[Freeipa-users] Use of LOCAL clock in ntpd configuration
Chuck Lever
chuck.lever at oracle.com
Fri Feb 15 18:23:23 UTC 2013
Hi-
First-time FreeIPA user here.
I've installed FreeIPA on Fedora 18 and have some Fedora 16 IPA clients. "ipa-server-install" on Fedora 18 and "ipa-client-install" on Fedora 16 both add the following stanza to /etc/ntp.conf:
server 127.127.1.0 # local clock
fudge 127.127.1.0 stratum 10
This sets up an additional time source based on the local system's hardware clock.
According to http://www.ntp.org/ntpfaq/NTP-s-refclk.htm
> The LCL is no reference clock in reality; instead it simply refers to the system time on the current machine. Therefore it should never be used, except when the system time is synchronized by some means not visible by xntpd.
"synchronized by some means not visible by xntpd" means a GPS card or an atomic clock, hardware which most systems do not have available. In my experience, including a local time source on typical PC hardware is a recipe for inaccurate timekeeping. It can be especially problematic in a virtual environment.
Including a local source might make sense for IPA servers, but only if the source is externally synchronized. At first I thought maybe the ntp configurator script had found some evidence of external synchronization on my server hardware, but then the same stanza appeared on my IPA clients, both of which are VMware Fusion guests.
As soon as the local clock source was added on my IPA server, its ntp clock offset was skewed by a second and a half from the network servers it was tracking, and it became worse until I removed the local source.
It seems to me that adding a local source automatically is a bad idea. Anyone know why the IPA installers add this source?
(I also note that "ipa-client-install" does not disable chronyd, but I've only tried the client install script on Fedora 16).
--
Chuck Lever
chuck[dot]lever[at]oracle[dot]com
More information about the Freeipa-users
mailing list