lkundrak / rpms / chrony

Forked from rpms/chrony 4 years ago
Clone
259c5c4
#!/bin/bash
7715352
# This script configures running chronyd to use NTP servers obtained from
7715352
# DHCP and _ntp._udp DNS SRV records. Files with servers from DHCP are managed
7715352
# externally (e.g. by a dhclient script). Files with servers from DNS SRV
ee05e3d
# records are updated here using the dig utility. The script can also list
ee05e3d
# and set static sources in the chronyd configuration file.
259c5c4
259c5c4
chronyc=/usr/bin/chronyc
ee05e3d
chrony_conf=/etc/chrony.conf
ee05e3d
chrony_service=chronyd.service
7715352
helper_dir=/var/run/chrony-helper
7715352
added_servers_file=$helper_dir/added_servers
7715352
7715352
network_sysconfig_file=/etc/sysconfig/network
cafc2b7
dhclient_servers_files="/var/lib/dhclient/chrony.servers.*"
cafc2b7
dnssrv_servers_files="$helper_dir/dnssrv@*"
7715352
dnssrv_timer_prefix=chrony-dnssrv@
259c5c4
9e5209d
. $network_sysconfig_file &> /dev/null
9e5209d
259c5c4
chrony_command() {
73d97b1
    $chronyc -a -n -m "$1"
259c5c4
}
259c5c4
7715352
is_running() {
7715352
    chrony_command "tracking" &> /dev/null
2ca8fa6
}
2ca8fa6
9e5209d
get_servers_files() {
9e5209d
    [ "$PEERNTP" != "no" ] && echo "$dhclient_servers_files"
9e5209d
    echo "$dnssrv_servers_files"
9e5209d
}
9e5209d
7715352
is_update_needed() {
9e5209d
    for file in $(get_servers_files) $added_servers_file; do
7715352
        [ -e "$file" ] && return 0
7715352
    done
7715352
    return 1
2ca8fa6
}
2ca8fa6
7715352
update_daemon() {
7715352
    local all_servers_with_args all_servers added_servers
7715352
7715352
    if ! is_running; then
7715352
        rm -f $added_servers_file
7715352
        return 0
7715352
    fi
7715352
9e5209d
    all_servers_with_args=$(cat $(get_servers_files) 2> /dev/null)
7715352
2ca8fa6
    all_servers=$(
7715352
        echo "$all_servers_with_args" |
cafc2b7
            while read -r server serverargs; do
2ca8fa6
                echo "$server"
2ca8fa6
            done | sort -u)
7715352
    added_servers=$( (
7715352
        cat $added_servers_file 2> /dev/null
7715352
        echo "$all_servers_with_args" |
cafc2b7
            while read -r server serverargs; do
7715352
                [ -z "$server" ] && continue
7715352
                chrony_command "add server $server $serverargs" &> /dev/null &&
7715352
                    echo "$server"
7715352
            done) | sort -u)
7715352
7715352
    comm -23 <(echo -n "$added_servers") <(echo -n "$all_servers") |
cafc2b7
        while read -r server; do
2ca8fa6
            chrony_command "delete $server" &> /dev/null
2ca8fa6
        done
7715352
7715352
    added_servers=$(comm -12 <(echo -n "$added_servers") <(echo -n "$all_servers"))
7715352
cafc2b7
    if [ -n "$added_servers" ]; then
cafc2b7
        echo "$added_servers" > $added_servers_file
cafc2b7
    else
7715352
        rm -f $added_servers_file
cafc2b7
    fi
259c5c4
}
259c5c4
7715352
get_dnssrv_servers() {
9e5209d
    local name=$1 output
7715352
7715352
    if ! command -v dig &> /dev/null; then
7715352
        echo "Missing dig (DNS lookup utility)" >&2
7715352
        return 1
7715352
    fi
7715352
cafc2b7
    output=$(dig "$name" srv +short +ndots=2 +search 2> /dev/null) || return 0
7715352
cafc2b7
    echo "$output" | while read -r _ _ port target; do
9e5209d
        server=${target%.}
9e5209d
        [ -z "$server" ] && continue
9e5209d
        echo "$server port $port ${NTPSERVERARGS:-iburst}"
9e5209d
    done
7715352
}
7715352
7715352
check_dnssrv_name() {
7715352
    local name=$1
7715352
7715352
    if [ -z "$name" ]; then
7715352
        echo "No DNS SRV name specified" >&2
7715352
        return 1
7715352
    fi
7715352
7715352
    if [ "${name:0:9}" != _ntp._udp ]; then
7715352
        echo "DNS SRV name $name doesn't start with _ntp._udp" >&2
7715352
        return 1
7715352
    fi
7715352
}
7715352
7715352
update_dnssrv_servers() {
7715352
    local name=$1
7715352
    local srv_file=$helper_dir/dnssrv@$name servers
7715352
7715352
    check_dnssrv_name "$name" || return 1
7715352
7715352
    servers=$(get_dnssrv_servers "$name")
cafc2b7
    if [ -n "$servers" ]; then
cafc2b7
        echo "$servers" > "$srv_file"
cafc2b7
    else
cafc2b7
        rm -f "$srv_file"
cafc2b7
    fi
7715352
}
7715352
7715352
set_dnssrv_timer() {
7715352
    local state=$1 name=$2
7715352
    local srv_file=$helper_dir/dnssrv@$name servers
