Re: State of the microserver HOWTO

2016-06-07 Thread Gary E. Miller
Yo Hal! I agree with Hal, my descriptions are a bit long and picky for the newbie howto. Get that done, then these issues will get addressed in due time. On Tue, 07 Jun 2016 17:21:50 -0700 Hal Murray wrote: > e...@thyrsus.com said: > > My plan was to encourage you to elaborate - *and explain*

Re: microserver HOWTO timeservice patch

2016-06-07 Thread Eric S. Raymond
Gary E. Miller : > I have filed issues for most of these. But I know the issue tracker is > where things go to die. :-) Actually, I do pay attention to it. I fixed two issues today. But I admit that tends to be a background task because the stuff that shows up there is not usually very importa

Re: State of the microserver HOWTO

2016-06-07 Thread Hal Murray
e...@thyrsus.com said: > My plan was to encourage you to elaborate - *and explain* - your favorite > odd features for your local config, then work with you to prune it back to > someting we might ship. You are letting Gary suck you down ratholes. I think you need to think hard about what your g

Re: microserver HOWTO timeservice patch

2016-06-07 Thread Gary E. Miller
Yo Eric! On Tue, 7 Jun 2016 20:09:06 -0400 "Eric S. Raymond" wrote: > Gary E. Miller : > > I like to have gpsd start first. That way when ntpd restarts it has > > a good local time handy. If ntpd starts first, it will set the > > local clock using a remote, probably pool, server. Then cntpd h

Re: microserver HOWTO timeservice patch

2016-06-07 Thread Eric S. Raymond
Gary E. Miller : > I like to have gpsd start first. That way when ntpd restarts it has > a good local time handy. If ntpd starts first, it will set the local > clock using a remote, probably pool, server. Then cntpd has to spend a > whole day undoing the damage done to the PLL. Patch applied.

Re: Logfile permissions and ntp group

2016-06-07 Thread Gary E. Miller
Yo Hal! On Tue, 07 Jun 2016 16:51:05 -0700 Hal Murray wrote: > g...@rellim.com said: > > logrotate does not make files, it restarts ntpd, so ntpd can make > > the new file. Which has all the problems of restarting ntpd. > > The logrotate I'm familiar with has the option to make the new fil

Re: Logfile permissions and ntp group

2016-06-07 Thread Hal Murray
g...@rellim.com said: > logrotate does not make files, it restarts ntpd, so ntpd can make the new > file. Which has all the problems of restarting ntpd. The logrotate I'm familiar with has the option to make the new file after renaming the old one. (I may be confused by the netbsd/freebsd ve

Re: State of the microserver HOWTO

2016-06-07 Thread Mike
On 06/07/2016 07:39 PM, Hal Murray wrote: bellyac...@gmail.com said: Thanks for that. Is that documented somewhere that I've missed or overlooked? Or is this buried in the code somewhere that will be harder for someone such as myself to understand, figure out? I didn't find it in the document

Re: Would you please check libntp/systime.c

2016-06-07 Thread Hal Murray
e...@thyrsus.com said: >> Why didn't any of the other tools notice this? The code isn't particularly >> complicated. > I don't know. It does seem like the sort of error a static analyzer should > spot. Should we feed them a test case? e...@thyrsus.com said: > The assignment to tvlast doesn'

Re: State of the microserver HOWTO

2016-06-07 Thread Hal Murray
bellyac...@gmail.com said: > Thanks for that. Is that documented somewhere that I've missed or > overlooked? Or is this buried in the code somewhere that will be harder > for someone such as myself to understand, figure out? I didn't find it in the documentation. It's in the code: write_stats

Re: microserver HOWTO timeservice patch

2016-06-07 Thread Mike
On 06/07/2016 07:26 PM, Eric S. Raymond wrote: Mike : Looking at the timeservice init script after seeing that ntpd has a PID value lower than gpsd it looks like their startup order is reversed. Patch attached... I'm not objecting to the patch per se, but what makes the order reversed? It does

