[Bug 1744072] Re: [MIR] Chrony in 18.04
** Changed in: ntp-charm Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744072 Title: [MIR] Chrony in 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1744072] Re: [MIR] Chrony in 18.04
** Changed in: ntp-charm Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744072 Title: [MIR] Chrony in 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1744072] Re: [MIR] Chrony in 18.04
Hi Mathias - that was for both to support configuring chrony for ntp services. Both are done AFAIK, setting fix released. ** Changed in: cloud-init (Ubuntu) Status: Confirmed => Fix Released ** Changed in: maas (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744072 Title: [MIR] Chrony in 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1744072] Re: [MIR] Chrony in 18.04
clout-init and maas are already in main. why are these still open? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744072 Title: [MIR] Chrony in 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1744072] Re: [MIR] Chrony in 18.04
** Changed in: serverguide Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744072 Title: [MIR] Chrony in 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1744072] Re: [MIR] Chrony in 18.04
I've added initial support for chrony to the ntp charm: https://code.launchpad.net/~paulgear/ntp-charm/+git/ntp- charm/+merge/340780 Very lightly tested at present - nagios check known to be non-working, other features should work. It's available as cs:~paulgear/ntp if anyone would like to test: https://jujucharms.com/u/paulgear/ntp/ ** Merge proposal linked: https://code.launchpad.net/~paulgear/ntp-charm/+git/ntp-charm/+merge/340780 ** Changed in: ntp-charm Assignee: (unassigned) => Paul Gear (paulgear) ** Changed in: ntp-charm Status: Triaged => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744072 Title: [MIR] Chrony in 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1744072] Re: [MIR] Chrony in 18.04
** Merge proposal linked: https://code.launchpad.net/~andreserl/maas/+git/maas/+merge/339706 ** Merge proposal linked: https://code.launchpad.net/~andreserl/maas/+git/maas/+merge/339707 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744072 Title: [MIR] Chrony in 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1744072] Re: [MIR] Chrony in 18.04
** Merge proposal linked: https://code.launchpad.net/~andreserl/maas/+git/maas/+merge/336685 ** Changed in: maas (Ubuntu) Assignee: (unassigned) => Andres Rodriguez (andreserl) ** Changed in: maas (Ubuntu) Status: Confirmed => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744072 Title: [MIR] Chrony in 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1744072] Re: [MIR] Chrony in 18.04
** Branch linked: lp:serverguide -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744072 Title: [MIR] Chrony in 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1744072] Re: [MIR] Chrony in 18.04
** Changed in: serverguide Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744072 Title: [MIR] Chrony in 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1744072] Re: [MIR] Chrony in 18.04
FYI Proposed documentation update: https://code.launchpad.net/~paelzer/serverguide/serverguide- chrony-18.04/+merge/338892 ** Branch linked: lp:~paelzer/serverguide/serverguide-chrony-18.04 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744072 Title: [MIR] Chrony in 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1744072] Re: [MIR] Chrony in 18.04
This bug was fixed in the package ceph - 12.2.2-0ubuntu2 --- ceph (12.2.2-0ubuntu2) bionic; urgency=medium * d/control: Re-order Recommends to prefer chrony over time-daemon (chrony/openntp) and ntp for Ubuntu (LP: #1744072). -- Christian Ehrhardt Fri, 16 Feb 2018 09:19:21 +0100 ** Changed in: ceph (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744072 Title: [MIR] Chrony in 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1744072] Re: [MIR] Chrony in 18.04
The ceph change to modify the dependencies (reorder recommends) are in proposed and hopefully soon to migrate. Of the rather time critical bits (to demote ntp in time before FF) what is left is the change in MAAS. Since the sprint there was no reply by MAAS yet, so pinging on IRC in addition to this bug update. Those two depend on ntp in d/control: - maas-region-api - maas-rack-controller You could likely even keep most of the tests as-is, but the custom ntp config (src/provisioningserver/ntp/config.py?) would need to be changed I assume. ** Changed in: chrony (Ubuntu) Assignee: Nish Aravamudan (nacc) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744072 Title: [MIR] Chrony in 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1744072] Re: [MIR] Chrony in 18.04
** Changed in: maas (Ubuntu) Importance: Undecided => Critical ** Changed in: ceph (Ubuntu) Status: Confirmed => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744072 Title: [MIR] Chrony in 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1744072] Re: [MIR] Chrony in 18.04
Override component to main chrony 3.2-2ubuntu3 in bionic amd64: universe/admin/extra/100% -> main chrony 3.2-2ubuntu3 in bionic arm64: universe/admin/extra/100% -> main chrony 3.2-2ubuntu3 in bionic armhf: universe/admin/extra/100% -> main chrony 3.2-2ubuntu3 in bionic i386: universe/admin/extra/100% -> main chrony 3.2-2ubuntu3 in bionic ppc64el: universe/admin/extra/100% -> main chrony 3.2-2ubuntu3 in bionic s390x: universe/admin/extra/100% -> main 6 publications overridden. ** Changed in: chrony (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744072 Title: [MIR] Chrony in 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1744072] Re: [MIR] Chrony in 18.04
Thanks Nish that you took a look. I merged the two open and already approved seed changing branches. Will also do the ceph upload soon. All those will make chrony show up in component mismatches to then be added. (and hopefully ntp will show up soon after for demotion to universe) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744072 Title: [MIR] Chrony in 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1744072] Re: [MIR] Chrony in 18.04
I reviewed chrony; it's fine to MIR (and has security team approval). MIR ACKed. ** Changed in: chrony (Ubuntu) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744072 Title: [MIR] Chrony in 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1744072] Re: [MIR] Chrony in 18.04
