Public bug reported: Hi, chrony did since 21.04 [1] introduce NTS support [2]. There is an article [2] and an FAQ [3] by the upstream maintainer about NTS so that you know what it is about :-)
Furthermore this is briefly documented in the server-guide [4] and to look at some code there is an MP to add it to the NTP charm [5]. This is now becoming the usual chicken-and-egg case, there are not many NTS servers yet. But to make sense to enable servers we need more clients out there. Since 22.04 is coming and will be the first Ubuntu LTS with an NTS enabled chrony we realized that if e.g. a cloud wants not only to provide good time (they usually want locally for traffic and less deviation), but wants to do so securely. After all a lot of security is based on time (certificate validations for example). For a default setup there are certain concerns like "could an initial sync work if my HW starts with a 1980 clock time (it would not), so you'd want to start insecure and then enable. ALl this is supported, but especially cloud-providers are in a great place. Their virtual clocks will initially not be "too much" off which makes it quite likely that NTS for them will immediately work. That surely is the safest setup, but for that the clouds-will need the ability to configure NTS in chrony through cloud-init, hence this feature request. [1]: https://discourse.ubuntu.com/t/hirsute-hippo-release-notes/19221 [2]: https://fedoramagazine.org/secure-ntp-with-nts/ [3]: https://chrony.tuxfamily.org/faq.html#_using_nts [4]: https://ubuntu.com/server/docs/network-ntp [5]: https://code.launchpad.net/~paelzer/ntp-charm/+git/ntp-charm/+merge/404907 P.S. We are also working on NTS enabled canonical time servers, (RT 128750) but that has no ETA yet. But once they exist there would be more potential use-cases (outside of the clouds) to NTS configured via cloud- init. ** Affects: cloud-init Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to cloud-init. https://bugs.launchpad.net/bugs/1940899 Title: [Feature] Please support NTS for the Chrony NTP backend Status in cloud-init: New Bug description: Hi, chrony did since 21.04 [1] introduce NTS support [2]. There is an article [2] and an FAQ [3] by the upstream maintainer about NTS so that you know what it is about :-) Furthermore this is briefly documented in the server-guide [4] and to look at some code there is an MP to add it to the NTP charm [5]. This is now becoming the usual chicken-and-egg case, there are not many NTS servers yet. But to make sense to enable servers we need more clients out there. Since 22.04 is coming and will be the first Ubuntu LTS with an NTS enabled chrony we realized that if e.g. a cloud wants not only to provide good time (they usually want locally for traffic and less deviation), but wants to do so securely. After all a lot of security is based on time (certificate validations for example). For a default setup there are certain concerns like "could an initial sync work if my HW starts with a 1980 clock time (it would not), so you'd want to start insecure and then enable. ALl this is supported, but especially cloud-providers are in a great place. Their virtual clocks will initially not be "too much" off which makes it quite likely that NTS for them will immediately work. That surely is the safest setup, but for that the clouds-will need the ability to configure NTS in chrony through cloud-init, hence this feature request. [1]: https://discourse.ubuntu.com/t/hirsute-hippo-release-notes/19221 [2]: https://fedoramagazine.org/secure-ntp-with-nts/ [3]: https://chrony.tuxfamily.org/faq.html#_using_nts [4]: https://ubuntu.com/server/docs/network-ntp [5]: https://code.launchpad.net/~paelzer/ntp-charm/+git/ntp-charm/+merge/404907 P.S. We are also working on NTS enabled canonical time servers, (RT 128750) but that has no ETA yet. But once they exist there would be more potential use-cases (outside of the clouds) to NTS configured via cloud-init. To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-init/+bug/1940899/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
