Re: [PLUG] ntp

Isaac Bennetch on 8 Jul 2015 11:52:11 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] ntp

From: Isaac Bennetch <bennetch@gmail.com>
To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Subject: Re: [PLUG] ntp
Date: Wed, 8 Jul 2015 14:52:04 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:references:from:content-type:in-reply-to:message-id:date:to :content-transfer-encoding:mime-version; bh=hrsR+mi0ZKD3u7BDNPOUaxyu3SF3/SDV35l2n3/+BGY=; b=KvFsAMcPpAkaUMJYpm7vm7zBuxdmlGLgcOXPP1HNjBZsWX3wtEVn2uY0KoBpxXBvge yXdeOgR7RZ8fXQRHE0OMXOAvBMjtbjapAvtYboZOX3bUFyLnP7d7EBCSLEe9nThmDQfQ Kk0zVOVS9c0+brqej/PQSjPOiqvwO5DcKMcJeiQhwgxldsfTrmDi70APV6RcDMVHEKc3 2z6OMh7Q31KxDwnOcmlWrlQnzwstKa5Y0ZWLc3/y96UC8Er047LM3TSsNP3Kgma34xel NcyBq5a0zXBirN7dnPjSqdcQqxGo8SSwia8PW0xxgRHhwM10J2XuhjznJvCnOFtFls88 TjmQ==
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>

JP and others, thanks for the great information. I knew using ntpdate was a workaround but looks like I should reevaluate that choice and do it the right way.