** Changed in: chrony (Ubuntu) Assignee: (unassigned) => Nish Aravamudan (nacc) ** Changed in: chrony (Ubuntu) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744072 Title: [MIR] Chrony in 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1744072] Re: [MIR] Chrony in 18.04
@paelzer: As I looked at chrony's config and the options which would be needed in a new chrony charm, I found that most of them were common with ntp, so I'm going to start work on a branch of the ntp charm which supports switching between ntp and chrony. I'll link the branch here when I have some progress to report. ** Changed in: ntp-charm Status: New => Triaged ** Changed in: ntp-charm Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744072 Title: [MIR] Chrony in 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1744072] Re: [MIR] Chrony in 18.04
** Description changed: --- MIR --- 1. Availability: The package is Ubuntu universe and builds for the architectures it is designed to work on. 2. Rationale: 2.1 NTP in general is needed quite a lot, but we want to exchange ntpd which is the current implementation in main with chrony for 18.04. 2.2 Security: chrony was considered easier to be maintained easier in terms of security and provide a more modern ntp experience as well. 2.3 Efficiency: Furthermore several cloud people seem to be interested to change to chrony in the guests for its lower memoy/cpu footprint (efficiency I guess). 2.4 related to this MIR 6 years ago this is the same but for Fedora. See: https://fedoraproject.org/wiki/Features/ChronyDefaultNTP IIRC some limitations that were present have been eliminated since, so it is even better than it was back then. 2.5 In general one has to realize that in a systemd-timesync world ntp/chrony are mostly for the "serving" portion of an ntp service, and not so much about the client (unless you the better accuracy vs timesyncd is needed). 3. Security: In fact the request came in by security Team, so I guess I call this section done 3. Quality assurance 3.1 configuration ease - works after installation 3.2 no high prio debconf 3.3 usability (no major issues in Debian nor Ubuntu) asked Paul in regard to the ntp charm in comment #5 3.4 long-term >=high bugs (none in Debian nor Ubuntu) 3.5 Debian/Ubuntu bugs look reasonable maintained 3.6 does not deal with hard to support exotic hardware (other than ntpd btw). If used this can be done through universe package GPSD (no dependency) 3.7 Test suite runs on build (some skipped if not env applicable) 3.8 debian/watch exists 3.9 not depending on obsoleted packages 4.1 It does not face graphical UI 4.2 It is unfortunately not internationalized as far as I could see in the source 5. Dependencies - there is one not in main libtomcrypt We don't want it in main either, instead we want to fix bug 1744328 and then use libnss which is in main already. 6. Not found major Policy or FSH violations that would have to be fixed. 7. Maintenance 7.1 Upstream - is maintained well (and better than ntpd it seems according to some discussisons) 7.2 Ubuntu - Owning Team would be Ubuntu (in exchange to drop ntp) 8. Background information: Fulfills the same role as ntp, yet according to the security Team would be preferred for them. --- Affected Packages --- I'll add all those as bug tasks. Once the MIR has passed the state of uncertainty (e.g. would it be blocked by one of the dependent bug being not doable at all) then please work on these into 18.04. Here a list what is affected in the listed packages: Maas - needs to change dependencies and maybe template cloud-init - needs to support writing ntp config to chrony instead of ntpd ceph-base - change recommends from ntpd to chrony (it only intends to get good time and doesn't care via which dameon that is, so that should be ok to be change) ntp charm - switch to chrony for >=18.04 chrony - MIR itself (discussion here and eventually seeding) --- Depending on further Bugs --- In my initial evaluation I uncovered (and filed) a set of bugs that I consider requirement to make it fully ready: Reminder - tracking state here might be out of sync, I'll only change them to Done once complete and not care about interim status changes. DONE - bug 1744662 - add chrony apparmor profile DONE - bug 1744328 - make src:libnss libfreebl3 usable by other programs COMMITTED - bug 1744664 - use Ubuntu time servers COMMITTED - bug 1744072 - d/control: use to nss instead of tomcrypt Some more cleanups in Chrony are optional but useful. + + Other Related Bugs + + * https://bugs.launchpad.net/cloud-init/+bug/1731619 (cloud-init) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744072 Title: [MIR] Chrony in 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1744072] Re: [MIR] Chrony in 18.04
MP's for the seed changes are up: platform: https://code.launchpad.net/~paelzer/ubuntu-seeds/18.04-ntp-to-chrony-platform/+merge/337257 ubuntu: https://code.launchpad.net/~paelzer/ubuntu-seeds/18.04-ntp-to-chrony-ubuntu/+merge/337256 Waiting now for: - the general MIR team ack and setting to fix committed on this bug. - a review ack on the two MPs above ** Branch linked: lp:~paelzer/ubuntu-seeds/18.04-ntp-to-chrony-platform ** Branch linked: lp:~paelzer/ubuntu-seeds/18.04-ntp-to-chrony-ubuntu -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744072 Title: [MIR] Chrony in 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1744072] Re: MIR Chrony in 18.04
Ok, this now has all prereqs resolved. It is ready for the actual MIR + seed change. Setting the state back to new (we reused the bugno, but it is for the MIR actually) So todo's now are: @MIR Team ack and set fix committed @Cpaelzer - Propose a seed change. ** Changed in: chrony (Ubuntu) Status: Fix Released => New ** Summary changed: - MIR Chrony in 18.04 + [MIR] Chrony in 18.04 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744072 Title: [MIR] Chrony in 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1744072] Re: MIR Chrony in 18.04
This bug was fixed in the package chrony - 3.2-2ubuntu2 --- chrony (3.2-2ubuntu2) bionic; urgency=medium * d/control: use to nss instead of tomcrypt (in main) (LP: #1744072) * d/chrony.conf: use ubuntu ntp pool and server (LP: #1744664) * d/chrony.default, d/chrony.service: support /etc/default/chrony DAEMON_OPTS in systemd environment (LP: #1746081) * d/chrony.service: properly start after networking (LP: #1746458) * d/usr.sbin.chronyd: allow to create /run/chrony on demand (LP: #1746444) -- Christian Ehrhardt Fri, 19 Jan 2018 09:45:38 +0100 ** Changed in: chrony (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744072 Title: MIR Chrony in 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1744072] Re: MIR Chrony in 18.04
Builds complete against new nss, also all other bugs we wanted are grouped. New chrony uploaded to bionic - once passed we can do the seeding. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744072 Title: MIR Chrony in 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1744072] Re: MIR Chrony in 18.04
