network time default, f23

Stephen Gallagher sgallagh at redhat.com
Mon Aug 31 13:11:58 UTC 2015


On Mon, 2015-08-31 at 12:10 +0200, Miroslav Lichvar wrote:
> On Sat, Aug 29, 2015 at 03:21:59PM -0600, Chris Murphy wrote:
> > chrony is not installed, meanwhile it's installed and the default
> > on
> > workstation. Right off the bat it's confusing that server and
> > workstation will use different services for time synchronization.
> 
> IIRC there was a similar problem in F22. chrony was added to the
> server-product group in comps, but that's not the case in the F23
> comps.
> 
> > ntp and ntpdate are installed, but both are disabled, and I don't
> > even
> > know what ntpdate is.
> 
> ntp seems to be installed as a freeipa dependency. It's not enabled
> by default. There was some discussion that the ipa-*-install scripts
> will support chrony as an NTP client and server, but that didn't seem
> to happen yet.
> 
> > # timedatectl
> >       Local time: Fri 2013-08-30 23:32:34 MDT
> >   Universal time: Sat 2013-08-31 05:32:34 UTC
> >         RTC time: Sat 2013-08-31 05:32:34
> >        Time zone: America/Denver (MDT, -0600)
> >  Network time on: no
> > NTP synchronized: no
> >  RTC in local TZ: no
> > 
> > # systemctl enable ntpd
> > # systemctl start ntpd
> > 
> > Fixes this, but it seems like something should be enabled by
> > default.
> 
> If you want to just enable a (S)NTP client, "timedatectl set-ntp
> true"
> should work in all four combinations of chrony and ntp packeges being
> installed or not installed.
> 

I'm looking into this right now. I think what we want to do is to ship
with systemd-timesyncd.service enabled by default, but I'm running
some tests to figure out if this will cause issues with installing
FreeIPA (since it doesn't explicitly know to check for this case and
disable it when enabling ntpd).

If it works cleanly, we should probably turn this on in our presets.
If it doesn't, we'll have three choices.

1) Leave NTP disabled by default until FreeIPA fixes this.
2) Enable timesyncd and add documentation to FreeIPA to tell people to
make sure to disable it manually before installing FreeIPA.
3) Do choice 2) above and handle this situation in rolekit deployments
of FreeIPA (which is fairly simple, since we're already plumbed for it)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part
URL: <http://lists.fedoraproject.org/pipermail/server/attachments/20150831/f622f5ee/attachment.sig>


More information about the server mailing list