/qubes-issues

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

rewrite qvm-sync-clock #1230

Closed
woju opened this Issue Sep 24, 2015 · 6 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
  Release 4.0
2 participants
@woju @qubesos-bot
@woju
Member

woju commented Sep 24, 2015
edited by marmarek
Edited 1 time
  • @marmarek marmarek edited Jun 30, 2017 (most recent)

This is not a simple port to Qubes 4.0 API. Time sync mechanism require a major rework.
Sketch of the new mechanism:

  • no longer call qvm-sync-clock from dom0 every 6 minutes
  • each VM call time sync qrexec service on its own (from cron, every 6h or so) to obtain current time
  • the service destination is $default (or empty - it's the same), later redirected by qrexec policy to appropriate clockvm
  • the service implementation should handle synchronization with actual network time sync (ntp or other) - especially around system suspend when its time could be way off
  • VM obtaining the time should carefully validate response and also a) be prepared to not receive time at all, or receive empty response (in this case schedule next time sync earlier than in 6h), b) service call being denied c) receive time very close to the current one (in this case it should not modify local time)

@woju woju self-assigned this Sep 24, 2015

@woju woju added this to the Release 4.0 milestone Sep 24, 2015

@woju woju added C: core task labels Sep 24, 2015

@marmarek marmarek unassigned woju Jun 30, 2017

marmarta added a commit to marmarta/qubes-core-agent-linux that referenced this issue Jul 6, 2017

@marmarta
clock synchronization rewrite 
clock synchronization mechanism rewritten to use systemd-timesync instead of NtpDate; at the moment, requires:
- modifying /etc/qubes-rpc/policy/qubes.GetDate to redirect GetDate to designated clockvm
- enabling clocksync service in clockvm ( qvm-features clockvm-name service/clocksync true )

Works as specified in issue listed below, except for:
- each VM synces with clockvm after boot and every 6h
- clockvm synces time with the Internet using systemd-timesync
- dom0 synces itself with clockvm every 1h (using cron)

fixes QubesOS/qubes-issues#1230
Verified
This commit was signed with a verified signature.
@marmarta marmarta Marta Marczykowska-Górecka
GPG key ID: 9A752C30B26FD04B Learn about signing commits
f55412c

marmarta added a commit to marmarta/qubes-core-admin-linux that referenced this issue Jul 6, 2017

@marmarta
clock synchronization rewrite 
clock synchronization mechanism rewritten to use systemd-timesync instead of NtpDate; at the moment, requires:
- modifying /etc/qubes-rpc/policy/qubes.GetDate to redirect GetDate to designated clockvm
- enabling clocksync service in clockvm ( qvm-features clockvm-name service/clocksync true )

Works as specified in issue listed below, except for:
- each VM synces with clockvm after boot and every 6h
- clockvm synces time with the Internet using systemd-timesync
- dom0 synces itself with clockvm every 1h (using cron)

fixes QubesOS/qubes-issues#1230
Verified
This commit was signed with a verified signature.
@marmarta marmarta Marta Marczykowska-Górecka
GPG key ID: 9A752C30B26FD04B Learn about signing commits
6d424f9

This was referenced Jul 6, 2017

Merged
Merged
Merged

@marmarek marmarek closed this in marmarek/qubes-core-admin@6da06d4 Jul 12, 2017

@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Jul 12, 2017

Automated announcement from builder-github

The package qubes-core-agent_4.0.5-1+deb8u1 has been pushed to the r4.0 testing repository for the Debian jessie template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing jessie-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

qubesos-bot commented Jul 12, 2017

Automated announcement from builder-github

The package qubes-core-agent_4.0.5-1+deb8u1 has been pushed to the r4.0 testing repository for the Debian jessie template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing jessie-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

@qubesos-bot qubesos-bot added the r4.0-jessie-cur-test label Jul 12, 2017

@qubesos-bot qubesos-bot referenced this issue in QubesOS/updates-status Jul 12, 2017

Closed

core-agent-linux v4.0.5 (r4.0) #132

@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Jul 12, 2017

Automated announcement from builder-github

The package qubes-core-agent_4.0.5-1+deb9u1 has been pushed to the r4.0 testing repository for the Debian stretch template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing stretch-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

qubesos-bot commented Jul 12, 2017

Automated announcement from builder-github

The package qubes-core-agent_4.0.5-1+deb9u1 has been pushed to the r4.0 testing repository for the Debian stretch template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing stretch-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