** Description changed: --- MIR --- 1. Availability: The package is Ubuntu universe and builds for the architectures it is designed to work on. 2. Rationale: 2.1 NTP in general is needed quite a lot, but we want to exchange ntpd which is the current implementation in main with chrony for 18.04. 2.2 Security: chrony was considered easier to be maintained easier in terms of security and provide a more modern ntp experience as well. 2.3 Efficiency: Furthermore several cloud people seem to be interested to change to chrony in the guests for its lower memoy/cpu footprint (efficiency I guess). 2.4 related to this MIR 6 years ago this is the same but for Fedora. See: https://fedoraproject.org/wiki/Features/ChronyDefaultNTP IIRC some limitations that were present have been eliminated since, so it is even better than it was back then. 2.5 In general one has to realize that in a systemd-timesync world ntp/chrony are mostly for the "serving" portion of an ntp service, and not so much about the client (unless you the better accuracy vs timesyncd is needed). 3. Security: In fact the request came in by security Team, so I guess I call this section done 3. Quality assurance 3.1 configuration ease - works after installation 3.2 no high prio debconf 3.3 usability (no major issues in Debian nor Ubuntu) asked Paul in regard to the ntp charm in comment #5 3.4 long-term >=high bugs (none in Debian nor Ubuntu) 3.5 Debian/Ubuntu bugs look reasonable maintained 3.6 does not deal with hard to support exotic hardware (other than ntpd btw). If used this can be done through universe package GPSD (no dependency) 3.7 Test suite runs on build (some skipped if not env applicable) 3.8 debian/watch exists 3.9 not depending on obsoleted packages 4.1 It does not face graphical UI 4.2 It is unfortunately not internationalized as far as I could see in the source 5. Dependencies - there is one not in main libtomcrypt We don't want it in main either, instead we want to fix bug 1744328 and then use libnss which is in main already. 6. Not found major Policy or FSH violations that would have to be fixed. 7. Maintenance 7.1 Upstream - is maintained well (and better than ntpd it seems according to some discussisons) 7.2 Ubuntu - Owning Team would be Ubuntu (in exchange to drop ntp) 8. Background information: Fulfills the same role as ntp, yet according to the security Team would be preferred for them. --- Affected Packages --- I'll add all those as bug tasks. Once the MIR has passed the state of uncertainty (e.g. would it be blocked by one of the dependent bug being not doable at all) then please work on these into 18.04. Here a list what is affected in the listed packages: Maas - needs to change dependencies and maybe template cloud-init - needs to support writing ntp config to chrony instead of ntpd ceph-base - change recommends from ntpd to chrony (it only intends to get good time and doesn't care via which dameon that is, so that should be ok to be change) ntp charm - switch to chrony for >=18.04 chrony - MIR itself (discussion here and eventually seeding) --- Depending on further Bugs --- In my initial evaluation I uncovered (and filed) a set of bugs that I consider requirement to make it fully ready: Reminder - tracking state here might be out of sync, I'll only change them to Done once complete and not care about interim status changes. DONE - bug 1744662 - add chrony apparmor profile - COMMITTED - bug 1744328 - make src:libnss libfreebl3 usable by other programs + DONE - bug 1744328 - make src:libnss libfreebl3 usable by other programs COMMITTED - bug 1744664 - use Ubuntu time servers + COMMITTED - bug 1744072 - d/control: use to nss instead of tomcrypt + Some more cleanups in Chrony are optional but useful. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744072 Title: MIR Chrony in 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1744072] Re: MIR Chrony in 18.04
On 22/01/18 17:27, ChristianEhrhardt wrote: > Hi Paul, > I subscribed you as I wanted to clarify something. > Back in [1], you mentioned it was important to you to get ntpdate (single > shot cli) and ntpd (daemon) to work together nicely for the ntp charm. > > Now if the ntp charm would be modified to use chrony from 18.04 onward, > would that break it completely as chrony has no direct ntpdate > counterpart that I'd know of? > > [1]: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1706818 > Hi Christian, My current plan is to write a new reactive charm for chrony rather than trying to retrofit the ntp charm to support chrony. I would expect that the functionality which relies on ntpdate will drop out. I don't have a timeframe for this, however. Regards, Paul -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744072 Title: MIR Chrony in 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1744072] Re: MIR Chrony in 18.04
** Description changed: --- MIR --- 1. Availability: The package is Ubuntu universe and builds for the architectures it is designed to work on. 2. Rationale: 2.1 NTP in general is needed quite a lot, but we want to exchange ntpd which is the current implementation in main with chrony for 18.04. 2.2 Security: chrony was considered easier to be maintained easier in terms of security and provide a more modern ntp experience as well. 2.3 Efficiency: Furthermore several cloud people seem to be interested to change to chrony in the guests for its lower memoy/cpu footprint (efficiency I guess). 2.4 related to this MIR 6 years ago this is the same but for Fedora. See: https://fedoraproject.org/wiki/Features/ChronyDefaultNTP IIRC some limitations that were present have been eliminated since, so it is even better than it was back then. 2.5 In general one has to realize that in a systemd-timesync world ntp/chrony are mostly for the "serving" portion of an ntp service, and not so much about the client (unless you the better accuracy vs timesyncd is needed). 3. Security: In fact the request came in by security Team, so I guess I call this section done 3. Quality assurance 3.1 configuration ease - works after installation 3.2 no high prio debconf 3.3 usability (no major issues in Debian nor Ubuntu) asked Paul in regard to the ntp charm in comment #5 3.4 long-term >=high bugs (none in Debian nor Ubuntu) 3.5 Debian/Ubuntu bugs look reasonable maintained 3.6 does not deal with hard to support exotic hardware (other than ntpd btw). If used this can be done through universe package GPSD (no dependency) 3.7 Test suite runs on build (some skipped if not env applicable) 3.8 debian/watch exists 3.9 not depending on obsoleted packages 4.1 It does not face graphical UI 4.2 It is unfortunately not internationalized as far as I could see in the source 5. Dependencies - there is one not in main libtomcrypt We don't want it in main either, instead we want to fix bug 1744328 and then use libnss which is in main already. 6. Not found major Policy or FSH violations that would have to be fixed. 