| RE: [chrony-users] Changing hostnames for chronyc sources and sourcestats results |
[ Thread Index |
Date Index
| More chrony.tuxfamily.org/chrony-users Archives
]
- To: "chrony-users@xxxxxxxxxxxxxxxxxxxx" <chrony-users@xxxxxxxxxxxxxxxxxxxx>
- Subject: RE: [chrony-users] Changing hostnames for chronyc sources and sourcestats results
- From: "Kohr, Alexander" <Alexander.Kohr@xxxxxxxxxxxxxxx>
- Date: Wed, 20 Nov 2019 20:51:17 +0000
- Accept-language: en-US
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 155.247.195.53) smtp.rcpttodomain=chrony.tuxfamily.org smtp.mailfrom=tuhs.temple.edu; dmarc=bestguesspass action=none header.from=tuhs.temple.edu; dkim=none (message not signed); arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UPVyQ53JvlUx4fVEIUYQkACw8ma0FAe7qeqW87hTLqg=; b=eLfgvLXC0GfzZFXqkDBp0odsF3wrJ2ngDx9KuWcY0YnSdBa7JuHBfRXHKVubAkM81onayIhbty4/IZR9/67zMfT9gJp49pB1Fb8v8oZ4DNvYI1Gie28ZUGSamSB3lORvqkYjVMLwzBum4V7Szb2YneqZ/xrPFkouUaLoyG3UW2PC8J3Qy8U7NMmRxFo3PrruP2Iom7ukVUgJ+mEOWlcPOdSuKRE+3NASUlncTJzr1YgLZqrZL96yHfPpZrzCpK3vp7LZ80LK5FbhIIH/D6FeKNhMNAJbrOyPaUxa2a+YpMdgUCy2WTlPh1Q1T2p83yUGu64TO2WwoRz6h0sT51MuvA==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=l7F3cfhdiOz1A6QzGMe7YBviAP0lPZJTK7jn4tE8FvWAgBzo1q1/bnxrOG9HWNHiXRNPN9NuEW6TOf7NKhjZhE1LuoY1QvtwiI2MtR3evrdPHx0nEuWzEiFcwIUFK9fLIlrJb2n+k30OQO/0bGWlNtNh04m3RHlQfQcRLzBzt8qc8NhQejCtR4Dsz5wcZdXhf5B4Wc0gujn+DpLsRaW9SqpQtpiVUufA8mQ6T2TbrJqqw3GMJUGnebcHmtIs1xeiDfb/EtsQUGcTBURNFufb08g5aH5qVIGPI1vz0li0HpiN2EmvTPTg+COzHm9RBdXk6LR1+ORpM7JOWVX0R/npxA==
- Authentication-results: spf=pass (sender IP is 155.247.195.53) smtp.mailfrom=tuhs.temple.edu; chrony.tuxfamily.org; dkim=none (message not signed) header.d=none;chrony.tuxfamily.org; dmarc=bestguesspass action=none header.from=tuhs.temple.edu;
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tuhs.onmicrosoft.com; s=selector2-tuhs-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UPVyQ53JvlUx4fVEIUYQkACw8ma0FAe7qeqW87hTLqg=; b=DlbUci2e5vxeYSU/X6WxiytOfQ78sBFvGTzpoGNe64djDrESsBxtrOwd9DdHX3HvzvpyPkhP9V3rcTUuuGLjrEU4e9DHD5OHJGG5VfRCCIt0P+8rVQJRZqeauUaJEYw0dnFcRcijzqaVgMsrJeSHjUXQuq1w3gpgzyCMTWH1YpQ=
- Thread-index: AdWaWX4AMXCGZ6MORY+STnnxw4gU0AAlOKOAATGmpNA=
- Thread-topic: [chrony-users] Changing hostnames for chronyc sources and sourcestats results
Legacy scripts can always be tricky to deal with. A new option that goes in and pulls data from the chrony configuration file would provide output that is not as confusing as to which line was for which server could work to address this situation. It just leaves the initial confusion of what line is actually what until a user does more investigating to find out that option exists. Maybe the option could be -H to show just the hostname based on what is in the configuration file. (Note I would recommend against -o for original as that gets used for options in a lot of programs.)
For those that want to show both the hostname and the IP address for instance in the case where you have a pool of IP addresses for just one hostname like 0.centos.pool.ntp.org, maybe you could use a -l for long flag to allow both the Name/IP Address field to show both a hostname and specific IP address you are connecting to, along with any other changes to that output that would need to be made when flags like -4 or -6 are also invoked.
In the case of multiple A-Records, the -n option does display just one IP address and is definitely less confusing as it remains static from iteration to iteration due to the design of caching the numerical IP addresses until it stop working, It's not as easy to quickly interpret as if it had just used the hostname from the chrony configuration file.
I didn't go back and read the original post and rational behind adding the ability to add aliases to the configuration file, so they may have a different problem to solve, but for what I was experiencing where the hostnames changes based on reverse lookups giving different information, it seems like a lot of extra programing and redundant configuration for information that is already obtainable from the configuration file format as it stands.
I am no SSL expert. However, since I think the hostname will need to be cached for whatever the final Network Time Security standard will be to match the hostname called with the SSL certificates the server is returning, it might be worthwhile to modify things sooner rather than later to start loading configured hostnames into memory space on startup and make the default behavior for the Name/IP Address field to be the hostnames cached from the configuration file rather than trying to resolve the hostname. Then make it modify what is shown based on whether a -n is thrown to force the numerical IP number it has cached or a -4 or -6 is thrown to resolve the hostname only to IPV4 or IPV6 because in those cases the user almost certainly wants something other than what is configured in the configuration file when chronyd was last started.
In any case this is not a high priority for us, since we own the DNS and time severs we were experiencing the confusion from, we removed all but one of the reverse A records from DNS, so while the exact configuration is not clear from the chronyc commands, we don't' have the issue of the names changing on different invocations, and when we truly need to know how chronyd is configured, we can check the actual configuration file.
Thank you, for your time and consideration and for any future changes you may make to future versions to show the as configured on launch information in the Names/IP addresses and the possibility of showing both an IP address and a hostname.
-----Original Message-----
From: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Sent: Thursday, November 14, 2019 3:21 AM
To: chrony-users@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [chrony-users] Changing hostnames for chronyc sources and sourcestats results
EXTERNAL MESSAGE. DO NOT open attachments or click links from unknown senders or unknown emails.
________________________________
On Wed, Nov 13, 2019 at 07:54:32PM +0000, Kohr, Alexander wrote:
> I have run into what I consider confusing operation/a bug of chronyc for the server name results it returns. When I run chronyc sourcestats or chronyc sources the "Name/IP address" field doesn't always list the hostname/s that are entered into my chrony.conf file.
> It seems like instead of chronyc isn't' generating it's reports using the hostnames that are entered into my chrony.conf configuration file and instead chronyd is taking the hostnames from the chrony.conf configuration file and then resolving it to an IP address and caching that information using that IP address to make the connections to the time servers. (which makes sense when pools are used.) However when chronyc is called with the sources or sourcestats option, instead of using the original hostname it got from the chrony.conf file, It attempts to do a reverse DNS lookup of the numerical IP address it has been using.
That's correct. chronyc doesn't currently have access to the original names from the config file. All commands work with IP addresses. There is the "-n" option to disable resolving to names.
The protocol will need to be extended to exchange names. That will also be needed for the upcoming NTS support.
> Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev
> ==============================================================================
> 172.0.0.51/172.0.0.51 27 16 47m +0.094 0.296 -216us 333us
> time2.example.test/172.0.0.52 29 17 52m -0.080 0.110 +86us 119us
> realhostname3.example.test/172.0.0.53 24 10 43m -0.052 0.212 +528us 166us
One thing that I don't like about this format much is that it's too wide and it would break compatibility with existing scripts.
I think it might be better to add a new option to display the original names (only). The user could select what should be displayed: the IP addresses, the current names per DNS, or the original names.
There was also a suggestion on the list that sources could have a an alias specified in the config file, which could used for monitoring and run-time configuration. The original hostname could be the default value. I'm not sure how to deal with pools, however.
--
Miroslav Lichvar
--
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.
________________________________
This electronic message is intended to be for the use of the named recipient, and may contain information that is confidential or privileged. This communication may contain protected health information (PHI) that is legally protected from inappropriate disclosure by the Privacy Standards of the Health Insurance Portability and Accountability Act (HIPAA) and relevant Pennsylvania Laws. You can direct questions concerning PHI or HIPAA to the Corporate Compliance and Privacy Officer at (215) 707-5605. If you are not the intended recipient, please note that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this message in error, you should notify the sender immediately by telephone or by return e-mail and delete and destroy all copies of this message.
--
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.