Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / e306d780504ae3ddfad3eb852c7adc5ec9757d89^! / . / metropolis / node / core / time / time.go
commite306d780504ae3ddfad3eb852c7adc5ec9757d89[log] [tgz]
authorLorenz Brun <lorenz@monogon.tech>Wed Sep 01 13:01:06 2021 +0200
committerLorenz Brun <lorenz@monogon.tech>Mon Sep 06 09:05:40 2021 +0000
tree3e8e2c7a21430777db525c9ed4717a2cab1c114a
parentd7d6e0284de38cbeeb185ca17c0853b4b2c10ee9 [diff] [blame]
m/n/time: add time service

This adds a bare-minimum time service based on chrony/NTP for keeping
the system clock and RTC on Metropolis nodes accurate.

It also introduces a UID/GID registry in the Metropolis node code
as this is the first unprivileged service to run on the node itself.

It does not yet use a secure time source, this is tracked as #73.

Change-Id: I873971e6d3825709bc8c696e227bece4cfbda93a
Reviewed-on: https://review.monogon.dev/c/monogon/+/319
Reviewed-by: Sergiusz Bazanski <serge@monogon.tech>

diff --git a/metropolis/node/core/time/time.go b/metropolis/node/core/time/time.go
new file mode 100644
index 0000000..6c2e906
--- /dev/null
+++ b/metropolis/node/core/time/time.go

@@ -0,0 +1,60 @@
+// Package time implements a supervisor runnable which is responsible for
+// keeping both the system clock and the RTC accurate.
+// Metropolis nodes need accurate time both for themselves (for log
+// timestamping, validating certain certificates, ...) as well as workloads
+// running on top of it expecting accurate time.
+// This initial implementation is very minimalistic, running just a stateless
+// NTP client per node for the whole lifecycle of it.
+// This implementation is simple, but is fairly unsafe as NTP by itself does
+// not offer any cryptography, so it's easy to tamper with the responses.
+// See #73 for further work in that direction.
+package time
+
+import (
+	"context"
+	"fmt"
+	"os/exec"
+	"strconv"
+	"strings"
+
+	"source.monogon.dev/metropolis/node"
+	"source.monogon.dev/metropolis/pkg/fileargs"
+	"source.monogon.dev/metropolis/pkg/supervisor"
+)
+
+// Service implements the time service. See package documentation for further
+// information.
+type Service struct{}
+
+func New() *Service {
+	return &Service{}
+}
+
+func (s *Service) Run(ctx context.Context) error {
+	// TODO(#72): Apply for a NTP pool vendor zone
+	config := strings.Join([]string{
+		"pool pool.ntp.org iburst",
+		"bindcmdaddress /",
+		"stratumweight 0.01",
+		"leapsecmode slew",
+		"maxslewrate 10000",
+		"makestep 2.0 3",
+		"rtconutc",
+		"rtcsync",
+	}, "\n")
+	args, err := fileargs.New()
+	if err != nil {
+		return fmt.Errorf("cannot create fileargs: %w", err)
+	}
+	defer args.Close()
+	cmd := exec.Command(
+		"/time/chrony",
+		"-d",
+		"-i", strconv.Itoa(node.TimeUid),
+		"-g", strconv.Itoa(node.TimeUid),
+		"-f", args.ArgPath("chrony.conf", []byte(config)),
+	)
+	cmd.Stdout = supervisor.RawLogger(ctx)
+	cmd.Stderr = supervisor.RawLogger(ctx)
+	return supervisor.RunCommand(ctx, cmd)
+}