SLAC CPE Software
Engineering Group |
||||||||||
|
|
|
26-Aug-2022
The Network Time Protocol (NTP) is used to synchronize the time of a computer client to a server or reference time source. It provides client accuracies within a millisecond on LANs. Typical NTP There are two servers on LCLSDMZ, providing System Services, including NTP, to clients on controls networks. The servers are only accessible by root, and there are no NFS mounts to any servers. Security updates will follow the same update rules as our LCLSDMZ Taylor'd servers. We have up to 10 days for high security patches to be applied. The two servers are mccsrv01 as the primary and mccsrv02 as the secondary. For testing, we use lcls-prod01 for the secondary. Basic Configuration: - create a file /etc/ntp/step-tickers to include all time server IPs, so that clock will be reset immediately upon start of the daemon. On ntp servers (mccsrv01 and mccsrv02) [root@mccsrv01 rc3.d]# cat /etc/ntp/step-tickers (Use current NTP servers) On ntp clients $ cat /etc/ntp/step-tickers 134.79.151.13
- cd /var NTP is started at boot time. /sbin/chkconfig --list | grep ntp Primary NTP Server Configuration (mccsrv01): - Configure /etc/ntp.conf as the following (Use current data for time servers) # # a list of time servers server 134.79.18.40 # also use the local system clock (127.127.1.0) as a timeserver; use fudge to say the # local clock is stratum 10, which has a much lower priority than the time servers listed above. # Thus, the local system clock is used as a time server, only if disconnected from SCCS. server 127.127.1.0 # ntp daemon logging is redirected to /var/log/ntp.log driftfile /var/ntp/ntp.drift logfile /var/log/ntp.log # logconfig tell ntpd what to log, not where to log. "where to log" is determined by syslog facility. # not sure if this is needed, since we have "logfile /var/log/ntp.log"
logconfig -syncstatus # "restrict default ignore": prohibits general access to ntpd (the ntp service). # "restrict 127.0.0.1 nomodify notrap nopeer": disallow local host to modify ntpd. # disallow the time servers to query (i.e. ntpq, ntpdc, ntptrace and etc. queries), and modify ntpd. restrict default ignore
# for time (notice that noquery has been removed), but disallow modify ntpd. Secondary NTP Server Configuration (mccsrv02) The NTP configuration is all the same as mccsrv01, the primary NTP server, except for adding one line in /etc/ntp.conf: # use mccsrv01 as the time server, if disconnected from SCCS. Thus, the primary and secondary # always stay in sync. peer 134.79.151.12 NTP Clients Configuration (e.g. lcls-srv20) - Configure /etc/ntp.conf as the following # driftfile /var/ntp/ntp.drift restrict default ignore
Test and Debug - On servers [root@mccsrv01 rc3.d]# ntpq -p jingchen@lcls-prod01 $ ntpq -p - On clients [root@lcls-srv20 rc3.d]# /usr/sbin/ntpq -p *: the source you are synchronized to.
[jingchen@lcls-srv01 ~]$ ntpstat
|
Programmers' Guides, Users' Guides, Requirements, Design, Papers, Administration, How-To, Hardware, IOC, Database
Created by: Ken Brobeck 26-Apr-2010;
Modified by: Jingchen Zhou 26-August-2010