From 510ddd28c855fbc388064447769a3a36dccd4a21 Mon Sep 17 00:00:00 2001 From: Archana Shinde Date: Tue, 19 Mar 2019 14:12:21 -0700 Subject: [PATCH 1/5] rootfs: Add chrony service to rootfs chrony will be used to schronize guest clock with host using kvm_ptp kernel driver. This does add another active component to the rootfs but keeping time scychorized is crucial. Fixes #255 Signed-off-by: Archana Shinde --- rootfs-builder/centos/config.sh | 2 +- rootfs-builder/clearlinux/config.sh | 2 +- rootfs-builder/euleros/config.sh | 2 +- rootfs-builder/fedora/config.sh | 2 +- rootfs-builder/ubuntu/config.sh | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/rootfs-builder/centos/config.sh b/rootfs-builder/centos/config.sh index 07637a9611..8f80d1f3e9 100644 --- a/rootfs-builder/centos/config.sh +++ b/rootfs-builder/centos/config.sh @@ -22,7 +22,7 @@ GPG_KEY_URL="https://www.centos.org/keys/RPM-GPG-KEY-CentOS-7" GPG_KEY_FILE="RPM-GPG-KEY-CentOS-7" -PACKAGES="iptables" +PACKAGES="iptables chrony" #Optional packages: # systemd: An init system that will start kata-agent if kata-agent diff --git a/rootfs-builder/clearlinux/config.sh b/rootfs-builder/clearlinux/config.sh index 9f534c9a35..2066483353 100644 --- a/rootfs-builder/clearlinux/config.sh +++ b/rootfs-builder/clearlinux/config.sh @@ -15,7 +15,7 @@ clr_url="https://download.clearlinux.org" BASE_URL="${clr_url}/releases/${OS_VERSION}/${REPO_NAME}/${ARCH}/os/" -PACKAGES="iptables-bin libudev0-shim" +PACKAGES="iptables-bin libudev0-shim chrony" #Optional packages: # systemd: An init system that will start kata-agent if kata-agent diff --git a/rootfs-builder/euleros/config.sh b/rootfs-builder/euleros/config.sh index d6b412317d..3d5762fb3a 100644 --- a/rootfs-builder/euleros/config.sh +++ b/rootfs-builder/euleros/config.sh @@ -10,7 +10,7 @@ BASE_URL="http://developer.huawei.com/ict/site-euleros/euleros/repo/yum/${OS_VER GPG_KEY_FILE="RPM-GPG-KEY-EulerOS" -PACKAGES="iptables" +PACKAGES="iptables chrony" #Optional packages: # systemd: An init system that will start kata-agent if kata-agent diff --git a/rootfs-builder/fedora/config.sh b/rootfs-builder/fedora/config.sh index 10315c48a7..c11cbd55e2 100644 --- a/rootfs-builder/fedora/config.sh +++ b/rootfs-builder/fedora/config.sh @@ -9,7 +9,7 @@ OS_VERSION=${OS_VERSION:-28} MIRROR_LIST="https://mirrors.fedoraproject.org/metalink?repo=fedora-${OS_VERSION}&arch=\$basearch" -PACKAGES="iptables" +PACKAGES="iptables chrony" #Optional packages: # systemd: An init system that will start kata-agent if kata-agent diff --git a/rootfs-builder/ubuntu/config.sh b/rootfs-builder/ubuntu/config.sh index c23704f5f6..f2247e4ae6 100644 --- a/rootfs-builder/ubuntu/config.sh +++ b/rootfs-builder/ubuntu/config.sh @@ -12,7 +12,7 @@ OS_VERSION=${OS_VERSION:-18.04} OS_NAME=${OS_NAME:-"bionic"} # packages to be installed by default -PACKAGES="systemd iptables init" +PACKAGES="systemd iptables init chrony" DEBOOTSTRAP=${PACKAGE_MANAGER:-"debootstrap"} From 0b3351970984ac1166c8719f362c7f17bef9812d Mon Sep 17 00:00:00 2001 From: Archana Shinde Date: Tue, 19 Mar 2019 14:30:10 -0700 Subject: [PATCH 2/5] rootfs: add PACKAGE var to debian config debian config seems to be missing PACKAGE variable altogether. Add it along with appending chrony to the list. Signed-off-by: Archana Shinde --- rootfs-builder/debian/config.