On Mon, Aug 31, 2015 at 02:24:39PM -0400, Stephen Gallagher wrote:
> What it sounds like is FreeIPA by default mistrusts system
time,
> until
> it checks for the presence and enabled state of ntpd in order to
> trust
> system time. Is this some throwback to a time when system time
> couldn't be trusted?
>
No, FreeIPA provides an NTPD server to its clients as the
authoritative source. It has nothing to do with trusting system time
(kind of the opposite; it's asserting that this system's time is so
authoritative that its clients should use it as the One Truth.
IMO FreeIPA should be changed to install use chrony as server,
as chrony is default since few Fedora releases.
> Separately I'm noticing on atomic cloud (F22), that there is
also no
> network time set. Chrony and ntpd are not installed and
> systemd-timesyncd.service is disabled. I'd really hate to think we
> end up with three completely different ways of syncing time on the
> three products.
Yes, I concur that we should try to settle on one. That's kind of why
I was suggesting timesyncd; it seemed most likely to be present on all
Editions.
I'd rather see chrony; it is small and provides full NTP sync.
BTW, is timesyncd == timedated? Because the FESCo ruling was about
timedated. If it's just a name-change, fine. But if it's a new
implementation, we may want a new investigation.
Those are two different things. Timesyncd is simple SNTP client (plus
time restoration over reboot, for things without RTC). Timedated
is providing an API + utility to set system timezone and time and to
toggle external time sync.
There are two implementation of timedated:
– systemd's on, this only toggles timesyncd as synchronisation mechanism
– timedatex, which can toggle arbitrary NTP daemon
--
Tomasz Torcz Only gods can safely risk perfection,
xmpp: zdzichubg(a)chrome.pl it's a dangerous thing for a man. -- Alia