Re: [chrony-dev] [PATCH v3] main: add -X to fall back if time is not adjustable

[Christian Ehrhardt <christian.ehrhardt@xxxxxxxxxxxxx>]

On Wed, Mar 14, 2018 at 11:42 AM, Miroslav Lichvar <mlichvar@xxxxxxxxxx> wrote:

On Wed, Mar 14, 2018 at 11:16:10AM +0100, Christian Ehrhardt wrote:
> On Wed, Mar 14, 2018 at 11:01 AM, Miroslav Lichvar <mlichvar@xxxxxxxxxx>
> wrote:
> > At this time, I'd be interested in including only in the first one. We
> > can reconsider the other two later if you are still interested.
> >
>
> Worst case we at least improve the messaging which is better than nothing.
>
> That can be ok depending on what "later" means, what timeline are we
> talking about for "later"?
> In March is kind of ok, >=April would likely be too late for me.

I think this all needs more discussion and I would like to postpone it
at least after 3.3, which will hopefully be released at the end of
March.

To me it feels like there is a bigger problem that needs to be solved
first. Containers need more information about the system clock, which
only the host can provide. If this can be fixed (I'm not sure how),
maybe there will be a better solution for the problem that -X was
intended to fix.

Looking form far away at the problem I think I agree.

But all of this takes some (probably a lot) time.

Let me finish V4 as a discussion example for later on and I expect only the improved output to be included for now.

 

> > The example unit file shouldn't change.
> >
>
> Well, without dropping ConditionCapability=CAP_SYS_TIME it will never try
> to use it.
> No matter if one configures it for -x or the new -X - it will just not even
> try while it would work inside the limits of -x/-X in those cases.

The example unit file is intended for the typical use case, where
starting chronyd in containers (with or without -x/-X) makes no sense.
The thing that enables the -x/-X option should also remove the
ConditionCapability. If you will go with the wrapper approach, you can
modify the file in your downstream package.

Yeah, given the time constraints on "a real solution" I'll end up with my wrapper for now.

And yes I can change things there as I needed.

P.S. as just outlined on IRC I might even make -x (lower case) the default in containers.

As otherwise container features will make it by default "run & fail" as the CAP will be around.

Anyway - thanks for the discussion and I hope to get to the V4 soon.

--
Miroslav Lichvar

--
To unsubscribe email chrony-dev-request@chrony.tuxfamily.org with "unsubscribe" in the subject.
For help email chrony-dev-request@chrony.tuxfamily.org with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxx.org.

--

Christian Ehrhardt

Software Engineer, Ubuntu Server

Canonical Ltd