Modernize ntp.conf to use the ntpd pool feature.
ClosedPublic
Actions

Authored by • ian on Dec 31 2016, 9:53 PM.

Details

Reviewers

cy
roberto
des

Group Reviewers

secteam

Commits

rS316121: MFC r311103 (ian):
rS311103: Update ntp.conf to use the ntpd pool feature.

Summary

Our current ntp.conf file configures 3 servers from freebsd.pool.ntp.org using 3 separate 'server' config lines. That can be replaced with a single 'pool' line in modern ntpd.

More than just making the config smaller, the pool feature in ntpd has one major advantage over configuring 3 separate servers from a pool: if a server that was added using a 'pool' statement provides bad time (initially or at some later date), ntpd automatically discards it and configures a new different server from the pool without needing to be restarted.

These changes also add a 'tos' line to control how many pool servers get added, a 'restrict source' line that is required to allow ntpd to add new peers from the pool, and it deletes a 'restrict 127.127.1.0' line that does nothing and should never have been there (127.127.1.0 is not a valid IP address, it's a refclock identifier).

Diff Detail

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 6509

Event Timeline

• ian updated this revision to Diff 23494.Dec 31 2016, 9:53 PM

• ian retitled this revision from to Modernize ntp.conf to use the ntpd pool feature..

• ian updated this object.

• ian edited the test plan for this revision. (Show Details)

• ian added reviewers: cy, secteam.

• ian set the repository for this revision to rS FreeBSD src repository - subversion.

Herald added a subscriber: imp. · View Herald TranscriptDec 31 2016, 9:53 PM

Attach the right diff: the 'restrict source' line has to come after 'restrict default' to have the right effect.

cy added reviewers: des, roberto.Dec 31 2016, 10:03 PM

Looks good to me, thanks.

This revision is now accepted and ready to land.Jan 1 2017, 12:21 AM

Looks good. Should we keep a server statement as a comment to document the alternative "old" method? Not a must have though. Either way looks good.

delphij added a subscriber: delphij.Jan 1 2017, 6:33 AM

delphij added inline comments.

etc/ntp.conf
22	Is the change from 3 (technically there should be 4 for servers) to only 1 intentional? (Note that I noticed that recent ntp versions is not working very well with pool configuration, but didn't get a chance to trace that down yet).

I haven't changed my configuration yet to check but I did notice that 0.freebsd.pool.ntp.org does return 4 IPv4 addresses.

In D9011#186047, @cy wrote:

Looks good. Should we keep a server statement as a comment to document the alternative "old" method? Not a must have though. Either way looks good.

I thought about adding an example of explicit server config, but it seems confusing to use the pool servers as an example of a non-pool config, and I'm afraid if we used any non-pool real servers, people would just uncomment them and slam somebody's server. Maybe an example with a couple obviously-made-up server names would work.

etc/ntp.conf
22	It's not a change to 1 server -- because of the "tos minclock 3 maxclock 6" line, ntpd will automatically add 5 servers from freebsd.pool.ntp.org, then if those 5 don't give at least 3 that are providing good time, it will add even more (and eventually drop off the ones that provide lower-quality time). Maybe I should move the "tos" line and its comment to be above the pool statement, so that the comment about automatically getting 3-5 servers is sort of already in scope in your mind when you read the pool comments. To avoid a lot of traffic at startup, ntpd adds servers from the pool in groups of 4, so when it first starts it adds 4 servers and does iburst (8-packet) exchanges with them. After 4 polling cycles (4 minutes, basically), it will add another group of 4 (or as many more needed to reach the goal of at least 3 good out of 5 total). I agree that 4 is a good minimum number of servers. I like 5 a wee bit better because of ntpd's majority rule on leap seconds -- it requires more than half, and the comparison in the code is >, not >=, so 3 out of 4 servers would have to be signaling a leap second to be believed. Having an odd number gives an automatic tie-breaker.

Move the tos line and its comment block to the top of the file, so that the later comments about how many pool servers get added make more sense when you're reading the file top to bottom like a first-time user might do.

Update comments to make it more clear that a single pool statement configures multiple servers.

Add an example of specifying a specific server, along with comments about how doing so interacts with also configuring a pool. (And make sure the server example uses a non-existant domain in case someone blindly uncomments it.)

This revision now requires review to proceed.Jan 1 2017, 6:00 PM

Looks good.

This revision is now accepted and ready to land.Jan 1 2017, 6:16 PM

Fine with me that way, thanks.

Closed by commit rS311103: Update ntp.conf to use the ntpd pool feature. (authored by • ian). · Explain WhyJan 2 2017, 3:19 PM

This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

Path

Size

etc/

ntp.conf

39 lines

Diff 23494

View Options

Modernize ntp.conf to use the ntpd pool feature.ClosedPublicActions