7. Maintenance 7.1 Upstream - is maintained well (and better than ntpd it seems according to some discussisons) 7.2 Ubuntu - Owning Team would be Ubuntu (in exchange to drop ntp) 8. Background information: Fulfills the same role as ntp, yet according to the security Team would be preferred for them. --- Affected Packages --- I'll add all those as bug tasks. Once the MIR has passed the state of uncertainty (e.g. would it be blocked by one of the dependent bug being not doable at all) then please work on these into 18.04. Here a list what is affected in the listed packages: Maas - needs to change dependencies and maybe template cloud-init - needs to support writing ntp config to chrony instead of ntpd ceph-base - change recommends from ntpd to chrony (it only intends to get good time and doesn't care via which dameon that is, so that should be ok to be change) ntp charm - switch to chrony for >=18.04 chrony - MIR itself (discussion here and eventually seeding) --- Depending on further Bugs --- In my initial evaluation I uncovered (and filed) a set of bugs that I consider requirement to make it fully ready: Reminder - tracking state here might be out of sync, I'll only change them to Done once complete and not care about interim status changes. - OPEN - bug 1718227 - convert ifup hooks to networkd compatible hooks DONE - bug 1744662 - add chrony apparmor profile - OPEN - bug 1744328 - make src:libnss libfreebl3 usable by other programs - OPEN - bug 1744664 - use Ubuntu time servers + COMMITTED - bug 1744328 - make src:libnss libfreebl3 usable by other programs + COMMITTED - bug 1744664 - use Ubuntu time servers -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744072 Title: MIR Chrony in 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1744072] Re: MIR Chrony in 18.04
re: ifup/down hooks -- In the end, it's the same situation with either ntpd or chrony. let's just add it to the tasks to do after promotion in general for 18.04. I wouldn't conflate the MIR with this point at all. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744072 Title: MIR Chrony in 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1744072] Re: MIR Chrony in 18.04
ifup/down hooks are undirected (just chronyc offline/online). There are networkmanager dispatchers which are smarter. All of this is to allow to handle lossy/changing connections which is far more a laptop or similar (=>NetworkManager) than a server. We might consider moving on without a solution. Cyphermox mentioned he will look to provide a solution to hook into events again at some point (Part of the netplan transition) that is based on netlink events I think. If all but the hooks are complete we can still move on IMHO. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744072 Title: MIR Chrony in 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1744072] Re: MIR Chrony in 18.04
** Merge proposal linked: https://code.launchpad.net/~paelzer/ubuntu/+source/chrony/+git/chrony/+merge/336844 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744072 Title: MIR Chrony in 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1744072] Re: MIR Chrony in 18.04
FYI - It seems a bit dead here, but most work atm is going into dependent bug 1744328 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744072 Title: MIR Chrony in 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1744072] Re: MIR Chrony in 18.04
I reviewed chrony version 3.2-1build1 as checked into bionic. This isn't a full security audit but rather a quick gauge of maintainability. - There are ten CVEs in our database; the fixes mostly aren't enumerated in our database, but many of the descriptions sound like they were handed out 'conservatively' -- errors in administration-level command channel or a malicious peer server operator in a position to interpose traffic from another peer server. I like the paranoia. - chrony is a new, simpler, smaller, safer, ntp daemon. It's suitable for client and server use, and supports some hardware drivers, NIC timestamping, but perhaps not as many features as our old NTPD. - Build-Depends: debhelper, bison, libedit-dev, libtomcrypt-dev, libcap-dev, pps-tools, libseccomp-dev, pkg-config, asciidoctor - libtomcrypt dependency is being worked on; apparently nss is an option once we expose an "internal only" library. - Does daemonize, nicely - pre/post inst/rm scripts have autogenerated sections. Also: - postinst script creates _chrony user and group, chowns /var/log/chrony and /var/lib/chrony - postinst cleans up after previous version "key" file (authentication has been simplified in newer versions) in a complicated set of comparisons - postrm removes /var/lib/chrony/, /etc/chrony/, _chrony user and group - Initscript uses start-stop-daemon to start chrony - systemd unit file is simple - No dbus services - No setuid files - chronyc and chronyd executables in PATH - No sudo fragments - No udev rules - test suite run at build; not comprehensive, but nice to have - clean build logs - sendmail is spawned to send mail via popen(). All variables are under control of configuration file. No error handling in case the admin sets the "mail to" variable to something silly long or dangerous, but this is very low risk. - Memory management looked careful - file io looked careful - logging looked careful - TZ environment variable used to gather information on leap seconds, looked careful - Privileged operations looked careful - I did not inspect cryptography - Privileged portions of the code, privsep-style, looked careful; I did not inspect privsep for safety - Extensive networking, looked careful - No temporary file handling - No WebKit - No JavaScript - No PolicyKit - Clean cppcheck Errors are checked religiously, coding style is unique and awkward but not a real impediment to maintenance. Obviously ntp is an involved protocol and probably further flaws will be found -- and we will rely upon upstream's help for all but the simplest of issues. It looks professionally programmed. The only issue I found has no security relevance but may be slightly surprising: - reference() uses snprintf() to build a string to call sendmail; the username may not fit in the allocated space, and the code gets no warning about this. Any shell metacharacters in this setting would interfere with proper operation of the program. I'd like to see this addressed for reliability reasons but it's not a pressing issue. Security team ACK for promoting chrony to main. Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744072 Title: MIR Chrony in 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1744072] Re: MIR Chrony in 18.04
