No real-time clock, ntpd, and settime

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

No real-time clock, ntpd, and settime

Filippo Valsorda-3
(Emailing the arm@ list because this is a common issue on arm platforms,
although not arm specific. Let me know if I should redirect.)

I run a simple OpenBSD firewall on a RPi 4, which doesn't have a
real-time clock. When the power goes out, the firewall boots faster
than its upstream, so it doesn't have network connectivity in the first
seconds.

This interacts poorly with ntpd's settime logic: ntpd will only use
settime in securelevel 0 (see auto_preconditions() in ntpd.c), and will
only try reaching the Internet twice, with a 1s pause, upon starting.

The result is that the firewall boots, gives up on settime, and ends up
stuck forever with a clock weeks old, enough to break the system, and
too far for ntp to catch up.

I'm not sure what the right solution is. I think I would want ntpd to
wait until it has network connectivity at boot, but I'm not sure if this
is something I should hack myself or maybe there's space for an ntpd CLI
option.

Opinions?

Reply | Threaded
Open this post in threaded view
|

Re: No real-time clock, ntpd, and settime

Mark Kettenis
> Date: Sat, 09 Jan 2021 17:24:59 +0100
> From: "Filippo Valsorda" <[hidden email]>
>
> (Emailing the arm@ list because this is a common issue on arm platforms,
> although not arm specific. Let me know if I should redirect.)
>
> I run a simple OpenBSD firewall on a RPi 4, which doesn't have a
> real-time clock. When the power goes out, the firewall boots faster
> than its upstream, so it doesn't have network connectivity in the first
> seconds.
>
> This interacts poorly with ntpd's settime logic: ntpd will only use
> settime in securelevel 0 (see auto_preconditions() in ntpd.c), and will
> only try reaching the Internet twice, with a 1s pause, upon starting.
>
> The result is that the firewall boots, gives up on settime, and ends up
> stuck forever with a clock weeks old, enough to break the system, and
> too far for ntp to catch up.
>
> I'm not sure what the right solution is. I think I would want ntpd to
> wait until it has network connectivity at boot, but I'm not sure if this
> is something I should hack myself or maybe there's space for an ntpd CLI
> option.
>
> Opinions?

Add an RTC to the Pi4.  They can be bought for a few euros and can be
enabled by adding the appropriate device tree overlay to the
config.txt file on the firmware partition of your boot disk.

Reply | Threaded
Open this post in threaded view
|

Re: No real-time clock, ntpd, and settime

Archimedes Gaviola
Hi,

As Mark have said, you can buy an RTC. For how many months right now my
standalone (not connected to the internet) Raspberry Pi 4B has been very
stable with time using DS3231 module
https://shopee.ph/DS3231-Mini-RTC-Module-i.18252381.315148783. Sharing to
you as well https://marc.info/?t=159819358900001&r=1&w=2.

Thanks and best regards,
Archimedes

On Sun, Jan 10, 2021 at 12:37 AM Mark Kettenis <[hidden email]>
wrote:

> > Date: Sat, 09 Jan 2021 17:24:59 +0100
> > From: "Filippo Valsorda" <[hidden email]>
> >
> > (Emailing the arm@ list because this is a common issue on arm platforms,
> > although not arm specific. Let me know if I should redirect.)
> >
> > I run a simple OpenBSD firewall on a RPi 4, which doesn't have a
> > real-time clock. When the power goes out, the firewall boots faster
> > than its upstream, so it doesn't have network connectivity in the first
> > seconds.
> >
> > This interacts poorly with ntpd's settime logic: ntpd will only use
> > settime in securelevel 0 (see auto_preconditions() in ntpd.c), and will
> > only try reaching the Internet twice, with a 1s pause, upon starting.
> >
> > The result is that the firewall boots, gives up on settime, and ends up
> > stuck forever with a clock weeks old, enough to break the system, and
> > too far for ntp to catch up.
> >
> > I'm not sure what the right solution is. I think I would want ntpd to
> > wait until it has network connectivity at boot, but I'm not sure if this
> > is something I should hack myself or maybe there's space for an ntpd CLI
> > option.
> >
> > Opinions?
>
> Add an RTC to the Pi4.  They can be bought for a few euros and can be
> enabled by adding the appropriate device tree overlay to the
> config.txt file on the firmware partition of your boot disk.
>
>
Reply | Threaded
Open this post in threaded view
|

Re: No real-time clock, ntpd, and settime

Patrick Wildt-3
You can even get a Zigbee module combined with an RTC, and optional even
PoE if you want.

https://www.tindie.com/products/electrolama/zoe-rtc-zigbee-radio-and-rtc-for-raspberry-pi/
https://www.tindie.com/products/electrolama/zoe-poe-zigbee-radio-rtc-poe-for-raspberry-pi/