cafc2b7
    local timer
cafc2b7
cafc2b7
    timer=$dnssrv_timer_prefix$(systemd-escape "$name").timer || return 1
7715352
7715352
    check_dnssrv_name "$name" || return 1
7715352
7715352
    if [ "$state" = enable ]; then
7715352
        systemctl enable "$timer"
7715352
        systemctl start "$timer"
7715352
    elif [ "$state" = disable ]; then
7715352
        systemctl stop "$timer"
7715352
        systemctl disable "$timer"
7715352
        rm -f "$srv_file"
7715352
    fi
7715352
}
7715352
7715352
list_dnssrv_timers() {
7715352
    systemctl --all --full -t timer list-units | grep "^$dnssrv_timer_prefix" | \
ef05b63
            sed "s|^$dnssrv_timer_prefix\(.*\)\.timer.*|\1|" |
ef05b63
        while read -r name; do
ef05b63
            systemd-escape --unescape "$name"
ef05b63
        done
7715352
}
7715352
7715352
prepare_helper_dir() {
7715352
    mkdir -p $helper_dir
7715352
    exec 100> $helper_dir/lock
7715352
    if ! flock -w 20 100; then
7715352
        echo "Failed to lock $helper_dir" >&2
7715352
        return 1
7715352
    fi
7715352
}
7715352
ee05e3d
is_source_line() {
ee05e3d
    local pattern="^[ \t]*(server|pool|peer|refclock)[ \t]+[^ \t]+"
ee05e3d
    [[ "$1" =~ $pattern ]]
ee05e3d
}
ee05e3d
ee05e3d
list_static_sources() {
cafc2b7
    while read -r line; do
cafc2b7
        if is_source_line "$line"; then
cafc2b7
            echo "$line"
cafc2b7
        fi
ee05e3d
    done < $chrony_conf
ee05e3d
}
ee05e3d
ee05e3d
set_static_sources() {
ee05e3d
    local new_config tmp_conf
ee05e3d
ee05e3d
    new_config=$(
ee05e3d
        sources=$(
cafc2b7
            while read -r line; do
ee05e3d
                is_source_line "$line" && echo "$line"
ee05e3d
            done)
ee05e3d
cafc2b7
        while read -r line; do
ee05e3d
            if ! is_source_line "$line"; then
ee05e3d
                echo "$line"
ee05e3d
                continue
ee05e3d
            fi
ee05e3d
ee05e3d
            tmp_sources=$(
ee05e3d
                local removed=0
ee05e3d
cafc2b7
                echo "$sources" | while read -r line2; do
cafc2b7
                    if [ "$removed" -ne 0 ] || [ "$line" != "$line2" ]; then
cafc2b7
                        echo "$line2"
cafc2b7
                    else
cafc2b7
                        removed=1
cafc2b7
                    fi
ee05e3d
                done)
ee05e3d
ee05e3d
            [ "$sources" == "$tmp_sources" ] && continue
ee05e3d
            sources=$tmp_sources
ee05e3d
            echo "$line"
ee05e3d
        done < $chrony_conf
ee05e3d
ee05e3d
        echo "$sources"
ee05e3d
    )
ee05e3d
ee05e3d
    tmp_conf=${chrony_conf}.tmp
ee05e3d
ee05e3d
    cp -a $chrony_conf $tmp_conf &&
ee05e3d
        echo "$new_config" > $tmp_conf &&
ee05e3d
        mv $tmp_conf $chrony_conf || return 1
ee05e3d
ee05e3d
    systemctl try-restart $chrony_service
ee05e3d
}
ee05e3d
7715352
print_help() {
7715352
    echo "Usage: $0 COMMAND"
7715352
    echo
7715352
    echo "Commands:"
7715352
    echo "	update-daemon"
7715352
    echo "	update-dnssrv-servers NAME"
7715352
    echo "	enable-dnssrv NAME"
7715352
    echo "	disable-dnssrv NAME"
7715352
    echo "	list-dnssrv"
ee05e3d
    echo "	list-static-sources"
ee05e3d
    echo "	set-static-sources < sources.list"
7715352
    echo "	is-running"
7715352
    echo "	command CHRONYC-COMMAND"
259c5c4
}
259c5c4
259c5c4
case "$1" in
7715352
    update-daemon|add-dhclient-servers|remove-dhclient-servers)
7715352
        is_update_needed || exit 0
7715352
        prepare_helper_dir && update_daemon
259c5c4
        ;;
7715352
    update-dnssrv-servers)
7715352
        prepare_helper_dir && update_dnssrv_servers "$2" && update_daemon
7715352
        ;;
7715352
    enable-dnssrv)
7715352
        set_dnssrv_timer enable "$2"
7715352
        ;;
7715352
    disable-dnssrv)
7715352
        set_dnssrv_timer disable "$2" && prepare_helper_dir && update_daemon
7715352
        ;;
7715352
    list-dnssrv)
7715352
        list_dnssrv_timers
2ca8fa6
        ;;
ee05e3d
    list-static-sources)
ee05e3d
        list_static_sources
ee05e3d
        ;;
ee05e3d
    set-static-sources)
ee05e3d
        set_static_sources
ee05e3d
        ;;
2ca8fa6
    is-running)
2ca8fa6
        is_running
2ca8fa6
        ;;
73d97b1
    command|forced-command)
ff53331
        chrony_command "$2"
ff53331
        ;;
259c5c4
    *)
7715352
        print_help
259c5c4
        exit 2
259c5c4
esac
259c5c4
7715352
exit $?