proto: enhance ntp configuration #70
Conversation
christoph-zededa
commented
Oct 11, 2024
christoph-zededa
commented
- allow to set more than one NTP server
- allow to make NTP servers from cloud controller exclusively used, i.e. the NTP servers that got announced via DHCP are not used (in certain cases this an attacker might send DHCP responses with a different NTP server set and therefore can control time on EVE)
proto/config/devconfig.proto
Outdated
| // DhcpVendorExtensionsOverride is used to override or add dhcp vendor extensions like f.e. | ||
| // the NTP servers - currently no other options are supported, but DNS servers might be a | ||
| // good candidate in the future | ||
| message DhcpVendorExtensionsOverride { |
There was a problem hiding this comment.
I think that terminology 'vendor extensions' is more used with BOOTP. For DHCP the RFC just refers to them as Options.
So what about calling this DhcpOptionsOverride?
There was a problem hiding this comment.
I changed it to DhcpOptionsIgnore https://github.com/lf-edge/eve-api/pull/70/files#diff-35ea4ed74707f6ad6d17be169425a7acf4e25e09e9de81a0f7300ed80c5ec656R101
proto/config/devconfig.proto
Outdated
| @@ -169,6 +169,14 @@ message EdgeDevConfig { | |||
|
|
|||
| // cluster configuration | |||
| EdgeNodeCluster cluster = 43; | |||
| DhcpVendorExtensionsOverride dhcp_extensions_override = 44; | |||
There was a problem hiding this comment.
I think this should be part of NetworkConfig instead. Either inside ipspec or probaly better as another field.
There was a problem hiding this comment.
You can have several NetworkConfigs - what is the meaning if you set it in one to true and in another one to false?
That means that for network device eth0 you can override the dhcp option and for another network device eth1 you don't override the dhcp option.
Is my interpretation correct?
There was a problem hiding this comment.
Yes, that would be the preferred behavior.
proto/config/devconfig.proto
Outdated
| // the NTP servers - currently no other options are supported, but DNS servers might be a | ||
| // good candidate in the future | ||
| message DhcpVendorExtensionsOverride { | ||
| bool ntpServerExclusively = 1; // use exclusively specified NTP servers |
There was a problem hiding this comment.
Should this contain a list of NTP servers to configure or where do you plan to take the "specified NTP servers" from?
There was a problem hiding this comment.
the NTP servers come from here: https://github.com/lf-edge/eve-api/pull/70/files#diff-b6af1b4801076bb7a7c0b5f919ecab887a34b218f6a5f2bfdffa40845a5e618dR769-R770
Currently they are only used if there is a static network configuration - I want to change it, to even use it if the network configuration is done via dhcp.
There was a problem hiding this comment.
That link points to info.proto, i.e. status reported by device to zedcloud (we need to report these additional NTP servers, so that is correct).
But we will need such field also in this override structure or in ipspec which is used by NetworkConfig.
There was a problem hiding this comment.
christoph-zededa
force-pushed
the
ntp_configuration_enhancements
branch
4 times, most recently
from
883651e to
75711f7
Compare
proto/config/netcmn.proto
Outdated
| @@ -84,11 +84,21 @@ message ipspec { | |||
| string gateway = 5; | |||
| string domain = 6; | |||
| string ntp = 7; | |||
| repeated string moreNtp = 10; | |||
There was a problem hiding this comment.
How abot calling this more_ntp_servers and adding a comment that ntp+more_ntp_servers is used to specify a set of NTP servers. Also, can these be hostnames or IP addresses? Makes sense to state that in a comment.
There was a problem hiding this comment.
proto/config/netcmn.proto
Outdated
| // the NTP servers - currently no other options are supported, but DNS servers might be a | ||
| // good candidate in the future | ||
| message DhcpOptionsOverride { | ||
| bool ntpServerExclusively = 1; // use exclusively specified NTP servers |
There was a problem hiding this comment.
For these new fields it makes sense to follow the buflint about lower_snake_case.
proto/config/netcmn.proto
Outdated
| DhcpOptionsOverride dhcp_options_override = 11; | ||
| } | ||
|
|
||
| // DhcpOptionsOverride is used to override or add dhcp options like f.e. |
There was a problem hiding this comment.
Are the semantics to override or to ignore? Stated differently, if there are no ntp servers specified but ntp_server_exclusively is true, will the result be that no NTP server configured? Or will the ntp_server_exclusively be ignored if no NTP server is configured in the API?
Makes sense to be explicit and make the name match the intended semantics.
There was a problem hiding this comment.
