[Bug 2048876] Re: Allow server and pool sources to be overridden through a conf.d or sources.d configuration

Robie Basak 2048876 at bugs.launchpad.net
Fri Feb 16 17:30:18 UTC 2024 

Thank you for working on this!

Unfortunately I don't think this is the right approach. If we introduce
a new configuration directive and users start relying on it, then we get
stuck - we can't take it away again without breaking users, including in
ways that they won't necessarily be able to work around because users
might well use that feature for other purposes. Therefore, I strongly
object to adding support for a configuration option that isn't
implemented by upstream code.

I suggest following Paride's guidance in comment 3.

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2048876

Title:
  Allow server and pool sources to be overridden through a conf.d or
  sources.d configuration

Status in chrony package in Ubuntu:
  Triaged

Bug description:
  Currently, the default chrony.conf configures a set of pools. Confirmed this on a focal and jammy instance on GCP. If one wishes to use only a specific server/server pool or not use a server at all they will need to modify /etc/chrony/chrony.conf. This will possibly lead to a prompt during an Ubuntu release upgrade and during an unattended chrony security upgrade. 
  We are trying to move all configuration changes to their respective *.d directories. See: https://bugs.launchpad.net/livecd-rootfs/+bug/1968873
  We test for modified chrony config file by invoking `sudo md5sum --quiet --check /var/lib/ucf/hashfile`.


  Listing the cases that I know where we are not able to move chrony configuration changes to a *.d config
  1. Azure: Azure needs all default pool entries in chrony.conf disabled. This is currently done by commenting out the pool entries in /etc/chrony/chrony.conf. There doesn't seem to be an alternative way to reset the pool set used by chrony through a configuration in *.d directory.
  2. Google: GCP images need to set a single server source entry. This is done indirectly through the ntp cloud-init module configuration. The ntp module replaces the default /etc/chrony/chrony.conf with another file that has required server entry and no pool entries. I believe this cannot be done through an override in *.d directory without touching /etc/chrony/chrony.conf.

  This request perhaps can be extended to ensure that "negating" a
  configuration in the default /etc/chrony/chrony.conf should be
  possible through a configuration in /etc/chrony/*.d directory.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chrony/+bug/2048876/+subscriptions

More information about the Ubuntu-sponsors mailing list