From ede7561926497b538349af14984783bdaf43fb40 Mon Sep 17 00:00:00 2001 From: Grant Slater Date: Thu, 24 Nov 2022 09:47:14 +0000 Subject: [PATCH] ntp: Use time.google.com IPs for initstepslew Fixes: https://github.com/openstreetmap/operations/issues/654 Signed-off-by: Grant Slater --- cookbooks/dhcpd/templates/default/dhcpd.conf.erb | 2 +- cookbooks/ntp/templates/default/chrony.conf.erb | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/cookbooks/dhcpd/templates/default/dhcpd.conf.erb b/cookbooks/dhcpd/templates/default/dhcpd.conf.erb index 97a63509f..b64e760aa 100644 --- a/cookbooks/dhcpd/templates/default/dhcpd.conf.erb +++ b/cookbooks/dhcpd/templates/default/dhcpd.conf.erb @@ -16,7 +16,7 @@ subnet <%= interface[:network] %> netmask <%= interface[:netmask] %> { option routers <%= interface[:gateway] %>; option domain-name "<%= @domain %>"; option domain-name-servers <%= interface[:gateway] %>; - option ntp-servers <%= node[:ntp][:servers].first %>; + option ntp-servers <%= node[:ntp][:servers].join(", ") %>; option time-offset 0; option PCode "UTC0"; diff --git a/cookbooks/ntp/templates/default/chrony.conf.erb b/cookbooks/ntp/templates/default/chrony.conf.erb index 1cae6d797..b3948809d 100644 --- a/cookbooks/ntp/templates/default/chrony.conf.erb +++ b/cookbooks/ntp/templates/default/chrony.conf.erb @@ -19,7 +19,8 @@ allow 127.0.0.1/32 allow ::1/128 # Run an initial NTP sync on daemon startup -initstepslew 30 time.cloudflare.com time.google.com <%= node[:ntp][:servers].join(" ") %> +# Use a few IPs here to workaround DNSSEC failure if time is wrong: https://github.com/openstreetmap/operations/issues/654 +initstepslew 30 216.239.35.0 216.239.35.4 216.239.35.8 216.239.35.12 time.google.com time.cloudflare.com <%= node[:ntp][:servers].join(" ") %> <% if node[:lsb][:release].to_f >= 22.04 -%> # Use NTP sources found in /etc/chrony/sources.d. -- 2.39.5