[Bug 2048876] Re: Allow server and pool sources to be overridden through a conf.d or sources.d configuration

Ubuntu Foundations Team Bug Bot 2048876 at bugs.launchpad.net
Wed Feb 14 20:17:38 UTC 2024 

The attachment "lp-2048876-disallow-name-conf.debdiff" seems to be a
debdiff.  The ubuntu-sponsors team has been subscribed to the bug report
so that they can review and hopefully sponsor the debdiff.  If the
attachment isn't a patch, please remove the "patch" flag from the
attachment, remove the "patch" tag, and if you are member of the
~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by
~brian-murray, for any issue please contact him.]

** Tags added: patch

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2048876

Title:
  Allow server and pool sources to be overridden through a conf.d or
  sources.d configuration

Status in chrony package in Ubuntu:
  Triaged

Bug description:
  Currently, the default chrony.conf configures a set of pools. Confirmed this on a focal and jammy instance on GCP. If one wishes to use only a specific server/server pool or not use a server at all they will need to modify /etc/chrony/chrony.conf. This will possibly lead to a prompt during an Ubuntu release upgrade and during an unattended chrony security upgrade. 
  We are trying to move all configuration changes to their respective *.d directories. See: https://bugs.launchpad.net/livecd-rootfs/+bug/1968873
  We test for modified chrony config file by invoking `sudo md5sum --quiet --check /var/lib/ucf/hashfile`.


  Listing the cases that I know where we are not able to move chrony configuration changes to a *.d config
  1. Azure: Azure needs all default pool entries in chrony.conf disabled. This is currently done by commenting out the pool entries in /etc/chrony/chrony.conf. There doesn't seem to be an alternative way to reset the pool set used by chrony through a configuration in *.d directory.
  2. Google: GCP images need to set a single server source entry. This is done indirectly through the ntp cloud-init module configuration. The ntp module replaces the default /etc/chrony/chrony.conf with another file that has required server entry and no pool entries. I believe this cannot be done through an override in *.d directory without touching /etc/chrony/chrony.conf.

  This request perhaps can be extended to ensure that "negating" a
  configuration in the default /etc/chrony/chrony.conf should be
  possible through a configuration in /etc/chrony/*.d directory.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chrony/+bug/2048876/+subscriptions

More information about the Ubuntu-sponsors mailing list