Am Sun, Jan 10, 2021 at 01:14:13AM +0800 schrieb Archimedes Gaviola:

> Hi,
>
> As Mark have said, you can buy an RTC. For how many months right now my
> standalone (not connected to the internet) Raspberry Pi 4B has been very
> stable with time using DS3231 module
> https://shopee.ph/DS3231-Mini-RTC-Module-i.18252381.315148783. Sharing to
> you as well https://marc.info/?t=159819358900001&r=1&w=2.
>
> Thanks and best regards,
> Archimedes
>
> On Sun, Jan 10, 2021 at 12:37 AM Mark Kettenis <[hidden email]>
> wrote:
>
> > > Date: Sat, 09 Jan 2021 17:24:59 +0100
> > > From: "Filippo Valsorda" <[hidden email]>
> > >
> > > (Emailing the arm@ list because this is a common issue on arm platforms,
> > > although not arm specific. Let me know if I should redirect.)
> > >
> > > I run a simple OpenBSD firewall on a RPi 4, which doesn't have a
> > > real-time clock. When the power goes out, the firewall boots faster
> > > than its upstream, so it doesn't have network connectivity in the first
> > > seconds.
> > >
> > > This interacts poorly with ntpd's settime logic: ntpd will only use
> > > settime in securelevel 0 (see auto_preconditions() in ntpd.c), and will
> > > only try reaching the Internet twice, with a 1s pause, upon starting.
> > >
> > > The result is that the firewall boots, gives up on settime, and ends up
> > > stuck forever with a clock weeks old, enough to break the system, and
> > > too far for ntp to catch up.
> > >
> > > I'm not sure what the right solution is. I think I would want ntpd to
> > > wait until it has network connectivity at boot, but I'm not sure if this
> > > is something I should hack myself or maybe there's space for an ntpd CLI
> > > option.
> > >
> > > Opinions?
> >
> > Add an RTC to the Pi4.  They can be bought for a few euros and can be
> > enabled by adding the appropriate device tree overlay to the
> > config.txt file on the firmware partition of your boot disk.
> >
> >

Reply | Threaded
Open this post in threaded view
|

Re: No real-time clock, ntpd, and settime

Filippo Valsorda-3
Adding an RTC is definitely a solution, but the functionality to
support RTC-less boards is there in ntpd—and indeed works well when
connectivity is available from boot—it just doesn't work when network
access is delayed.

I'd also rather use ntpd than rdate, since the former uses constraints
to check the validity of the otherwise unauthenticated received time.

I'm happy to drop a patch for whatever behavior people think makes
sense, but I wanted feedback on what that might be. Should ntpd wait
longer for upstream connectivity? Should it be willing to do settime
even in securelevel 1, so a simple "rcctl restart ntpd" will fix the
time?

2021-01-09 18:29 GMT+01:00 Patrick Wildt <[hidden email]>:

> You can even get a Zigbee module combined with an RTC, and optional even
> PoE if you want.
>
> https://www.tindie.com/products/electrolama/zoe-rtc-zigbee-radio-and-rtc-for-raspberry-pi/
> https://www.tindie.com/products/electrolama/zoe-poe-zigbee-radio-rtc-poe-for-raspberry-pi/
>
> Am Sun, Jan 10, 2021 at 01:14:13AM +0800 schrieb Archimedes Gaviola:
> > Hi,
> >
> > As Mark have said, you can buy an RTC. For how many months right now my
> > standalone (not connected to the internet) Raspberry Pi 4B has been very
> > stable with time using DS3231 module
> > https://shopee.ph/DS3231-Mini-RTC-Module-i.18252381.315148783. Sharing to
> > you as well https://marc.info/?t=159819358900001&r=1&w=2.
> >
> > Thanks and best regards,
> > Archimedes
> >
> > On Sun, Jan 10, 2021 at 12:37 AM Mark Kettenis <[hidden email]>
> > wrote:
> >
> > > > Date: Sat, 09 Jan 2021 17:24:59 +0100
> > > > From: "Filippo Valsorda" <[hidden email]>
> > > >
> > > > (Emailing the arm@ list because this is a common issue on arm platforms,
> > > > although not arm specific. Let me know if I should redirect.)
> > > >
> > > > I run a simple OpenBSD firewall on a RPi 4, which doesn't have a
> > > > real-time clock. When the power goes out, the firewall boots faster
> > > > than its upstream, so it doesn't have network connectivity in the first
> > > > seconds.
> > > >
> > > > This interacts poorly with ntpd's settime logic: ntpd will only use
> > > > settime in securelevel 0 (see auto_preconditions() in ntpd.c), and will
> > > > only try reaching the Internet twice, with a 1s pause, upon starting.
> > > >
> > > > The result is that the firewall boots, gives up on settime, and ends up
> > > > stuck forever with a clock weeks old, enough to break the system, and
> > > > too far for ntp to catch up.
> > > >
> > > > I'm not sure what the right solution is. I think I would want ntpd to
> > > > wait until it has network connectivity at boot, but I'm not sure if this
> > > > is something I should hack myself or maybe there's space for an ntpd CLI
> > > > option.
> > > >
> > > > Opinions?
> > >
> > > Add an RTC to the Pi4.  They can be bought for a few euros and can be
> > > enabled by adding the appropriate device tree overlay to the
> > > config.txt file on the firmware partition of your boot disk.
> > >
> > >
>
Reply | Threaded
Open this post in threaded view
|

