Hello, time on copr-keygen (both production and dev) machines gets desynchronized from time. Today it is the first time it happened on production. I always need to call ntpdate -u 1.rhel.pool.ntp.org to sync it. Any idea what might be the cause? Should I just play with the ntpd settings to make sure this doesn't happen? It seems only keygen machines are affected strangely.
When do you need this? (YYYY/MM/DD) Any time
When is this no longer needed or useful? (YYYY/MM/DD) Always useful
If we cannot complete your request, what is the impact? I will need to fix it on my own. Just wanted to ask for ideas.
Something seems to be blocking ntp for all cloud hosts. :crying_cat_face:
I'll ask if there's somehow a egress rule thats doing this.
Metadata Update from @kevin: - Issue assigned to kevin - Issue priority set to: Waiting on Assignee (was: Needs Review)
RHIT confirmed that NTP traffic is blocked. They suggested to set up local NTP server in cloud for which NTP traffic would be unblocked and from which all cloud instances would be able to sync.
I have put in a ticket to allow ntp outgoing from cloud-noc01. As soon as thats processed, it should be able to sync and other cloud machines should be able to sync to it.
Thank you! On Wed, Sep 19, 2018 at 12:05 AM Kevin Fenzi pagure@pagure.io wrote:
kevin added a new comment to an issue you are following: `` I have put in a ticket to allow ntp outgoing from cloud-noc01. As soon as thats processed, it should be able to sync and other cloud machines should be able to sync to it. `` To reply, visit the link below or just reply to this email https://pagure.io/fedora-infrastructure/issue/7168
kevin added a new comment to an issue you are following: `` I have put in a ticket to allow ntp outgoing from cloud-noc01. As soon as thats processed, it should be able to sync and other cloud machines should be able to sync to it.
``
To reply, visit the link below or just reply to this email https://pagure.io/fedora-infrastructure/issue/7168
ok. This should now be fixed.
We had to get cloud-noc01 allowed to consult outside ntp servers, switch everything to chrony and use port 124 internally, but it all works nicely now.
:musical_score:
Metadata Update from @kevin: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Cool, Thank you, Kevin. So no change is needed on copr-keygen side?
Nope. I changed our base role which copr-keygen uses, so it should be all set now.
Login to comment on this ticket.