From owner-freebsd-stable@FreeBSD.ORG Thu Jul 16 19:11:30 2009 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2CF721065672 for ; Thu, 16 Jul 2009 19:11:30 +0000 (UTC) (envelope-from oberman@es.net) Received: from mailgw.es.net (mail2.es.net [IPv6:2001:400:107:1::2]) by mx1.freebsd.org (Postfix) with ESMTP id 14CD58FC24 for ; Thu, 16 Jul 2009 19:11:30 +0000 (UTC) (envelope-from oberman@es.net) Received: from ptavv.es.net (ptavv.es.net [IPv6:2001:400:910::29]) by mailgw.es.net (8.14.3/8.14.3) with ESMTP id n6GJBTgs005211 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 16 Jul 2009 12:11:29 -0700 Received: from ptavv.es.net (ptavv.es.net [127.0.0.1]) by ptavv.es.net (Tachyon Server) with ESMTP id 13B041CC0D; Thu, 16 Jul 2009 12:11:29 -0700 (PDT) To: John Marshall In-reply-to: Your message of "Thu, 09 Jul 2009 12:11:19 +1000." <20090709021119.GA26896@rwpc12.mby.riverwillow.net.au> Date: Thu, 16 Jul 2009 12:11:29 -0700 From: "Kevin Oberman" Message-Id: <20090716191129.13B041CC0D@ptavv.es.net> X-Proofpoint-Virus-Version: vendor=fsecure engine=1.12.8161:2.4.5, 1.2.40, 4.0.166 definitions=2009-07-16_09:2009-07-03, 2009-07-16, 2009-07-16 signatures=0 Cc: freebsd-stable@freebsd.org Subject: Re: 8.0-BETA1 Source Upgrade breaks NTP configuration X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jul 2009 19:11:30 -0000 > Date: Thu, 9 Jul 2009 12:11:19 +1000 > From: John Marshall > Sender: owner-freebsd-stable@freebsd.org > > Yesterday I source-upgraded a 7.2-RELEASE-p2 test i386 server to > 8.0-BETA1. I have just discovered that it broke that server's NTP > service. > > PROBLEM 1 - Existing /etc/ntp.conf overwritten > > For source upgrades I run "mergemaster -iCPU" and it has served me well > until now. Mergemaster appeared to run "as normal" for this upgrade, > prompting me for decisions on how to deal with the handful of usual > files. It didn't tell me that it had decided to overwrite my existing > /etc/ntp.conf with the new default version from the source tree! (OK, > perhaps it told me in the big, long list at the end but it didn't prompt > me to supersede my existing file). > > Looking at the mergemaster(8) man page, I can't see how the options I > use would have resulted in my existing /etc/ntp.conf being overwritten > with the version from the source tree - but obviously there is a woops > factor there, either with me or mergemaster. > > Digging deeper, it looks like it may be due to the fact that this is a > new supplied file and an entry for /etc/ntp.conf didn't exist in > /var/db/mergemaster.mtree from the previous (7.2-RELEASE) run. How > should this be handled? > > PROBLEM 2 - Default ntp.conf uses LOCAL clock > > So, having had the FreeBSD upgrade magically re-configure my NTP server > (no, I wasn't prompted to overwrite ntp.conf), I find that my NTP server > is now synchronizing with it's own (potentially wrong) local system > clock! Our firewall is configured to allow NTP traffic between our > internal NTP servers and specific upstream NTP servers. The default > configuration file specifies different servers which we don't use, so > this NTP server couldn't "see" them. > > The new default configuration file includes "127.127.1.0" as a > configured server. Because we could see no "real" NTP servers, we > synchronized with our local system clock. That means that we think we > are synchronized to a reliable upstream source. Rather than losing > synch and discovering the problem, we think we are synchronized to a > reliable source and we and our clients drift away from reality in > blissful ignorance. Surely this violates POLA! > > Could we *please* at least comment out the LOCAL server config in the > supplied ntp.conf? Personally I would rather see it removed. It is one > thing to tell people where the gun is if they want to shoot themselves > in the foot; it's another thing to load it and fire it for them. > > I think it is good to have a default ntp.conf to help new users get > started. I think it is a bad thing to include potentially dangerous > elements in that configuration which could cause grief to a novice NTP > administrator. If the default configuration provides scope for such > surprises, they will (rightly) blame FreeBSD. > > -- > John Marshall John, Both of these problems have been reported and Doug is working on a fix for mergemaster to deal with the case where a new file is added to /etc but a file of the same named already exists. I also reported the issue with LOCAL and a fix for this is also in the pipe. When 8.0 is released, I'm pretty sure that ntp.conf will look a bit different from what you see and it won't overwrite the existing file (at least without asking). -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751