Best,
Isaac



> On Jul 8, 2015, at 2:40 PM, JP Vossen <jp@jpsdomain.org> wrote:
> 
> Ohhh, that's...bad...
> 
> Running `ntpdate` periodically can be dangerous and is the WRONG answer
> if the server hosts any kind of database or anything time sensitive
> (even arguably just logs).  Large jumps forward in time can be bad
> enough, but if it adjusts backwards it can really be a problem.
> 
> Just use NTP, do not use ntpdate [1].
> https://lists.debian.org/debian-user/2002/12/msg04091.html
> https://www.redhat.com/archives/nahant-list/2005-December/msg00009.html
> 
> Aside from the general wrongness of the answer, `ntpdate` is deprecated:
>    http://support.ntp.org/bin/view/Dev/DeprecatingNtpdate
> 
> That said, VMs can be tricky.  VMware tools has a "keep in sync" option
> but even they recommend using NTP:
>    http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1006427
>    "VMware recommends using NTP instead of VMware Tools periodic time
> synchronization. NTP is an industry standard and ensures accurate
> timekeeping in your guest..."
> 
> I can't speak to other virtualization, but I'm positive solutions exist
> if NTP isn't the right answer.
> 
> Once in sync NTP should not "slip" and if it does it should certainly
> not slip more than 1,000 seconds ([1] and `man ntpd`, then search for
> -g).  See also `ntptrace` `ntpstat` or `ntpq -pn` depending on distro
> flavor and age.
> 
> 
> [1] You used to use `ntpdate` at boot time to get the system clock close
> enough that NTP would keep it in sync.  Probably some distros still do that.
> 
> NTP itself will refuse to adjust larger than the "panic threshold,"
> which is 1000s by default.  It used to not be to clear about why it
> wasn't working, and ntpdate used to be more clear.  That has hopefully
> improved, but I can't swear to it.  My NTP, virtual or otherwise, Just
> Works.
> 
> 
>> On 07/08/2015 02:35 PM, Eric Lucas wrote:
>> About 2 years ago I worked, briefly, with some systems using ntp.  Turns
>> out if the time is off by some small amount (less than a minute IIRC),
> 
> 1,000 seconds per the man page I was just looking at in Debian 7.
> 
>> it simply stops changing the target system's time because it "thinks"
>> something is drastically wrong.
>> 
>> Seems like a cron job to re-sync is a good idea to me.
>> 
>> Eric
>> 
>> On Wed, Jul 8, 2015 at 2:24 PM, Keith C. Perry
>> <kperry@daotechnologies.com <mailto:kperry@daotechnologies.com>> wrote:
>> 
>>    I hope you're saying that in jest Walt.  In my experience ntpd slips
>>    way too much.  Once clocks get out of sync by too much ntpd won't
>>    nudge it back and that can happens more often than not on
>>    interactive and poorly tuned HPC nodes.
>> 
>>    You can have the same issue on system boots.
>> 
>>    My apologies if I'm misinterpreting tone.
>> 
>> 
>>    ----- Original Message -----
>>    From: "Walt Mankowski" <waltman@pobox.com <mailto:waltman@pobox.com>>
>>    To: plug@lists.phillylinux.org <mailto:plug@lists.phillylinux.org>
>>    Sent: Wednesday, July 8, 2015 2:15:39 PM
>>    Subject: Re: [PLUG] ntp
>> 
>>    But...but...
>> 
>>    You do realize that's essentially what ntpd does, only ntpd does it
>>    way better, right?
>> 
>>    Right?
>> 
>>>    On Wed, Jul 08, 2015 at 01:37:59PM -0400, Keith C. Perry wrote:
>>> That's what I do. Run "ntpdate us.pool.ntp.org
>>    <http://us.pool.ntp.org>" every 4 to 6 hours on critical / core systems.
>>> 
>>> 
>>> 
>>> From: "Bill East" <wm.east@gmail.com <mailto:wm.east@gmail.com>>
>>> To: "Philadelphia Linux User's Group Discussion List"
>>    <plug@lists.phillylinux.org <mailto:plug@lists.phillylinux.org>>
>>> Sent: Wednesday, July 8, 2015 1:35:29 PM
>>> Subject: Re: [PLUG] ntp
>>> 
>>> 
>>> 
>>> I just had to deal with a vendor installation which was about 4
>>    seconds off the ntp server it was supposed to be synced with. Come
>>    to find out the vendor ran a ntpdate command once a day and the vm
>>    was drifting 4 seconds in the 24 hours between. Their solution was
>>    to run the command once an hour instead.
>>>> On Jul 8, 2015 1:13 PM, "Eric Riese" < eric.riese@gmail.com
>>>    <mailto:eric.riese@gmail.com> > wrote:
>>> 
>>> 
>>> 
>>> So I just noticed that my KVM server's clocks were way off. The
>>    host OS was 4 minutes behind time.gov <http://time.gov> and the
>>    guests were 4 minutes ahead of time.gov <http://time.gov> .
>>> 
>>> Turns out the host did not have ntp installed at all. It's Ubuntu
>>    12.04 and was installed as some sort of minimal installation. A sudo
>>    apt-get install ntp and five minutes later it's in good shape.
>>> 
>>> The guests are debian installs from turnkeylinux.org
>>    <http://turnkeylinux.org> and they have ntp installed but were not
>>    running by default!
>>> 
>>> To think, Google runs it's own internal NTP servers and had to
>>    spread the leap second out over a day, and I'm off by whole minutes!
> 
> 
> Later,
> JP
> ----------------------------|:::======|-------------------------------
> JP Vossen, CISSP            |:::======|      http://bashcookbook.com/
> My Account, My Opinions     |=========|      http://www.jpsdomain.org/
> ----------------------------|=========|-------------------------------
> "Microsoft Tax" = the additional hardware & yearly fees for the add-on
> software required to protect Windows from its own poorly designed and
> implemented self, while the overhead incidentally flattens Moore's Law.
> ___________________________________________________________________________
> Philadelphia Linux Users Group         --        http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

References:
- [PLUG] ntp
  - From: Eric Riese <eric.riese@gmail.com>
- Re: [PLUG] ntp
  - From: Bill East <wm.east@gmail.com>
- Re: [PLUG] ntp
  - From: "Keith C. Perry" <kperry@daotechnologies.com>
- Re: [PLUG] ntp
  - From: Walt Mankowski <waltman@pobox.com>
- Re: [PLUG] ntp
  - From: "Keith C. Perry" <kperry@daotechnologies.com>
- Re: [PLUG] ntp
  - From: Eric Lucas <eric@lucii.org>
- Re: [PLUG] ntp
  - From: JP Vossen <jp@jpsdomain.org>

Prev by Date: Re: [PLUG] ntp
Next by Date: Re: [PLUG] ntp
Previous by thread: Re: [PLUG] ntp
Next by thread: Re: [PLUG] ntp
Index(es):
- Date
- Thread