network time default, f23

Stephen Gallagher sgallagh at redhat.com
Mon Aug 31 18:24:39 UTC 2015 

On Mon, 2015-08-31 at 12:21 -0600, Chris Murphy wrote:
> On Mon, Aug 31, 2015 at 12:05 PM, Miloslav Trmac <mitr at redhat.com>
> wrote:
> > 2015-08-31 18:09 GMT+02:00 Miroslav Lichvar <mlichvar at redhat.com>:
> > > 
> > > Why not install chrony as before? To save disk space? I may be
> > > biased,
> > > but I think it's currently by far the best NTP client there is.
> > 
> > 
> > From a testing perspective it is awkward to use chrony by default
> > but have
> > one of the flagship roles switch to ntpd instead. Of course,
> > “awkward” is
> > not a show-stopper.
> 
> OK I'm kinda ignorant here, when I strace timedatectl, it doesn't
> enlighten me on how any program is able to get time in a way that
> doesn't depend on the ntp client; it seems to me it's rather archaic
> for a program to depend on a particular piece of plumbing setting the
> time. It's not actually getting the time from that particular ntp
> client. All that program should care about is getting the time, and
> should trust the time reported is correct.
> 
> What it sounds like is FreeIPA by default mistrusts system time,
> until
> it checks for the presence and enabled state of ntpd in order to
> trust
> system time. Is this some throwback to a time when system time
> couldn't be trusted?
> 

No, FreeIPA provides an NTPD server to its clients as the
authoritative source. It has nothing to do with trusting system time
(kind of the opposite; it's asserting that this system's time is so
authoritative that its clients should use it as the One Truth.


> Separately I'm noticing on atomic cloud (F22), that there is also no
> network time set. Chrony and ntpd are not installed and
> systemd-timesyncd.service is disabled.  I'd really hate to think we
> end up with three completely different ways of syncing time on the
> three products.

Yes, I concur that we should try to settle on one. That's kind of why
I was suggesting timesyncd; it seemed most likely to be present on all
Editions.


BTW, is timesyncd == timedated? Because the FESCo ruling was about
timedated. If it's just a name-change, fine. But if it's a new
implementation, we may want a new investigation.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part
URL: <http://lists.fedoraproject.org/pipermail/server/attachments/20150831/26cfae35/attachment.sig>

More information about the server mailing list