custom ntp server in phosphor-networkd

custom ntp server in phosphor-networkd

[Alexander A. Filippov]

Our customers complain that they can't set custom ntp while dhcp is enabled on
bmc network interface.

I found out that the phosphor-networkd doesn't allow it in fact and it awaits
the list of ntp-servers in response from dhcp server. When BMC is configured
with a static IP address phosphor-networkd keep a list of ntp-service in the
configuration file of the network interface. In my opinion it is wrong.

I propose to change this behavior: 
 - the list of ntp-service should be kept in /etc/systemd/timesyncd.conf
 - the customization of ntp-servers should be independent from the network
   inferface configuration.

thoughts, doubts?

Regards,
Alexander

Re: custom ntp server in phosphor-networkd

[Vernon Mauery]

On 26-Aug-2019 07:25 PM, Alexander A. Filippov wrote:
> Our customers complain that they can't set custom ntp while dhcp is enabled on
> bmc network interface.
> 
> I found out that the phosphor-networkd doesn't allow it in fact and it awaits
> the list of ntp-servers in response from dhcp server. When BMC is configured
> with a static IP address phosphor-networkd keep a list of ntp-service in the
> configuration file of the network interface. In my opinion it is wrong.

This is pretty common behavior for DHCP settings. The DHCP server can 
respond with all sorts of settings beyond just the ip/netmask/gateway. 
NTP, DNS, TFTP (for PXE), etc., are all things that might get returned 
by the DHCP server. Generally, if you are using DHCP, you just accept 
those responses and use them because you assume that the network 
administrator did the right thing and set them up.

> I propose to change this behavior: 
>  - the list of ntp-service should be kept in /etc/systemd/timesyncd.conf
>  - the customization of ntp-servers should be independent from the network
>    inferface configuration.
> 

It seems to me that if you are using static settings for your network, 
then you would also have static (or user-supplied) settings for NTP and 
DNS. But if you are using DHCP for the network, it would make sense to 
use the NTP and DNS settings supplied by the DHCP server.

Now it might also be nice to have some reasonable defaults for NTP 
servers. It is not uncommon to have IP gateways also be NTP servers, so 
it might be reasonable to attempt to use the gateway as an NTP server if 
none was specified in the DHCP response. I don't like the idea of 
setting the default NTP server to be something that is globally 
addressable because that makes the assumption that the BMC can reach 
global networks, which should not be the case.

--Vernon

Re: custom ntp server in phosphor-networkd

[Ratan Gupta]

[-- Attachment #1: Type: text/plain, Size: 3264 bytes --]

On 26/08/19 10:53 PM, Vernon Mauery wrote:
> On 26-Aug-2019 07:25 PM, Alexander A. Filippov wrote:
>> Our customers complain that they can't set custom ntp while dhcp is enabled on
>> bmc network interface.
>>
>> I found out that the phosphor-networkd doesn't allow it in fact and it awaits
>> the list of ntp-servers in response from dhcp server. When BMC is configured
>> with a static IP address phosphor-networkd keep a list of ntp-service in the
>> configuration file of the network interface. In my opinion it is wrong.
Why this is wrong, Following are the rules for adding the NTP servers
The NTP server to be used will be determined using the following rules:

  * Any per-interface NTP servers obtained
    from|systemd-networkd.service(8)|configuration or via DHCP take
    precedence.
  * The NTP servers defined in|/etc/systemd/timesyncd.conf|will be
    appended to the per-interface list at runtime and the daemon will
    contact the servers in turn until one is found that responds.
  * If no NTP server information is acquired after completing those
    steps, the NTP server host names or IP addresses defined
    in|FallbackNTP=|will be used



I don't see a problem in adding the NTP servers in the networkd.conf, 
Spec also suggest the same.

https://wiki.archlinux.org/index.php/systemd-timesyncd

Administrator may/not configure the DHCP server with NTP servers, To 
make it simple we put a check that if DHCP is enabled then don't allow 
the NTP server configuration.

