Use chrony and time.aws.com

nktpro · nktpro · commit fe2ca3e56627 · 2023-10-30T08:08:15.000-04:00
diff --git a/scripts/cloud_init/update_timesyncd.sh b/scripts/cloud_init/update_timesyncd.sh
@@ -2,13 +2,48 @@
 
 set -euo pipefail
 
-cat >/etc/systemd/timesyncd.conf <<EOF
-[Time]
-NTP=time.aws.com
-FallbackNTP=ntp.ubuntu.com
-PollIntervalMinSec=5
-PollIntervalMaxSec=60
+systemctl disable --now systemd-timesyncd
+apt install -y chrony
+
+cat >/etc/chrony/chrony.conf <<EOF
+pool time.aws.com iburst
+
+# Use time sources from DHCP.
+sourcedir /run/chrony-dhcp
+
+# This directive specify the location of the file containing ID/key pairs for
+# NTP authentication.
+keyfile /etc/chrony/chrony.keys
+
+# This directive specify the file into which chronyd will store the rate
+# information.
+driftfile /var/lib/chrony/chrony.drift
+
+# Save NTS keys and cookies.
+ntsdumpdir /var/lib/chrony
+
+# Uncomment the following line to turn logging on.
+#log tracking measurements statistics
+
+# Log files location.
+logdir /var/log/chrony
+
+# Stop bad estimates upsetting machine clock.
+maxupdateskew 100.0
+
+# This directive enables kernel synchronisation (every 11 minutes) of the
+# real-time clock. Note that it can’t be used along with the 'rtcfile' directive.
+rtcsync
+
+# Step the system clock instead of slewing it if the adjustment is larger than
+# one second, but only in the first three clock updates.
+makestep 1 3
+
+# Get TAI-UTC offset and leap seconds from the system tz database.
+# This directive must be commented out when using time sources serving
+# leap-smeared time.
+leapsectz right/UTC
 EOF
 
