[pkg-ntp-maintainers] Re: Debian #289267: ntpdate should use
ifupdown instead of rcS to start
Tore Anderson
tore at debian.org
Thu Dec 14 13:07:36 CET 2006
* Scott James Remnant
> Matt's asked me to jump in here to explain the Ubuntu changes, and our
> long-term plan for such thing; as there seems to be a little confusion
> and/or argument on this topic.
Thanks, I appreciate it.
> Our reason for moving this to an if-up.d script is because we're
> increasingly relying on udev to drive the hardware parts of our boot
> sequence; this meant that there was no point in the SysV boot sequence
> where "networking was up", so no point to run the ntpdate script.
>
> Moving to an if-up.d script meant that the clock would be adjusted
> during boot when the each ethernet card came up; the first not being
> sufficient as that one might not actually get an IP.
I know, but see below for comments.
> This isn't ideal either, as now ntpdate gets run every time you fiddle
> with an interface. Our preferred solution is to use upstart to manage
> the ntpdate task, and don't run it once it has succeeded at least
> once.
I'm not familiar with upstart, I'm afraid, so I can't comment on
that.
> We use "-b" because it was what was suggested in the manual page:
>
> -b Force the time to be stepped using the settimeofday() system
> call, rather than slewed (default) using the adjtime() system
> call. This option should be used when called from a startup file
> at boot time.
>
> The if-up.d ntpdate script is intended to "set the clock at boot time",
> once the first interface with a reachable ntp server has come up.
But right now it does not check if any of this is true, which is my
main grief here. When the services are done being started (and I think
you'll have to assume they do during bootup), it is not safe to step
the clock.
I think it would be reasonable to assume that this is a concern
primarily for server systems that are probably always connected anyway,
and thus it would be okay to step the clock later if there was no
network at boot (even though this can cause trouble for desktop systems
too in some cases, see #364288 for an example). In any case, though,
it should not be stepped unless deemed necessary by ntpd[ate] because
of a large offset. So if there's a chance of ntpdate being run after
bootup, it shouldn't use "-b". Default behaviour is okay. I've cooled
down a bit now, so I'll moderate myself a bit about demanding -B. :-)
* Tore Anderson
> If no NTP server is available at bootup, well, then you'll just have
> to wait for a network connection and possibly step the time then.
* Scott James Remnant
> That's what we're trying to do with the ntpdate script.
My opinion is that ntpd is better used for this. When I run ntpd, I
expect it to do so if necessary. When I run "ifup" I expect it to do
just that - bring an interface up. Not meddle around with system time,
or do any other things unrelated to bringing the interface up.
I'm a sysadmin. I don't like surprises. Having my clock stepped on
ifup is definetively a surprise, and a nasty one too (offlined half our
office).
Besides, using ntpd for this would handle the situation where a route
to the NTP server is provided by something else than ifupdown, such as
a routing service (my case), a PPP[oE] daemon (common xDSL/GSM setups
here in Norway at least), and probably other situations too. Finally,
ntpd is more accurate than ntpdate - at least it says so in the manual
page.
> Given the above, how would you recommend we sync the clock during boot
> if no clock adjustments would be preferred?
Note "gratuitous". I realise that's a matter of personal opinion, but
I agree both with you and ntpdate's manual page that stepping on bootup
is fine. On the other hand, I think stepping at an arbitrary time
after the system is up and running is just asking for trouble, at least
for production systems (and again, it might be for desktops too). If I
understand you correctly you/Ubuntu think this is an acceptable trade-
off and I obviously disagree with you on that.
So my recommendation would be to call ntpdate on bootup after udev was
started (maybe using Required-Start: $network instead if that's
working). If it failed, oh well, start ntpd -g anyway and it'll
synchronise when/if the time server becomes reachable at some later
point. And most importantly - it will not step unless it feels it
needs to do so because of a large offset, and paranoid me, running
services I know depend on clock sanity, can add -x to the the ntp-
server init script and be safe no stepping will occur after initial
boot.
If you insist on coupling this to ifup, though:
Check to see if the ifup is related to time server reachability at all
(in my case it wasn't, which made the whole ordeal feel even more
pointless). In pre-up.d do "ip route get <time server>", see if
there's already a route there, and if so just skip syncing (or at
least, drop -b) in post-up.d.
Also you could make the script see if /etc/nologin is present, if not,
it's likely not running at system bootup, skip it (or at least, drop
-b). Heck, even checking that system uptime is <5 minutes or something
would be a pragmatic (though rather ugly) approach. :-)
Regards
--
Tore Anderson
More information about the pkg-ntp-maintainers
mailing list