Re: No real-time clock, ntpd, and settime

Otto Moerbeek
On Sat, Jan 09, 2021 at 08:59:19PM +0100, Filippo Valsorda wrote:

> Adding an RTC is definitely a solution, but the functionality to
> support RTC-less boards is there in ntpd—and indeed works well when
> connectivity is available from boot—it just doesn't work when network
> access is delayed.
>
> I'd also rather use ntpd than rdate, since the former uses constraints
> to check the validity of the otherwise unauthenticated received time.
>
> I'm happy to drop a patch for whatever behavior people think makes
> sense, but I wanted feedback on what that might be. Should ntpd wait
> longer for upstream connectivity? Should it be willing to do settime
> even in securelevel 1, so a simple "rcctl restart ntpd" will fix the
> time?

The current behaviour is a balance between startup speed and working
in most cases. I certainly would not like a long delay to be the
default, it's too annoying when e.g. working on stuff that requires a
lot of reboots in a no-net situation.

settime in securelevel 1 is also not nice, jumping the clock once
various daemon are started is not acceptable. Doing an rdate call has
the same issue.

A workaround might be to do a !sleep xx in your hostname.if file, to
force a delay so your uplink is live when booting continues.

In the meantime I'll do some more thinking about an approach that does
not cause long delays for everybody while still solving your issue.

        -Otto

>
> 2021-01-09 18:29 GMT+01:00 Patrick Wildt <[hidden email]>:
> > You can even get a Zigbee module combined with an RTC, and optional even
> > PoE if you want.
> >
> > https://www.tindie.com/products/electrolama/zoe-rtc-zigbee-radio-and-rtc-for-raspberry-pi/
> > https://www.tindie.com/products/electrolama/zoe-poe-zigbee-radio-rtc-poe-for-raspberry-pi/
> >
> > Am Sun, Jan 10, 2021 at 01:14:13AM +0800 schrieb Archimedes Gaviola:
> > > Hi,
> > >
> > > As Mark have said, you can buy an RTC. For how many months right now my
> > > standalone (not connected to the internet) Raspberry Pi 4B has been very
> > > stable with time using DS3231 module
> > > https://shopee.ph/DS3231-Mini-RTC-Module-i.18252381.315148783. Sharing to
> > > you as well https://marc.info/?t=159819358900001&r=1&w=2.
> > >
> > > Thanks and best regards,
> > > Archimedes
> > >
> > > On Sun, Jan 10, 2021 at 12:37 AM Mark Kettenis <[hidden email]>
> > > wrote:
> > >
> > > > > Date: Sat, 09 Jan 2021 17:24:59 +0100
> > > > > From: "Filippo Valsorda" <[hidden email]>
> > > > >
> > > > > (Emailing the arm@ list because this is a common issue on arm platforms,
> > > > > although not arm specific. Let me know if I should redirect.)
> > > > >
> > > > > I run a simple OpenBSD firewall on a RPi 4, which doesn't have a
> > > > > real-time clock. When the power goes out, the firewall boots faster
> > > > > than its upstream, so it doesn't have network connectivity in the first
> > > > > seconds.
> > > > >
> > > > > This interacts poorly with ntpd's settime logic: ntpd will only use
> > > > > settime in securelevel 0 (see auto_preconditions() in ntpd.c), and will
> > > > > only try reaching the Internet twice, with a 1s pause, upon starting.
> > > > >
> > > > > The result is that the firewall boots, gives up on settime, and ends up
> > > > > stuck forever with a clock weeks old, enough to break the system, and
> > > > > too far for ntp to catch up.
> > > > >
> > > > > I'm not sure what the right solution is. I think I would want ntpd to
> > > > > wait until it has network connectivity at boot, but I'm not sure if this
> > > > > is something I should hack myself or maybe there's space for an ntpd CLI
> > > > > option.
> > > > >
> > > > > Opinions?
> > > >
> > > > Add an RTC to the Pi4.  They can be bought for a few euros and can be
> > > > enabled by adding the appropriate device tree overlay to the
> > > > config.txt file on the firmware partition of your boot disk.
> > > >
> > > >
> >