maas-devel team mailing list archive

[Robie Basak <robie.basak@xxxxxxxxxxxxx>]

On Tue, Aug 07, 2012 at 09:02:02AM +0100, Gavin Panella wrote:
> Appending the time to the kernel command line seems okay, but I wonder
> why using ntp is a problem? If we're talking to PXE then we have
> networking and an IP address.

You're right - we absoutely _can_ use NTP if we want to. But I think
that this method reduces the potential for failure radically, by making
it remarkably simple. If a failure occurs very early in bootstrapping,
it's hard to debug, and that increases the support burden. I think it
makes sense to try and keep bootstrapping failure scenarios to an
absolute minimum.

With ntp at the bootstrapping stage, we end up with a bunch of extra
questions and failure scenarios:

  * Where is the NTP server? Do we need an unauth API call to find one?
    Will it definitely be running and configured for remote queries on
    the same machine we're provisioning from? What if we want to change the
    arrangement later?

  * What if the setup around getting the NTP server in place and serving
    remote queries is buggy or fails?

  * What happens on NTP timeout? How do we report an error? If we start
    reporting node errors via the API in future, then we'll have a
    circular problem.

By supplying a bootstrap time on the command line, we delegate the task
of finding the time to the MAAS worker where it is easier to get it
right. And the node will definitely have a valid(-enough) time if it
boots at all.

Rather than using a new mechanism, why not use the kernel command line
which we must always have anyway?

I'm not suggesting that we don't use NTP, just that we don't write extra
new code to use NTP for the bootstrapping case when we can use something
much simpler and more reliable.

Attachment: signature.asc
Description: Digital signature