redhat – 在NTP中禁用tinker panic 0有什么缺点？

5.1.1.4. What happens if the Reference Time changes?

Ideally the reference time is the same everywhere in the world. Once synchronized,there should not be any unexpected changes between the clock of the operating system and the reference clock. Therefore,NTP has no special methods to handle the situation.

Instead,ntpd’s reaction will depend on the offset between the local clock and the reference time. For a tiny offset ntpd will adjust the local clock as usual; for small and larger offsets,ntpd will reject the reference time for a while. In the latter case the operation system’s clock will continue with the last corrections effective while the new reference time is being rejected. After some time,small offsets (significantly less than a second) will be slewed (adjusted slowly),while larger offsets will cause the clock to be stepped (set anew). Huge offsets are rejected,and ntpd will terminate itself,believing something very strange must have happened.

在我当前的NTP配置中,也由puppet控制,我强制与服务器同步,在ntp.conf文件中,使用tinker panic,以及在守护进程设置(/ etc / sysconfig / ntpd)中,如ntpd(8)中所述手册页：

-g Normally,ntpd exits with a message to the system log if the offset exceeds the panic threshold,which is 1000 s by default. This option allows the time to be set to any value without restriction; however,this can happen only once. If the threshold is exceeded after that,ntpd will exit with a message to the system log. This option can be used with the -q and -x options.

我这样做是因为我可以信任我正在连接的NTP服务器.

适用于客户的模块的相关部分如下：

class ntp (
  $foo
  $bar
  ...
  ){

  $my_files = {
    'ntp.conf'      => {
      path    => '/etc/ntp.conf',content => template("ntp/ntp.conf.$template.erb"),selrole => 'object_r',seltype => 'net_conf_t',require => Package['ntp'],},'ntp-sysconfig' => {
      path    => '/etc/sysconfig/ntpd',source  => 'puppet:///modules/ntp/ntp-sysconfig',...
  }

  $my_files_defaults = {
    ensure   => file,owner    => 'root',group    => 'root',mode     => '0644',selrange => 's0',selrole  => 'object_r',seltype  => 'etc_t',seluser  => 'system_u',}

  create_resources(file,$my_files,$my_files_defaults)

  exec { 'ntp initial clock set':
    command     => '/usr/sbin/ntpd -g -q -u ntp:ntp',refreshonly => true,timeout     => '-1',subscribe   => File['/etc/ntp.conf'],}

}

并且引用文件的内容是：

$cat devops/puppet/modules/ntp/files/ntp-sysconfig
# Drop root to id 'ntp:ntp' by default.
OPTIONS="-u ntp:ntp -p /var/run/ntpd.pid -g -a"

和：

$cat devops/puppet/modules/ntp/templates/ntp.conf.RedHat.erb
# HEADER: This file was autogenerated by puppet.
# HEADER: While it can still be managed manually,it
# HEADER: is definitely not recommended.
tinker panic 0
<% server.each do |ntpserver| -%>
server <%= ntpserver %> autokey
<% end -%>
server  127.127.1.0     # local clock
fudge   127.127.1.0 stratum 10
driftfile /var/lib/ntp/drift
crypto pw hunter2
crypto randfile /dev/urandom
keysdir /etc/ntp

这里没有hiera部分,但你明白了.