Keith C. Perry on 8 Jul 2015 13:32:49 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
Re: [PLUG] ntp |
Great info! After reviewing the man page myself on some of my servers, looks like I have a capable build. Problem is, its not working for me. ntpd -gxq nor ntpd -xq (which should be able to run when the ntpd daemon is running). I'll have to play around with it or upgrade those servers. ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Keith C. Perry, MS E.E. Owner, DAO Technologies LLC (O) +1.215.525.4165 x2033 (M) +1.215.432.5167 www.daotechnologies.com ----- Original Message ----- From: "JP Vossen" <jp@jpsdomain.org> To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org> Sent: Wednesday, July 8, 2015 3:50:24 PM Subject: Re: [PLUG] ntp VMs and laptops (that sleep) can be troublesome. This has some good discussion: http://askubuntu.com/questions/138916/why-is-ubuntus-clock-getting-slower-or-faster. You can run `ntpd -gxq` which is basically the same as `ntpdate` early during boot and resume. You can nuke your drift file and let it rebuild to see if that helps. You can add -g to your system options (where varies by distro), but per `man ntpd` it's one time only: -g Normally, ntpd exits with a message to the system log if the offset exceeds the panic threshold, which is 1000 s by default. This option allows the time to be set to any value without restriction; however, this can happen only once. If the thresh- old is exceeded after that, ntpd will exit with a message to the system log. This option can be used with the -q and -x options. -P priority To the extent permitted by the operating system, run the ntpd at the specified priority. I do run this in cron to keep an eye on things. But I only ever get notified during reboots until it syncs up, or if wireless goes out for a while or something and a client can't sync. 25 * * * * ntptrace 2> /dev/null | head -n1 | perl -ne 'm/^[\w.]+: stratum (\d+),/ or next; print qq(NTP not in sync: $_) if ( $1 > 5 );' Basically, that makes sure the local machine is stratum 5 or lower. All my machines except my internal NTP server usually are stratum 4. I use 4 "server" lines to the Debian pool on my NTP server and that's stratum 3. `ntptrace` looks like the following. Note there was an NTP amplification/reflection vulnerability a couple of years ago (https://www.us-cert.gov/ncas/alerts/TA14-013A) that caused most folks to turn off monitoring, so now you mostly get "***Request timed out". As long as you are not stratum 16 you are OK. Lower is better to a point, but stratum 1 requires an external time source (usually GPS). $ ntptrace localhost.localdomain: stratum 4, offset -0.000896, synch distance 0.013087 192.168.nnn.nnn: timed out, nothing received ***Request timed out See also https://en.wikipedia.org/wiki/Network_Time_Protocol and note that NTP was written and maintained by a guy locally a UDel. Given packet switched networks and latency it's really fascinating stuff. (Heh, maybe he'd come do a talk?) On 07/08/2015 02:53 PM, Keith C. Perry wrote: > Right but to me that is still better than continuing to drift because a workload prevented accurate time keeping. > > I think someone mentioned this already. This probably needs to be configurable for either case- either keep the time on track absolutely or keep the 1000s (or some other configurable tolerance). Be able to notify if an absolute snap back is over a certain tolerance or if you will NOT snap the time back because of a tolerance exceeded respectively. > > Maybe this is already available? > > > ----- Original Message ----- > From: "JP Vossen" <jp@jpsdomain.org> > To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org> > Sent: Wednesday, July 8, 2015 2:47:15 PM > Subject: Re: [PLUG] ntp > > Right, sudden jumps in time are BAD, and that's exactly what running > `ntpdate` from cron does... :-) > > On 07/08/2015 02:44 PM, Josh Zenker wrote: >> The reason for this behavior, if I remember correctly, is to avoid >> breaking certain applications which