Ubuntu
ntp package

GCE default NTP configuration uses both leap-smeared and true UTC sources

Bug #1652695 reported by Paul Gear
16
This bug affects 1 person
Affects Status Importance Assigned to Milestone
cloud-images
Fix Committed
Low
Unassigned
ntp (Ubuntu)
Won't Fix
Low
Unassigned

Bug Description

A default install of cloud images on GCE results in a configuration of NTP which will likely be problematic during leap seconds, because it uses both Google's leap-smeared time source, and the public pool, which uses true UTC. These should not be combined in the default configuration.

The principle of least astonishment would suggest that a non-standard feature like leap smearing should be disabled by default.

This behaviour has been consistent in the 3 different GCE regions in which I've recently created instances.

root@instance-4:~# cat /etc/cloud/build.info
build_name: server
serial: 20161221

root@instance-4:~# cat /etc/ntp.conf
# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help

driftfile /var/lib/ntp/ntp.drift

# Enable this if you want statistics to be logged.
#statsdir /var/log/ntpstats/

statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable

# Specify one or more NTP #servers.

# Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board
# on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for
# more information.
pool 0.ubuntu.pool.ntp.org iburst
pool 1.ubuntu.pool.ntp.org iburst
pool 2.ubuntu.pool.ntp.org iburst
pool 3.ubuntu.pool.ntp.org iburst

# Use Ubuntu's ntp #server as a fallback.
pool ntp.ubuntu.com

# ... comments snipped ...

# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery limited
restrict -6 default kod notrap nomodify nopeer noquery limited

# Local users may interrogate the ntp #server more closely.
restrict 127.0.0.1
restrict ::1

# Needed for adding pool entries
restrict source notrap nomodify noquery

# ... comments snipped ...

# Google NTP source. This was added as part of the gce-cloud-config package.
server metadata.google.internal

Revision history for this message
Paul Gear (paulgear) wrote :

I've tried to tag this as also affecting gce-cloud-config (source package gce-utils), but launchpad seems unable to find it.

Revision history for this message
Paul Gear (paulgear) wrote :

It appears that this is not a high priority issue, since the default NTP configuration will automatically exclude the leap-smearing source, given sufficient other good sources:

http://pastebin.ubuntu.com/23720277/

However, we may want to consider changing the default ntp configuration to use 'server' rather than 'pool' for ntp.ubuntu.com, to ensure that it is included in the configuration at least once.

Changed in ntp (Ubuntu):
importance: Undecided → Low
Changed in cloud-images:
importance: Undecided → Low
Revision history for this message
Robie Basak (racb) wrote :

> However, we may want to consider changing the default ntp configuration to use 'server' rather than 'pool' for ntp.ubuntu.com, to ensure that it is included in the configuration at least once.

Why is this necessary? AIUI, ntp.ubuntu.com exists as a backup in case pool.ntp.org (an externally managed domain) fails to resolve or is otherwise down. Will this not work right now? If it does not, that's really a separate bug (that we should fix).

Changed in ntp (Ubuntu):
status: New → Incomplete
Revision history for this message
Philip Roche (philroche) wrote :

This seems to be somewhat related to https://bugs.launchpad.net/cpc-gce/+bug/1639089 (only affects Xenial).

In summary the "pool" entries in ntp.conf should be commented out by gce-cloud-config but when ntp.conf transitioned from using "server" to "pool" gce-cloud-config was not updated.

I will be fixing lp:1639089 in the GCE Xenial image build process initially followed by a fix for gce-cloud-config.

Note that gce-cloud-config is being deprecated in favour of gce-compute-image-packages which does not have this bug.

Revision history for this message
Dan Watkins (oddbloke) wrote :

Paul, we've made some changes to the GCE images regarding NTP since you filed this. Could you double-check if the issues you describe still exist?

Changed in cloud-images:
status: New → Fix Committed
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Per former comment expected to be good and since we demoted NTP(d) setting to Won't Fix for NTP task.

Changed in ntp (Ubuntu):
status: Incomplete → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.