maas-devel team mailing list archive

Thread
Date

Re: Clock skew and OAuth

To: Jeroen Vermeulen <jtv@xxxxxxxxxxxxx>
From: Julian Edwards <julian.edwards@xxxxxxxxxxxxx>
Date: Wed, 27 Jun 2012 13:39:44 +1000
Cc: maas-devel@xxxxxxxxxxxxxxxxxxx, Scott Moser <scott.moser@xxxxxxxxxxxxx>
In-reply-to: <4FEA7A92.70305@canonical.com>
Organization: Canonical Ltd
User-agent: KMail/4.8.3 (Linux/3.2.0-25-generic; KDE/4.8.3; x86_64; ; )

On Wednesday 27 June 2012 10:14:26 you wrote:
> On 2012-06-27 07:59, Julian Edwards wrote:
> > https://bugs.launchpad.net/maas/+bug/978127
> > 
> > Scott, is there a quick backportable fix that we can do for this?  Perhaps
> > send the MAAS server's time at boot somehow, before trying to access the
> > metadata service (via user data?) and then have cloud-init set the clock?
> > 
> > It's causing a lot of pain for quite a few people.
> 
> Would it be possible to make maas depend on an ntp server, have the dhcp
> config refer the nodes to it, and install & run ntpdate on the node
> early on?

That's one other sort of thing I had in mind, provided the maas server is the 
ntp server since there may not be any other onward network available from the 
node (yet).

> It's a few extra moving parts but it avoids issues like ntp servers that
> might be out of the nodes' reach, or re-inventing the protocol.  On the
> downside, I have no idea how hard it might be to install ntpdate on a
> node in this state.

The clock only has to be roughly in sync, not perfectly.  This is why we don't 
need to re-invent ntp, we could just throw a clock setting in the cloud-init 
code which pulls the time out of the user data.

Follow ups

Re: Clock skew and OAuth
From: Scott Moser, 2012-06-27

References

Clock skew and OAuth
From: Julian Edwards, 2012-06-27
Re: Clock skew and OAuth
From: Jeroen Vermeulen, 2012-06-27