Provide a way to enable/disable NTP service

Modify NTP puppet manifest to allow enabling and disabling this service. This is required in case user would like to enable PTP service instead. As a result, NTP daemon must be stopped on compute/storage nodes. It is still running on controller nodes, but all the servers are wiped. So, system date cannot be updated by NTP on controller nodes, but it is still possible for compute nodes to do an initial time sync. Also, PMON script is moved here from MTCE to follow enabled/disabled path. Change-Id: I0831487fb14de80edec0ee8df5cc6f23dfb6bae8 Depends-On: I1ca6045af8c5169220b7332d45b843fdb4960f01 Story: 2002935 Task: 24646 Signed-off-by: Alex Kozyrev <alex.kozyrev@windriver.com>
2018-08-15 11:17:17 -04:00 · 2018-08-15 11:17:17 -04:00 · a8f68a41b1
parent 4340414bb5
commit a8f68a41b1
5 changed files with 115 additions and 75 deletions
--- a/puppet-manifests/centos/build_srpm.data
+++ b/puppet-manifests/centos/build_srpm.data
@ -1,2 +1,2 @@
 SRC_DIR="src"
-TIS_PATCH_VER=59
+TIS_PATCH_VER=60
--- a/puppet-manifests/src/modules/platform/manifests/ntp.pp
+++ b/puppet-manifests/src/modules/platform/manifests/ntp.pp
@ -1,106 +1,121 @@
 class platform::ntp (
  $servers = [],
  $ntpdate_timeout,
+  $enabled = true,
 ) {
-  file {'ntpdate_override_dir':
-    path => '/etc/systemd/system/ntpdate.service.d',
-    ensure => directory,
-    mode => '0755',
-  }
-
-  file { 'ntpdate_tis_override':
-    path    => '/etc/systemd/system/ntpdate.service.d/tis_override.conf',
-    ensure  => file,
-    mode    => '0644',
-    content => template('platform/ntp.override.erb'),
-  }
-
-  exec { 'enable-ntpdate':
-    command => '/usr/bin/systemctl enable ntpdate.service',
-  }
-
-  exec { 'enable-ntpd':
-    command => '/usr/bin/systemctl enable ntpd.service',
-  }
-
-  exec { 'start-ntpdate':
-    command => '/usr/bin/systemctl start ntpdate.service',
-    returns => [ 0, 1 ],
-    onlyif  => "test ! -f /etc/platform/simplex || grep -q '^server' /etc/ntp.conf",
-  }
-
-  exec { 'ntpdate-systemd-daemon-reload':
-    command => '/usr/bin/systemctl daemon-reload',
-  }
-
-  exec { 'stop-ntpdate':
-    command => '/usr/bin/systemctl stop ntpdate.service',
-    returns => [ 0, 1 ],
-  }
-
-  exec { 'stop-ntpd':
-    command => '/usr/bin/systemctl stop ntpd.service',
-    returns => [ 0, 1 ],
-  }
-
-  service { 'ntpd':
-    ensure     => 'running',
-    enable     => true,
-    name       => 'ntpd',
-    hasstatus  => true,
-    hasrestart => true,
+  if $enabled or ($::personality == 'controller'){
+    $pmon_ensure = 'link'
+  } else {
+    $pmon_ensure = 'absent'
  }

  File['ntp_config'] ->
  File['ntp_config_initial'] ->
-  File['ntpdate_override_dir'] ->
-  File['ntpdate_tis_override'] ->
-  Exec['enable-ntpdate'] ->
-  Exec['enable-ntpd'] ->
-  Exec['ntpdate-systemd-daemon-reload'] ->
-  Exec['stop-ntpdate'] ->
-  Exec['stop-ntpd'] ->
-  Exec['start-ntpdate'] ->
-  Service['ntpd']
-}
+  file {'ntpdate_override_dir':
+    ensure => directory,
+    path   => '/etc/systemd/system/ntpdate.service.d',
+    mode   => '0755',
+  } ->
+  file { 'ntpdate_tis_override':
+    ensure  => file,
+    path    => '/etc/systemd/system/ntpdate.service.d/tis_override.conf',
+    mode    => '0644',
+    content => template('platform/ntp.override.erb'),
+  } ->
+  file { 'ntp_pmon_config':
+    ensure  => file,
+    path    => '/etc/ntp.pmon.conf',
+    mode    => '0644',
+    content => template('platform/ntp.pmon.conf.erb'),
+  } ->
+  exec { 'systemd-daemon-reload':
+    command => '/usr/bin/systemctl daemon-reload',
+  } ->
+  exec { 'stop-ntpdate':
+    command => '/usr/bin/systemctl stop ntpdate.service',
+    returns => [ 0, 1 ],
+  } ->
+  exec { 'stop-ntpd':
+    command => '/usr/bin/systemctl stop ntpd.service',
+    returns => [ 0, 1 ],
+  } ->
+  file { 'ntp_pmon_link':
+    ensure => $pmon_ensure,
+    path   => '/etc/pmon.d/ntpd.conf',
+    target => '/etc/ntp.pmon.conf',
+    owner  => 'root',
+    group  => 'root',
+    mode   => '0600',
+  }

