On Mon, Aug 31, 2015 at 02:24:39PM -0400, Stephen Gallagher wrote:
What it sounds like is FreeIPA by default mistrusts system time, until it checks for the presence and enabled state of ntpd in order to trust system time. Is this some throwback to a time when system time couldn't be trusted?
No, FreeIPA provides an NTPD server to its clients as the authoritative source. It has nothing to do with trusting system time (kind of the opposite; it's asserting that this system's time is so authoritative that its clients should use it as the One Truth.
IMO FreeIPA should be changed to install use chrony as server, as chrony is default since few Fedora releases.
Separately I'm noticing on atomic cloud (F22), that there is also no network time set. Chrony and ntpd are not installed and systemd-timesyncd.service is disabled. I'd really hate to think we end up with three completely different ways of syncing time on the three products.
Yes, I concur that we should try to settle on one. That's kind of why I was suggesting timesyncd; it seemed most likely to be present on all Editions.
I'd rather see chrony; it is small and provides full NTP sync.
BTW, is timesyncd == timedated? Because the FESCo ruling was about timedated. If it's just a name-change, fine. But if it's a new implementation, we may want a new investigation.
Those are two different things. Timesyncd is simple SNTP client (plus time restoration over reboot, for things without RTC). Timedated is providing an API + utility to set system timezone and time and to toggle external time sync. There are two implementation of timedated: – systemd's on, this only toggles timesyncd as synchronisation mechanism – timedatex, which can toggle arbitrary NTP daemon