** Description changed: --- MIR --- 1. Availability: The package is Ubuntu universe and builds for the architectures it is designed to work on. 2. Rationale: 2.1 NTP in general is needed quite a lot, but we want to exchange ntpd which is the current implementation in main with chrony for 18.04. 2.2 Security: chrony was considered easier to be maintained easier in terms of security and provide a more modern ntp experience as well. 2.3 Efficiency: Furthermore several cloud people seem to be interested to change to chrony in the guests for its lower memoy/cpu footprint (efficiency I guess). 2.4 related to this MIR 6 years ago this is the same but for Fedora. See: https://fedoraproject.org/wiki/Features/ChronyDefaultNTP IIRC some limitations that were present have been eliminated since, so it is even better than it was back then. 2.5 In general one has to realize that in a systemd-timesync world ntp/chrony are mostly for the "serving" portion of an ntp service, and not so much about the client (unless you the better accuracy vs timesyncd is needed). 3. Security: In fact the request came in by security Team, so I guess I call this section done - - -- EVERYTHING BELOW TBD FOR NOW -- 3. Quality assurance 3.1 configuration ease - works after installation 3.2 no high prio debconf 3.3 usability (no major issues in Debian nor Ubuntu) asked Paul in regard to the ntp charm in comment #5 3.4 long-term >=high bugs (none in Debian nor Ubuntu) 3.5 Debian/Ubuntu bugs look reasonable maintained 3.6 does not deal with hard to support exotic hardware (other than ntpd btw). If used this can be done through universe package GPSD (no dependency) 3.7 Test suite runs on build (some skipped if not env applicable) 3.8 debian/watch exists 3.9 not depending on obsoleted packages 4.1 It does not face graphical UI 4.2 It is unfortunately not internationalized as far as I could see in the source 5. Dependencies - there is one not in main libtomcrypt We don't want it in main either, instead we want to fix bug 1744328 and then use libnss which is in main already. 6. Not found major Policy or FSH violations that would have to be fixed. 7. Maintenance 7.1 Upstream - is maintained well (and better than ntpd it seems according to some discussisons) 7.2 Ubuntu - Owning Team would be Ubuntu (in exchange to drop ntp) 8. Background information: Fulfills the same role as ntp, yet according to the security Team would be preferred for them. --- Affected Packages --- I'll add all those as bug tasks. Once the MIR has passed the state of uncertainty (e.g. would it be blocked by one of the dependent bug being not doable at all) then please work on these into 18.04. Here a list what is affected in the listed packages: Maas - needs to change dependencies and maybe template cloud-init - needs to support writing ntp config to chrony instead of ntpd ceph-base - change recommends from ntpd to chrony (it only intends to get good time and doesn't care via which dameon that is, so that should be ok to be change) ntp charm - switch to chrony for >=18.04 chrony - MIR itself (discussion here and eventually seeding) --- Depending on further Bugs --- In my initial evaluation I uncovered (and filed) a set of bugs that I consider requirement to make it fully ready: Reminder - tracking state here might be out of sync, I'll only change them to Done once complete and not care about interim status changes. OPEN - bug 1718227 - convert ifup hooks to networkd compatible hooks DONE - bug 1744662 - add chrony apparmor profile OPEN - bug 1744328 - make src:libnss libfreebl3 usable by other programs OPEN - bug 1744664 - use Ubuntu time servers -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744072 Title: MIR Chrony in 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1744072] Re: MIR Chrony in 18.04
FYI: Debian accepted all our apparmor changes already plus a few cleanups - synced that new version into Bionic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744072 Title: MIR Chrony in 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1744072] Re: MIR Chrony in 18.04
We will also have to rewrite parts of the server guide - Chrony usage in general - Maybe how to convert a config from ntp to chrony ** Also affects: serverguide Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744072 Title: MIR Chrony in 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1744072] Re: MIR Chrony in 18.04
Thanks Simin and Ken, both great to know about! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744072 Title: MIR Chrony in 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1744072] Re: MIR Chrony in 18.04
** Description changed: --- MIR --- 1. Availability: The package is Ubuntu universe and builds for the architectures it is designed to work on. 2. Rationale: - 2.1 NTP in general is needed quite a lot, but we want to exchange ntpd - which is the current implementation in main with chrony for 18.04. - 2.2 Security: chrony was considered easier to be maintained easier in - terms of security and provide a more modern ntp experience as well. - 2.3 Efficiency: Furthermore several cloud people seem to be interested to - change to chrony in the guests for its lower memoy/cpu footprint - (efficiency I guess). + 2.1 NTP in general is needed quite a lot, but we want to exchange ntpd + which is the current implementation in main with chrony for 18.04. + 2.2 Security: chrony was considered easier to be maintained easier in + terms of security and provide a more modern ntp experience as well. + 2.3 Efficiency: Furthermore several cloud people seem to be interested to + change to chrony in the guests for its lower memoy/cpu footprint + (efficiency I guess). 2.4 related to this MIR 6 years ago this is the same but for Fedora. - See: https://fedoraproject.org/wiki/Features/ChronyDefaultNTP - IIRC some limitations that were present have been eliminated since, so - it is even better than it was back then. - 2.5 In general one has to realize that in a systemd-timesync world - ntp/chrony are mostly for the "serving" portion of an ntp service, and - not so much about the client (unless you the better accuracy vs - timesyncd is needed). + See: https://fedoraproject.org/wiki/Features/ChronyDefaultNTP + IIRC some limitations that were present have been eliminated since, so + it is even better than it was back then. + 2.5 In general one has to realize that in a systemd-timesync world + ntp/chrony are mostly for the "serving" portion of an ntp service, and + not so much about the client (unless you the better accuracy vs + timesyncd is needed). 