From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: Migrating from ntp to chrony - challenge Date: Thu, 17 Jun 2021 17:23:14 +0100 Message-ID: <08779C92-880B-41A9-A247-866D90B5C5CC@ipfire.org> In-Reply-To: <15235E57-D318-41EF-AD45-DA63AD839790@gmail.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3566919840925328450==" List-Id: --===============3566919840925328450== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello, > On 17 Jun 2021, at 16:26, Jon Murphy wrote: >=20 > I=E2=80=99d like to challenge! >=20 > (This post was recently moved from the IPFire Community to the Development = Mailing List) > I saw this in the agenda from last week: >=20 > <80392284118cf74d1a1176de8762f1da431444d3_2_517x148.png> > Screen Shot 2021-06-16 at 11.42.49 AM > 1738=C3=97500 51.1 KB >=20 >=20 > I thought chrony was more for desktops & laptops. Devices that power down a= nd might have a big time jump. And NTP was more for servers or devices that r= un full-time. Yeah, I suppose that was true. Chrony used to be a client only, so it could n= ot share its time with the network. That functionality was however added and = it can also read from local time sources now. I would say that they can be used interchangeably today. Some obscure feature= s might be missing from chrony, but it should absolutely cover our use case. > The current NTP in IPFire can be easily changed from polling (one per hour = / once per day) to non-polling by making a few simple changes to a config fil= e: >=20 > disable > monitor >=20 > restrict > default nomodify notrap nopeer >=20 > restrict 127.0.0.1 > server $NTP_ADDR_1 > prefer >=20 > server $NTP_ADDR_2 > server 127.127.1.0 > fudge 127.127.1.0 stratum 10 > driftfile > /etc/ntp/drift >=20 > $NTP_ADDR_1 and _2 are the Primary NTP server and Secondary NTP server from= the https://ipfire:444/cgi-bin/time.cgi webgui page. >=20 > And by changing the https://ipfire:444/cgi-bin/time.cgi Synchronization to = Manually This would have been useful, but the change to chrony was proposed and I woul= d like that because ntp was full of CVEs recently whereas chrony has a way mo= re modern code base which hopefully is well reviewed and does not introduce a= nything bad. > Anyway, my thought is to make some changes to the current NTP service inste= ad of implementing something new=E2=80=A6 So far this is an item that Peter put on his to-do list, but I am not sure if= anything was done about it, yet. -Michael >=20 > Jon >=20 > --------------------------- >=20 > TL;DR >=20 >=20 > When NTP is configured differently (Manually polling enabled) it will =E2= =80=9Ccorrect=E2=80=9D on it own: >=20 > Oct 6 21:40:01 ipfire ntpdate: Updated drift file. Drift is 0.000 PPM at = Tue Oct 6 21:35:43 CDT 2020 > Oct 6 23:20:01 ipfire ntpdate: Updated drift file. Drift is -18.986 PPM a= t Tue Oct 6 23:16:05 CDT 2020 > Oct 7 00:20:01 ipfire ntpdate: Updated drift file. Drift is -140.863 PPM = at Wed Oct 7 00:16:04 CDT 2020 > Oct 7 01:20:01 ipfire ntpdate: Updated drift file. Drift is -210.676 PPM = at Wed Oct 7 01:16:04 CDT 2020 > Oct 7 02:20:01 ipfire ntpdate: Updated drift file. Drift is -347.531 PPM = at Wed Oct 7 02:16:04 CDT 2020 > Oct 7 03:20:01 ipfire ntpdate: Updated drift file. Drift is -407.147 PPM = at Wed Oct 7 03:16:04 CDT 2020 > Oct 7 04:20:01 ipfire ntpdate: Updated drift file. Drift is -414.606 PPM = at Wed Oct 7 04:16:04 CDT 2020 > Oct 7 05:20:01 ipfire ntpdate: Updated drift file. Drift is -414.826 PPM = at Wed Oct 7 05:16:04 CDT 2020 >=20 > More into: >=20 > https://community.ipfire.org/t/odd-ntp-offset-issues-continued/492 >=20 >=20 --===============3566919840925328450==--