ntp: Use time.google.com IPs for initstepslew

Fixes: https://github.com/openstreetmap/operations/issues/654
Signed-off-by: Grant Slater <github@firefishy.com>

diff --git a/cookbooks/dhcpd/templates/default/dhcpd.conf.erb b/cookbooks/dhcpd/templates/default/dhcpd.conf.erb
index 97a63509f2d0197f3bc9a7247c4e468eb16f9628..b64e760aa8da80316dbf6b7295f3d5570ea6cf5e 100644 (file)
--- a/cookbooks/dhcpd/templates/default/dhcpd.conf.erb
+++ b/cookbooks/dhcpd/templates/default/dhcpd.conf.erb
@@ -16,7 +16,7 @@ subnet <%= interface[:network] %> netmask <%= interface[:netmask] %> {
   option routers <%= interface[:gateway] %>;
   option domain-name "<%= @domain %>";
   option domain-name-servers <%= interface[:gateway] %>;
-  option ntp-servers <%= node[:ntp][:servers].first %>;
+  option ntp-servers <%= node[:ntp][:servers].join(", ") %>;
 
   option time-offset 0;
   option PCode "UTC0";

diff --git a/cookbooks/ntp/templates/default/chrony.conf.erb b/cookbooks/ntp/templates/default/chrony.conf.erb
index 1cae6d797e7687c693432061e52dccbb4a2aa08c..b3948809db4add73ed8bd03dad2f45a7c19d0f88 100644 (file)
--- a/cookbooks/ntp/templates/default/chrony.conf.erb
+++ b/cookbooks/ntp/templates/default/chrony.conf.erb
@@ -19,7 +19,8 @@ allow 127.0.0.1/32
 allow ::1/128
 
 # Run an initial NTP sync on daemon startup
-initstepslew 30 time.cloudflare.com time.google.com <%= node[:ntp][:servers].join(" ") %>
+# Use a few IPs here to workaround DNSSEC failure if time is wrong: https://github.com/openstreetmap/operations/issues/654
+initstepslew 30 216.239.35.0 216.239.35.4 216.239.35.8 216.239.35.12 time.google.com time.cloudflare.com <%= node[:ntp][:servers].join(" ") %>
 
 <% if node[:lsb][:release].to_f >= 22.04 -%>
 # Use NTP sources found in /etc/chrony/sources.d.