Re: Logfile permissions and ntp group

2016-06-07 Thread Eric S. Raymond
Hal Murray : > The stats files automatically roll over. You can specify how often, but > daily works for me. They don't get opened until needed which is long after > dropping root, so they need the right user:group on the directory as well as > any existing current files if any. OK, that seem

Re: microserver HOWTO timeservice patch

2016-06-07 Thread Gary E. Miller
Yo Eric! On Tue, 7 Jun 2016 19:26:22 -0400 "Eric S. Raymond" wrote: > Mike : > > Looking at the timeservice init script after seeing that ntpd has a > > PID value lower than gpsd it looks like their startup order is > > reversed. > > > > Patch attached... > > I'm not objecting to the patch p

Re: Logfile permissions and ntp group

2016-06-07 Thread Gary E. Miller
Yo Hal! On Tue, 07 Jun 2016 16:17:38 -0700 Hal Murray wrote: > e...@thyrsus.com said: > > You are suggesting that this is not so - that as long as we open > > log files before privilege-dropping the ntp user/group pair isn't > > necessary at all. If true I would mildly prefer to do things that >

Re: microserver HOWTO timeservice patch

2016-06-07 Thread Eric S. Raymond
Mike : > Looking at the timeservice init script after seeing that ntpd has a PID > value lower than gpsd it looks like their startup order is reversed. > > Patch attached... I'm not objecting to the patch per se, but what makes the order reversed? It doesn't seem like either daemon ought to care

Re: Logfile permissions and ntp group

2016-06-07 Thread Gary E. Miller
Yo Eric! On Tue, 7 Jun 2016 18:46:44 -0400 "Eric S. Raymond" wrote: > I thought I was going to have to tweak clockmaker to create an ntp > user and group if it doesn't already exist, then set ntp to run with > those IDs in the init script. That's easy enough to do. And certainly my preference.

Re: State of the microserver HOWTO

2016-06-07 Thread Gary E. Miller
Yo Eric! On Tue, 7 Jun 2016 18:48:42 -0400 "Eric S. Raymond" wrote: > > > My plan was to encourage you to elaborate - *and explain* - your > > > favorite odd features for your local config, then work with you to > > > prune it back to someting we might ship. > > > > Howz it look now? > > W

Re: Logfile permissions and ntp group

2016-06-07 Thread Hal Murray
e...@thyrsus.com said: > You are suggesting that this is not so - that as long as we open log files > before privilege-dropping the ntp user/group pair isn't necessary at all. If > true I would mildly prefer to do things that way, it's simpler. There are 2 types of "log" files. There is ntpd.lo

Re: State of the microserver HOWTO

2016-06-07 Thread Mike
On 06/07/2016 07:02 PM, Hal Murray wrote: bellyac...@gmail.com said: things have stabilized. The something on the order of once an hour or so from there on out. Have I misunderstood that? I think that's right, but there is another layer that suppresses writes if drift hasn't changed much. Th

microserver HOWTO timeservice patch

2016-06-07 Thread Mike
Looking at the timeservice init script after seeing that ntpd has a PID value lower than gpsd it looks like their startup order is reversed. Patch attached... Mike --- timeservice 2016-06-07 18:43:50.269898401 -0400 +++ timeservice.mab 2016-06-07 18:47:47.302535057 -0400 @@ -13,10 +13,10 @@

Re: State of the microserver HOWTO

2016-06-07 Thread Hal Murray
bellyac...@gmail.com said: > things have stabilized. The something on the order of once an hour or so > from there on out. > Have I misunderstood that? I think that's right, but there is another layer that suppresses writes if drift hasn't changed much. The idea is to reduce wear on flash s

Re: Logfile permissions and ntp group

2016-06-07 Thread Mike
On 06/07/2016 06:46 PM, Eric S. Raymond wrote: Mike : On 06/07/2016 05:57 PM, Hal Murray wrote: Ntpd is running as user nobody, whom can't write to that directory. Hopefully that is user ntp rather than nobody. The file permissions need to be setup for log files as well as the drift file.

