DeepSea icon indicating copy to clipboard operation
DeepSea copied to clipboard

Published 20 hours ago verified publisher icon SUSE

ntp validation

Open swiftgist opened this issue 5 years ago • 1 comments

Description of Issue/Question

Creating an issue for discussion from Martin:

  1. proper timesync check during deployment regardless of the configuration at the customer (PoC vs. Production / real world deployments)
  2. leave the whole infrastructure configuration (DNS, NTP) in the hands of the customer and just verify it.

swiftgist avatar Nov 26 '18 19:11 swiftgist

As a minimum we should verify if "ntpq -p" shows proper sync of all servers and if all servers have the same time.

On newer systems systemd timesyncd might need to be verified or chrony. Maybe timesyncctl would be the easiest way?

P.S. some general recommendations for NTP:

  • have three internal sources providing time independent of each other and have the same stratum (1, 2 or 3)
  • sync hwclock during boot if timesource is internal and reliable
  • use burst+iburst for internal NTP sources, do not use burst against public sources
  • ntpq -p might just be allowed against / via 127.0.0.1 so verifying remote might not be possible due to security restrictions
  • never run a time source "virtualized"

Martin-Weiss avatar Dec 07 '18 14:12 Martin-Weiss