[PLUG] Dumb script question
Bill Thoen
bthoen at gisnet.com
Mon Apr 19 22:58:25 UTC 2010
Marvin Kosmal wrote:
> All
>
> I was assuming the OP was not running NTPD and was using ntpdate to
> set system time
>
> <quote>
> ntpdate can be run manually as necessary to set the host clock, or it
> can be run from the host startup script to set the clock at boot time.
> This is useful in some cases to set the clock initially before starting
> the NTP daemon ntpd. It is also possible to run ntpdate from a cron
> script. However, it is important to note that ntpdate with contrived
> cron scripts is no substitute for the NTP daemon, which uses sophisti-
> cated algorithms to maximize accuracy and reliability while minimizing
> resource use. Finally, since ntpdate does not discipline the host clock
> frequency as does ntpd, the accuracy using ntpdate is limited.
> </quote>
>
> So I don't see anything wrong with running ntpdate or rdate once a day
> if you want.. Given NTPD would be better... Probably not a critical
> issue??
>
It all depends on how much your time gets shifted suddenly when you use
ntpdate. I learned the hard way when that happens all Hell breaks loose
on a server. If your time kicks backwards by as little as 110 seconds
all of a sudden, Dovecot will panic and kill itself-- it even announced
in the log that it was "going to kill myself"), so you lose your IMAP
connections right away. Other software starts whinging too. The RBL spam
blocker I had running suddenly started "synchronizing" with its friends
in Berkeley and elsewhere every few minutes (and since I didn't know at
the time what this "synchronizing" was all about and coincidentally I
was just then getting hit with a super large volume of spam (53Mb as it
turned out, over a couple of hours ). Every daemon starting writing log
entries at once. Then the Amavis daemon (virus checker) gave up its
ghost and keeled over dead. I was also getting hundreds of error
messages from Named like: "validating @0x7f82840008c0: 115.in-addr.arpa
DNSKEY: bad cache hit (115.in-addr.arpa/DS): 1 Time(s)". XNTPD got
killed too after complaining about "no servers reachable", and
"...cannot be used reason: temporary failure in name resolution." (the
DNS stopped working too.)
I'm not a wizard at the sysadmin stuff so I 'm not sure if it was the
boatload of spam that washed in over the transom just as the time
change incident occurred, or if it was just the sudden time shift alone,
or both, but it really rocked /my/ boat. But as I RTFM'ed the Dovecot
docs later ttrying to figure out WTF happened the section in
TimeMovedBackwards on Dvoecot's wiki
(http://wiki.dovecot.org/TimeMovedBackwards) explains all the horrible
things that could happen and make Dovecot's best option being just to
fall upon its sword.
But I did learn one lesson clearly. Don't fool around with 'date'
--especially the -s option-- when you're logged in as root so you can
tinker with a script that has to run as root!
Bill Thoen
GISnet - www.gisnet.com
1401 Walnut St., Suite C
Boulder, CO 80302
303-786-9961 tel
303-443-4856 fax
More information about the PLUG
mailing list