| JP Vossen on 8 Jul 2015 12:50:30 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] ntp |
VMs and laptops (that sleep) can be troublesome. This has some good
discussion:
http://askubuntu.com/questions/138916/why-is-ubuntus-clock-getting-slower-or-faster.
You can run `ntpd -gxq` which is basically the same as `ntpdate` early
during boot and resume.
You can nuke your drift file and let it rebuild to see if that helps.
You can add -g to your system options (where varies by distro), but per
`man ntpd` it's one time only:
-g Normally, ntpd exits with a message to the system log if the
offset exceeds the panic threshold, which is 1000 s by default.
This option allows the time to be set to any value without
restriction; however, this can happen only once. If the thresh-
old is exceeded after that, ntpd will exit with a message to the
system log. This option can be used with the -q and -x options.
-P priority
To the extent permitted by the operating system, run the ntpd at
the specified priority.
I do run this in cron to keep an eye on things. But I only ever get
notified during reboots until it syncs up, or if wireless goes out for a
while or something and a client can't sync.
25 * * * * ntptrace 2> /dev/null | head -n1 | perl -ne 'm/^[\w.]+:
stratum (\d+),/ or next; print qq(NTP not in sync: $_) if ( $1 > 5 );'
Basically, that makes sure the local machine is stratum 5 or lower. All
my machines except my internal NTP server usually are stratum 4. I use
4 "server" lines to the Debian pool on my NTP server and that's stratum 3.
`ntptrace` looks like the following. Note there was an NTP
amplification/reflection vulnerability a couple of years ago
(https://www.us-cert.gov/ncas/alerts/TA14-013A) that caused most folks
to turn off monitoring, so now you mostly get "***Request timed out".
As long as you are not stratum 16 you are OK. Lower is better to a
point, but stratum 1 requires an external time source (usually GPS).
$ ntptrace
localhost.localdomain: stratum 4, offset -0.000896, synch distance 0.013087
192.168.nnn.nnn: timed out, nothing received
***Request timed out
See also https://en.wikipedia.org/wiki/Network_Time_Protocol and note
that NTP was written and maintained by a guy locally a UDel. Given
packet switched networks and latency it's really fascinating stuff.
(Heh, maybe he'd come do a talk?)
On 07/08/2015 02:53 PM, Keith C. Perry wrote:
> Right but to me that is still better than continuing to drift because a workload prevented accurate time keeping.
>
> I think someone mentioned this already. This probably needs to be configurable for either case- either keep the time on track absolutely or keep the 1000s (or some other configurable tolerance). Be able to notify if an absolute snap back is over a certain tolerance or if you will NOT snap the time back because of a tolerance exceeded respectively.
>
> Maybe this is already available?
>
>
> ----- Original Message -----
> From: "JP Vossen" <jp@jpsdomain.org>
> To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
> Sent: Wednesday, July 8, 2015 2:47:15 PM
> Subject: Re: [PLUG] ntp
>
> Right, sudden jumps in time are BAD, and that's exactly what running
> `ntpdate` from cron does... :-)
>
> On 07/08/2015 02:44 PM, Josh Zenker wrote:
>> The reason for this behavior, if I remember correctly, is to avoid
>> breaking certain applications which do not gracefully handle sudden
>> changes to the system clock.
>>
>> About 2 years ago I worked, briefly, with some systems using ntp. Turns
>> out if the time is off by some small amount (less than a minute IIRC),
>> it simply stops changing the target system's time because it "thinks"
>> something is drastically wrong.
>>
>> Seems like a cron job to re-sync is a good idea to me.
>>
>> Eric
>>
>> On Wed, Jul 8, 2015 at 2:24 PM, Keith C. Perry
>> <kperry@daotechnologies.com <mailto:kperry@daotechnologies.com>> wrote:
>>
>> I hope you're saying that in jest Walt. In my experience ntpd slips
>> way too much. Once clocks get out of sync by too much ntpd won't
>> nudge it back and that can happens more often than not on
>> interactive and poorly tuned HPC nodes.
>>
>> You can have the same issue on system boots.
>>
>> My apologies if I'm misinterpreting tone.
>>
>> ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
>> Keith C. Perry, MS E.E.
>> Owner, DAO Technologies LLC
>> (O) +1.215.525.4165 x2033 <tel:%2B1.215.525.4165%20x2033>
>> (M) +1.215.432.5167 <tel:%2B1.215.432.5167>
>> www.daotechnologies.com <http://www.daotechnologies.com>
>>
>> ----- Original Message -----
>> From: "Walt Mankowski" <waltman@pobox.com <mailto:waltman@pobox.com>>
>> To: plug@lists.phillylinux.org <mailto:plug@lists.phillylinux.org>
>> Sent: Wednesday, July 8, 2015 2:15:39 PM
>> Subject: Re: [PLUG] ntp
>>
>> But...but...
>>
>> You do realize that's essentially what ntpd does, only ntpd does it
>> way better, right?
>>
>> Right?
>>
>> On Wed, Jul 08, 2015 at 01:37:59PM -0400, Keith C. Perry wrote:
>> > That's what I do. Run "ntpdate us.pool.ntp.org
>> <http://us.pool.ntp.org>" every 4 to 6 hours on critical / core systems.
>> >
>> >
>> > ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
>> > Keith C. Perry, MS E.E.
>> > Owner, DAO Technologies LLC
>> > (O) +1.215.525.4165 x2033 <tel:%2B1.215.525.4165%20x2033>
>> > (M) +1.215.432.5167 <tel:%2B1.215.432.5167>
>> > www.daotechnologies.com <http://www.daotechnologies.com>
>> >
>> >
>> > From: "Bill East" <wm.east@gmail.com <mailto:wm.east@gmail.com>>
>> > To: "Philadelphia Linux User's Group Discussion List"
>> <plug@lists.phillylinux.org <mailto:plug@lists.phillylinux.org>>
>> > Sent: Wednesday, July 8, 2015 1:35:29 PM
>> > Subject: Re: [PLUG] ntp
>> >
>> >
>> >
>> > I just had to deal with a vendor installation which was about 4
>> seconds off the ntp server it was supposed to be synced with. Come
>> to find out the vendor ran a ntpdate command once a day and the vm
>> was drifting 4 seconds in the 24 hours between. Their solution was
>> to run the command once an hour instead.
>> > On Jul 8, 2015 1:13 PM, "Eric Riese" < eric.riese@gmail.com
>> <mailto:eric.riese@gmail.com> > wrote:
>> >
>> >
>> >
>> > So I just noticed that my KVM server's clocks were way off. The
>> host OS was 4 minutes behind time.gov <http://time.gov> and the
>> guests were 4 minutes ahead of time.gov <http://time.gov> .
>> >
>> > Turns out the host did not have ntp installed at all. It's Ubuntu
>> 12.04 and was installed as some sort of minimal installation. A sudo
>> apt-get install ntp and five minutes later it's in good shape.
>> >
>> > The guests are debian installs from turnkeylinux.org
>> <http://turnkeylinux.org> and they have ntp installed but were not
>> running by default!
>> >
>> > To think, Google runs it's own internal NTP servers and had to
>> spread the leap second out over a day, and I'm off by whole minutes!
Later,
JP
----------------------------|:::======|-------------------------------
JP Vossen, CISSP |:::======| http://bashcookbook.com/
My Account, My Opinions |=========| http://www.jpsdomain.org/
----------------------------|=========|-------------------------------
"Microsoft Tax" = the additional hardware & yearly fees for the add-on
software required to protect Windows from its own poorly designed and
implemented self, while the overhead incidentally flattens Moore's Law.
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug