Force a time synchronization during the early phases of ignition

Question

Force a time synchronization during the early phases of ignition

Valdenhub opened this issue 2 years ago · comments

Feature Request

Without an in-sync system clock it's impossible to access remote https sources reliably, because the default time on a bare metal system might be out of bounds of the target certificate validity period, leading into "X509 certificate expired or not yet valid" errors.

An example use case is having a simple init ignition on your boot disk that replaces or merges itself with one from a remote https source.

Environment

Bare Metal (Raspberry Pi in my case)

Desired Feature

Force a time synchronization with NTP/NTPS during the early phases of ignition, before making any https requests.
Configure the target NTP/NTPS server

Other Information

Original misplaced fcos issue: coreos/fedora-coreos-tracker#1323

Colin Walters · Answer 1 · Wed Oct 19 2022 20:15:31 GMT+0800 (China Standard Time)

related openshift/machine-config-operator#629

Benjamin Gilbert · Answer 2 · Thu Oct 20 2022 00:28:42 GMT+0800 (China Standard Time)

Duplicate of #870.