From owner-freebsd-cloud@freebsd.org Wed Feb 20 00:09:16 2019 Return-Path: Delivered-To: freebsd-cloud@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9610014DEAE7 for ; Wed, 20 Feb 2019 00:09:16 +0000 (UTC) (envelope-from raf@rafal.net) Received: from smtp-out-2.mxes.net (smtp-out-2.mxes.net [205.237.194.127]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 937A082EBF for ; Wed, 20 Feb 2019 00:09:15 +0000 (UTC) (envelope-from raf@rafal.net) Received: from Customer-MUA (mua.mxes.net [10.0.0.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 22FD927553; Tue, 19 Feb 2019 19:09:10 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rafal.net; s=tm; t=1550621351; bh=CGmotVNomYxKWGbek87QOeEon62oqnOzZZCrXm4f0fE=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=hTlEDYMsbs62t26DCR0UTE28k+L01WQ0o8cBpr4G2TAaTRuUPiZHpD5InqaYOdN/T EOsHYHj03Kf+zQchn0Gk/wrmq4pdHknAmjrGjJvJqPyzFJ5jkWn8N9OYeXkJ3URE0V oT7ohpeJ+WhF4TRKzftmYccN25Qabk/jEyqLntq8= Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\)) Subject: Re: Duplicate entry in AWS FreeBSD 12.0 ntp.conf From: Rafal Lukawiecki In-Reply-To: <010001690816f97a-13e5dc2c-f96e-40fc-a3e2-65e7f5c9a7c6-000000@email.amazonses.com> Date: Wed, 20 Feb 2019 00:09:09 +0000 Cc: freebsd-cloud@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <2E3D9ACA-0ACE-4305-BE35-80B50236E154@rafal.net> References: <010001690816f97a-13e5dc2c-f96e-40fc-a3e2-65e7f5c9a7c6-000000@email.amazonses.com> To: Colin Percival X-Mailer: Apple Mail (2.3445.102.3) X-Sent-To: X-Sender: rafal.net X-Rspamd-Queue-Id: 937A082EBF X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=rafal.net header.s=tm header.b=hTlEDYMs; dmarc=pass (policy=none) header.from=rafal.net; spf=pass (mx1.freebsd.org: domain of raf@rafal.net designates 205.237.194.127 as permitted sender) smtp.mailfrom=raf@rafal.net X-Spamd-Result: default: False [-1.82 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[rafal.net:s=tm]; NEURAL_HAM_MEDIUM(-0.99)[-0.995,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:205.237.194.0/25]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; IP_SCORE(-0.01)[country: US(-0.07)]; NEURAL_HAM_LONG(-1.00)[-0.999,0]; NEURAL_SPAM_SHORT(0.80)[0.796,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[cached: mxin.mxes.net]; DKIM_TRACE(0.00)[rafal.net:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[rafal.net,none]; RCVD_IN_DNSWL_LOW(-0.10)[127.194.237.205.list.dnswl.org : 127.0.5.1]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:10607, ipnet:205.237.192.0/20, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-cloud@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "FreeBSD on cloud platforms \(EC2, GCE, Azure, etc.\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Feb 2019 00:09:16 -0000 Thank you, Colin! Rafal > On 19 Feb 2019, at 23:28, Colin Percival wrote: >=20 > On 2/19/19 2:48 PM, Rafal Lukawiecki wrote: >> I have just noticed that ntp.conf that comes in the AWS AMI for = FreeBSD-12.0 (releng/12.0/usr.sbin/ntp/ntpd/ntp.conf 337649 2018-08-11 = 17:42:42Z brd) lists the AWS =E2=80=9Cserver=E2=80=9D twice, once on = line 50, then again on line 96. I am not sure if that is on purpose, but = it can lead to some confusion if one got changed but not the other. >=20 > Oops. Not intentional, just an erroneous sed script. Fixed in = r344315. >=20 >> On another note, is there a reason to use chrony instead of ntpd if = using the AWS ntp source, ie. 169.254.169.123? >=20 > Nope. Chrony is what Amazon uses and it's what they recommend for = anyone > starting from a blank slate; but I discussed this with them and they = agreed > that since we ship with ntpd already installed it makes far more sense = to > use what we already have. >=20 > --=20 > Colin Percival > Security Officer Emeritus, FreeBSD | The power to serve > Founder, Tarsnap | www.tarsnap.com | Online backups for the truly = paranoid