Comments inline. Nicolas Williams wrote: > On Fri, Apr 17, 2009 at 01:26:36PM -0400, Brian Utterback wrote: >> 4.1 Exported Interfaces >> >> Interface Name Classification Comments >> --------------------------- ------------------- >> --------------------------- >> SUNWntpr Uncomitted Root package >> SUNWntpu Uncomitted /usr package >> /etc/inet/ntp.conf Uncomitted Configuration file > > The configuration file format is Uncommitted, right? Also, you > mentioned some incompatible changes. Can you list them all? Will a > follow on project move more of the configuration into SMF service > properties?
I have no plans to do so, but I am open to this. Certainly any that make sense can be added. However, the configuration file has many more options available than the commandline, so it might be difficult. > >> /usr/lib/inet/ntpd Uncomitted NTP daemon >> /usr/lib/inet/ntp-wait Project Private >> /usr/sbin/ntpdate Volatile > > The manpages for NTP in Solaris now don't state interface stability. I thought that they should. If that is not the convention, then I can remove them. > > But it seems to me that it's all as if Committed. ntpdate(1M) in > particular is quite useful, though I see that its main use is being > subsumed into the ntp service via the config/wait_for_sync property, I > think. Correct, we have treated them as being largely committed. I don't expect this to change, per se, but since I intend to track the community, I didn't want to formally lock in. In particular, several of the existing commands are deprecated by the NTP project and may be removed at a future date. These are ntpdate and ntpdc. The functionality of ntpdate is being subsumed by ntpd itself, which now has a "ntpdate" mode. This mode is not a complete replacement yet, but that is the goal. Until then, ntpdate will continue to be delivered. Also, the ntpdc (xntpdc) command is likewise having its feature set folded into the ntpq command. Not all the functions are there yet, but again, that is the goal. The ntpdate program is no longer called from the service startup method. The ntpdate program, while useful was also a bit of a security hole. It does not support most of the newer authentication methods added in version 4, and it is very susceptible to getting the wrong time from a single bad server. The ntpd program has a mode that allows it to correct a very large offset once at startup just as ntpdate always does. Plus, the new iburst option to the server line allows ntpd to synchronize in seconds (like ntpdate) instead of the 5 minutes it used to require. These two features make the use of ntpdate during startup unnecessary. > > Also, why would ntpd have a stronger commitment than ntpdate? See the above. > >> /usr/sbin/ntptrace Volatile >> /usr/sbin/ntpq Uncomitted >> /usr/sbin/ntpdc Volatile > > Will there be a link for 'xntpdc'? Or does that just go away? We could, but it would be simpler to have it just "go away" since that is what the community delivers now, and has for 11 years. > >> /usr/sbin/ntp-keygen Uncomitted Crypto key gen utility. >> /usr/sbin/ntptime Volatile Kernel NTP state >> utility. >> /usr/share/doc/ntp Uncommitted Location for html docs >> /usr/share/doc/ntp/* Volatile Contents of HTML docs. >> SMF properties >> config/debugfile Uncomitted >> config/debuglevel Uncomitted >> config/logfile Uncomitted >> config/no_auth_required Uncomitted Restores Solaris 9 default. >> config/slew_always Uncomitted Raises threshold for >> step. >> config/wait_for_sync Uncomitted Prevents method completion >> until sync. >> config/mdnsregister Uncomitted Registers server with >> mDNS >> config/verbose_logging Uncomitted > > I wonder if it wouldn't be better to have a separate SMF service for > doing an ntpdate early at boot time (say, svc:/network/ntpdate:default), > with svc:/network/ntp:default having an optional dependency on the > former. As I explained above, that is no longer necessary. In addition, the ntpd program now has a feature to retry hostname look-ups that fail during initialization, so the need to wait for the naming service is also no longer a problem. So, ntp can now start very early without difficulty. This will make interaction with Secure DNS easy. > > Nico -- blu "You would think that spies would have to be light sleepers, but that isn't true. For instance, James Bond once slept through an earthquake. That's right, he was shaken but not stirred." ---------------------------------------------------------------------- Brian Utterback - Solaris RPE, Sun Microsystems, Inc. Ph:877-259-7345, Em:brian.utterback-at-ess-you-enn-dot-kom
