improve oauth skew to base off uptime
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cloud-init |
Expired
|
Medium
|
Unassigned | ||
curtin |
Confirmed
|
Medium
|
Unassigned |
Bug Description
when doing oauth, each request needs to include a timestamp that matches a window of the host's clock.
So, if our local clock is broken we need to adjust it. Cloud-init and curtin handle this by adding a 'skew', and recently store that skew in a dictionary for later reference. The issue though is that currently we store the skew off the current local time. This works fine until the local time is updated, and then it would result in us having a *bad* offset where using none would work.
During boot, ntp or systemd-
My plan for a fix is to use uptime as an always increasing/stable clock.
To address the fact that a clock could be wildly inaccurate, we can discard the stored skew if it is older than 10 minutes or some reasonably large value.
Changed in cloud-init: | |
status: | New → Confirmed |
importance: | Undecided → Medium |
Changed in curtin: | |
status: | New → Confirmed |
importance: | Undecided → Medium |
Tracked in Github Issues as https:/ /github. com/canonical/ cloud-init/ issues/ 2607