@qubesos-bot qubesos-bot added the r4.0-stretch-cur-test label Jul 12, 2017

@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Jul 12, 2017

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-4.0.5-1.fc24 has been pushed to the r4.0 testing repository for the Fedora fc24 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r4.0-current-testing

Changes included in this update

qubesos-bot commented Jul 12, 2017

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-4.0.5-1.fc24 has been pushed to the r4.0 testing repository for the Fedora fc24 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r4.0-current-testing

Changes included in this update

@qubesos-bot qubesos-bot added the r4.0-fc24-cur-test label Jul 12, 2017

@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Jul 12, 2017

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-4.0.5-1.fc25 has been pushed to the r4.0 testing repository for the Fedora fc25 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r4.0-current-testing

Changes included in this update

qubesos-bot commented Jul 12, 2017

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-4.0.5-1.fc25 has been pushed to the r4.0 testing repository for the Fedora fc25 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r4.0-current-testing

Changes included in this update

@qubesos-bot qubesos-bot added the r4.0-fc25-cur-test label Jul 12, 2017

@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Jul 18, 2017

Automated announcement from builder-github

The package qubes-core-dom0-linux-4.0.3-1.fc25 has been pushed to the r4.0 testing repository for dom0.
To test this update, please install it with the following command:

sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing

Changes included in this update

qubesos-bot commented Jul 18, 2017

Automated announcement from builder-github

The package qubes-core-dom0-linux-4.0.3-1.fc25 has been pushed to the r4.0 testing repository for dom0.
To test this update, please install it with the following command:

sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing

Changes included in this update

@qubesos-bot qubesos-bot added the r4.0-dom0-cur-test label Jul 18, 2017

@qubesos-bot qubesos-bot referenced this issue in QubesOS/updates-status Jul 18, 2017

Closed

core-admin-linux v4.0.3 (r4.0) #136

marmarek added a commit to marmarek/qubes-mgmt-salt-dom0-virtual-machines that referenced this issue Jul 18, 2017

@marmarek
enable clocksync service in sys-net 
This will enable whatever is responsible for time synchronization there.

QubesOS/qubes-issues#1230
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
c858ccd

@qubesos-bot qubesos-bot referenced this issue in QubesOS/updates-status Jul 18, 2017

Closed

mgmt-salt-dom0-virtual-machines v4.0.2 (r4.0) #138

@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Jul 18, 2017

Automated announcement from builder-github

The package qubes-core-dom0-4.0.2-1.fc25 has been pushed to the r4.0 testing repository for dom0.
To test this update, please install it with the following command:

sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing

Changes included in this update

qubesos-bot commented Jul 18, 2017

Automated announcement from builder-github

The package qubes-core-dom0-4.0.2-1.fc25 has been pushed to the r4.0 testing repository for dom0.
To test this update, please install it with the following command:

sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing

Changes included in this update

@qubesos-bot qubesos-bot added the r4.0-dom0-cur-test label Jul 18, 2017

@qubesos-bot qubesos-bot referenced this issue in QubesOS/updates-status Jul 18, 2017

Closed

core-admin v4.0.2 (r4.0) #144

marmarek added a commit to marmarek/qubes-core-admin that referenced this issue Jul 28, 2017

@marmarek
app: update handling features/service os ClockVM 
Threis no more ntpd service used - new approach do not conflict with
ntpd. Because of this, new feature is named 'service.clocksync', and
should be _enabled_ in ClockVM ('ntpd' was disabled there).

QubesOS/qubes-issues#1230
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
f3fbd1e

marmarek added a commit to marmarek/qubes-core-admin that referenced this issue Jul 28, 2017

@marmarek
app: update handling features/service os ClockVM 
Threis no more ntpd service used - new approach do not conflict with
ntpd. Because of this, new feature is named 'service.clocksync', and
should be _enabled_ in ClockVM ('ntpd' was disabled there).

QubesOS/qubes-issues#1230
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
e738a75

@qubesos-bot qubesos-bot referenced this issue in QubesOS/updates-status Jul 29, 2017

Closed

core-admin v4.0.3 (r4.0) #157

@jpouellet jpouellet referenced this issue May 30, 2018

Closed

Some VMs' clocks fall behind (separate problems with updates to qubes-rpc/policy definitions & qrexec-policy evaluation) #3940

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment