[Xymon] Call for 4.3.29 Patches

Axel Beckert abe at deuxchevaux.org
Thu Apr 11 21:12:44 CEST 2019


Hi John,

On Thu, Apr 11, 2019 at 10:33:51AM -0800, John Thurston wrote:
> >So it might be an idea to drop the "-p 1" completely.
> 
> That seems premature. The fact that ntpseq has dropped the parameter
> does not make it common or standard.

I expect ntpsec to become standard in the near future. See
https://www.ntpsec.org/FAQ.html#_why_ntpsec why.

I though must admit, that we're still far away from there, at least in
Debian:
https://qa.debian.org/popcon-graph.php?packages=ntpsec%2Cntpsec-ntpdate%2Cntp%2Cntpdate&show_installed=on&want_legend=on&want_ticks=on&from_date=&to_date=&hlght_date=&date_fmt=%25Y-%25m&beenhere=1

But a decline of ntp installations is clearly visible in that graph
(probably due to systemd also providing a time service, though).

And ntpsec is not yet available in a Debian Stable release, but will
be in the upcoming Debian 10 release "buster".

And what also just became clear to me is that only the ntp-announce
mailing list is dead with only a single mail since mid 2015 (c.f.
http://lists.ntp.org/pipermail/announce/), but there seems to be at
least about 1 security update per year:
http://support.ntp.org/bin/view/Main/SecurityNotice

Maybe forking off ntpsec in 2015 was a kinda wakeup call, at least the
amount of security fixes in 2016 was much high than in the years
afterwards.

> Dropping the "-p 1" option means ntpdate will attempt to collect
> more than one time sample before returning. In all man pages I've
> consulted the default value for "samples" is 4. Which means that
> each non-answering server will block that xymonnet queue for three
> additional seconds.

Yes, I am aware of that. This only has an impact on bigger setups with
more than approx. 75 hosts to monitor. (And yes, I ran into exactly
that issue previously when Xymon still had "-p 2" in there.)

> If you're using ntpsec, I don't think it is unreasonable to expect
> you to tweak that parameter on your own server.

Yes, and that's what I did.

I nevertheless think it is as reasonable to expect you to tweak that
parameter on your own server if you run a big setup. BTDT.

> I don't think it is reasonable to build in a 4x longer delay for
> everyone.

I think Xymon should support both variants by using default settings
which work with both implementations.

But maybe it should indeed do that only with a later release, when
ntpsec gained more traction and is available in more stable
distributions.

		Kind regards, Axel
-- 
PGP: 2FF9CD59612616B5      /~\  Plain Text Ribbon Campaign, http://arc.pasp.de/
Mail: abe at deuxchevaux.org  \ /  Say No to HTML in E-Mail and Usenet
Mail+Jabber: abe at noone.org  X
https://axel.beckert.ch/   / \  I love long mails: https://email.is-not-s.ms/


More information about the Xymon mailing list