From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: development@lists.ipfire.org Subject: Re: Migrating from ntp to chrony - challenge Date: Sat, 19 Jun 2021 08:30:31 +0200 Message-ID: <62793330-9a6d-f750-867b-bbca1a121f2a@ipfire.org> In-Reply-To: <20210618051200.GA328973@vesikko.tarvainen.info> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6095352858961963026==" List-Id: --===============6095352858961963026== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello Jon, hello Adolf, hello Tapani, hello Michael, hello *, thanks for this conversation, which I just wanted to comment on some minor bi= ts and pieces. > I thought chrony was more for desktops & laptops. Devices that power down a= nd might have a > big time jump. And NTP was more for servers or devices that run full-time. This is true in general, and given this description, it might look somewhat s= urprising to replace ntpd - requiring a stable internet connection - with something that c= an handle more patchy, unreliable situations. At IPFire, we seem to make pretty demanding assumptions regarding the stabili= ty of our users' internet connection, particularly when it comes to DNS and NTP, which both un= fortunately depend on each other. While Unbound, our DNS resolver, made some efforts to deal with temporary out= ages less invasive, it is still quite easy to confuse ntpd. Some IPFire systems run behind patchy cellular networks (developing countries= come to mind, or rural areas in Germany), or unstable cable/DSL connections. I remember som= e people sitting behind satellite uplinks, and there was once someone who claimed he/she runs = IPFire on a really slow connection somewhere in Africa (Kenya?). For those people, I guess it might give them a better user experience if IPFi= re could deal with such scenarios in terms of synchronising it's clock. This is why chrony looks= like a good idea, and indeed, we do not use some of the features ntpd comes with. Sorry for not mentioning this in the conference log. :-) > Nonetheless, autokey is definitely history now and NTS support is one more = reason to go with chrony. Basically, yes. There are still very few NTS servers out there, which is why = I personally currently shy away from it, as I like the highly diverse NTP pool ecosystem. Let's hope= thing will improve on this end, so we can move another protocol towards being encrypted in trans= it. > So my vote is for moving to chrony (even though I don't see it as super urg= ent). It definitely does not have a high priority to me, too. I just need to duplic= ate myself a few more times, so I can spend more than 24 hours a day on IPFire development. :-) Thanks, and best regards, Peter M=C3=BCller --===============6095352858961963026==--