3. Security: In fact the request came in by security Team, so I guess I call this section done -- EVERYTHING BELOW TBD FOR NOW -- 3. Quality assurance 3.1 configuration ease - works after installation 3.2 no high prio debconf 3.3 usability (no major issues in Debian nor Ubuntu) asked Paul in regard to the ntp charm in comment #5 3.4 long-term >=high bugs (none in Debian nor Ubuntu) 3.5 Debian/Ubuntu bugs look reasonable maintained 3.6 does not deal with hard to support exotic hardware (other than ntpd btw). If used this can be done through universe package GPSD (no dependency) 3.7 Test suite runs on build (some skipped if not env applicable) 3.8 debian/watch exists 3.9 not depending on obsoleted packages 4.1 It does not face graphical UI 4.2 It is unfortunately not internationalized as far as I could see in the source 5. Dependencies - there is one not in main libtomcrypt We don't want it in main either, instead we want to fix bug 1744328 and then use libnss which is in main already. 6. Not found major Policy or FSH violations that would have to be fixed. 7. Maintenance 7.1 Upstream - is maintained well (and better than ntpd it seems according to some discussisons) 7.2 Ubuntu - Owning Team would be Ubuntu (in exchange to drop ntp) 8. Background information: Fulfills the same role as ntp, yet according to the security Team would be preferred for them. --- Affected Packages --- I'll add all those as bug tasks. Once the MIR has passed the state of uncertainty (e.g. would it be blocked by one of the dependent bug being not doable at all) then please work on these into 18.04. Here a list what is affected in the listed packages: Maas - needs to change dependencies and maybe template cloud-init - needs to support writing ntp config to chrony instead of ntpd ceph-base - change recommends from ntpd to chrony (it only intends to get good time and doesn't care via which dameon that is, so that should be ok to be change) ntp charm - switch to chrony for >=18.04 chrony - MIR itself (discussion here and eventually seeding) --- Depending on further Bugs --- In my initial evaluation I uncovered (and filed) a set of bugs that I consider requirement to make it fully ready: Reminder - tracking state here might be out of sync, I'll only change them to Done once complete and not care about interim status changes. OPEN - bug 1718227 - convert ifup hooks to networkd compatible hooks - OPEN - bug 1744662 - add chrony apparmor profile + DONE - bug 1744662 - add chrony apparmor profile OPEN - bug 1744328 - make src:libnss libfreebl3 usable by other programs OPEN - bug 1744664 - use Ubuntu time servers -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launch
[Bug 1744072] Re: MIR Chrony in 18.04
Ceph tracker to switch from ntpd to chronyd: http://tracker.ceph.com/issues/22751 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744072 Title: MIR Chrony in 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1744072] Re: MIR Chrony in 18.04
RE: ntpdate equivalent, upstream recommends "chrony -q" with or without a config file. https://chrony.tuxfamily.org/faq.html#_does_code_chronyd_code_have_an_ntpdate_mode -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744072 Title: MIR Chrony in 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1744072] Re: MIR Chrony in 18.04
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: maas (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744072 Title: MIR Chrony in 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1744072] Re: MIR Chrony in 18.04
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: ceph (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744072 Title: MIR Chrony in 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1744072] Re: MIR Chrony in 18.04
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: chrony (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744072 Title: MIR Chrony in 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1744072] Re: MIR Chrony in 18.04
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: cloud-init (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744072 Title: MIR Chrony in 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ntp-charm/+bug/1744072/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1744072] Re: MIR Chrony in 18.04
While some things are up in the air we should step this forward as good as we can, so @ubuntu-mir Team pleas ack and set it so the next status (if ok) so that the security Team can do an official check and ack as well. ** Description changed: - Note: I know it is the template so far, but after the discussions at the - sprint I want something we can start working on together. - - Background: after evaluation it was considered easier to maintain to - provide a good and secure ntp experience as well as some people asking - me if it could be preferred. - --- MIR --- 1. Availability: The package is Ubuntu universe and builds for the architectures it is designed to work on. - 2. Rationale: NTP in general is needed quite a lot, but we want to - exchange ntpd which is the current implementation in main with chrony - for 18.04. + 2. Rationale: + 2.1 NTP in general is needed quite a lot, but we want to exchange ntpd + which is the current implementation in main with chrony for 18.04. + 2.2 Security: chrony was considered easier to be maintained easier in + terms of security and provide a more modern ntp experience as well. + 2.3 Efficiency: Furthermore several cloud people seem to be interested to + change to chrony in the guests for its lower memoy/cpu footprint + (efficiency I guess). + 2.4 related to this MIR 6 years ago this is the same but for Fedora. + See: https://fedoraproject.org/wiki/Features/ChronyDefaultNTP + IIRC some limitations that were present have been eliminated since, so + it is even better than it was back then. + 2.5 In general one has to realize that in a systemd-timesync world + ntp/chrony are mostly for the "serving" portion of an ntp service, and + not so much about the client (unless you the better accuracy vs + timesyncd is needed). 3. Security: In fact the request came in by security Team, so I guess I call this section done -- EVERYTHING BELOW TBD FOR NOW -- 3. Quality assurance - 3.1 configuration ease - works after installation - 3.2 no high prio debconf - 3.3 usability (no major issues in Debian nor Ubuntu) - asked Paul in regard to the ntp charm in comment #5 - 3.4 long-term >=high bugs (none in Debian nor Ubuntu) - 3.5 Debian/Ubuntu bugs look reasonable maintained - 3.6 does not deal with hard to support exotic hardware (other than ntpd - btw). If used this can be done through universe package GPSD (no - dependency) - 3.7 Test suite runs on build (some skipped if not env applicable) - 3.8 debian/watch exists - 3.9 not depending on obsoleted packages - + 3.1 configuration ease - works after installation + 3.2 no high prio debconf + 3.3 usability (no major issues in Debian nor Ubuntu) + asked Paul in regard to the ntp charm in comment #5 + 3.4 long-term >=high bugs (none in Debian nor Ubuntu) + 3.5 Debian/Ubuntu bugs look reasonable maintained + 3.6 does not deal with hard to support exotic hardware (other than ntpd + btw). If used this can be done through universe package GPSD (no + dependency) + 3.7 Test suite runs on build (some skipped if not env applicable) + 3.8 debian/watch exists + 3.9 not depending on obsoleted packages 4.1 It does not face graphical UI 4.2 It is unfortunately not internationalized as far as I could see in the source 5. Dependencies - there is one not in main libtomcrypt -We don't want it in main either, instead we want to fix bug 1744328 and then use libnss which is in main already. + We don't want it in main either, instead we want to fix bug 1744328 and then use libnss which is in main already. 