+  if $enabled or ($::personality == 'controller') {
+    exec { 'enable-ntpdate':
+      command => '/usr/bin/systemctl enable ntpdate.service',
+      require => File['ntp_pmon_link'],
+    } ->
+    exec { 'enable-ntpd':
+      command => '/usr/bin/systemctl enable ntpd.service',
+    } ->
+    exec { 'start-ntpdate':
+      command => '/usr/bin/systemctl start ntpdate.service',
+      returns => [ 0, 1 ],
+      onlyif  => "test ! -f /etc/platform/simplex || grep -q '^server' /etc/ntp.conf",
+    } ->
+    service { 'ntpd':
+      ensure     => 'running',
+      enable     => true,
+      name       => 'ntpd',
+      hasstatus  => true,
+      hasrestart => true,
+    }
+  } else {
+    exec { 'disable-ntpdate':
+      command => '/usr/bin/systemctl disable ntpdate.service',
+      require => File['ntp_pmon_link'],
+    } ->
+    exec { 'disable-ntpd':
+      command => '/usr/bin/systemctl disable ntpd.service',
+    }
+  }
+}

 class platform::ntp::server {

-  include ::platform::ntp
+  if $::personality == 'controller' {
+    include ::platform::ntp

-  include ::platform::params
-  $peer_server = $::platform::params::mate_hostname
+    include ::platform::params
+    $peer_server = $::platform::params::mate_hostname

-  file { 'ntp_config':
-    path    => '/etc/ntp.conf',
-    ensure  => file,
-    mode    => '0640',
-    content => template('platform/ntp.conf.server.erb'),
-  }
-  file { 'ntp_config_initial':
-    path    => '/etc/ntp_initial.conf',
-    ensure  => file,
-    mode    => '0640',
-    content => template('platform/ntp_initial.conf.server.erb'),
+    file { 'ntp_config':
+      ensure  => file,
+      path    => '/etc/ntp.conf',
+      mode    => '0640',
+      content => template('platform/ntp.conf.server.erb'),
+    }
+    file { 'ntp_config_initial':
+      ensure  => file,
+      path    => '/etc/ntp_initial.conf',
+      mode    => '0640',
+      content => template('platform/ntp_initial.conf.server.erb'),
+    }
  }
 }

-
 class platform::ntp::client {

  if $::personality != 'controller' {
    include ::platform::ntp

    file { 'ntp_config':
-      path    => '/etc/ntp.conf',
      ensure  => file,
+      path    => '/etc/ntp.conf',
      mode    => '0644',
      content => template('platform/ntp.conf.client.erb'),
    }
    file { 'ntp_config_initial':
-      path    => '/etc/ntp_initial.conf',
      ensure  => file,
+      path    => '/etc/ntp_initial.conf',
      mode    => '0644',
      content => template('platform/ntp_initial.conf.client.erb'),
    }
--- a/puppet-manifests/src/modules/platform/templates/ntp.conf.client.erb
+++ b/puppet-manifests/src/modules/platform/templates/ntp.conf.client.erb
@ -11,9 +11,12 @@ restrict -6 default kod nomodify notrap nopeer noquery
 restrict 127.0.0.1
 restrict -6 ::1

+<%- if @enabled == true -%>
 # Use orphan mode if external servers are unavailable (or not configured)
 tos orphan 12

 <%- scope['platform::ntp::servers'].each do |server| -%>
 server <%= server %>
 <%- end -%>
+
+<%- end -%>
--- a/puppet-manifests/src/modules/platform/templates/ntp.conf.server.erb
+++ b/puppet-manifests/src/modules/platform/templates/ntp.conf.server.erb
@ -11,6 +11,7 @@ restrict -6 default kod nomodify notrap nopeer noquery
 restrict 127.0.0.1
 restrict -6 ::1

+<%- if @enabled == true -%>
 # orphan - Use orphan mode if external servers are unavailable (or not configured).
 # minclock - Prevent clustering algorithm from casting out any outlyers by setting
 #            minclock to the maximum number of ntp servers that can be configured
@ -24,3 +25,5 @@ peer <%= @peer_server %>
 <%- scope['platform::ntp::servers'].each do |server| -%>
 server <%= server %>
 <%- end -%>
+
+<%- end -%>
--- a/puppet-manifests/src/modules/platform/templates/ntp.pmon.conf.erb
+++ b/puppet-manifests/src/modules/platform/templates/ntp.pmon.conf.erb
@ -0,0 +1,19 @@
+[process]
+process  = ntpd
+service  = ntpd
+pidfile  = /var/run/ntp.pid
+style    = lsb            ; ocf or lsb
+severity = minor          ; minor, major, critical
+restarts = 0              ; restart retries before error assertion
+interval = 10             ; number of seconds to wait between restarts
+debounce = 10             ; number of seconds that a process needs to remain
+                          ;   running before degrade is removed and retry count
+                          ;   is cleared.
+; These settings will generate a log only without attempting to restart
+; pmond will put the process into an ignore state after failure.
+
+startuptime  = 180        ; Seconds to wait after process start before starting the debounce monitor
+mode  = passive           ; Monitoring mode: passive (default) or active
+                          ; passive: process death monitoring (default: always)
+                          ; active : heartbeat monitoring, i.e. request / response messaging
+                          ; ignore : do not monitor or stop monitoring