From owner-freebsd-cloud@freebsd.org Tue Feb 19 23:28:44 2019 Return-Path: Delivered-To: freebsd-cloud@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 74AA114DDBF6 for ; Tue, 19 Feb 2019 23:28:44 +0000 (UTC) (envelope-from 010001690816f9c7-9a9ac01b-f9dc-4249-aab0-17f47c1b1c93-000000@amazonses.com) Received: from a8-60.smtp-out.amazonses.com (a8-60.smtp-out.amazonses.com [54.240.8.60]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7793281615 for ; Tue, 19 Feb 2019 23:28:43 +0000 (UTC) (envelope-from 010001690816f9c7-9a9ac01b-f9dc-4249-aab0-17f47c1b1c93-000000@amazonses.com) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=vnqrkfnvu6csdl6mwgk5t6ix3nnepx57; d=tarsnap.com; t=1550618917; h=Subject:To:References:From:Message-ID:Date:MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding; bh=sEdI3+coKEocXJd54OvUzBsccYOpNfoCZbuLcoXJ9b0=; b=ciWcADFCprA75rxPr1uGafOCK67+J4QJhJaN2zyTFBmCjPaUmeEyoymZ21RfUTVF sxMD/f/qBQCUQXCHUUp1cGTZ2BykTa/4xDiO5kpCahEJ6DlbHUA1Q72JLqBdxZDM0Va Vq10FVJ7iyzHnbYInmGVfnFO2Xchd8bgBaIX0Uws= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=ug7nbtf4gccmlpwj322ax3p6ow6yfsug; d=amazonses.com; t=1550618917; h=Subject:To:References:From:Message-ID:Date:MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding:Feedback-ID; bh=sEdI3+coKEocXJd54OvUzBsccYOpNfoCZbuLcoXJ9b0=; b=R3nLUqqmznAnQB0WTSlT89uNzbWFB5+LAa5qA5ZiYRVtGguW3UlycVtf9yW0xVDi j+kxouDDgnEjW+TyxQdDGNvDzkKT55AaBxrsZ+Adjvl+AAif39ud9cAz63daNe0D7DO /xdWlYuhtSZqMF00lpLD2mlTvkrzfAPxJXqSpl7w= Subject: Re: Duplicate entry in AWS FreeBSD 12.0 ntp.conf To: Rafal Lukawiecki , freebsd-cloud@freebsd.org References: From: Colin Percival Openpgp: preference=signencrypt Autocrypt: addr=cperciva@tarsnap.com; prefer-encrypt=mutual; keydata= mQGhBElrAAcRBACDfDys4ZtK+ErCJ1HAzYeteKpm3OEsvT/49AjUTLihkF79HhIKrCQU+1KC zv7BwHCMLb6hq30As9L7iFKG7n5QFLFC4Te/VcITUnWHMG/c3ViLOfJGvi+9/nOEHaM1dVJY D6tEp5yM1nHmVQpo9932j4KGuGFR0LhOK5IHXOSfGwCgxSFDPdgxe2OEjWxjGgY+oV3EafcD +JROXCTjlcQiG/OguQH4Vks3mhHfFnEppLxTkDuYgHZQiUtpcT9ssH5khgqoTyMar05OUdAj ZIhNbWDh4LgTj+7ZmvLhXT5Zxw8LX9d7T36aTB8XDQSenDqEtinMWOb0TCBBLbsB8EFG1WTT ESbZci9jJS5yhtktuZoY/eM8uXMD/3k4FWFO80VRRkELSp+XSy/VlSQjyi/rhl2nQq/oOA9F oJbDaB0yq9VNhxP+uFBzBWSqeIX0t1ZWLtNfVFr4TRP5hihI5ICrg/0OpqgisKsU2NFe9xyO hyJLYmfD8ebpDJ/9k30C7Iju9pVrwLm1QgS4S2fqJRcR+U4WbjvP7CgStCVDb2xpbiBQZXJj aXZhbCA8Y3BlcmNpdmFAdGFyc25hcC5jb20+iGEEExECACEFAklrALYCGwMHCwkIBwMCAQQV AggDBBYCAwECHgECF4AACgkQOM7KaQxqam6/igCgn+z2k3V5ggNppmWrZstt1U2lugsAoL7L wS9V9yLtil3oWmHtwpUqYruEuQINBElrAAcQCAD3ZLMIsP4CIDoJORg+YY0lqLVBgcnF7pFb 4Uy2+KvdWofN+DKH61rZLjgXXkNE9M4EQC1B4lGttBP8IY2gs41y3AUogGdyFbidq99rCBz7 LTsgARHwFxZoaHmXyiZLEU1QZuMqwPZV1mCviRhN5E3rRqYNXVcrnXAAuhBpvNyj/ntHvcDN 2/m+ochiuBYueU4kX3lHya7sOj+mTsndcWmQ9soOUyr8O0r/BG088bMn4qqtUw4dl5/pglXk jbl7uOOPinKf0WVd2r6M0wLPJCD4NPHrCWRLLLAjwfjrtoSRvXxDbXhCdgGBa72+K8eYLzVs hgq7tJOoBWzjVK6XRxR7AAMGB/9Mo3iJ2DxqDecd02KCB5BsFDICbJGhPltU7FwrtbC7djSb XUrwsEVLHi4st4cbdGNCWCrp0BRezXZKohKnNAPFOTK++ZfgeKxrV2sJod+Q9RILF86tQ4XF 7A7Yme5hy92t/WgiU4vc/fWbgP8gV/19f8nunaT2E9NSa70mZFjZNu4iuwThoUUO5CV3Wo0Y UISsnRK8XD1+LR3A2qVyLiFRwh/miC1hgLFCTGCQ3GLxZeZzIpYSlGdQJ0L5lixW5ZQD9r1I 8i/8zhE6qRFAM0upUMI3Gt1Oq2w03DiXrZU0Fu/R8Rm8rlnkQKA+95mRTUq1xL5P5NZIi4gJ Z569OPMFiEkEGBECAAkFAklrAAcCGwwACgkQOM7KaQxqam41igCfbaldnFTu5uAdrnrghESv EI3CAo8AoLkNMks1pThl2BJNRm4CtTK9xZeH Message-ID: <010001690816f9c7-9a9ac01b-f9dc-4249-aab0-17f47c1b1c93-000000@email.amazonses.com> Date: Tue, 19 Feb 2019 23:28:37 +0000 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.5.