-
Notifications
You must be signed in to change notification settings - Fork 119
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
systemd/timeinit: add HTTPS time synchronisation service #2360
Conversation
Can one of the admins verify this patch? |
@balena-ci rebase |
e6d6257
to
e2e8ed3
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks good Mark
@balena-ci rebase |
e2e8ed3
to
7133137
Compare
@balena-ci rebase |
7133137
to
1d7520b
Compare
1d7520b
to
1536144
Compare
@resin-jenkins retest this please |
@balena-ci rebase |
1536144
to
20aa4a2
Compare
@resin-jenkins retest this please |
1 similar comment
@resin-jenkins retest this please |
@balena-ci rebase |
20aa4a2
to
708cdb8
Compare
@balena-ci rebase |
708cdb8
to
f5d9705
Compare
@balena-ci rebase |
f5d9705
to
4cbaa65
Compare
@balena-ci rebase |
4cbaa65
to
86c13e4
Compare
@resin-jenkins retest this please |
@balena-ci rebase |
86c13e4
to
bff4e54
Compare
@balena-ci rebase |
bff4e54
to
07eacef
Compare
@resin-jenkins retest this please |
@balena-ci rebase |
07eacef
to
debd4fb
Compare
@balena-ci rebase |
debd4fb
to
70eb582
Compare
Add a new timesync-https systemd service to synchronise the system time at boot using an HTTPS header. The service uses curl to request an HTTPS header from either $API_ENDPOINT/connectivity-check (default) or the URL defined by the os.network.connectivity.uri field in config.json. The URL used *must* return HTTP code 204 (No Content) in response to a request so that we can determine that we have full network connectivity and are not operating behind a captive portal. The date field returned by a valid header is used to set the current system time. The date/time derived from the header is assumed to be a reasonable source of 'truth' such that it can be used to adjust the system time both backwards and forwards. This will compensate for any erroneous timestamps saved via fake-hwclock or any invalid data read from an RTC. The service will exit when a valid response has been received. Poll attempts will be made at an increasing interval starting at 2s and doubling up to a maximum of 64s. Polling will continue at the maximum interval until a valid response has been received. This service will provide initial time synchronisation for devices where NTP ports have been blocked. For devices where NTP access is available it should ensure that any system 'time jump' is only a few seconds when NTP synchronisation is eventually achieved. It also allows other services to start with a reasonably accurate time without having to wait for the NTP synchronisation process to complete. Services that are ordered after the new time-sync-https-wait target can be sure that full network connectivity has been achieved and that time has been synchronised with an accuracy of a few seconds. Change-type: minor Connects-to: #1337 #1776 #2044 #2139 Signed-off-by: Mark Corbin <mark@balena.io>
70eb582
to
2bb1870
Compare
Is there any way to tell which Balena OS version this change will feature in? |
Hi @Maggie0002, it can be told either from the CHANGELOG or the git history itself - it will be included with v2.88.0. |
Add a new timesync-https systemd service to synchronise the system time at boot using an HTTPS header. The service uses curl to request an HTTPS header from either $API_ENDPOINT/connectivity-check (default) or the URL defined by the os.network.connectivity.uri field in config.json. The URL used must return HTTP code 204 (No Content) in response to a request so that we can determine that we have full network connectivity and are not operating behind a captive portal.
The date field returned by a valid header is used to set the current system time. The date/time derived from the header is assumed to be a reasonable source of 'truth' such that it can be used to adjust the system time both backwards and forwards. This will compensate for any erroneous timestamps saved via fake-hwclock or any invalid data read from an RTC.
The service will exit when a valid response has been received. Poll attempts will be made at an increasing interval starting at 2s and doubling up to a maximum of 64s. Polling will continue at the maximum interval until a valid response has been received.
This service will provide initial time synchronisation for devices where NTP ports have been blocked. For devices where NTP access is available it should ensure that any system 'time jump' is only a few seconds when NTP synchronisation is eventually achieved. It also allows other services to start with a reasonably accurate time without having to wait for the NTP synchronisation process to complete.
Services that are ordered after the new time-sync-https-wait target can be sure that full network connectivity has been achieved and that time has been synchronised with an accuracy of a few seconds.
Change-type: minor
Connects-to: #1337 #1776 #2044 #2139
Signed-off-by: Mark Corbin mark@balena.io
--
Tested on a RPi3 under balenaOS 2.85.2+rev5 as follows:
In all test cases the
timesync-https
service was observed to have set the time to within 1.5 seconds of the time subsequently obtained bychrony
.Contributor checklist
Change-type
present on at least one commitSigned-off-by
is presentReviewer Guidelines