Re: State of the microserver HOWTO

2016-06-07 Thread Eric S. Raymond
Gary E. Miller : > On Tue, 7 Jun 2016 18:37:02 -0400 > "Eric S. Raymond" wrote: > > > Gary E. Miller : > > > But remember, Eric asked for MY config, not what I think others > > > should be using. I would hope we get a collection of slightly > > > different ntp.conf that are optimimized for diffe

Logfile permissions and ntp group

2016-06-07 Thread Eric S. Raymond
Mike : > On 06/07/2016 05:57 PM, Hal Murray wrote: > >>Ntpd is running as user nobody, whom can't write to that directory. > >Hopefully that is user ntp rather than nobody. > > > >The file permissions need to be setup for log files as well as the drift > >file. > > > > > The HOWTO setsup ntpd to r

Re: State of the microserver HOWTO

2016-06-07 Thread Hal Murray
bellyac...@gmail.com said: > The logfile set to /var/log/ntpd.log is root:root. I'm not getting errors > there, gathering that it was opened before privileges were dropped. I think that will break if/when we fix ntpd to cooperate with logrotate or newsyslog. The stats files roll over occasio

Re: State of the microserver HOWTO

2016-06-07 Thread Gary E. Miller
Yo Mike! On Tue, 7 Jun 2016 18:35:13 -0400 Mike wrote: > > I opened a bug: > > > > https://gitlab.com/NTPsec/ntpsec/issues/76 > > > Gary, > > I'm not seeing that once I set the ownership to nobody. > > mike@3142:/var/lib/ntp $ ls -al > total 12 > drwxr-xr-x 2 nobody root4096 Jun 7 18:1

Re: State of the microserver HOWTO

2016-06-07 Thread Mike
On 06/07/2016 06:24 PM, Hal Murray wrote: I made it nobody, mod 777, and still no luck I'm not sure what "no luck" means. It doesn't get written at shutdown. I think ntp-classic used to do that a long time ago. I remember some comments about fixing it. I don't remember the reasoning. My un

Re: State of the microserver HOWTO

2016-06-07 Thread Gary E. Miller
Yo Hal! On Tue, 07 Jun 2016 15:24:36 -0700 Hal Murray wrote: > > I made it nobody, mod 777, and still no luck > > I'm not sure what "no luck" means. # ls -l /var/lib/ntp/ total 0 > It doesn't get written at shutdown. Well, that would be dumb not to. It also means my tests of the paramete

Re: State of the microserver HOWTO

2016-06-07 Thread Gary E. Miller
Yo Eric! On Tue, 7 Jun 2016 18:37:02 -0400 "Eric S. Raymond" wrote: > Gary E. Miller : > > But remember, Eric asked for MY config, not what I think others > > should be using. I would hope we get a collection of slightly > > different ntp.conf that are optimimized for different purposes, or > >

Re: State of the microserver HOWTO

2016-06-07 Thread Eric S. Raymond
Gary E. Miller : > But remember, Eric asked for MY config, not what I think others should be > using. I would hope we get a collection of slightly different ntp.conf > that are optimimized for different purposes, or levels of paranoia. We've has a slight miscommunication. I'm soliciting potentia

Re: State of the microserver HOWTO

2016-06-07 Thread Mike
On 06/07/2016 04:47 PM, Gary E. Miller wrote: Yo Mike! On Tue, 7 Jun 2016 16:27:45 -0400 Mike wrote: If you do ship the one supplied now I just found one thing that will need a fix. # Drift file etc. driftfile /var/lib/ntp/ntp.drift Ntpd is running as user nobody, whom can't write to that d

Re: State of the microserver HOWTO

2016-06-07 Thread Mike
On 06/07/2016 05:57 PM, Hal Murray wrote: Ntpd is running as user nobody, whom can't write to that directory. Hopefully that is user ntp rather than nobody. The file permissions need to be setup for log files as well as the drift file. The HOWTO setsup ntpd to run as nobody:nogroup. The log