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/rootfs-builder/debian/config.sh b/rootfs-builder/debian/config.sh index 698a128b2b..9eb022e668 100644 --- a/rootfs-builder/debian/config.sh +++ b/rootfs-builder/debian/config.sh @@ -8,6 +8,8 @@ OS_VERSION=${OS_VERSION:-9.5} # Set OS_NAME to the desired debian "codename" OS_NAME=${OS_NAME:-"stretch"} +PACKAGES="systemd iptables init chrony" + # NOTE: Re-using ubuntu rootfs configuration, see 'ubuntu' folder for full content. source $script_dir/ubuntu/$CONFIG_SH From 8fe64058aaef5b704f54ab03e87e5496c18c4e55 Mon Sep 17 00:00:00 2001 From: Archana Shinde Date: Tue, 19 Mar 2019 14:34:14 -0700 Subject: [PATCH 3/5] rootfs: Include chrony in the Dockerfile images Add chrony to distro Dockerfile. Signed-off-by: Archana Shinde --- rootfs-builder/centos/Dockerfile.in | 2 +- rootfs-builder/clearlinux/Dockerfile.in | 2 +- rootfs-builder/debian/Dockerfile.in | 2 +- rootfs-builder/euleros/Dockerfile.in | 2 +- rootfs-builder/fedora/Dockerfile.in | 2 +- rootfs-builder/ubuntu/Dockerfile.in | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/rootfs-builder/centos/Dockerfile.in b/rootfs-builder/centos/Dockerfile.in index 5897d0c8ff..4e89be128a 100644 --- a/rootfs-builder/centos/Dockerfile.in +++ b/rootfs-builder/centos/Dockerfile.in @@ -7,7 +7,7 @@ From centos:@OS_VERSION@ @SET_PROXY@ -RUN yum -y update && yum install -y git make gcc coreutils libseccomp libseccomp-devel +RUN yum -y update && yum install -y git make gcc coreutils libseccomp libseccomp-devel chrony # This will install the proper golang to build Kata components @INSTALL_GO@ diff --git a/rootfs-builder/clearlinux/Dockerfile.in b/rootfs-builder/clearlinux/Dockerfile.in index 3634282ad0..ff5164b795 100644 --- a/rootfs-builder/clearlinux/Dockerfile.in +++ b/rootfs-builder/clearlinux/Dockerfile.in @@ -7,7 +7,7 @@ From fedora:27 @SET_PROXY@ -RUN dnf -y update && dnf install -y git systemd pkgconfig gcc coreutils libseccomp libseccomp-devel +RUN dnf -y update && dnf install -y git systemd pkgconfig gcc coreutils libseccomp libseccomp-devel chrony # This will install the proper golang to build Kata components @INSTALL_GO@ diff --git a/rootfs-builder/debian/Dockerfile.in b/rootfs-builder/debian/Dockerfile.in index f4eb4ca216..493df64307 100644 --- a/rootfs-builder/debian/Dockerfile.in +++ b/rootfs-builder/debian/Dockerfile.in @@ -7,7 +7,7 @@ from debian:@OS_VERSION@ # RUN commands -RUN apt-get update && apt-get install -y curl wget systemd debootstrap git build-essential +RUN apt-get update && apt-get install -y curl wget systemd debootstrap git build-essential chrony # This will install the proper golang to build Kata components @INSTALL_GO@ diff --git a/rootfs-builder/euleros/Dockerfile.in b/rootfs-builder/euleros/Dockerfile.in index 03a0a77e71..4ff79ba280 100644 --- a/rootfs-builder/euleros/Dockerfile.in +++ b/rootfs-builder/euleros/Dockerfile.in @@ -7,7 +7,7 @@ FROM euleros:@OS_VERSION@ @SET_PROXY@ -RUN yum -y update && yum install -y yum git make gcc coreutils +RUN yum -y update && yum install -y yum git make gcc coreutils chrony # This will install the proper golang to build Kata components @INSTALL_GO@ diff --git a/rootfs-builder/fedora/Dockerfile.in b/rootfs-builder/fedora/Dockerfile.in index 08ede4313f..19e10adde6 100644 --- a/rootfs-builder/fedora/Dockerfile.in +++ b/rootfs-builder/fedora/Dockerfile.in @@ -7,7 +7,7 @@ From fedora:@OS_VERSION@ @SET_PROXY@ -RUN dnf -y