NTP strange behaviour
 

Hi,

I am trying to synchronize the time of my VM server with ntpd. I have the following configuration.

And in the /etc/ntp.conf, I have the following line:

restrict default ignore
restrict 127.0.0.1.
server time1.server
server time2.server

Whenever I have this line, the erver is not able to synchronize its time... So far as I understood, this line prevents other servers using this machine as a time server. And the second line says to allow localhost to use as time server.

But why do I need to use its own time server when I have specified to use time1.server and time2.server ? ( firewall for tcp and udp ports 123 is open)

However, when I replace the first line of the configuration with the following line, it works..

restrict default kod nomodify notrap noquery

But with this, i am allowing other servers to use this server a ntp (which I wouldn't like to).

Why this machine tries to use ntp server of its own (to snyc time) and why it is not working though i have the entry "restrict 127.0.0.1" ??

Your comments will be highly appreciated.
Thanks.

Hi,

Here's an ntp configuration I've been using for vm's:

The important line for vm's here is 'tinker panic 0', this prevents ntp from kicking up when a large jump in time occurs. You may also need to modify your kernel arguments depending on architecture and distro, this article is really helpful

cheers

Hi,

I have tinker panic 0 line..

What i found is, when i have the following line, it doesn't work... When I disable it, it works..
How much secure is it to disable this line and what it primarily does ?

The man pages will probably give you an accurate description but here's my rough one ...

The reason yours is failing is because you don't have a restrict line for your upstream servers, therefore they are ignored because of the 'restrict default' line. Don't disable the 'restrict default' line, just add lines like:

restrict time1.server nomodify notrap noquery

I added the lines as you mentioned.

tinker panic 0
restrict default ignore
restrict 127.0.0.1
restrict {IP of time1.server} nomodify notrap noquery
restict {IP of time2.server} no modify notrap no query
server time1.server
server time2.server
fudge 127.127.1.0 stratum 10
driftfile /var/lib/ntp/drift
broadcastdelay 0.008

But still there is no change in result... At first when I restart ntpd, it synchronizes, then slowly it fails ....

You mention VM...is this RedHat Enterprise by any chance, running as a guest on VMWare? If so, there are patches that need to be applied, to make the clock work properly. You can get the patches from the RedHat network (since you're paying for RHEL support), and you'll also need the ones for VMware too, from their site.

If your internal clock starts to drift too much, NTP won't be able to keep things sync'ed, so it will eventually fail, dropping to stratum 16, and using the undisciplined local clock. If you don't want to patch, you could have a cron job run an ntpdate (or an sntp -P no -r <time server name or IP>) command every few minutes, which will keep the clock from drifting too badly. You'll have to shut down the NTP server, run the command, then restart it, or just leave NTP off, and sync manually via cron.

Did you look up your guest vm's OS in the VMware article I listed above ? .. did you need to modify your kernel arguments ?