[PATCH] systemd-conf: add timesyncd.conf

[PATCH] systemd-conf: add timesyncd.conf

[Cengiz Can]

Currently OE-Core's systemd-timesyncd defaults to Google's time servers.

However those servers are not always reachable.

```
systemd-timesyncd[242]:
  Timed out waiting for reply from 216.239.35.12:123 (time4.google.com).
systemd-timesyncd[242]:
  Timed out waiting for reply from 216.239.35.0:123 (time1.google.com).
systemd-timesyncd[242]:
  Timed out waiting for reply from 216.239.35.4:123 (time2.google.com).
systemd-timesyncd[242]:
  Timed out waiting for reply from 216.239.35.8:123 (time3.google.com).
systemd-timesyncd[242]:
  Timed out waiting for reply from 216.239.35.12:123 (time4.google.com).
```

Even if they are, it is much more sensible to use pool servers from
ntp.org.

This patch adds a default timesyncd.conf with Google's time servers
moved to Fallback and pool.ntp.org as primary time servers.

Signed-off-by: Cengiz Can <cengiz@kernel.wtf>
---
 .../systemd/systemd-conf/timesyncd.conf         | 17 +++++++++++++++++
 meta/recipes-core/systemd/systemd-conf_243.bb   |  3 +++
 2 files changed, 20 insertions(+)
 create mode 100644 meta/recipes-core/systemd/systemd-conf/timesyncd.conf

diff --git a/meta/recipes-core/systemd/systemd-conf/timesyncd.conf b/meta/recipes-core/systemd/systemd-conf/timesyncd.conf
new file mode 100644
index 0000000000..84fdc354b8
--- /dev/null
+++ b/meta/recipes-core/systemd/systemd-conf/timesyncd.conf
@@ -0,0 +1,17 @@
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+# Entries in this file show the compile time defaults.
+# You can change settings by editing this file.
+# Defaults can be restored by simply deleting this file.
+#
+# See timesyncd.conf(5) for details.
+
+[Time]
+NTP=0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org
+FallbackNTP=time1.google.com time2.google.com time3.google.com time4.google.com
+
diff --git a/meta/recipes-core/systemd/systemd-conf_243.bb b/meta/recipes-core/systemd/systemd-conf_243.bb
index d9ec023bfd..238bca9373 100644
--- a/meta/recipes-core/systemd/systemd-conf_243.bb
+++ b/meta/recipes-core/systemd/systemd-conf_243.bb
@@ -11,6 +11,7 @@ SRC_URI = "\
     file://system.conf \
     file://system.conf-qemuall \
     file://wired.network \
+    file://timesyncd.conf \
 "
 
 do_install() {
@@ -18,6 +19,7 @@ do_install() {
 	install -D -m0644 ${WORKDIR}/logind.conf ${D}${systemd_unitdir}/logind.conf.d/00-${PN}.conf
 	install -D -m0644 ${WORKDIR}/system.conf ${D}${systemd_unitdir}/system.conf.d/00-${PN}.conf
 	install -D -m0644 ${WORKDIR}/wired.network ${D}${systemd_unitdir}/network/80-wired.network
+	install -D -m0644 ${WORKDIR}/timesyncd.conf ${D}${sysconfdir}/systemd/timesyncd.conf
 }
 
 # Based on change from YP bug 8141, OE commit 5196d7bacaef1076c361adaa2867be31759c1b52
@@ -35,4 +37,5 @@ FILES_${PN} = "\
     ${systemd_unitdir}/logind.conf.d/ \
     ${systemd_unitdir}/system.conf.d/ \
     ${systemd_unitdir}/network/ \
+    ${sysconfdir}/systemd/timesyncd.conf \
 "
-- 
2.24.0

Re: [PATCH] systemd-conf: add timesyncd.conf

[Paul Barker]

On Tue, 26 Nov 2019, at 13:39, Cengiz Can wrote:
> Currently OE-Core's systemd-timesyncd defaults to Google's time servers.
> 
> However those servers are not always reachable.
> 
> ```
> systemd-timesyncd[242]:
>   Timed out waiting for reply from 216.239.35.12:123 (time4.google.com).
> systemd-timesyncd[242]:
>   Timed out waiting for reply from 216.239.35.0:123 (time1.google.com).
> systemd-timesyncd[242]:
>   Timed out waiting for reply from 216.239.35.4:123 (time2.google.com).
> systemd-timesyncd[242]:
>   Timed out waiting for reply from 216.239.35.8:123 (time3.google.com).
> systemd-timesyncd[242]:
>   Timed out waiting for reply from 216.239.35.12:123 (time4.google.com).
> ```
> 
> Even if they are, it is much more sensible to use pool servers from
> ntp.org.
> 
> This patch adds a default timesyncd.conf with Google's time servers
> moved to Fallback and pool.ntp.org as primary time servers.
> 
> Signed-off-by: Cengiz Can <cengiz@kernel.wtf>
> ---
>  .../systemd/systemd-conf/timesyncd.conf         | 17 +++++++++++++++++
>  meta/recipes-core/systemd/systemd-conf_243.bb   |  3 +++
>  2 files changed, 20 insertions(+)
>  create mode 100644 meta/recipes-core/systemd/systemd-conf/timesyncd.conf
> 
> diff --git a/meta/recipes-core/systemd/systemd-conf/timesyncd.conf 
> b/meta/recipes-core/systemd/systemd-conf/timesyncd.conf
> new file mode 100644
> index 0000000000..84fdc354b8
> --- /dev/null
> +++ b/meta/recipes-core/systemd/systemd-conf/timesyncd.conf
> @@ -0,0 +1,17 @@
> +#  This file is part of systemd.
> +#
> +#  systemd is free software; you can redistribute it and/or modify it
> +#  under the terms of the GNU Lesser General Public License as 
> published by
> +#  the Free Software Foundation; either version 2.1 of the License, or
> +#  (at your option) any later version.
> +#
> +# Entries in this file show the compile time defaults.
> +# You can change settings by editing this file.
> +# Defaults can be restored by simply deleting this file.
> +#
> +# See timesyncd.conf(5) for details.
> +
> +[Time]
> +NTP=0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org

https://www.ntppool.org/en/vendors.html should be considered before changing the defaults to these values. We should probably get a vendor zone.

-- 
Paul Barker

Re: [PATCH] systemd-conf: add timesyncd.conf

[Khem Raj]

On Tue, 2019-11-26 at 16:39 +0300, Cengiz Can wrote:
> Currently OE-Core's systemd-timesyncd defaults to Google's time
> servers.
> 
> However those servers are not always reachable.
> 
> ```
> systemd-timesyncd[242]:
>   Timed out waiting for reply from 216.239.35.12:123
> (time4.google.com).
> systemd-timesyncd[242]:
>   Timed out waiting for reply from 216.239.35.0:123
> (time1.google.com).
> systemd-timesyncd[242]:
>   Timed out waiting for reply from 216.239.35.4:123
> (time2.google.com).
> systemd-timesyncd[242]:
>   Timed out waiting for reply from 216.239.35.8:123
> (time3.google.com).
> systemd-timesyncd[242]:
>   Timed out waiting for reply from 216.239.35.12:123
> (time4.google.com).
> ```
> 
> Even if they are, it is much more sensible to use pool servers from
> ntp.org.
> 
> This patch adds a default timesyncd.conf with Google's time servers
> moved to Fallback and pool.ntp.org as primary time servers.
> 

if we want to make this change then we should also let users know about
any restrictions on its use will be imposed by moving to new servers,
my suggestion would be to stay with defaults as it is, and have
bbappends in own layers to point to time servers suitable for your
projects. 

> Signed-off-by: Cengiz Can <cengiz@kernel.wtf>
> ---
>  .../systemd/systemd-conf/timesyncd.conf         | 17
> +++++++++++++++++
>  meta/recipes-core/systemd/systemd-conf_243.bb   |  3 +++
>  2 files changed, 20 insertions(+)
>  create mode 100644 meta/recipes-core/systemd/systemd-
> conf/timesyncd.conf
> 
> diff --git a/meta/recipes-core/systemd/systemd-conf/timesyncd.conf
> b/meta/recipes-core/systemd/systemd-conf/timesyncd.conf
> new file mode 100644
> index 0000000000..84fdc354b8
> --- /dev/null
> +++ b/meta/recipes-core/systemd/systemd-conf/timesyncd.conf
> @@ -0,0 +1,17 @@
> +#  This file is part of systemd.
> +#
> +#  systemd is free software; you can redistribute it and/or modify
> it
> +#  under the terms of the GNU Lesser General Public License as
> published by
> +#  the Free Software Foundation; either version 2.1 of the License,
> or
> +#  (at your option) any later version.
> +#
> +# Entries in this file show the compile time defaults.
> +# You can change settings by editing this file.
> +# Defaults can be restored by simply deleting this file.
> +#
> +# See timesyncd.conf(5) for details.
> +
> +[Time]
> +NTP=0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org
> +FallbackNTP=time1.google.com time2.google.com time3.google.com
> time4.google.com
> +
> diff --git a/meta/recipes-core/systemd/systemd-conf_243.bb
> b/meta/recipes-core/systemd/systemd-conf_243.bb
> index d9ec023bfd..238bca9373 100644
> --- a/meta/recipes-core/systemd/systemd-conf_243.bb
> +++ b/meta/recipes-core/systemd/systemd-conf_243.bb
> @@ -11,6 +11,7 @@ SRC_URI = "\
>      file://system.conf \
>      file://system.conf-qemuall \
>      file://wired.network \
> +    file://timesyncd.conf \
>  "
>  
>  do_install() {
> @@ -18,6 +19,7 @@ do_install() {
>  	install -D -m0644 ${WORKDIR}/logind.conf
> ${D}${systemd_unitdir}/logind.conf.d/00-${PN}.conf
>  	install -D -m0644 ${WORKDIR}/system.conf
> ${D}${systemd_unitdir}/system.conf.d/00-${PN}.conf
>  	install -D -m0644 ${WORKDIR}/wired.network
> ${D}${systemd_unitdir}/network/80-wired.network
> +	install -D -m0644 ${WORKDIR}/timesyncd.conf
> ${D}${sysconfdir}/systemd/timesyncd.conf
>  }
>  
>  # Based on change from YP bug 8141, OE commit
> 5196d7bacaef1076c361adaa2867be31759c1b52
> @@ -35,4 +37,5 @@ FILES_${PN} = "\
>      ${systemd_unitdir}/logind.conf.d/ \
>      ${systemd_unitdir}/system.conf.d/ \
>      ${systemd_unitdir}/network/ \
> +    ${sysconfdir}/systemd/timesyncd.conf \
>  "
> -- 
> 2.24.0
> 

Re: [PATCH] systemd-conf: add timesyncd.conf

[Phil Blundell]

On Tue, Nov 26, 2019 at 04:39:43PM +0300, Cengiz Can wrote:
> This patch adds a default timesyncd.conf with Google's time servers
> moved to Fallback and pool.ntp.org as primary time servers.

The "advice for vendors" on the ntp.org website specifically says:

   Do not use the standard pool.ntp.org names as a default 
   configuration in your system.

I don't think we should make this change.

p.

Re: [PATCH] systemd-conf: add timesyncd.conf

[Cengiz Can]

Hello,

I didn't know that they were using vendor naming for rate limiting.

On November 26, 2019 21:19:31 Phil Blundell <pb@pbcl.net> wrote:

> The "advice for vendors" on the ntp.org website specifically says:
>
>
>   Do not use the standard pool.ntp.org names as a default
>   configuration in your system.
>
>
> I don't think we should make this change.

I have two questions though

1) Does Google allow their time servers to be directly used?

2) Can we apply for a vendor name like "oe" so at least they can 
throttle/rate limit their inbound traffic?

Because at current state, timesyncd is unreliable and doesn't have sane 
defaults enabled. pool.ntp.org is a community effort but has thousands of 
servers that are available for service. Not just 4 Google controlled servers.

Re: [PATCH] systemd-conf: add timesyncd.conf

[Phil Blundell]

On Tue, Nov 26, 2019 at 11:02:15PM +0300, Cengiz Can wrote:
> 1) Does Google allow their time servers to be directly used?

I believe so.  I couldn't immediately find anything on their website that
said differently.

> 2) Can we apply for a vendor name like "oe" so at least they can
> throttle/rate limit their inbound traffic?

I guess the OpenEmbedded corporate entity could apply for one.  I don't
actually know what the current organisation is; the website just says
"OpenEmbedded is a Texas-registered company. More details to follow."

Mostly though I think this is a distro configuration issue and ought to
be addressed there.

> Because at current state, timesyncd is unreliable and doesn't have sane
> defaults enabled. pool.ntp.org is a community effort but has thousands of
> servers that are available for service. Not just 4 Google controlled
> servers.

I'm fairly sure that time.google.com has more than four servers (they are
load-balanced behind a single public IP, just like the Google nameserver
8.8.4.4 is not a single machine either).  It's not completely obvious to 
me that pool.ntp.org is generally more available.

The Google servers also do leap smearing which might or might not be a 
good thing depending on your point of view.  I'm not sure whether the
pool.ntp.org ones do the same thing or not.

p.

Re: [PATCH] systemd-conf: add timesyncd.conf

[Cengiz Can]

On Wed, 2019-11-27 at 12:49 +0100, Phil Blundell wrote:
> I believe so.  I couldn't immediately find anything on their website
> that
> said differently.

Ok. I've found it here: https://developers.google.com/time/faq

> The Google servers also do leap smearing which might or might not be
> a good thing depending on your point of view.  I'm not sure whether
> the pool.ntp.org ones do the same thing or not.

ntp.org's Discourse forum has posts mentioning that leap smearing is
not supported and Google specific only.

How often those leap seconds occur is out of my knowledge and
expertise.

So I guess I'm giving up on this and let distro bakers decide on what
to use.

Thanks everyone. 

Cengiz Can
@cengiz_io