Allow ntpd service to be optional

This allows ntpd to be disabled in both the privileged
rack and region controllers for use cases where we
do not wish these processes to conflict with ntpd
on the physical host running the containers.  This
method as opposed to overriding sysvinit style scripts
and potentially other ways to launch ntpd that may
exist appears to be the safest way to ensure it does
not ever run.

Change-Id: Ib52727becc1849a2a75d2d62d1c51553047a8fcf
This commit is contained in:
Alan Meadows 2018-04-11 08:52:30 -07:00
parent 524188787c
commit cc00e3fd92
5 changed files with 27 additions and 0 deletions

View File

@ -0,0 +1,7 @@
#!/bin/sh
# This is a stub ntpd process that will simply do nothing
while true; do
sleep 1000
done

View File

@ -39,3 +39,5 @@ data:
{{ tuple "bin/_register-rack-controller.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
maas-test.sh: |
{{ tuple "bin/_maas-test.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
ntpd.sh: |
{{ tuple "bin/_ntpd.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}

View File

@ -69,6 +69,12 @@ spec:
securityContext:
privileged: true
volumeMounts:
{{- if .Values.conf.maas.ntp.disable_ntpd_rack }}
- name: maas-bin
mountPath: /usr/sbin/ntpd
subPath: ntpd.sh
readOnly: true
{{- end }}
- name: maas-bin
mountPath: /tmp/start.sh
subPath: start.sh

View File

@ -96,6 +96,12 @@ spec:
mountPath: /etc/nsswitch.conf
subPath: nsswitch.conf
readOnly: true
{{- if .Values.conf.maas.ntp.disable_ntpd_region }}
- name: maas-bin
mountPath: /usr/sbin/ntpd
subPath: ntpd.sh
readOnly: true
{{- end }}
{{- if $mounts_maas_region.volumeMounts }}{{ toYaml $mounts_maas_region.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: maas-etc

View File

@ -129,6 +129,12 @@ conf:
url:
maas_url: null
ntp:
# These options allow you to mock out the ntpd binary within the container
# by overwriting it with a script that simply sleeps - this is useful in
# environments where you do not wish these privileged containers to try and
# run ntpd that may conflict with the baremetal host
disable_ntpd_region: false
disable_ntpd_rack: false
# Use external only points region and rack serves and deployed nodes directly
# at external NTP servers. Otherwise we have nodes -> rack -> region -> external
use_external_only: false