First make sure you have ntp package installed in all your servers
rpm -qa |grep ntp-4
Make sure your firewall is stopped
service iptables stop
service ip6tables stop
chkconfig iptables off
chkconfig ip6tables off
Or add the required rules to allow port 123 between your servers
iptables -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 123 -j ACCEPT
iptables -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 123 -j ACCEPT
service iptables save
service iptables restart
Backup your current configuration file in all the servers... (just in case)
cp /etc/ntp.conf /etc/ntp.conf.orig
Basically you have to configure your server pointing to itself so it will be in sync... something like this...
vi /etc/ntp.conf
server 127.127.1.0
fudge 127.127.1.0 stratum 10
Notice that to access its own system clock, also called the local clock , NTP uses the pseudo IP address 127.127.1.0. This IP address must not be mixed up with 127.0.0.1, which is the IP of the localhost or loopback
Here you may want to restrict the IPs that are allowed but since this is assuming you are on a local (controlled) environment with no internet access then is not absolutely necessary
Restart the ntpd server
/etc/init.d/ntpd restart
or
service ntpd restart
On the client side you configure as follows...
vi /etc/ntp.conf
server 12.139.41.136
Where the server IP is the IP of your NTP server
Restart the ntpd server on the clients too
/etc/init.d/ntpd restart
or
service ntpd restart
To Verify your network mask you can look at your network script
cat /etc/sysconfig/network-scripts/ifcfg-eth0
Ensure NTP will start at boot in all the servers
chkconfig ntpd on
Synchronize your local time with the server (do it 3 times):
ntpdate -u [your ntp server IP]
Determining if the NTP is synchronized properly
ntpq –p
One of the problems that I found was with the Stratum Value as you can see in the configuration file we set it to 10 you can verify the current value on the ntp server with the following command
ntpq -c rv
Now... what does that mean...
NTP increases the stratum for each level in
the hierarchy a NTP server pulling time from a "stratum 1" server
would advertise itself as "stratum 2" to its clients. A stratum value of "16" is reserved for unsynchronized servers
meaning that your internal NTP server thinks not to
have a reliable timesource in other words is not synchronizing to a higher-level
stratum server
Most of the time take like 15 minutes to lower the value... if you are at 16 you wont be able to sync the clients... Once dropped try again
If you need to do some debugging there look at the output of
Most of the time take like 15 minutes to lower the value... if you are at 16 you wont be able to sync the clients... Once dropped try again
If you need to do some debugging there look at the output of
ntpq peers for clues for possible reasons
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.