-
Notifications
You must be signed in to change notification settings - Fork 158
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for ptp_kvm to coreos-platform-chrony system-generator #2263
Conversation
Thank you for opening this! I'm wondering though if we should do this by default on QEMU. Unlike on the other cloud platforms supported there, there's no guarantee that the host hypervisor clock is itself accurate. Maybe instead we should just document it in this section and leave it up to the user? I could also imagine Butane sugar for this to make it easier. |
Some past discussions about
|
It is true that ptp_kvm isn't guaranteed to work, though the module would simply fail to load and we can fall back to the default Chrony configuration. For example, deploying the image in a nested virtualization environment triggers this behavior.
A similar point could be made about the default Chrony behavior, which by default relies on the accuracy & availability of the NTP pool project.
The image shipped for Azure would suffer from a similar issue: https://learn.microsoft.com/en-us/azure/virtual-machines/linux/time-sync
Out of all these possible issues, the fact that we can't guarantee the accuracy of the hypervisor might be the biggest blocking factor. What if we deploy ptp_kvm + NTP pool servers combined? Chrony would detect the ptp_kvm clock as a falseticker when the hypervisor is incorrectly synchronized. |
That's true, but IIUC there's no reason to think that the hypervisor clock has a higher chance of being accurate. The user may know it's the case for their particular environment, so it makes sense to let them opt into it.
That's interesting. To make sure I understand, what would be the advantage of this over only relying on the default NTP pool? |
If the ptp_kvm source is deemed accurate, It'll keep polling all sources, but only use the results of ptp_kvm (from what I've seen when I tested this). All CoreOS instances on that virtualization platform will be synchronized with sub-millisecond accuracy with each other. |
Thanks so much for submitting this patch! My PoV is by default we should trust the hypervisor. Anyone who doesn't want to would need to configure things. |
Thanks, that sounds reasonable.
Are you talking about "trust" from a security perspective or as in "trust that the hypervisor clock is accurate"? I agree with the former but the latter is not clear to me. Though @karelvanhecke's latest suggestion is an interesting middle ground. Interested to see what others think. Maybe we can discuss this in the next community meeting. I'll create a tracker ticket for it so it shows up in the filter (edit: filed coreos/fedora-coreos-tracker#1433). @karelvanhecke BTW, do you have more information on the context around this? Is this fixing an issue for you? |
overlay.d/20platform-chrony/usr/lib/systemd/system-generators/coreos-platform-chrony
Outdated
Show resolved
Hide resolved
@karelvanhecke We discussed this today in the community meeting (coreos/fedora-coreos-tracker#1433 (comment)). Would you be able to update this PR to implement:
? |
8194241
to
4e9b385
Compare
@jlebon rebased against latest testing-devel branch + enabled ntp pool in combination with ptp_kvm. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks! LGTM, but I'd like to manually test this before merging to sanity-check the falseticker case. Will try to do that next week.
overlay.d/20platform-chrony/usr/libexec/coreos-platform-chrony-config
Outdated
Show resolved
Hide resolved
I've verified this works as expected. Output of
The Output of
The There's something I want to call out related to an additional change I pushed here. The |
Updated! I've added more context to the commit message and removed the changes to the |
KVM supports a `ptp_kvm` kernel module which allows the guest to query the host clock for synchronization purposes. Configure chrony to make use of it if it's available. Don't disable the default pool; it'll be used by chrony to determine whether the host clock is accurate or a falseticker. Don't disable `PEERNTP` as we do on other platforms since we historically haven't done so on QEMU and it's possible users have been using their own DHCP servers (e.g. dnsmasq) to feed NTP configuration. Closes: coreos/fedora-coreos-tracker#1433 Co-authored-by: Jonathan Lebon <[email protected]>
The chrony generator was converted to a regular systemd unit in 5e4f40c ("Move chrony config from generator to systemd service"). Let's rename the test to reflect this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
This PR will allow CoreOS to make use of ptp_kvm when the underlying hypervisor supports it.