-systemctl restart systemd-timesyncd
-timedatectl status
+service chrony force-reload
+chronyc tracking
diff --git a/src/cloud_init_scripts.json b/src/cloud_init_scripts.json
@@ -1,6 +1,6 @@
 {
   "override_k3s_service.sh": "#!/usr/bin/env bash\n\nset -euo pipefail\n\nmkdir -p /etc/systemd/system/k3s.service.d\nmkdir -p /etc/systemd/system/k3s-agent.service.d\n\ncat >/etc/systemd/system/k3s.service.d/override.conf <<EOF\n[Service]\nKillSignal=SIGTERM\nTimeoutStopSec=10\nEOF\n\ncat >/etc/systemd/system/k3s-agent.service.d/override.conf <<EOF\n[Service]\nKillSignal=SIGTERM\nTimeoutStopSec=10\nEOF",
   "pin_ip_addresses.sh": "#!/usr/bin/env bash\n\nset -euo pipefail\n\narch=\"amd64\"\n\nif [[ \"$(uname -m)\" == \"aarch64\" ]]; then\n  arch=\"arm64\"\nfi\n\nwget -qO /usr/bin/yq https://github.com/mikefarah/yq/releases/download/v4.35.2/yq_linux_\"${arch}\"\n\nchmod +x /usr/bin/yq\n\nreadarray ifaces < <(yq -o=j -I=0 '.network.ethernets | to_entries | .[]' /etc/netplan/50-cloud-init.yaml)\n\ndeclare -p ifaces\n\nmkdir -p /etc/netplan\n\ncat >/etc/netplan/99-netcfg-static.yaml <<EOF\nnetwork:\n  version: 2\n  ethernets:\nEOF\n\nchmod 0700 /etc/netplan/*\n\nlastIp=\"\"\nlastIface=\"\"\nlastName=\"\"\n\nfor iface in \"${ifaces[@]}\"; do\n  lastName=$(echo \"$iface\" | yq '.key' -) || exit $?\n  mac=$(echo \"$iface\" | yq '.value.match.macaddress' -) || exit $?\n  lastIface=$(ip -br link | awk -v mac=\"$mac\" '$3 ~ mac { print $1 }') || exit $?\n  lastIp=$(wait_for_interface.sh \"$lastIface\") || exit $?\n\n  {\n    echo \"    ${lastName}:\"\n    echo \"      addresses:\"\n    echo \"        - ${lastIp}\"\n  } >>/etc/netplan/99-netcfg-static.yaml\ndone\n\necho \"$lastIface\" >/etc/node-external-iface\necho \"$lastIp\" | awk -F/ '{print $1}' >/etc/node-external-ip\ncat /etc/netplan/99-netcfg-static.yaml\nnetplan apply\n\necho \"Waiting for network to come back up...\"\n\nwhile ! ping -c 1 -W 1 8.8.8.8; do\n  sleep 1\n  echo \"Still waiting for network to come back up...\"\ndone\n",
-  "update_timesyncd.sh": "#!/usr/bin/env bash\n\nset -euo pipefail\n\ncat >/etc/systemd/timesyncd.conf <<EOF\n[Time]\nNTP=time.aws.com\nFallbackNTP=ntp.ubuntu.com\nPollIntervalMinSec=5\nPollIntervalMaxSec=60\nEOF\n\nsystemctl restart systemd-timesyncd\ntimedatectl status",
+  "update_timesyncd.sh": "#!/usr/bin/env bash\n\nset -euo pipefail\n\nsystemctl disable --now systemd-timesyncd\napt install -y chrony\n\ncat >/etc/chrony/chrony.conf <<EOF\npool time.aws.com iburst\n\n# Use time sources from DHCP.\nsourcedir /run/chrony-dhcp\n\n# This directive specify the location of the file containing ID/key pairs for\n# NTP authentication.\nkeyfile /etc/chrony/chrony.keys\n\n# This directive specify the file into which chronyd will store the rate\n# information.\ndriftfile /var/lib/chrony/chrony.drift\n\n# Save NTS keys and cookies.\nntsdumpdir /var/lib/chrony\n\n# Uncomment the following line to turn logging on.\n#log tracking measurements statistics\n\n# Log files location.\nlogdir /var/log/chrony\n\n# Stop bad estimates upsetting machine clock.\nmaxupdateskew 100.0\n\n# This directive enables kernel synchronisation (every 11 minutes) of the\n# real-time clock. Note that it can’t be used along with the 'rtcfile' directive.\nrtcsync\n\n# Step the system clock instead of slewing it if the adjustment is larger than\n# one second, but only in the first three clock updates.\nmakestep 1 3\n\n# Get TAI-UTC offset and leap seconds from the system tz database.\n# This directive must be commented out when using time sources serving\n# leap-smeared time.\nleapsectz right/UTC\nEOF\n\nservice chrony force-reload\nchronyc tracking",
   "wait_for_interface.sh": "#!/usr/bin/env bash\n\nset -euo pipefail\n\ninterface=${1:?\"Interface name is required\"}\n\nmaxAttempts=15\n\nattempts=0\n\nwhile ! ip addr show \"$interface\" | grep 'inet ' 1>&2; do\n  if [[ $attempts -ge $maxAttempts ]]; then\n    echo >&2 \"Timed out waiting for $interface to be up.\"\n    exit 1\n  fi\n\n  echo >&2 \"Waiting for $interface to be up...\"\n  sleep 1\n  attempts=$((attempts + 1))\ndone\n\nip addr show \"$interface\" | grep 'inet ' | awk '{print $2}'\n"
 }