Re: State of the microserver HOWTO

2016-06-07 Thread Hal Murray
> I made it nobody, mod 777, and still no luck I'm not sure what "no luck" means. It doesn't get written at shutdown. I think ntp-classic used to do that a long time ago. I remember some comments about fixing it. I don't remember the reasoning. -- These are my opinions. I hate spam. _

Re: Would you please check libntp/systime.c

2016-06-07 Thread Eric S. Raymond
Hal Murray : > > The initial symptom is a warning from clang 3.8.0 on a Raspberry Pi. > > ../../libntp/systime.c:460:37: warning: variable 'tvlast' is uninitialized > when > used here [-Wuninitialized] > > Why didn't any of the other tools notice this? The code isn't particularly > complicat

Re: State of the microserver HOWTO

2016-06-07 Thread Gary E. Miller
Yo Hal! On Tue, 07 Jun 2016 14:57:37 -0700 Hal Murray wrote: > > Ntpd is running as user nobody, whom can't write to that > > directory. > > Hopefully that is user ntp rather than nobody. I made it nobody, mod 777, and still no luck RGDS GARY

Re: State of the microserver HOWTO

2016-06-07 Thread Hal Murray
> Ntpd is running as user nobody, whom can't write to that directory. Hopefully that is user ntp rather than nobody. The file permissions need to be setup for log files as well as the drift file. -- These are my opinions. I hate spam. ___ devel m

Re: State of the microserver HOWTO

2016-06-07 Thread Gary E. Miller
Yo Frank! Good input, net ntp.conf below. On Tue, 7 Jun 2016 17:04:21 -0400 Frank Nicholas wrote: > > On Jun 7, 2016, at 4:52 PM, Gary E. Miller wrote: > > > > peer 204.17.205.1 maxpoll 5 # catbert > > peer 204.17.205.17 maxpoll 5 # pi2 > > #peer 204.17.205.23 maxpoll 5 # pi3 > > peer 204.17.

Re: State of the microserver HOWTO

2016-06-07 Thread Frank Nicholas
> On Jun 7, 2016, at 4:52 PM, Gary E. Miller wrote: > > peer 204.17.205.1 maxpoll 5 # catbert > peer 204.17.205.17 maxpoll 5 # pi2 > #peer 204.17.205.23 maxpoll 5 # pi3 > peer 204.17.205.27 maxpoll 5 # kong > peer 204.17.205.30 maxpoll 5 > peer [2001:470:e815::8] maxpoll 5 # spider You are usin

Re: Testing: IPv6

2016-06-07 Thread Gary E. Miller
Yo Hal! On Tue, 07 Jun 2016 13:05:14 -0700 Hal Murray wrote: > I'm just fishing for ways to get more eyeballs looking for quirks > and/or potentially useful places to look. The IPv6 only case seems > like a good one to test. Yup. I added some IPv6 peers to my ntp.conf, no problems. RGDS GARY

Re: State of the microserver HOWTO

2016-06-07 Thread Gary E. Miller
Yo Eric! A small adjustment to my ntp.conf. I added the issue number for the tartup glitch. Comments welcome. RGDS GARY --- Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703 g...@rellim.com Tel

Re: State of the microserver HOWTO

2016-06-07 Thread Gary E. Miller
Yo Mike! On Tue, 7 Jun 2016 16:27:45 -0400 Mike wrote: > If you do ship the one supplied now I just found one thing that will > need a fix. > > # Drift file etc. > driftfile /var/lib/ntp/ntp.drift > > Ntpd is running as user nobody, whom can't write to that directory. Gack, confirmed. And i

Re: State of the microserver HOWTO

2016-06-07 Thread Gary E. Miller
Yo Eric! Whoops, the last one I sent you wass an old copy. See below for my latest update. Really. I hope... On Tue, 7 Jun 2016 08:37:07 -0400 "Eric S. Raymond" wrote: > Gary E. Miller : > > > Assume I've never read that list, or anything else about NTP other > > > than the HOWTO itself. Re

Re: State of the microserver HOWTO

2016-06-07 Thread Mike
On 06/06/2016 07:27 PM, Eric S. Raymond wrote: Please send me configurations. This is a last blocker on releasing version 1.0 of the HOWTO and I don't want to wait too long. If I don't get a suitable replacement in a reasonable time I will shrug and ship the flawed one. If nobody cared enough

Re: Testing: IPv6

2016-06-07 Thread Hal Murray
fr...@nicholasfamilycentral.com said: > I do have IPv6 available - I run dual stack. I could setup a Pi with only > IPv6... Thanks. I'm not expecting any troubles. The testing I've done works fine. I'm just fishing for ways to get more eyeballs looking for quirks and/or potentially useful p

Re: State of the microserver HOWTO

2016-06-07 Thread Gary E. Miller
Yo Achim! On Tue, 07 Jun 2016 21:13:56 +0200 Achim Gratz wrote: > Gary E. Miller writes: > > "On startup ntpd will take the first time it gets to set the system > > clock. If this first time is an imprecise clock, say derived from > > NMEA, then ntpd may takes days to restabilize. > > > > The fi

Re: State of the microserver HOWTO

2016-06-07 Thread Achim Gratz
Gary E. Miller writes: > "On startup ntpd will take the first time it gets to set the system clock. > If this first time is an imprecise clock, say derived from NMEA, then > ntpd may takes days to restabilize. > > The first time ntpd acquires will tend to be the ones higher up in the > file with th

Would you please check libntp/systime.c

2016-06-07 Thread Hal Murray
The initial symptom is a warning from clang 3.8.0 on a Raspberry Pi. ../../libntp/systime.c:460:37: warning: variable 'tvlast' is uninitialized when used here [-Wuninitialized] Why didn't any of the other tools notice this? The code isn't particularly complicated. A diff with curr

Re: Testing: IPv6

2016-06-07 Thread Gary E. Miller
Yo Hal! On Tue, 07 Jun 2016 11:39:07 -0700 Hal Murray wrote: > There is a typical discussion/flame-war in NANOG about Netflix > blocking HE's IPv6 tunnels. That reminds me that we should be sure > we are testing IPv6. I do. I've had an HE IPv6 free tunnel up since 2009. It just works. > Is

Re: Testing: IPv6

2016-06-07 Thread Frank Nicholas
> On Jun 7, 2016, at 2:39 PM, Hal Murray wrote: > > There is a typical discussion/flame-war in NANOG about Netflix blocking HE's > IPv6 tunnels. That reminds me that we should be sure we are testing IPv6. > > Is anybody running a system without IPv4? > I do have IPv6 available - I run dual

Testing: IPv6

2016-06-07 Thread Hal Murray
There is a typical discussion/flame-war in NANOG about Netflix blocking HE's IPv6 tunnels. That reminds me that we should be sure we are testing IPv6. Is anybody running a system without IPv4? What sort of strange cases should we be testing? --- Even if you don't have an IPv6 connection t

Re: My pre-1.0 wishlist

2016-06-07 Thread Gary E. Miller
Yo Hal! On Tue, 07 Jun 2016 00:40:06 -0700 Hal Murray wrote: > e...@thyrsus.com said: > > You're right. Requiring registration to post bugs is imposing > > unacceptable overhead. > > I think it's reasonably common. Without registration or a captcha or > some equivalent pain in the ass, the

Re: State of the microserver HOWTO

2016-06-07 Thread Eric S. Raymond
Gary E. Miller : > > Assume I've never read that list, or anything else about NTP other > > than the HOWTO itself. Remember who we're teaching! > > You want me to do all the work?!? You're the writer. :-) Yes, which is why I know how error-prone and crazy-making for both of us it would be to d

Re: My pre-1.0 wishlist

2016-06-07 Thread Hal Murray
e...@thyrsus.com said: > You're right. Requiring registration to post bugs is imposing unacceptable > overhead. I think it's reasonably common. Without registration or a captcha or some equivalent pain in the ass, the spammers take over. We could setup a mailbox or form on ntpsec.org with so