If we have a scenario where DHCP server is configured as "Don't send the 
NTP Server" and we want the NTP server we have two ways

=> Either ask the admin to make the changes in the DHCP server to supply 
the NTP server.

=> We may allow the NTP server configuration even if the interface mode 
is DHCP.

> This is pretty common behavior for DHCP settings. The DHCP server can
> respond with all sorts of settings beyond just the ip/netmask/gateway.
> NTP, DNS, TFTP (for PXE), etc., are all things that might get returned
> by the DHCP server. Generally, if you are using DHCP, you just accept
> those responses and use them because you assume that the network
> administrator did the right thing and set them up.
I agree with vernon and that was the intention behind the
>
>> I propose to change this behavior:
>>   - the list of ntp-service should be kept in /etc/systemd/timesyncd.conf
>>   - the customization of ntp-servers should be independent from the network
>>     inferface configuration.
>>
> It seems to me that if you are using static settings for your network,
> then you would also have static (or user-supplied) settings for NTP and
> DNS. But if you are using DHCP for the network, it would make sense to
> use the NTP and DNS settings supplied by the DHCP server.
>
> Now it might also be nice to have some reasonable defaults for NTP
> servers. It is not uncommon to have IP gateways also be NTP servers, so
> it might be reasonable to attempt to use the gateway as an NTP server if
> none was specified in the DHCP response. I don't like the idea of
> setting the default NTP server to be something that is globally
> addressable because that makes the assumption that the BMC can reach
> global networks, which should not be the case.
>
> --Vernon

[-- Attachment #2: Type: text/html, Size: 6165 bytes --]

Re: custom ntp server in phosphor-networkd

[Alexander A. Filippov]

On Mon, Aug 26, 2019 at 10:23:15AM -0700, Vernon Mauery wrote:
> This is pretty common behavior for DHCP settings.


On Tue, Aug 27, 2019 at 11:28:36AM +0530, Ratan Gupta wrote:
> Why this is wrong,

Ok, ok.  I wasn't clear enough. My appologies.

I've meant that the impossibility to add a custom ntp server while dhcp is
enabled is wrong. Of course, the list of ntp servers received from DHCP-server
must be used. And I propose to move only manual settings.

I believe that it is a same stuff with DNS-servers, routes. But probably, the
BMC is not such kind of devices which is required such deep settings. One of the
possible reasons was specified by Vernon quoted below:

On Mon, Aug 26, 2019 at 10:23:15AM -0700, Vernon Mauery wrote:
> It seems to me that if you are using static settings for your network, 
> then you would also have static (or user-supplied) settings for NTP and 
> DNS. But if you are using DHCP for the network, it would make sense to 
> use the NTP and DNS settings supplied by the DHCP server.
> 
> Now it might also be nice to have some reasonable defaults for NTP 
> servers. It is not uncommon to have IP gateways also be NTP servers, so 
> it might be reasonable to attempt to use the gateway as an NTP server if 
> none was specified in the DHCP response. I don't like the idea of 
> setting the default NTP server to be something that is globally 
> addressable because that makes the assumption that the BMC can reach 
> global networks, which should not be the case.


On Tue, Aug 27, 2019 at 11:28:36AM +0530, Ratan Gupta wrote:
>  * The NTP servers defined in|/etc/systemd/timesyncd.conf|will be
>    appended to the per-interface list at runtime and the daemon will
>    contact the servers in turn until one is found that responds.

So, my propose is to implement this point.

Regards,
Alexander

Re: custom ntp server in phosphor-networkd

[Ratan Gupta]

[-- Attachment #1: Type: text/plain, Size: 3030 bytes --]

On 27/08/19 1:13 PM, Alexander A. Filippov wrote:
> On Mon, Aug 26, 2019 at 10:23:15AM -0700, Vernon Mauery wrote:
>> This is pretty common behavior for DHCP settings.
>
> On Tue, Aug 27, 2019 at 11:28:36AM +0530, Ratan Gupta wrote:
>> Why this is wrong,
> Ok, ok.  I wasn't clear enough. My appologies.
>
> I've meant that the impossibility to add a custom ntp server while dhcp is
> enabled is wrong. Of course, the list of ntp servers received from DHCP-server
> must be used. And I propose to move only manual settings.
>
> I believe that it is a same stuff with DNS-servers, routes. But probably, the
> BMC is not such kind of devices which is required such deep settings. One of the
> possible reasons was specified by Vernon quoted below:
>
> On Mon, Aug 26, 2019 at 10:23:15AM -0700, Vernon Mauery wrote:
>> It seems to me that if you are using static settings for your network,
>> then you would also have static (or user-supplied) settings for NTP and
>> DNS. But if you are using DHCP for the network, it would make sense to
>> use the NTP and DNS settings supplied by the DHCP server.
>>
>> Now it might also be nice to have some reasonable defaults for NTP
>> servers. It is not uncommon to have IP gateways also be NTP servers, so
>> it might be reasonable to attempt to use the gateway as an NTP server if
>> none was specified in the DHCP response. I don't like the idea of
>> setting the default NTP server to be something that is globally
>> addressable because that makes the assumption that the BMC can reach
>> global networks, which should not be the case.
I have the following suggestion


=> By default all the DHCP optional parameters will be set to false(i.e 
Don't ask the optional info from the DHCP server) => If users wants the 
DHCP provided configuration then it has to set the specific optional 
parameters to true(Say NTPEnabled=true). => User configures the Static 
NTP => Check if DHCP is enabled then look for the DHCP configuration 
parameters, if "NTP Enabled is true"
then user wants the NTP server from the DHCP and in that case don't 
allow the static configuration.
=> if DHCP is enabled but in DHCP configuration parameters "NTP Enabled 
is false"
then user doesn't want the NTP server from the DHCP and allow the static 
configuration.

Link: 
https://github.com/openbmc/phosphor-dbus-interfaces/blob/master/xyz/openbmc_project/Network/DHCPConfiguration.interface.yaml

Note: It may happen that user has set DHCP Configuration parameters on 
the BMC to take the NTP server details from the
DHCP server but have not configured the DHCP server to provide the NTP 
server, in that case
Static NTP server configuration will not be allowed.
>
> On Tue, Aug 27, 2019 at 11:28:36AM +0530, Ratan Gupta wrote:
>>   * The NTP servers defined in|/etc/systemd/timesyncd.conf|will be
>>     appended to the per-interface list at runtime and the daemon will
>>     contact the servers in turn until one is found that responds.
> So, my propose is to implement this point.
>
> Regards,
> Alexander
>

[-- Attachment #2: Type: text/html, Size: 8293 bytes --]

Re: custom ntp server in phosphor-networkd

[Johnathan Mantey]

[-- Attachment #1.1.1: Type: text/plain, Size: 4171 bytes --]

Ratan, Alexander,

I've pushed code to improve DHCP recently which may be of value in this
instance.

https://gerrit.openbmc-project.xyz/c/openbmc/phosphor-dbus-interfaces/+/24665
https://gerrit.openbmc-project.xyz/c/openbmc/phosphor-networkd/+/24666
https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/24725

This implements a greater set of control over the DHCP from Redfish.  I
believe I tested using DHCP, while UseNTPServers = false was active.  I
then explicitly defined a static NTP server from one of the Intel
chimers.  I was able to get my clock updated from the assigned NTP
server.  Prior to this change NTP requests to the google chimers went
unanswered, as our BMC network can't get to the internet.

