[nycbug-talk] sys/systm.h

Miles Nordin carton at Ivy.NET
Tue Apr 28 15:21:48 EDT 2009 

>>>>> "ak" == Andy Kosela <akosela at andykosela.com> writes:
>>>>> "pw" == Pete Wright <pete at nomadlogic.org> writes:

    ak> I would be careful with issuing 'ntpdate -b' as it uses
    ak> settimeofday(2) on production servers.  I remember crashing
    ak> dovecot and mySQL this way.

it will also break Quagga adjacencies.  Any program it breaks is
miscoded: there are timer interfaces that work even when the clock is
reset, like setitimer, alarm, and timer_create/timer_settime with
CLOCK_MONOTONIC.  but a lot of these old BASIC programmers just
gettimeofday, add five minutes, set an alarm clock.  quagga has a
whole baroque abstracted timer factory inside it coded upon this
foolish foundation, and integrated to their Windows 3.1-style
cooperative threading model.  If they were cooking eggs in their
kitchen they would know better than to do something so dumb (since not
every clock in the house will agree), but for some reason when they
sit down at a keyboard they ``just want to get things done'' and if
the eggs come out right one time their eyes glaze over and they go off
to snarf down some more chocolate ice cream.

to be fair, the Quagga maintainer, he was like ``good point.  we don't
have the timer_create on all OS we support, but it could be rewritten
with setitimer, which would not stop the synchronization of hello
messages but at least would make it robust to clock resets.  do it and
I'll import it.'' and I never did it---I just take care when resetting
the clock on nodes that run Quagga because sysadmining around this
nest of problems is easy and programming is hard.  also I wasn't
really interested in rewriting it from one broken interfacec to
another.  I wanted to write it in timer_create to fix the HELLO
message synchronization problem, and he made it clear that patch would
not be accepted.  but...yeah...laziness.  :(

    pw> oh yea - good point.  not something you'd want to call from
    pw> rc.local eh? :)

no, Pete, you're missing the point.  That's exactly where you do want
to call it, before dovecot and mysql and quagga and other fragile
programs are started.  What you arguably should not do, is emulate
these ex-auto-mechanics who fire off rdate every five minutes from
cron because they ran into one of ntpd's failsafes, didn't understand
why it was put there, and no longer trust ntpd.

not that i trust ntpd.  but...yeah...i think you should use ntpd!

just...maybe have some other auto-mechanic-like mechanism to alert you
when clocks are off, instead of trusting ntpd will let you forget
about clocks, because ntpd seems to have all kinds of reasons for
silently failing, some legitimate some not.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 304 bytes
Desc: not available
URL: <http://lists.nycbug.org/pipermail/talk/attachments/20090428/31921731/attachment.bin>

More information about the talk mailing list