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"override_k3s_service.sh": "#!/usr/bin/env bash\n\nset -euo pipefail\n\nmkdir -p /etc/systemd/system/k3s.service.d\nmkdir -p /etc/systemd/system/k3s-agent.service.d\n\ncat >/etc/systemd/system/k3s.service.d/override.conf <<EOF\n[Service]\nKillSignal=SIGTERM\nTimeoutStopSec=10\nEOF\n\ncat >/etc/systemd/system/k3s-agent.service.d/override.conf <<EOF\n[Service]\nKillSignal=SIGTERM\nTimeoutStopSec=10\nEOF",`
`3`	`3`	"pin_ip_addresses.sh": "#!/usr/bin/env bash\n\nset -euo pipefail\n\narch=\"amd64\"\n\nif [[ \"$(uname -m)\" == \"aarch64\" ]]; then\n arch=\"arm64\"\nfi\n\nwget -qO /usr/bin/yq https://github.com/mikefarah/yq/releases/download/v4.35.2/yq_linux_\"${arch}\"\n\nchmod +x /usr/bin/yq\n\nreadarray ifaces < <(yq -o=j -I=0 '.network.ethernets \| to_entries \| .[]' /etc/netplan/50-cloud-init.yaml)\n\ndeclare -p ifaces\n\nmkdir -p /etc/netplan\n\ncat >/etc/netplan/99-netcfg-static.yaml <<EOF\nnetwork:\n version: 2\n ethernets:\nEOF\n\nchmod 0700 /etc/netplan/*\n\nlastIp=\"\"\nlastIface=\"\"\nlastName=\"\"\n\nfor iface in \"${ifaces[@]}\"; do\n lastName=$(echo \"$iface\" \| yq '.key' -) \|\| exit $?\n mac=$(echo \"$iface\" \| yq '.value.match.macaddress' -) \|\| exit $?\n lastIface=$(ip -br link \| awk -v mac=\"$mac\" '$3 ~ mac { print $1 }') \|\| exit $?\n lastIp=$(wait_for_interface.sh \"$lastIface\") \|\| exit $?\n\n {\n echo \" ${lastName}:\"\n echo \" addresses:\"\n echo \" - ${lastIp}\"\n } >>/etc/netplan/99-netcfg-static.yaml\ndone\n\necho \"$lastIface\" >/etc/node-external-iface\necho \"$lastIp\" \| awk -F/ '{print $1}' >/etc/node-external-ip\ncat /etc/netplan/99-netcfg-static.yaml\nnetplan apply\n\necho \"Waiting for network to come back up...\"\n\nwhile ! ping -c 1 -W 1 8.8.8.8; do\n sleep 1\n echo \"Still waiting for network to come back up...\"\ndone\n",
`4`		`- "update_timesyncd.sh": "#!/usr/bin/env bash\n\nset -euo pipefail\n\ncat >/etc/systemd/timesyncd.conf <<EOF\n[Time]\nNTP=time.aws.com\nFallbackNTP=ntp.ubuntu.com\nPollIntervalMinSec=5\nPollIntervalMaxSec=60\nEOF\n\nsystemctl restart systemd-timesyncd\ntimedatectl status",`
	`4`	+ "update_timesyncd.sh": "#!/usr/bin/env bash\n\nset -euo pipefail\n\nsystemctl disable --now systemd-timesyncd\napt install -y chrony\n\ncat >/etc/chrony/chrony.conf <<EOF\npool time.aws.com iburst\n\n# Use time sources from DHCP.\nsourcedir /run/chrony-dhcp\n\n# This directive specify the location of the file containing ID/key pairs for\n# NTP authentication.\nkeyfile /etc/chrony/chrony.keys\n\n# This directive specify the file into which chronyd will store the rate\n# information.\ndriftfile /var/lib/chrony/chrony.drift\n\n# Save NTS keys and cookies.\nntsdumpdir /var/lib/chrony\n\n# Uncomment the following line to turn logging on.\n#log tracking measurements statistics\n\n# Log files location.\nlogdir /var/log/chrony\n\n# Stop bad estimates upsetting machine clock.\nmaxupdateskew 100.0\n\n# This directive enables kernel synchronisation (every 11 minutes) of the\n# real-time clock. Note that it can’t be used along with the 'rtcfile' directive.\nrtcsync\n\n# Step the system clock instead of slewing it if the adjustment is larger than\n# one second, but only in the first three clock updates.\nmakestep 1 3\n\n# Get TAI-UTC offset and leap seconds from the system tz database.\n# This directive must be commented out when using time sources serving\n# leap-smeared time.\nleapsectz right/UTC\nEOF\n\nservice chrony force-reload\nchronyc tracking",
`5`	`5`	"wait_for_interface.sh": "#!/usr/bin/env bash\n\nset -euo pipefail\n\ninterface=${1:?\"Interface name is required\"}\n\nmaxAttempts=15\n\nattempts=0\n\nwhile ! ip addr show \"$interface\" \| grep 'inet ' 1>&2; do\n if [[ $attempts -ge $maxAttempts ]]; then\n echo >&2 \"Timed out waiting for $interface to be up.\"\n exit 1\n fi\n\n echo >&2 \"Waiting for $interface to be up...\"\n sleep 1\n attempts=$((attempts + 1))\ndone\n\nip addr show \"$interface\" \| grep 'inet ' \| awk '{print $2}'\n"
`6`	`6`	`}`