From 85ed5feda444604622f08d73ea52e744733315d0 Mon Sep 17 00:00:00 2001
From: Indrajit Raychaudhuri <irc@indrajit.com>
Date: Sat, 25 Mar 2023 02:42:29 -0500
Subject: ntp: T5112: Enable support for NTS (Network Time Security) in chrony

This is basic configuration to enable NTS support in chrony.
---
 data/templates/chrony/chrony.conf.j2      | 3 ++-
 interface-definitions/ntp.xml.in          | 6 ++++++
 smoketest/scripts/cli/test_service_ntp.py | 3 ++-
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/data/templates/chrony/chrony.conf.j2 b/data/templates/chrony/chrony.conf.j2
index 711bbbec7..7a36fe69d 100644
--- a/data/templates/chrony/chrony.conf.j2
+++ b/data/templates/chrony/chrony.conf.j2
@@ -17,6 +17,7 @@ clientloglimit 1048576
 
 driftfile /run/chrony/drift
 dumpdir /run/chrony
+ntsdumpdir /run/chrony
 pidfile {{ config_file | replace('.conf', '.pid') }}
 
 # Determine when will the next leap second occur and what is the current offset
@@ -31,7 +32,7 @@ user {{ user }}
 {%         if config.pool is vyos_defined %}
 {%             set association = 'pool' %}
 {%         endif %}
-{{ association }} {{ server | replace('_', '-') }} iburst {{ 'noselect' if config.noselect is vyos_defined }} {{ 'prefer' if config.prefer is vyos_defined }}
+{{ association }} {{ server | replace('_', '-') }} iburst {{ 'nts' if config.nts is vyos_defined }} {{ 'noselect' if config.noselect is vyos_defined }} {{ 'prefer' if config.prefer is vyos_defined }}
 {%     endfor %}
 {% endif %}
 
diff --git a/interface-definitions/ntp.xml.in b/interface-definitions/ntp.xml.in
index 65e40ee32..287401ed6 100644
--- a/interface-definitions/ntp.xml.in
+++ b/interface-definitions/ntp.xml.in
@@ -37,6 +37,12 @@
                   <valueless/>
                 </properties>
               </leafNode>
+              <leafNode name="nts">
+                <properties>
+                  <help>Enable Network Time Security (NTS) for the server</help>
+                  <valueless/>
+                </properties>
+              </leafNode>
               <leafNode name="pool">
                 <properties>
                   <help>Associate with a number of remote servers</help>
diff --git a/smoketest/scripts/cli/test_service_ntp.py b/smoketest/scripts/cli/test_service_ntp.py
index 3ccd19a31..046e5eea6 100755
--- a/smoketest/scripts/cli/test_service_ntp.py
+++ b/smoketest/scripts/cli/test_service_ntp.py
@@ -46,7 +46,7 @@ class TestSystemNTP(VyOSUnitTestSHIM.TestCase):
     def test_01_ntp_options(self):
         # Test basic NTP support with multiple servers and their options
         servers = ['192.0.2.1', '192.0.2.2']
-        options = ['noselect', 'prefer']
+        options = ['nts', 'noselect', 'prefer']
         pools = ['pool.vyos.io']
 
         for server in servers:
@@ -65,6 +65,7 @@ class TestSystemNTP(VyOSUnitTestSHIM.TestCase):
         config = cmd(f'sudo cat {NTP_CONF}')
         self.assertIn('driftfile /run/chrony/drift', config)
         self.assertIn('dumpdir /run/chrony', config)
+        self.assertIn('ntsdumpdir /run/chrony', config)
         self.assertIn('clientloglimit 1048576', config)
         self.assertIn('rtcsync', config)
         self.assertIn('makestep 1.0 3', config)
-- 
cgit v1.2.3