update && dnf install -y git redhat-release systemd pkgconfig gcc make libseccomp libseccomp-devel +RUN dnf -y update && dnf install -y git redhat-release systemd pkgconfig gcc make libseccomp libseccomp-devel chrony # This will install the proper golang to build Kata components @INSTALL_GO@ diff --git a/rootfs-builder/ubuntu/Dockerfile.in b/rootfs-builder/ubuntu/Dockerfile.in index b1be9dbbe2..d4b10490b2 100644 --- a/rootfs-builder/ubuntu/Dockerfile.in +++ b/rootfs-builder/ubuntu/Dockerfile.in @@ -11,7 +11,7 @@ from ubuntu:@OS_VERSION@ # Install any package need to create a rootfs (package manager, extra tools) # RUN commands -RUN apt-get update && apt-get install -y curl wget systemd debootstrap git build-essential +RUN apt-get update && apt-get install -y curl wget systemd debootstrap git build-essential chrony # This will install the proper golang to build Kata components @INSTALL_GO@ From 3df19ff984b2e9c937434dbaaedbbda3b70895aa Mon Sep 17 00:00:00 2001 From: Archana Shinde Date: Tue, 19 Mar 2019 15:41:28 -0700 Subject: [PATCH 4/5] chrony: Add virtual PTP as source for chrony KVM virtual PTP in linux kernel allows guest to sync its clock to the host clock with high precision. kvm-ptp has been enabled in our kernel. Add this as a source for `chrony` so that it can be used to sync the guest system clock. `chrony` needs to be started in the guest for time sync. Signed-off-by: Archana Shinde --- rootfs-builder/rootfs.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 653276e1b4..8568d7b8c4 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -368,6 +368,14 @@ popd >> /dev/null [ -n "${KERNEL_MODULES_DIR}" ] && copy_kernel_modules ${KERNEL_MODULES_DIR} ${ROOTFS_DIR} +chrony_conf_file="${ROOTFS_DIR}/etc/chrony.conf" +if [ ${distro} == ubuntu ] || [ ${distro} == debian ] ; then + chrony_conf_file="${ROOTFS_DIR}/etc/chrony/chrony.conf" +fi + +info "Configure chrony file ${chrony_conf_file}" +echo "refclock PHC /dev/ptp0 poll 3 dpoll -2 offset 0" >> ${chrony_conf_file} + # The CC on s390x for fedora needs to be manually set to gcc when the golang is downloaded from the main page. # See issue: https://github.com/kata-containers/osbuilder/issues/217 [ "$distro" == fedora ] && [ "$ARCH" == "s390x" ] && export CC=gcc From e16ff37f865306e04e4e2b7df6d5beb78e6361d0 Mon Sep 17 00:00:00 2001 From: Archana Shinde Date: Wed, 20 Mar 2019 15:57:54 -0700 Subject: [PATCH 5/5] chrony: Comment out any NTP sources for chrony Reference: https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html Signed-off-by: Archana Shinde --- rootfs-builder/rootfs.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/rootfs-builder/rootfs.sh b/rootfs-builder/rootfs.sh index 8568d7b8c4..161e63dd35 100755 --- a/rootfs-builder/rootfs.sh +++ b/rootfs-builder/rootfs.sh @@ -376,6 +376,10 @@ fi info "Configure chrony file ${chrony_conf_file}" echo "refclock PHC /dev/ptp0 poll 3 dpoll -2 offset 0" >> ${chrony_conf_file} +# Comment out ntp sources for chrony to be extra careful +# Reference: https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html +sed -i 's/^\(server \|pool \|peer \)/# &/g' ${chrony_conf_file} + # The CC on s390x for fedora needs to be manually set to gcc when the golang is downloaded from the main page. # See issue: https://github.com/kata-containers/osbuilder/issues/217 [ "$distro" == fedora ] && [ "$ARCH" == "s390x" ] && export CC=gcc