6. Not found major Policy or FSH violations that would have to be fixed. 7. Maintenance - 7.1 Upstream - is maintained well (and better than ntpd it seems -according to some discussisons) - 7.2 Ubuntu - Owning Team would be Ubuntu (in exchange to drop ntp) + 7.1 Upstream - is maintained well (and better than ntpd it seems + according to some discussisons) + 7.2 Ubuntu - Owning Team would be Ubuntu (in exchange to drop ntp) 8. Background information: - Fulfills the same role as ntp, yet according to the security Team would - be preferred for them. + Fulfills the same role as ntp, yet according to the security Team would + be preferred for them. --- Affected Packages --- I'll add all those as bug tasks. Once the MIR has passed the state of uncertainty (e.g. would it be blocked by one of the dependent bug being not doable at all) then please work on these into 18.04. Here a list what is affected in the listed packages: Maas - needs to change dependencies and maybe template cloud-init - needs to support writing ntp config to chrony instead of ntpd ceph-base - change recommends from ntpd to chrony (it only intends to get good time and doesn't care via which dameon that is, so that should be ok to be change) ntp charm - switch to chrony fo
[Bug 1744072] Re: MIR Chrony in 18.04
** Description changed: Note: I know it is the template so far, but after the discussions at the sprint I want something we can start working on together. Background: after evaluation it was considered easier to maintain to provide a good and secure ntp experience as well as some people asking me if it could be preferred. --- MIR --- 1. Availability: The package is Ubuntu universe and builds for the architectures it is designed to work on. 2. Rationale: NTP in general is needed quite a lot, but we want to exchange ntpd which is the current implementation in main with chrony for 18.04. 3. Security: In fact the request came in by security Team, so I guess I call this section done -- EVERYTHING BELOW TBD FOR NOW -- - Quality assurance: + 3. Quality assurance + 3.1 configuration ease - works after installation + 3.2 no high prio debconf + 3.3 usability (no major issues in Debian nor Ubuntu) + asked Paul in regard to the ntp charm in comment #5 + 3.4 long-term >=high bugs (none in Debian nor Ubuntu) + 3.5 Debian/Ubuntu bugs look reasonable maintained + 3.6 does not deal with hard to support exotic hardware (other than ntpd + btw). If used this can be done through universe package GPSD (no + dependency) + 3.7 Test suite runs on build (some skipped if not env applicable) + 3.8 debian/watch exists + 3.9 not depending on obsoleted packages - After installing the package it must be possible to make it working with a reasonable effort of configuration and documentation reading. - The package must not ask debconf questions higher than medium if it is going to be installed by default. The debconf questions must have reasonable defaults. - There are no long-term outstanding bugs which affect the usability of the program to a major degree. To support a package, we must be reasonably convinced that upstream supports and cares for the package. - The status of important bugs in Debian's, Ubuntu's, and upstream's bug tracking systems must be evaluated. Important bugs must be pointed out and discussed in the MIR report. - The package is maintained well in Debian/Ubuntu (check out the Debian PTS) - The package should not deal with exotic hardware which we cannot support. - If the package ships a test suite, and there is no obvious reason why it cannot work during build (e. g. it needs root privileges or network access), it should be run during package build, and a failing test suite should fail the build. - The package uses a debian/watch file whenever possible. In cases where this is not possible (e. g. native packages), the package should either provide a debian/README.source file or a debian/watch file (with comments only) providing clear instructions on how to generate the source tar file. - The package should not rely on obsolete or about to be demoted packages. That currently includes package dependencies on Python2 (without providing Python3 packages), and packages depending on GTK2. - UI standards: (generally only for user-facing applications) + 4.1 It does not face graphical UI + 4.2 It is unfortunately not internationalized as far as I could see in the source - End-user applications must be internationalized (translatable), using the standard intltool/gettext build and runtime system and produce a proper PO template during build. - End-user applications must ship a standard conformant desktop file. - Dependencies: + 5. Dependencies - there is one not in main libtomcrypt +We don't want it in main either, instead we want to fix bug 1744328 and then use libnss which is in main already. - All binary dependencies (including Recommends:) must be satisfiable in - main (i. e. the preferred alternative must be in main). If not, these - dependencies need a separate MIR report (this can be a separate bug or - another task on the main MIR bug) + 6. Not found major Policy or FSH violations that would have to be fixed. - Standards compliance: The package should meet the FHS and Debian Policy - standards. Major violations should be documented and justified. Also, - the source packaging should be reasonably easy to understand and - maintain. + 7. Maintenance + 7.1 Upstream - is maintained well (and better than ntpd it seems +according to some discussisons) + 7.2 Ubuntu - Owning Team would be Ubuntu (in exchange to drop ntp) - Maintenance: The package must have an acceptable level of maintenance - corresponding to its complexity: - - All packages must have a designated "owning" team, regardless of complexity, which is set as a package bug contact. - Simple packages (e.g. language bindings, simple Perl modules, small command-line programs, etc.) might not need very much maintenance effort, and if they are maintained well in Debian we can just keep them synced - More complex packages will usually need a developer or team of developers paying attention to their bugs, whether that be in Ubuntu or elsewhere
[Bug 1744072] Re: MIR Chrony in 18.04
