Allow ntpd service to be optional

This allows ntpd to be disabled in both the privileged rack and region controllers for use cases where we do not wish these processes to conflict with ntpd on the physical host running the containers. This method as opposed to overriding sysvinit style scripts and potentially other ways to launch ntpd that may exist appears to be the safest way to ensure it does not ever run. Change-Id: Ib52727becc1849a2a75d2d62d1c51553047a8fcf
2018-04-11 08:52:30 -07:00 · 2018-04-11 08:52:30 -07:00 · cc00e3fd92
commit cc00e3fd92
parent 524188787c
5 changed files with 27 additions and 0 deletions
--- a/charts/maas/templates/bin/_ntpd.sh.tpl
+++ b/charts/maas/templates/bin/_ntpd.sh.tpl
@ -0,0 +1,7 @@
+#!/bin/sh
+
+# This is a stub ntpd process that will simply do nothing
+
+while true; do
+  sleep 1000
+done
--- a/charts/maas/templates/configmap-bin.yaml
+++ b/charts/maas/templates/configmap-bin.yaml
@ -39,3 +39,5 @@ data:
 {{ tuple "bin/_register-rack-controller.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
  maas-test.sh: |
 {{ tuple "bin/_maas-test.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+  ntpd.sh: |
+{{ tuple "bin/_ntpd.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
--- a/charts/maas/templates/deployment-rack.yaml
+++ b/charts/maas/templates/deployment-rack.yaml
@ -69,6 +69,12 @@ spec:
          securityContext:
            privileged: true
          volumeMounts:
+{{- if .Values.conf.maas.ntp.disable_ntpd_rack }}
+            - name: maas-bin
+              mountPath: /usr/sbin/ntpd
+              subPath: ntpd.sh
+              readOnly: true
+{{- end }}
            - name: maas-bin
              mountPath: /tmp/start.sh
              subPath: start.sh
--- a/charts/maas/templates/statefulset-region.yaml
+++ b/charts/maas/templates/statefulset-region.yaml
@ -96,6 +96,12 @@ spec:
              mountPath: /etc/nsswitch.conf
              subPath: nsswitch.conf
              readOnly: true
+{{- if .Values.conf.maas.ntp.disable_ntpd_region }}
+            - name: maas-bin
+              mountPath: /usr/sbin/ntpd
+              subPath: ntpd.sh
+              readOnly: true
+{{- end }}
 {{- if $mounts_maas_region.volumeMounts }}{{ toYaml $mounts_maas_region.volumeMounts | indent 12 }}{{ end }}
      volumes:
        - name: maas-etc
--- a/charts/maas/values.yaml
+++ b/charts/maas/values.yaml
@ -129,6 +129,12 @@ conf:
    url:
      maas_url: null
    ntp:
+      # These options allow you to mock out the ntpd binary within the container
+      # by overwriting it with a script that simply sleeps - this is useful in
+      # environments where you do not wish these privileged containers to try and
+      # run ntpd that may conflict with the baremetal host
+      disable_ntpd_region: false
+      disable_ntpd_rack: false
      # Use external only points region and rack serves and deployed nodes directly
      # at external NTP servers. Otherwise we have nodes -> rack -> region -> external
      use_external_only: false