I changed it to DhcpOptionsIgnore https://github.com/lf-edge/eve-api/pull/70/files#diff-35ea4ed74707f6ad6d17be169425a7acf4e25e09e9de81a0f7300ed80c5ec656R101
And I added a comment regarding what should happen if no ntp servers are specified: https://github.com/lf-edge/eve-api/pull/70/files#diff-35ea4ed74707f6ad6d17be169425a7acf4e25e09e9de81a0f7300ed80c5ec656R103
christoph-zededa
force-pushed
the
ntp_configuration_enhancements
branch
3 times, most recently
from
38ad25c to
946ef0f
Compare
christoph-zededa
changed the title
| repeated string dns = 8; | ||
|
|
||
| // for IPAM management when dhcp is turned on. | ||
| // If none provided, system will default pool. | ||
| ipRange dhcpRange = 9; | ||
|
|
||
| DhcpOptionsIgnore dhcp_options_ignore = 11; |
There was a problem hiding this comment.
If I understand it correctly, there are 3 cases:
- dhcp_options_ignore is not defined (nil in Go): use NTP from DHCP
- dhcp_options_ignore is defined and ntp_server_exclusively is false: use NTP from both DHCP and the static config
- dhcp_options_ignore is defined and ntp_server_exclusively is true: use NTP only from the static config
Correct?
There was a problem hiding this comment.
I am not sure if we should put meaning in it if it is nil (because I don't know if other programming languages support this). Therefore if it is nil it should be handled as if the default value is set, i.e. false.
Therefore if dhcp_options_ignore is not defined, "use NTP from both DHCP and the static config".
If you want to use NTP from DHCP only, set ntp and more_ntp to empty strings.
Do we do this somewhere else? If yes, then it is perhaps better to do it the way you suggest.
There was a problem hiding this comment.
I see. No, I'm not aware of any place where we would check if struct (proto message) is set or unset.
Your approach makes sense to me now. I would maybe just suggest to add a comment (next to dhcp_options_ignore ?) that even if DhcpType is Client, EVE still accepts static IP config and will merge it with the DHCP-provided one by default (and merge can be changed to override in dhcp_options_ignore).
There was a problem hiding this comment.
In the protobuf wire encoding the fields with default values are not sent. Thus e.g., a boolean which is false, an integer of value zero, is not sent. As a result the receiver can not tell whether the sender explicitly set it to false or zero in those examples. I imagine this applies to a struct/embedded message as well; if all fields are zero it might not be sent at all.
I don't know if this is useful.
christoph-zededa
force-pushed
the
ntp_configuration_enhancements
branch
2 times, most recently
from
7c710c3 to
1ee75f8
Compare
proto/config/netcmn.proto
Outdated
| @@ -83,12 +83,28 @@ message ipspec { | |||
| string subnet = 3; | |||
| string gateway = 5; | |||
| string domain = 6; | |||
| // ntp and more_ntp are used to specify several NTP servers | |||
There was a problem hiding this comment.
Presumably with ntp being the first and more_ntp being the rest aka the concatenation of ntp+more_ntp specifies all the NTP servers.
There was a problem hiding this comment.
Hmm, I would not call it "all NTP servers" because there are possibly also NTP servers configured via DHCP.
There was a problem hiding this comment.
Correct. But it would be helpful to have a comment that it uses the union of ntp and more_ntp as the set of statically/manually configured NTP servers. And it wouldn't hurt to point out that this is due to originally only having a field for a single server.
1. allow to set more than one NTP server 2. allow to make NTP servers from cloud controller exclusively used, i.e. the NTP servers that got announced via DHCP are not used (in certain cases this an attacker might send DHCP responses with a different NTP server set and therefore can control time on EVE) Signed-off-by: Christoph Ostarek <christoph@zededa.com>
Signed-off-by: Christoph Ostarek <christoph@zededa.com>
christoph-zededa
force-pushed
the
ntp_configuration_enhancements
branch
from
1ee75f8 to
cb98e8b
Compare
Need to bump eve-api after following PRs lf-edge/eve-api#70 Signed-off-by: Christoph Ostarek <christoph@zededa.com>
Need to bump eve-api after following PRs lf-edge/eve-api#70 Signed-off-by: Christoph Ostarek <christoph@zededa.com>
Need to bump eve-api after following PR lf-edge/eve-api#70 Signed-off-by: Christoph Ostarek <christoph@zededa.com>
Need to bump eve-api after following PR lf-edge/eve-api#70 Signed-off-by: Christoph Ostarek <christoph@zededa.com>
Need to bump eve-api after following PR lf-edge/eve-api#70 Signed-off-by: Christoph Ostarek <christoph@zededa.com>
Need to bump eve-api after following PR lf-edge/eve-api#70 Signed-off-by: Christoph Ostarek <christoph@zededa.com>
Need to bump eve-api after following PR lf-edge/eve-api#70 Signed-off-by: Christoph Ostarek <christoph@zededa.com>
Need to bump eve-api after following PR lf-edge/eve-api#70 Signed-off-by: Christoph Ostarek <christoph@zededa.com>
Need to bump eve-api after following PR lf-edge/eve-api#70 Signed-off-by: Christoph Ostarek <christoph@zededa.com>