On 8/27/19 3:32 AM, Ratan Gupta wrote:
> On 27/08/19 1:13 PM, Alexander A. Filippov wrote:
>> On Mon, Aug 26, 2019 at 10:23:15AM -0700, Vernon Mauery wrote:
>>> This is pretty common behavior for DHCP settings.
>> On Tue, Aug 27, 2019 at 11:28:36AM +0530, Ratan Gupta wrote:
>>> Why this is wrong,
>> Ok, ok.  I wasn't clear enough. My appologies.
>>
>> I've meant that the impossibility to add a custom ntp server while dhcp is
>> enabled is wrong. Of course, the list of ntp servers received from DHCP-server
>> must be used. And I propose to move only manual settings.
>>
>> I believe that it is a same stuff with DNS-servers, routes. But probably, the
>> BMC is not such kind of devices which is required such deep settings. One of the
>> possible reasons was specified by Vernon quoted below:
>>
>> On Mon, Aug 26, 2019 at 10:23:15AM -0700, Vernon Mauery wrote:
>>> It seems to me that if you are using static settings for your network, 
>>> then you would also have static (or user-supplied) settings for NTP and 
>>> DNS. But if you are using DHCP for the network, it would make sense to 
>>> use the NTP and DNS settings supplied by the DHCP server.
>>>
>>> Now it might also be nice to have some reasonable defaults for NTP 
>>> servers. It is not uncommon to have IP gateways also be NTP servers, so 
>>> it might be reasonable to attempt to use the gateway as an NTP server if 
>>> none was specified in the DHCP response. I don't like the idea of 
>>> setting the default NTP server to be something that is globally 
>>> addressable because that makes the assumption that the BMC can reach 
>>> global networks, which should not be the case.
> I have the following suggestion
>
>
> => By default all the DHCP optional parameters will be set to
> false(i.e Don't ask the optional info from the DHCP server) => If
> users wants the DHCP provided configuration then it has to set the
> specific optional parameters to true(Say NTPEnabled=true). => User
> configures the Static NTP => Check if DHCP is enabled then look for
> the DHCP configuration parameters, if "NTP Enabled is true"
> then user wants the NTP server from the DHCP and in that case don't
> allow the static configuration.
> => if DHCP is enabled but in DHCP configuration parameters "NTP
> Enabled is false"
> then user doesn't want the NTP server from the DHCP and allow the
> static configuration.
>
> Link:
> https://github.com/openbmc/phosphor-dbus-interfaces/blob/master/xyz/openbmc_project/Network/DHCPConfiguration.interface.yaml
>
> Note: It may happen that user has set DHCP Configuration parameters on
> the BMC to take the NTP server details from the
> DHCP server but have not configured the DHCP server to provide the NTP
> server, in that case
> Static NTP server configuration will not be allowed.
>> On Tue, Aug 27, 2019 at 11:28:36AM +0530, Ratan Gupta wrote:
>>>  * The NTP servers defined in|/etc/systemd/timesyncd.conf|will be
>>>    appended to the per-interface list at runtime and the daemon will
>>>    contact the servers in turn until one is found that responds.
>> So, my propose is to implement this point.
>>
>> Regards,
>> Alexander
>>

-- 
Johnathan Mantey
Senior Software Engineer
*azad te**chnology partners*
Contributing to Technology Innovation since 1992
Phone: (503) 712-6764
Email: johnathanx.mantey@intel.com <mailto:johnathanx.mantey@intel.com>


[-- Attachment #1.1.2: Type: text/html, Size: 10772 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

Re: custom ntp server in phosphor-networkd

[Alexander A. Filippov]

On Tue, Aug 27, 2019 at 07:52:12AM -0700, Johnathan Mantey wrote:
> Ratan, Alexander,
> 
> I've pushed code to improve DHCP recently which may be of value in this
> instance.
> 
> https://gerrit.openbmc-project.xyz/c/openbmc/phosphor-dbus-interfaces/+/24665
> https://gerrit.openbmc-project.xyz/c/openbmc/phosphor-networkd/+/24666
> https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/24725
> 
> This implements a greater set of control over the DHCP from Redfish.  I
> believe I tested using DHCP, while UseNTPServers = false was active.  I
> then explicitly defined a static NTP server from one of the Intel
> chimers.  I was able to get my clock updated from the assigned NTP
> server.  Prior to this change NTP requests to the google chimers went
> unanswered, as our BMC network can't get to the internet.
> 

Thanks Johnathan, it looks like a solution for the issue.

