCP=m
 CONFIG_REALTEK_PHY=m
 CONFIG_REGULATOR=y
 CONFIG_REGULATOR_FIXED_VOLTAGE=y
+# CONFIG_RPCSEC_GSS_KRB5 requires some older crypto modules
+CONFIG_RPCSEC_GSS_KRB5=m
 CONFIG_RTC_CLASS=y
 CONFIG_RT_GROUP_SCHED=y
 CONFIG_S2IO=m

sdk_container/src/third_party/portage-stable/net-misc/chrony/Manifest

@@ -0,0 +1,10 @@
+AUX chrony-2.4-r1.logrotate 131 BLAKE2B 4e649ce1c126639ea73c4e03d42175d1715b1c321544376ff2e48d67ee13bebcf04a8fea56326bf5efe66f568913dc92ff7f16a641ffb39a456e9cdac6004a6c SHA512 e6febb744476be6c83ac086f2054dc2c190b6e1abd2cf20d4187f222b2485817f06c4ad62b8d40fcea3e18a771cf21899fe0a1dafbfb31f5c99da9092d24d79b
+AUX chrony-3.5-pool-vendor-gentoo.patch 544 BLAKE2B 5ef7fcea43c59d1da8f3b3a735f1e70565a8437f142f317abe81531c31e934af05eda5e3043f7874bc9b4592d44579ae1827ddba06c514b4b8124c899931ed0f SHA512 0a109e1b8367def620f5089b3fcb92d84e592eb1a2fced2b60f6c9295159a605d9605e837a06e118c8ba8095208da68592fb9cd537937a153d6eecfa0eb35eb4
+AUX chrony-4.2-systemd-gentoo.patch 538 BLAKE2B 70d3bb2a190aa2401ff566dd88d1cace1d3573261819d082863fe310bb16507fcc1497fd31ec24033cb9dbe8356aef416d91b36df6067fd37f4273e59bc4e330 SHA512 62e54e1c16380812b3cf11a84091e134401341a4a64dda806af1a52dfa4158912adc4c2524388956f67a44e095e893ed714a2eee15650080c38ce44d2bc279ec
+AUX chronyd.conf-r3 390 BLAKE2B aa193e6bcf62cc305620139b7c198d39358feea7106356083cf1a20bdb8fd4b85bd8cce8cf20ce6839e8788fedc1f94e912ec512193988f83283ceef86d6cfc7 SHA512 ab0bbd07c17e391d068c5a37d5f8d9c8fc2c42add2700869217a95784666bd3f23bebd70942cf11b42c124e0947f68c101153998e89bc61ccb71b30a0187cf0c
+AUX chronyd.init-r2 1694 BLAKE2B 5ee55954c8afc2df09291dd7df4c3f1b3a01f97079ae19799a87c0217118c02b24ace0422b1f355fb67d1a0224eacf2104f3b984035f4ac9fa6b41624187d009 SHA512 63d9816017bb13b57c28de4a9d5b8061139d4aea1db5800ec7a4d9e8b2a8f5c5109b556ae5bec5c6d1cc7c4839bd49f12a0046c74fe4d1d11049ead00f1407da
+DIST chrony-4.5.tar.gz 620287 BLAKE2B e89665e6ff700805b41f89e9349d280579aebab31a30817512a165da939c8f39dc55ef9a17a50e3d7e298015620667638ab119901a71868a9188093606a95d32 SHA512 58a449e23186da799064b16ab16f799c1673296984b152b43e87c620d86e272c55365e83439d410fc89e4e0ba0befd7d5c625eac78a6665813b7ea75444f71b5
+DIST chrony-4.5.tar.gz.asc 833 BLAKE2B 7d680a4f5d86335b067b95cb900761615180701cabae5978d6f924063f7a43748534bb2e4f23cd9cd2e6919ed005014db6d396330fbfb5aa6d5f1c46f3c0c3a0 SHA512 05470e6cc34524fdab494f70cee71d46172b38bdd4acd8173ac79fdec12178239248880db474437690094aae7909002113289ac7f9305130c5e0a1d9364122cb
+EBUILD chrony-4.5.ebuild 6814 BLAKE2B 392707d5e5dd672eb18159911ad19645ff132cb25ca6ddd102eb17974e492c6370d87b6994ce40dc0191c74b184feba3ac5fe52dd28fe1fd545320841eb02a77 SHA512 699d6e4a24f6b5f0f7c1bcfdce728c3db694ae17684a91ad45d6360c71257db012d24d12bcd83ae3eb0df09c0cfbc23cbf113074894937cef3730baa2c935f43
+EBUILD chrony-9999.ebuild 6822 BLAKE2B 38c6b067e7f07b2045865b83c5064c9b26b02357d1718a8b1e67cb7cbafafac4b1f7425fb957d439c9793b34af4135c5d7d7fe6875394e06ed4c6f9e2f62df35 SHA512 2a2c83c5520ed3d38e9535898aeb6134a9ecda752c8ba5d7a71bea014403b7af758a35f546fd192b3b09b6d5769e9e1fd2eef1d8be9c6b44d34a966a75732e98
+MISC metadata.xml 2353 BLAKE2B c5a7458f2aabf443f01e670cf1e1a578c6d1095b607df07a6a979610f8446ad8fbbbc2b86ca79f8f06b49cfeba1a31cd05b2748c46e2d283863fd43d0b8e7a3a SHA512 1ec4023f55368e03158535d45239572e6bd160d94c85126d3c7d1ddd02fd5743d65ee9ea2bf2e6fbde5b010483928432b5d5848bed03bcc78e9f6924ee189b42