[FEATURE REQUEST] Add time synchronization service (NTP) to Epiphany #1298
Labels
Milestone
Comments
|
@to-bar I updated issue description of this issue. Can you check and comment if that is better now? |
Thanks, good job. Updated AWS part after checking that AMIs we currently use do not have NTP pre-configured. However, RHEL based VMs use RHELs default setup - external NTP sources (rhel.pool.ntp.org). |
20 tasks
|
Looks like ticket #1233 is on hold, so we're not sure if this task is mandatory.. if is.. than we need to put more explanations regarding current work:
|
|
Update:
|
20 tasks
seriva
changed the title
|
Not going todo anymore feature requests for Epiphany. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
We need synchronized time on Epiphany instances.
Reasons:
NFS requires time synchronization.
It is highly recommended for NFS to use a time synchronization daemon to keep client/server clocks in sync. Without accurate clocks on all nodes, NFS can introduce unwanted delays.
Source: https://wiki.archlinux.org/index.php/NFS#Installation
NFS does not synchronize time between client and server, and offers no mechanism for the client to determine what time the server thinks it is. What this means is that a client can update a file, and have the timestamp on the file be either some time long in the past, or even in the future, from its point of view.
While this is generally not an issue if clocks are a few seconds or even a few minutes off, it can be confusing and misleading to humans. Of even greater importance is the affect on programs. Programs often do not expect time difference like this, and may end abnormally or behave strangely, as various tasks timeout instantly, or take extraordinarily long while to timeout.
Source: https://www.time-travellers.org/shane/papers/NFS_considered_harmful.html
Kerberos (used to encrypt NFS)
The Kerberos protocol requires the time of the client and server to match: if the system clocks of the client does not match that of the server, authentication will fail. The simplest way to synchronize the system clocks is to use a Network Time Protocol (NTP) server.
Source: https://help.ubuntu.com/community/Kerberos
Describe the solution you'd like
Possibilities:
For cloud based installations it should be set up automatically by Epiphany (where possible).
On AWS, the Amazon Time Sync Service is available through NTP at the 169.254.169.123 IP address for any instance running in a VPC but (at least for AMIs currently used by Epiphany) it needs to be configured. According to AWS docs, the latest versions of Amazon Linux AMIs synchronize with the Amazon Time Sync Service by default. Worth to check whether images we are going to use (issue Update cloud based OS images #1330) have NTP pre-configured.
Source: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/set-time.html
On Azure there is NTP enabled by default on default images (that is what documentation says, but that requires confirmation).
Source: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/time-sync#configuration-options
For on-premise installations, I think we have a few options:
Describe alternatives you've considered
None
Additional context
None
DoD checklist
The text was updated successfully, but these errors were encountered: