From owner-freebsd-cloud@freebsd.org Tue Feb 19 22:48:24 2019 Return-Path: Delivered-To: freebsd-cloud@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6596414DC87A for ; Tue, 19 Feb 2019 22:48:24 +0000 (UTC) (envelope-from raf@rafal.net) Received: from smtp-out-2.mxes.net (smtp-out-2.mxes.net [205.237.194.127]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 10A8E80032 for ; Tue, 19 Feb 2019 22:48:22 +0000 (UTC) (envelope-from raf@rafal.net) Received: from Customer-MUA (mua.mxes.net [10.0.0.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id AB3B727550 for ; Tue, 19 Feb 2019 17:48:12 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rafal.net; s=tm; t=1550616494; bh=RtdXYcBPT/8rtZXoF/MRofXDxy46LQ09KxaUpchDJf0=; h=From:Subject:Date:To:From; b=KvAXGtjWkxmE2XwG61WYks/yHEegV4nX8j+3O1v/EMyDatXcOTeAsIkmPZ0WBz0ei 8x8Flmzx9DFgocSYWZstLFp8IXt97d7/Ds6j+uajounlj+qmQIxtQAbD/YFall6PpD JY3EUyuDtNWpnrd+PMpbSVACO5W9BdWtdTF0ehRY= From: Rafal Lukawiecki Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\)) Subject: Duplicate entry in AWS FreeBSD 12.0 ntp.conf Message-Id: Date: Tue, 19 Feb 2019 22:48:10 +0000 To: freebsd-cloud@freebsd.org X-Mailer: Apple Mail (2.3445.102.3) X-Sent-To: X-Sender: rafal.net X-Rspamd-Queue-Id: 10A8E80032 X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=rafal.net header.s=tm header.b=KvAXGtjW; dmarc=pass (policy=none) header.from=rafal.net; spf=pass (mx1.freebsd.org: domain of raf@rafal.net designates 205.237.194.127 as permitted sender) smtp.mailfrom=raf@rafal.net X-Spamd-Result: default: False [-3.19 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[rafal.net:s=tm]; NEURAL_HAM_MEDIUM(-0.99)[-0.990,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:205.237.194.0/25]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-cloud@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-0.999,0]; IP_SCORE(-0.01)[country: US(-0.07)]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DKIM_TRACE(0.00)[rafal.net:+]; MX_GOOD(-0.01)[mxin.mxes.net,mxin.mxes.net]; DMARC_POLICY_ALLOW(-0.50)[rafal.net,none]; NEURAL_HAM_SHORT(-0.57)[-0.573,0]; RCVD_IN_DNSWL_LOW(-0.10)[127.194.237.205.list.dnswl.org : 127.0.5.1]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+]; ASN(0.00)[asn:10607, ipnet:205.237.192.0/20, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-cloud@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "FreeBSD on cloud platforms \(EC2, GCE, Azure, etc.\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Feb 2019 22:48:24 -0000 I have just noticed that ntp.conf that comes in the AWS AMI for = FreeBSD-12.0 (releng/12.0/usr.sbin/ntp/ntpd/ntp.conf 337649 2018-08-11 = 17:42:42Z brd) lists the AWS =E2=80=9Cserver=E2=80=9D twice, once on = line 50, then again on line 96. I am not sure if that is on purpose, but = it can lead to some confusion if one got changed but not the other. On another note, is there a reason to use chrony instead of ntpd if = using the AWS ntp source, ie. 169.254.169.123? Many thanks, Rafal -- Rafal Lukawiecki Data Scientist=20 Project Botticelli Ltd From owner-freebsd-cloud@freebsd.org Tue Feb 19 23:28:44 2019 Return-Path: Delivered-To: freebsd-cloud@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 74AA114DDBF6 for ; Tue, 19 Feb 2019 23:28:44 +0000 (UTC) (envelope-from 010001690816f9c7-9a9ac01b-f9dc-4249-aab0-17f47c1b1c93-000000@amazonses.com) Received: from a8-60.smtp-out.amazonses.com (a8-60.smtp-out.amazonses.com [54.240.8.60]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7793281615 for ; Tue, 19 Feb 2019 23:28:43 +0000 (UTC) (envelope-from 010001690816f9c7-9a9ac01b-f9dc-4249-aab0-17f47c1b1c93-000000@amazonses.com) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=vnqrkfnvu6csdl6mwgk5t6ix3nnepx57; d=tarsnap.com; t=1550618917; h=Subject:To:References:From:Message-ID:Date:MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding; bh=sEdI3+coKEocXJd54OvUzBsccYOpNfoCZbuLcoXJ9b0=; b=ciWcADFCprA75rxPr1uGafOCK67+J4QJhJaN2zyTFBmCjPaUmeEyoymZ21RfUTVF sxMD/f/qBQCUQXCHUUp1cGTZ2BykTa/4xDiO5kpCahEJ6DlbHUA1Q72JLqBdxZDM0Va Vq10FVJ7iyzHnbYInmGVfnFO2Xchd8bgBaIX0Uws= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=ug7nbtf4gccmlpwj322ax3p6ow6yfsug; d=amazonses.com; t=1550618917; h=Subject:To:References:From:Message-ID:Date:MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding:Feedback-ID; bh=sEdI3+coKEocXJd54OvUzBsccYOpNfoCZbuLcoXJ9b0=; b=R3nLUqqmznAnQB0WTSlT89uNzbWFB5+LAa5qA5ZiYRVtGguW3UlycVtf9yW0xVDi j+kxouDDgnEjW+TyxQdDGNvDzkKT55AaBxrsZ+Adjvl+AAif39ud9cAz63daNe0D7DO /xdWlYuhtSZqMF00lpLD2mlTvkrzfAPxJXqSpl7w= Subject: Re: Duplicate entry in AWS FreeBSD 12.0 ntp.conf To: Rafal Lukawiecki , freebsd-cloud@freebsd.org References: From: Colin Percival Openpgp: preference=signencrypt Autocrypt: addr=cperciva@tarsnap.com; prefer-encrypt=mutual; keydata= mQGhBElrAAcRBACDfDys4ZtK+ErCJ1HAzYeteKpm3OEsvT/49AjUTLihkF79HhIKrCQU+1KC zv7BwHCMLb6hq30As9L7iFKG7n5QFLFC4Te/VcITUnWHMG/c3ViLOfJGvi+9/nOEHaM1dVJY D6tEp5yM1nHmVQpo9932j4KGuGFR0LhOK5IHXOSfGwCgxSFDPdgxe2OEjWxjGgY+oV3EafcD +JROXCTjlcQiG/OguQH4Vks3mhHfFnEppLxTkDuYgHZQiUtpcT9ssH5khgqoTyMar05OUdAj ZIhNbWDh4LgTj+7ZmvLhXT5Zxw8LX9d7T36aTB8XDQSenDqEtinMWOb0TCBBLbsB8EFG1WTT ESbZci9jJS5yhtktuZoY/eM8uXMD/3k4FWFO80VRRkELSp+XSy/VlSQjyi/rhl2nQq/oOA9F oJbDaB0yq9VNhxP+uFBzBWSqeIX0t1ZWLtNfVFr4TRP5hihI5ICrg/0OpqgisKsU2NFe9xyO hyJLYmfD8ebpDJ/9k30C7Iju9pVrwLm1QgS4S2fqJRcR+U4WbjvP7CgStCVDb2xpbiBQZXJj aXZhbCA8Y3BlcmNpdmFAdGFyc25hcC5jb20+iGEEExECACEFAklrALYCGwMHCwkIBwMCAQQV AggDBBYCAwECHgECF4AACgkQOM7KaQxqam6/igCgn+z2k3V5ggNppmWrZstt1U2lugsAoL7L wS9V9yLtil3oWmHtwpUqYruEuQINBElrAAcQCAD3ZLMIsP4CIDoJORg+YY0lqLVBgcnF7pFb 4Uy2+KvdWofN+DKH61rZLjgXXkNE9M4EQC1B4lGttBP8IY2gs41y3AUogGdyFbidq99rCBz7 LTsgARHwFxZoaHmXyiZLEU1QZuMqwPZV1mCviRhN5E3rRqYNXVcrnXAAuhBpvNyj/ntHvcDN 2/m+ochiuBYueU4kX3lHya7sOj+mTsndcWmQ9soOUyr8O0r/BG088bMn4qqtUw4dl5/pglXk jbl7uOOPinKf0WVd2r6M0wLPJCD4NPHrCWRLLLAjwfjrtoSRvXxDbXhCdgGBa72+K8eYLzVs hgq7tJOoBWzjVK6XRxR7AAMGB/9Mo3iJ2DxqDecd02KCB5BsFDICbJGhPltU7FwrtbC7djSb XUrwsEVLHi4st4cbdGNCWCrp0BRezXZKohKnNAPFOTK++ZfgeKxrV2sJod+Q9RILF86tQ4XF 7A7Yme5hy92t/WgiU4vc/fWbgP8gV/19f8nunaT2E9NSa70mZFjZNu4iuwThoUUO5CV3Wo0Y UISsnRK8XD1+LR3A2qVyLiFRwh/miC1hgLFCTGCQ3GLxZeZzIpYSlGdQJ0L5lixW5ZQD9r1I 8i/8zhE6qRFAM0upUMI3Gt1Oq2w03DiXrZU0Fu/R8Rm8rlnkQKA+95mRTUq1xL5P5NZIi4gJ Z569OPMFiEkEGBECAAkFAklrAAcCGwwACgkQOM7KaQxqam41igCfbaldnFTu5uAdrnrghESv EI3CAo8AoLkNMks1pThl2BJNRm4CtTK9xZeH Message-ID: <010001690816f9c7-9a9ac01b-f9dc-4249-aab0-17f47c1b1c93-000000@email.amazonses.com> Date: Tue, 19 Feb 2019 23:28:37 +0000 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.5.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-SES-Outgoing: 2019.02.19-54.240.8.60 Feedback-ID: 1.us-east-1.Lv9FVjaNvvR5llaqfLoOVbo2VxOELl7cjN0AOyXnPlk=:AmazonSES X-Rspamd-Queue-Id: 7793281615 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=tarsnap.com header.s=vnqrkfnvu6csdl6mwgk5t6ix3nnepx57 header.b=ciWcADFC; dkim=pass header.d=amazonses.com header.s=ug7nbtf4gccmlpwj322ax3p6ow6yfsug header.b=R3nLUqqm; spf=pass (mx1.freebsd.org: domain of 010001690816f9c7-9a9ac01b-f9dc-4249-aab0-17f47c1b1c93-000000@amazonses.com designates 54.240.8.60 as permitted sender) smtp.mailfrom=010001690816f9c7-9a9ac01b-f9dc-4249-aab0-17f47c1b1c93-000000@amazonses.com X-Spamd-Result: default: False [-2.89 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[tarsnap.com:s=vnqrkfnvu6csdl6mwgk5t6ix3nnepx57,amazonses.com:s=ug7nbtf4gccmlpwj322ax3p6ow6yfsug]; RCVD_TLS_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:54.240.0.0/18]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[tarsnap.com]; NEURAL_HAM_SHORT(-0.91)[-0.907,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[cached: feedback-smtp.us-east-1.amazonses.com]; DKIM_TRACE(0.00)[tarsnap.com:+,amazonses.com:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[60.8.240.54.list.dnswl.org : 127.0.15.0]; FORGED_SENDER(0.30)[cperciva@tarsnap.com,010001690816f9c7-9a9ac01b-f9dc-4249-aab0-17f47c1b1c93-000000@amazonses.com]; RCVD_COUNT_ZERO(0.00)[0]; MIME_TRACE(0.00)[0:+]; IP_SCORE(-2.27)[ip: (-3.37), ipnet: 54.240.8.0/21(-4.58), asn: 14618(-3.35), country: US(-0.07)]; ASN(0.00)[asn:14618, ipnet:54.240.8.0/21, country:US]; FORGED_MUA_THUNDERBIRD_MSGID_UNKNOWN(2.50)[]; FROM_NEQ_ENVFROM(0.00)[cperciva@tarsnap.com, 010001690816f9c7-9a9ac01b-f9dc-4249-aab0-17f47c1b1c93-000000@amazonses.com] X-BeenThere: freebsd-cloud@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "FreeBSD on cloud platforms \(EC2, GCE, Azure, etc.\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Feb 2019 23:28:44 -0000 On 2/19/19 2:48 PM, Rafal Lukawiecki wrote: > I have just noticed that ntp.conf that comes in the AWS AMI for FreeBSD-12.0 (releng/12.0/usr.sbin/ntp/ntpd/ntp.conf 337649 2018-08-11 17:42:42Z brd) lists the AWS “server” twice, once on line 50, then again on line 96. I am not sure if that is on purpose, but it can lead to some confusion if one got changed but not the other. Oops. Not intentional, just an erroneous sed script. Fixed in r344315. > On another note, is there a reason to use chrony instead of ntpd if using the AWS ntp source, ie. 169.254.169.123? Nope. Chrony is what Amazon uses and it's what they recommend for anyone starting from a blank slate; but I discussed this with them and they agreed that since we ship with ntpd already installed it makes far more sense to use what we already have. -- Colin Percival Security Officer Emeritus, FreeBSD | The power to serve Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid From owner-freebsd-cloud@freebsd.org Wed Feb 20 00:09:16 2019 Return-Path: Delivered-To: freebsd-cloud@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9610014DEAE7 for ; Wed, 20 Feb 2019 00:09:16 +0000 (UTC) (envelope-from raf@rafal.net) Received: from smtp-out-2.mxes.net (smtp-out-2.mxes.net [205.237.194.127]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 937A082EBF for ; Wed, 20 Feb 2019 00:09:15 +0000 (UTC) (envelope-from raf@rafal.net) Received: from Customer-MUA (mua.mxes.net [10.0.0.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 22FD927553; Tue, 19 Feb 2019 19:09:10 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rafal.net; s=tm; t=1550621351; bh=CGmotVNomYxKWGbek87QOeEon62oqnOzZZCrXm4f0fE=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=hTlEDYMsbs62t26DCR0UTE28k+L01WQ0o8cBpr4G2TAaTRuUPiZHpD5InqaYOdN/T EOsHYHj03Kf+zQchn0Gk/wrmq4pdHknAmjrGjJvJqPyzFJ5jkWn8N9OYeXkJ3URE0V oT7ohpeJ+WhF4TRKzftmYccN25Qabk/jEyqLntq8= Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\)) Subject: Re: Duplicate entry in AWS FreeBSD 12.0 ntp.conf From: Rafal Lukawiecki In-Reply-To: <010001690816f97a-13e5dc2c-f96e-40fc-a3e2-65e7f5c9a7c6-000000@email.amazonses.com> Date: Wed, 20 Feb 2019 00:09:09 +0000 Cc: freebsd-cloud@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <2E3D9ACA-0ACE-4305-BE35-80B50236E154@rafal.net> References: <010001690816f97a-13e5dc2c-f96e-40fc-a3e2-65e7f5c9a7c6-000000@email.amazonses.com> To: Colin Percival X-Mailer: Apple Mail (2.3445.102.3) X-Sent-To: X-Sender: rafal.net X-Rspamd-Queue-Id: 937A082EBF X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=rafal.net header.s=tm header.b=hTlEDYMs; dmarc=pass (policy=none) header.from=rafal.net; spf=pass (mx1.freebsd.org: domain of raf@rafal.net designates 205.237.194.127 as permitted sender) smtp.mailfrom=raf@rafal.net X-Spamd-Result: default: False [-1.82 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[rafal.net:s=tm]; NEURAL_HAM_MEDIUM(-0.99)[-0.995,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:205.237.194.0/25]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; IP_SCORE(-0.01)[country: US(-0.07)]; NEURAL_HAM_LONG(-1.00)[-0.999,0]; NEURAL_SPAM_SHORT(0.80)[0.796,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[cached: mxin.mxes.net]; DKIM_TRACE(0.00)[rafal.net:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[rafal.net,none]; RCVD_IN_DNSWL_LOW(-0.10)[127.194.237.205.list.dnswl.org : 127.0.5.1]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:10607, ipnet:205.237.192.0/20, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-cloud@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "FreeBSD on cloud platforms \(EC2, GCE, Azure, etc.\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Feb 2019 00:09:16 -0000 Thank you, Colin! Rafal > On 19 Feb 2019, at 23:28, Colin Percival wrote: >=20 > On 2/19/19 2:48 PM, Rafal Lukawiecki wrote: >> I have just noticed that ntp.conf that comes in the AWS AMI for = FreeBSD-12.0 (releng/12.0/usr.sbin/ntp/ntpd/ntp.conf 337649 2018-08-11 = 17:42:42Z brd) lists the AWS =E2=80=9Cserver=E2=80=9D twice, once on = line 50, then again on line 96. I am not sure if that is on purpose, but = it can lead to some confusion if one got changed but not the other. >=20 > Oops. Not intentional, just an erroneous sed script. Fixed in = r344315. >=20 >> On another note, is there a reason to use chrony instead of ntpd if = using the AWS ntp source, ie. 169.254.169.123? >=20 > Nope. Chrony is what Amazon uses and it's what they recommend for = anyone > starting from a blank slate; but I discussed this with them and they = agreed > that since we ship with ntpd already installed it makes far more sense = to > use what we already have. >=20 > --=20 > Colin Percival > Security Officer Emeritus, FreeBSD | The power to serve > Founder, Tarsnap | www.tarsnap.com | Online backups for the truly = paranoid