bug 1718227 covers the need for hook integration from ifup to systemd, this is a soft prereq to consider it fully complete for 18.04 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744072 Title: MIR Chrony in 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chrony/+bug/1744072/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1744072] Re: MIR Chrony in 18.04
Hi Paul, I subscribed you as I wanted to clarify something. Back in [1], you mentioned it was important to you to get ntpdate (single shot cli) and ntpd (daemon) to work together nicely for the ntp charm. Now if the ntp charm would be modified to use chrony from 18.04 onward, would that break it completely as chrony has no direct ntpdate counterpart that I'd know of? [1]: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1706818 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744072 Title: MIR Chrony in 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chrony/+bug/1744072/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1744072] Re: MIR Chrony in 18.04
Discussion about usability of libnss forked into bug 1744328 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744072 Title: MIR Chrony in 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chrony/+bug/1744072/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1744072] Re: MIR Chrony in 18.04
TOOD: add docs like serverguide to move to chrony -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744072 Title: MIR Chrony in 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chrony/+bug/1744072/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1744072] Re: MIR Chrony in 18.04
TODO: add tasks for charms by paul geer ** Description changed: Note: I know it is the template so far, but after the discussions at the sprint I want something we can start working on together. Background: after evaluation it was considered easier to maintain to provide a good and secure ntp experience as well as some people asking me if it could be preferred. --- MIR --- 1. Availability: The package is Ubuntu universe and builds for the architectures it is designed to work on. 2. Rationale: NTP in general is needed quite a lot, but we want to exchange ntpd which is the current implementation in main with chrony for 18.04. 3. Security: In fact the request came in by security Team, so I guess I call this section done - -- EVERYTHING BELOW TBD FOR NOW -- Quality assurance: After installing the package it must be possible to make it working with a reasonable effort of configuration and documentation reading. The package must not ask debconf questions higher than medium if it is going to be installed by default. The debconf questions must have reasonable defaults. There are no long-term outstanding bugs which affect the usability of the program to a major degree. To support a package, we must be reasonably convinced that upstream supports and cares for the package. The status of important bugs in Debian's, Ubuntu's, and upstream's bug tracking systems must be evaluated. Important bugs must be pointed out and discussed in the MIR report. The package is maintained well in Debian/Ubuntu (check out the Debian PTS) The package should not deal with exotic hardware which we cannot support. If the package ships a test suite, and there is no obvious reason why it cannot work during build (e. g. it needs root privileges or network access), it should be run during package build, and a failing test suite should fail the build. The package uses a debian/watch file whenever possible. In cases where this is not possible (e. g. native packages), the package should either provide a debian/README.source file or a debian/watch file (with comments only) providing clear instructions on how to generate the source tar file. The package should not rely on obsolete or about to be demoted packages. That currently includes package dependencies on Python2 (without providing Python3 packages), and packages depending on GTK2. UI standards: (generally only for user-facing applications) End-user applications must be internationalized (translatable), using the standard intltool/gettext build and runtime system and produce a proper PO template during build. End-user applications must ship a standard conformant desktop file. Dependencies: All binary dependencies (including Recommends:) must be satisfiable in main (i. e. the preferred alternative must be in main). If not, these dependencies need a separate MIR report (this can be a separate bug or another task on the main MIR bug) Standards compliance: The package should meet the FHS and Debian Policy standards. Major violations should be documented and justified. Also, the source packaging should be reasonably easy to understand and maintain. Maintenance: The package must have an acceptable level of maintenance corresponding to its complexity: All packages must have a designated "owning" team, regardless of complexity, which is set as a package bug contact. Simple packages (e.g. language bindings, simple Perl modules, small command-line programs, etc.) might not need very much maintenance effort, and if they are maintained well in Debian we can just keep them synced More complex packages will usually need a developer or team of developers paying attention to their bugs, whether that be in Ubuntu or elsewhere (often Debian). Packages that deliver major new headline features in Ubuntu need to have commitment from Ubuntu developers willing to spend substantial time on them. Background information: The package descriptions should explain the general purpose and context of the package. Additional explanations/justifications should be done in the MIR report. If the package was renamed recently, or has a different upstream name, this needs to be explained in the MIR report. --- Affected Packages --- Maas - needs to change dependencies and maybe template cloud-init - needs to support writing ntp config to chrony instead of ntpd ceph-base - change recommends from ntpd to chrony (it only intends to get good time, so that should be ok) seeds - remove seeding of ntp - chrony - MIR itself (seeding) + chrony - MIR itself (not pre-install, but pull it into supported) chrony - add default enabled apparmor profile -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744072 Title: MIR Chrony in 18.04 To manage notifications about this bug
[Bug 1744072] Re: MIR Chrony in 18.04
Current TODOs to get the MIR started: 1. complete the template 2. check dependencies and file MIRs as needed 3. Add bug tasks for all other affected packages -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744072 Title: MIR Chrony in 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chrony/+bug/1744072/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