Regards,
Alexander

Re: custom ntp server in phosphor-networkd

[Alexander Amelkin]

[-- Attachment #1.1.1: Type: text/plain, Size: 3390 bytes --]

27.08.2019 13:32, Ratan Gupta wrote:
> On 27/08/19 1:13 PM, Alexander A. Filippov wrote:
>> On Mon, Aug 26, 2019 at 10:23:15AM -0700, Vernon Mauery wrote:
>>> This is pretty common behavior for DHCP settings.
>> On Tue, Aug 27, 2019 at 11:28:36AM +0530, Ratan Gupta wrote:
>>> Why this is wrong,
>> Ok, ok.  I wasn't clear enough. My appologies.
>>
>> I've meant that the impossibility to add a custom ntp server while dhcp is
>> enabled is wrong. Of course, the list of ntp servers received from DHCP-server
>> must be used. And I propose to move only manual settings.
>>
>> I believe that it is a same stuff with DNS-servers, routes. But probably, the
>> BMC is not such kind of devices which is required such deep settings. One of the
>> possible reasons was specified by Vernon quoted below:
>>
>> On Mon, Aug 26, 2019 at 10:23:15AM -0700, Vernon Mauery wrote:
>>> It seems to me that if you are using static settings for your network, 
>>> then you would also have static (or user-supplied) settings for NTP and 
>>> DNS. But if you are using DHCP for the network, it would make sense to 
>>> use the NTP and DNS settings supplied by the DHCP server.
>>>
>>> Now it might also be nice to have some reasonable defaults for NTP 
>>> servers. It is not uncommon to have IP gateways also be NTP servers, so 
>>> it might be reasonable to attempt to use the gateway as an NTP server if 
>>> none was specified in the DHCP response. I don't like the idea of 
>>> setting the default NTP server to be something that is globally 
>>> addressable because that makes the assumption that the BMC can reach 
>>> global networks, which should not be the case.
> I have the following suggestion
>
>
> => By default all the DHCP optional parameters will be set to false(i.e Don't
> ask the optional info from the DHCP server) => If users wants the DHCP
> provided configuration then it has to set the specific optional parameters to
> true(Say NTPEnabled=true).

I'd say that sysadmins won't be happy with this approach. If I were them I'd
prefer this:

1. If DHCP is globally enabled for the BMC and the DHCP server sends any
parameters, then they take precedence
2. If any of the optional parameters are not provided by DHCP server or DHCP is
globally disabled for the BMC, then statically defined settings are used

IMO, that is a very simple and deterministic approach without any
easy-to-overlook settings.

> => User configures the Static NTP => Check if DHCP is enabled then look for
> the DHCP configuration parameters, if "NTP Enabled is true"
> then user wants the NTP server from the DHCP and in that case don't allow the
> static configuration.
> => if DHCP is enabled but in DHCP configuration parameters "NTP Enabled is false"
> then user doesn't want the NTP server from the DHCP and allow the static
> configuration.
>
> Link:
> https://github.com/openbmc/phosphor-dbus-interfaces/blob/master/xyz/openbmc_project/Network/DHCPConfiguration.interface.yaml
>
> Note: It may happen that user has set DHCP Configuration parameters on the BMC
> to take the NTP server details from the
> DHCP server but have not configured the DHCP server to provide the NTP server,
> in that case
> Static NTP server configuration will not be allowed.

With best regards,
Alexander Amelkin,
BIOS/BMC Team Lead, YADRO
https://yadro.com


[-- Attachment #1.1.2: Type: text/html, Size: 9405 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]