do not gracefully handle sudden >> changes to the system clock. >> >> About 2 years ago I worked, briefly, with some systems using ntp. Turns >> out if the time is off by some small amount (less than a minute IIRC), >> it simply stops changing the target system's time because it "thinks" >> something is drastically wrong. >> >> Seems like a cron job to re-sync is a good idea to me. >> >> Eric >> >> On Wed, Jul 8, 2015 at 2:24 PM, Keith C. Perry >> <kperry@daotechnologies.com <mailto:kperry@daotechnologies.com>> wrote: >> >> I hope you're saying that in jest Walt. In my experience ntpd slips >> way too much. Once clocks get out of sync by too much ntpd won't >> nudge it back and that can happens more often than not on >> interactive and poorly tuned HPC nodes. >> >> You can have the same issue on system boots. >> >> My apologies if I'm misinterpreting tone. >> >> ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ >> Keith C. Perry, MS E.E. >> Owner, DAO Technologies LLC >> (O) +1.215.525.4165 x2033 <tel:%2B1.215.525.4165%20x2033> >> (M) +1.215.432.5167 <tel:%2B1.215.432.5167> >> www.daotechnologies.com <http://www.daotechnologies.com> >> >> ----- Original Message ----- >> From: "Walt Mankowski" <waltman@pobox.com <mailto:waltman@pobox.com>> >> To: plug@lists.phillylinux.org <mailto:plug@lists.phillylinux.org> >> Sent: Wednesday, July 8, 2015 2:15:39 PM >> Subject: Re: [PLUG] ntp >> >> But...but... >> >> You do realize that's essentially what ntpd does, only ntpd does it >> way better, right? >> >> Right? >> >> On Wed, Jul 08, 2015 at 01:37:59PM -0400, Keith C. Perry wrote: >> > That's what I do. Run "ntpdate us.pool.ntp.org >> <http://us.pool.ntp.org>" every 4 to 6 hours on critical / core systems. >> > >> > >> > ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ >> > Keith C. Perry, MS E.E. >> > Owner, DAO Technologies LLC >> > (O) +1.215.525.4165 x2033 <tel:%2B1.215.525.4165%20x2033> >> > (M) +1.215.432.5167 <tel:%2B1.215.432.5167> >> > www.daotechnologies.com <http://www.daotechnologies.com> >> > >> > >> > From: "Bill East" <wm.east@gmail.com <mailto:wm.east@gmail.com>> >> > To: "Philadelphia Linux User's Group Discussion List" >> <plug@lists.phillylinux.org <mailto:plug@lists.phillylinux.org>> >> > Sent: Wednesday, July 8, 2015 1:35:29 PM >> > Subject: Re: [PLUG] ntp >> > >> > >> > >> > I just had to deal with a vendor installation which was about 4 >> seconds off the ntp server it was supposed to be synced with. Come >> to find out the vendor ran a ntpdate command once a day and the vm >> was drifting 4 seconds in the 24 hours between. Their solution was >> to run the command once an hour instead. >> > On Jul 8, 2015 1:13 PM, "Eric Riese" < eric.riese@gmail.com >> <mailto:eric.riese@gmail.com> > wrote: >> > >> > >> > >> > So I just noticed that my KVM server's clocks were way off. The >> host OS was 4 minutes behind time.gov <http://time.gov> and the >> guests were 4 minutes ahead of time.gov <http://time.gov> . >> > >> > Turns out the host did not have ntp installed at all. It's Ubuntu >> 12.04 and was installed as some sort of minimal installation. A sudo >> apt-get install ntp and five minutes later it's in good shape. >> > >> > The guests are debian installs from turnkeylinux.org >> <http://turnkeylinux.org> and they have ntp installed but were not >> running by default! >> > >> > To think, Google runs it's own internal NTP servers and had to >> spread the leap second out over a day, and I'm off by whole minutes! Later, JP ----------------------------|:::======|------------------------------- JP Vossen, CISSP |:::======| http://bashcookbook.com/ My Account, My Opinions |=========| http://www.jpsdomain.org/ ----------------------------|=========|------------------------------- "Microsoft Tax" = the additional hardware & yearly fees for the add-on software required to protect Windows from its own poorly designed and implemented self, while the overhead incidentally flattens Moore's Law. ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug