[prev in list] [next in list] [prev in thread] [next in thread] 

List:       qubes-devel
Subject:    [qubes-devel] Re: [qubes-users] time sync?
From:       Marek =?utf-8?Q?Marczykowski-G=C3=B3recki?= <marmarek () invisiblethingslab ! com>
Date:       2015-12-23 2:02:28
Message-ID: 20151223020228.GF1074 () mail-itl
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Thu, Dec 17, 2015 at 12:06:58PM +0000, Zrubi wrote:
> On 05/11/2015 08:51 PM, Marek Marczykowski-Górecki wrote:
> > Qubes uses very primitive time synchronization method - every 6
> > minutes qvm-sync-clock tool is called. It first call 'ntpdate' in
> > one selected VM ("ClockVM"), then using qrexec set this time in all
> > the VMs. It isn't very accurate, can lead to differences of few
> > seconds.
> 
> Hi,
> 
> I just run to a time sync problem now.
> 
> just realized that ALL of my vms are off sync by several HOURS from
> the real time.
> 
> Started to investigate - found this thread and reviewed the
> qvm-sync-clock tool.
> 
> What I found: it will exit if the ntpdate fails for any reason and do
> not sync the VM-s.
> If this issue occurs for long enough time ALL the VMs will be out of
> sync even if the dom0 and/or the clockvm time is correct.
> 
> This is really wrong.
> 
> Another issue that you will never got the errors because of the cron
> script will hide it.

You can probably check /root/dead.letter for that...

> I would suggest to
> 
> - relax the qvm-sync-clock a bit - it should be throw only a warning
> if the ntpade fails and should continue with setting all the VMs time
> anyway.

The better idea would be to add an option for that. Generally while VM
is running, I don't see any reason why clock would desynchronize much.
The problematic case is resuming from suspend - then VMs have time from
before suspend and it needs to be synced. So I think it would be good to:
 - abort periodic time sync if ntpdate fails
 - sync clocks anyway after suspend
   (/usr/lib64/pm-utils/sleep.d/01qubes-sync-vms-clock)

Actually something like this is already implemented there, but probably
for some reason it doesn't work for you.

> - do not hide these kind of error messages.
> The old way is to deliver the root mails to a local mailbox - then we
> can setup something to check that.

It still works that way. With an exception that we don't have any mail
server in dom0 (obviously). And that approach is wrong - normal user
will never check mails in dom0. And even if does, mails from cron are
not user friendly. We should go with tray notifications or something
like this. Or at least normal log file.

> It is on R2 - not sure if it is changed on R3.x
> 
> PS:
> I willing to send patches - just wanted the ask about the dev's
> opinion first :)

Great! :)

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJWegCxAAoJENuP0xzK19csjOMH/iRE53ntGLS912looytVGZqs
lX48+Bx8XTAQ+3lRidyZvBnujtdATk94tVwVp6hx5UZvFYs594UjNm1fU38Cr/2s
vktohAY0I2NmTC2yLPn6xj3V84UtNuUGkNIWc8Y3EXOWoizjXTkbxw3NFR7jE4L3
tIhgpd7lxANf46aRu/jzsNKC9bHMJJXtWeqszlIJEayCUQxPKkfbq1jJOzkwbKIm
zg1igjp8ubWPIkTkpRhuxung9H5nz+DBFpBA81rlxFPcX+FSi28pgCOx6C3wYmav
GwJyFpf6yP+FpPkelV5iln4d0RP3acPU7dVAPFz8v9yUfoDEQMm+V8wSRt8lCA4=
=pql4
-----END PGP SIGNATURE-----

-- 
You received this message because you are subscribed to the Google Groups \
"qubes-devel" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to qubes-devel+unsubscribe@googlegroups.com. To post to this group, \
send email to qubes-devel@googlegroups.com. To view this discussion on the web visit \
https://groups.google.com/d/msgid/qubes-devel/20151223020228.GF1074%40mail-itl. For \
more options, visit https://groups.google.com/d/optout.


[prev in list] [next in list] [prev in thread] [next in thread]