[Xymon] Call for 4.3.29 Patches
Axel Beckert
abe at deuxchevaux.org
Thu Apr 11 21:12:44 CEST 2019
Hi John,
On Thu, Apr 11, 2019 at 10:33:51AM -0800, John Thurston wrote:
> >So it might be an idea to drop the "-p 1" completely.
>
> That seems premature. The fact that ntpseq has dropped the parameter
> does not make it common or standard.
I expect ntpsec to become standard in the near future. See
https://www.ntpsec.org/FAQ.html#_why_ntpsec why.
I though must admit, that we're still far away from there, at least in
Debian:
https://qa.debian.org/popcon-graph.php?packages=ntpsec%2Cntpsec-ntpdate%2Cntp%2Cntpdate&show_installed=on&want_legend=on&want_ticks=on&from_date=&to_date=&hlght_date=&date_fmt=%25Y-%25m&beenhere=1
But a decline of ntp installations is clearly visible in that graph
(probably due to systemd also providing a time service, though).
And ntpsec is not yet available in a Debian Stable release, but will
be in the upcoming Debian 10 release "buster".
And what also just became clear to me is that only the ntp-announce
mailing list is dead with only a single mail since mid 2015 (c.f.
http://lists.ntp.org/pipermail/announce/), but there seems to be at
least about 1 security update per year:
http://support.ntp.org/bin/view/Main/SecurityNotice
Maybe forking off ntpsec in 2015 was a kinda wakeup call, at least the
amount of security fixes in 2016 was much high than in the years
afterwards.
> Dropping the "-p 1" option means ntpdate will attempt to collect
> more than one time sample before returning. In all man pages I've
> consulted the default value for "samples" is 4. Which means that
> each non-answering server will block that xymonnet queue for three
> additional seconds.
Yes, I am aware of that. This only has an impact on bigger setups with
more than approx. 75 hosts to monitor. (And yes, I ran into exactly
that issue previously when Xymon still had "-p 2" in there.)
> If you're using ntpsec, I don't think it is unreasonable to expect
> you to tweak that parameter on your own server.
Yes, and that's what I did.
I nevertheless think it is as reasonable to expect you to tweak that
parameter on your own server if you run a big setup. BTDT.
> I don't think it is reasonable to build in a 4x longer delay for
> everyone.
I think Xymon should support both variants by using default settings
which work with both implementations.
But maybe it should indeed do that only with a later release, when
ntpsec gained more traction and is available in more stable
distributions.
Kind regards, Axel
--
PGP: 2FF9CD59612616B5 /~\ Plain Text Ribbon Campaign, http://arc.pasp.de/
Mail: abe at deuxchevaux.org \ / Say No to HTML in E-Mail and Usenet
Mail+Jabber: abe at noone.org X
https://axel.beckert.ch/ / \ I love long mails: https://email.is-not-s.ms/
More information about the Xymon
mailing list