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-SES-Outgoing: 2019.02.19-54.240.8.60 Feedback-ID: 1.us-east-1.Lv9FVjaNvvR5llaqfLoOVbo2VxOELl7cjN0AOyXnPlk=:AmazonSES X-Rspamd-Queue-Id: 7793281615 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=tarsnap.com header.s=vnqrkfnvu6csdl6mwgk5t6ix3nnepx57 header.b=ciWcADFC; dkim=pass header.d=amazonses.com header.s=ug7nbtf4gccmlpwj322ax3p6ow6yfsug header.b=R3nLUqqm; spf=pass (mx1.freebsd.org: domain of 010001690816f9c7-9a9ac01b-f9dc-4249-aab0-17f47c1b1c93-000000@amazonses.com designates 54.240.8.60 as permitted sender) smtp.mailfrom=010001690816f9c7-9a9ac01b-f9dc-4249-aab0-17f47c1b1c93-000000@amazonses.com X-Spamd-Result: default: False [-2.89 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[tarsnap.com:s=vnqrkfnvu6csdl6mwgk5t6ix3nnepx57,amazonses.com:s=ug7nbtf4gccmlpwj322ax3p6ow6yfsug]; RCVD_TLS_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:54.240.0.0/18]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[tarsnap.com]; NEURAL_HAM_SHORT(-0.91)[-0.907,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[cached: feedback-smtp.us-east-1.amazonses.com]; DKIM_TRACE(0.00)[tarsnap.com:+,amazonses.com:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[60.8.240.54.list.dnswl.org : 127.0.15.0]; FORGED_SENDER(0.30)[cperciva@tarsnap.com,010001690816f9c7-9a9ac01b-f9dc-4249-aab0-17f47c1b1c93-000000@amazonses.com]; RCVD_COUNT_ZERO(0.00)[0]; MIME_TRACE(0.00)[0:+]; IP_SCORE(-2.27)[ip: (-3.37), ipnet: 54.240.8.0/21(-4.58), asn: 14618(-3.35), country: US(-0.07)]; ASN(0.00)[asn:14618, ipnet:54.240.8.0/21, country:US]; FORGED_MUA_THUNDERBIRD_MSGID_UNKNOWN(2.50)[]; FROM_NEQ_ENVFROM(0.00)[cperciva@tarsnap.com, 010001690816f9c7-9a9ac01b-f9dc-4249-aab0-17f47c1b1c93-000000@amazonses.com] X-BeenThere: freebsd-cloud@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "FreeBSD on cloud platforms \(EC2, GCE, Azure, etc.\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Feb 2019 23:28:44 -0000 On 2/19/19 2:48 PM, Rafal Lukawiecki wrote: > I have just noticed that ntp.conf that comes in the AWS AMI for FreeBSD-12.0 (releng/12.0/usr.sbin/ntp/ntpd/ntp.conf 337649 2018-08-11 17:42:42Z brd) lists the AWS “server” twice, once on line 50, then again on line 96. I am not sure if that is on purpose, but it can lead to some confusion if one got changed but not the other. Oops. Not intentional, just an erroneous sed script. Fixed in r344315. > On another note, is there a reason to use chrony instead of ntpd if using the AWS ntp source, ie. 169.254.169.123? Nope. Chrony is what Amazon uses and it's what they recommend for anyone starting from a blank slate; but I discussed this with them and they agreed that since we ship with ntpd already installed it makes far more sense to use what we already have. -- Colin Percival Security Officer Emeritus, FreeBSD | The power to serve Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid