Force a time synchronization during the early phases of ignition
Valdenhub opened this issue · comments
Ville Salmén commented
Feature Request
Without an in-sync system clock it's impossible to access remote https sources reliably, because the default time on a bare metal system might be out of bounds of the target certificate validity period, leading into "X509 certificate expired or not yet valid" errors.
An example use case is having a simple init ignition on your boot disk that replaces or merges itself with one from a remote https source.
Environment
- Bare Metal (Raspberry Pi in my case)
Desired Feature
- Force a time synchronization with NTP/NTPS during the early phases of ignition, before making any https requests.
- Configure the target NTP/NTPS server
Other Information
Original misplaced fcos issue: coreos/fedora-coreos-tracker#1323
Colin Walters commented
Benjamin Gilbert commented
Duplicate of #870.