[openstack-dev] [openstack-ansible] To NTP, or not to NTP, that is the question
Sergii Golovatiuk
sgolovatiuk at mirantis.com
Tue Sep 22 00:14:00 UTC 2015
Hi,
Are any chance to configure chrony instead of ntpd? It acts more
predictable on virtual environments.
--
Best regards,
Sergii Golovatiuk,
Skype #golserge
IRC #holser
On Mon, Sep 21, 2015 at 4:11 PM, Jesse Pretorius <jesse.pretorius at gmail.com>
wrote:
> On 18 September 2015 at 14:03, Major Hayden <major at mhtx.net> wrote:
>
>> Hey there,
>>
>> I start working on a bug[1] last night about adding a managed NTP
>> configuration to openstack-ansible hosts. My patch[2] gets chrony up and
>> running with configurable NTP servers, but I'm still struggling to meet the
>> "Proposal" section of the bug where the author has asked for non-infra
>> physical nodes to get their time from the infra nodes. I can't figure out
>> how to make it work for AIO builds when one physical host is part of all of
>> the groups. ;)
>>
>> I'd argue that time synchronization is critical for a few areas:
>>
>> 1) Security/auditing when comparing logs
>> 2) Troubleshooting when comparing logs
>> 3) I've been told swift is time-sensitive
>> 4) MySQL/Galera don't like time drift
>>
>> However, there's a strong argument that this should be done by deployers,
>> and not via openstack-ansible. I'm still *very* new to the project and I'd
>> like to hear some feedback from other folks.
>>
>> [1] https://bugs.launchpad.net/openstack-ansible/+bug/1413018
>> [2] https://review.openstack.org/#/c/225006/
>
>
> We have historically taken the stance of leaving something like this as a
> deployer concern - much like setting up host networking and setting host
> repositories. That said, there's value in opinionation based on best
> practices learned from hard-won lessons in the trenches.
>
> I'm somewhat on the fence with this. As-is I don't think the review should
> go in. That said, I'd be more open to an individual role being used to
> implement an appropriate network time configuration - whether that role be
> something that exists within Ansible Galaxy, or whether it's a new role in
> the current repository, or as its own repository in the OpenStack-Ansible
> 'big tent' as proposed in https://review.openstack.org/213779
>
> I do definitely think that there's value in preparing some documentation
> which will help prospective deployers understand how they can consume roles
> from Ansible Galaxy (or some role in an arbitrary repository) to solve
> common problems like this. The tooling is already in the OpenStack-Ansible
> repository, so all it needs is a guiding document which describes how to
> use it.
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150922/acded76f/attachment.html>
More information about the OpenStack-dev
mailing list