Date: Thu, 9 Jul 2009 12:11:19 +1000 From: John Marshall <john.marshall@riverwillow.com.au> To: freebsd-stable@freebsd.org Subject: 8.0-BETA1 Source Upgrade breaks NTP configuration Message-ID: <20090709021119.GA26896@rwpc12.mby.riverwillow.net.au>
next in thread | raw e-mail | index | archive | help
--HlL+5n6rz5pIUxbD Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Yesterday I source-upgraded a 7.2-RELEASE-p2 test i386 server to 8.0-BETA1. I have just discovered that it broke that server's NTP service. PROBLEM 1 - Existing /etc/ntp.conf overwritten For source upgrades I run "mergemaster -iCPU" and it has served me well until now. Mergemaster appeared to run "as normal" for this upgrade, prompting me for decisions on how to deal with the handful of usual files. It didn't tell me that it had decided to overwrite my existing /etc/ntp.conf with the new default version from the source tree! (OK, perhaps it told me in the big, long list at the end but it didn't prompt me to supersede my existing file). Looking at the mergemaster(8) man page, I can't see how the options I use would have resulted in my existing /etc/ntp.conf being overwritten with the version from the source tree - but obviously there is a woops factor there, either with me or mergemaster. Digging deeper, it looks like it may be due to the fact that this is a new supplied file and an entry for /etc/ntp.conf didn't exist in /var/db/mergemaster.mtree from the previous (7.2-RELEASE) run. How should this be handled? PROBLEM 2 - Default ntp.conf uses LOCAL clock So, having had the FreeBSD upgrade magically re-configure my NTP server (no, I wasn't prompted to overwrite ntp.conf), I find that my NTP server is now synchronizing with it's own (potentially wrong) local system clock! Our firewall is configured to allow NTP traffic between our internal NTP servers and specific upstream NTP servers. The default configuration file specifies different servers which we don't use, so this NTP server couldn't "see" them. The new default configuration file includes "127.127.1.0" as a configured server. Because we could see no "real" NTP servers, we synchronized with our local system clock. That means that we think we are synchronized to a reliable upstream source. Rather than losing synch and discovering the problem, we think we are synchronized to a reliable source and we and our clients drift away from reality in blissful ignorance. Surely this violates POLA! Could we *please* at least comment out the LOCAL server config in the supplied ntp.conf? Personally I would rather see it removed. It is one thing to tell people where the gun is if they want to shoot themselves in the foot; it's another thing to load it and fire it for them. I think it is good to have a default ntp.conf to help new users get started. I think it is a bad thing to include potentially dangerous elements in that configuration which could cause grief to a novice NTP administrator. If the default configuration provides scope for such surprises, they will (rightly) blame FreeBSD. --=20 John Marshall --HlL+5n6rz5pIUxbD Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (FreeBSD) iEYEARECAAYFAkpVUccACgkQw/tAaKKahKKekACgrFW0bHE61nBAonhkxrJo+S/q M9IAnje/jr/xYFFbD0LYJK/W53vN3gqN =64Sy -----END PGP SIGNATURE----- --HlL+5n6rz5pIUxbD--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090709021119.GA26896>