Excellent. I will see what I can do to contribute a run-it-by-cron option to the module, since I already do that.
As far as the large time differences, there are multiple references "out there" to a line at the top of ntp.conf as follows: tinker panic 0 This tells the system to accept any offset that is handed to it. Oddly, there is no mention of it in the Red Hat man pages for ntp, but I found it on the ntp maintainer's site: http://doc.ntp.org/4.2.0/miscopt.html (under "tinker") panic panic The argument is the panic threshold, normally 1000 s. If set to zero, the panic sanity check is disabled and a clock offset of any value will be accepted. “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin & Hobbes) ----- Original Message ----- From: "Kent R. Spillner" <kspill...@acm.org> To: puppet-users@googlegroups.com Sent: Thursday, July 11, 2013 1:01:30 PM Subject: Re: [Puppet Users] puppetlabs-ntp template discussion > http://www.nsa.gov/ia/_files/os/redhat/NSA_RHEL_5_GUIDE_v4.2.pdf > > In general, they recommend running a daemon only when absolutely necessary. Thanks for the reference! The security risk of ntpd listening by default is a good reason for wanting to run it out of cron. >> In general, that's considered bad practice, and unnecessary because of >> ntpd's >> maturity. A few years ago we were bitten by NTP running out of cron on >> RedHat >> Enterprise Linux 6.0 systems because of the "tickless kernel.” > > That might be from folks using ntpdate from cron instead of "ntpd -q" No, I think there's more to it. In my specific case we experienced problems with large time differences across machines between the cronjobs, but our cronjob didn't run as frequently as every fifteen minutes. Anyways, thanks again for explaining the use case for running ntpd out of cron. I now agree that adding such an option to puppetlabs-ntp template is a good idea. :) -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
