ecours' system clock is wrong
Reported a month ago (Bug #11557#note-12) and it’s still wrong:
$ date --utc Wed Jul 26 08:16:05 UTC 2017 $ ssh lizard.tails.boum.org date --utc Wed Jul 26 08:16:05 UTC 2017 $ ssh ecours.tails.boum.org date --utc Wed Jul 26 09:46:07 UTC 2017
This makes it really painful to debug problems raised by our monitoring system: one has to find out what offset to apply to the date/time seen on the Icinga2 dashboard before one can correlate it with other system events & logs.
In ecours’ Journal I see a lot of:
systemd-timesyncd: Timed out waiting for reply from 18.104.22.168:123 (0.debian.pool.ntp.org).
Blocks Tails -
#3 Updated by bertagaz 2017-07-27 15:48:59
> Asked some questions to the admins of the virtualization host where ecours runs.
I had a quick look too today, and it may be that the systemd-timedated service is not setup correctly on ecours:
~# timedatectl status Local time: Thu 2017-07-27 17:13:45 UTC Universal time: Thu 2017-07-27 17:13:45 UTC RTC time: Thu 2017-07-27 17:13:46 Time zone: Etc/UTC (UTC, +0000) Network time on: yes NTP synchronized: no RTC in local TZ: no
While on Lizard:
~$ timedatectl status Local time: jeu. 2017-07-27 15:42:39 UTC Universal time: jeu. 2017-07-27 15:42:39 UTC RTC time: jeu. 2017-07-27 15:42:39 Time zone: Etc/UTC (UTC, +0000) Network time on: yes NTP synchronized: yes RTC in local TZ: no
So NTP sync is not set on ecours. Running
timedatectl set-ntp 1 may fix the issue. That’s probably a leftover from the Jessie time, where we had the ntp service installed on ecours, which disables ntp sync in systemd-timedated.
#4 Updated by intrigeri 2017-07-27 16:07:53
One of us is very confused.
The only difference between the 2 outputs you’ve pasted is whether the time was successfully sync’ed with NTP (NTP synchronized): it was on lizard, it wasn’t on ecours, which is precisely the problem this ticket is about. But in both cases NTP time sync’ is enabled: “Network time on: yes”, and as expected, running
timedatectl set-ntp 1 on ecours doesn’t change this output whatsoever.
#6 Updated by intrigeri 2017-08-12 21:56:08
- % Done changed from 10 to 20
The explanation is simple: NTP/UDP is blocked in the datacenter where ecours lives. Solution (left to implement): point timesyncd to a set of private, not blocked NTP servers we were given. I should handle that during my next sysadmin shift, latest.