Re: [gentoo-user] Server system date synchronizaion
On 26/04/2013 23:28, Nick Khamis wrote: On 4/26/13, Alan McKinnon alan.mckin...@gmail.com wrote: On 26/04/2013 19:11, Nick Khamis wrote: Thank you so much for your response, and I totally understand the effort vs. benefit challenge. However, is it really that much trouble/unstable to setup our own ntp server that syncs with our local isp, and have our internal network sync on it? No, it's not THAT much effort. You can get by with installing ntpd on a single machine, pointing it at the upstream time server and pointing all your clients to it. It's clearly recorded in the config file, you can't go wrong. It's understanding how this weird thing called time works that is the issue. Take for example leap seconds. urggg... The basic question I suppose is why do you want to do it this way? What do you feel you will gain by doing it yourself? -- Alan McKinnon alan.mckin...@gmail.com Hello Alan, Thank you so much for your time. Our voip cluster time always vary for some reason And with long distance, that could mean upwards to a dollar a call. Ah, OK. That changes things quite a bit. I have a little bit of experience with that - I work for a large ISP, we have a large VOIP department and we run a stratum 2 time server that serves most of the country. First things first: you can't just stick any old upstream ntp server in your config and walk away. You are then reliant on the quality of that upstream, and far too often other time servers operate on a good enough policy - if it's accurate to about a second, it's good enough (and for desktop users i.e. most ISP clients, it is good enough). I don't know how big your operation is, if you have budget I suggest you invest in a proper master time source that is GPS-driven. We have a Symmetricom (http://www.symmetricom.com) but it's a mature market with several vendors. Shop around, prices are less than you'd expect (about the same as a decent mid-range server and much less than Cisco's routers...) Weather can get in the way, so back up the device with a decent second upstream. I have a good one available run by the Science and Technology Research part of the Dept of Trade and Industry and the third option is all the other big ISPs around. Depending on your accuracy needs you could get away without the GPS unit and just use a good upstream, but I'd fight for the budget for it - tell management it puts control of billing back in your hands, they always fall for that one :-) So the summary would be that I reckon ntpd will do what you want as long as you chose good reliable time sources. With that in hand, the config is easy as rather well documented. Shout here ont he list if you need a hand with this when you come to deployment time -- Alan McKinnon alan.mckin...@gmail.com Any suggestions for a reliable, use that word cautiously ntp server. Requests are coming from canada. Was there not a project that dealt with setting up a network across the globe just for serving up NTP services? Did that marvelous idea die out? Isn't that what pool.ntp.org does? As for reliable, I'm not familiar with how Canada has set itself up, but most Western governments have a Science and Technology department or NGO and most run time servers to serve the local scientific community. They might not let you sync to their server (stratum 1 providers are touchy) but someone will sync to it, and they in turn may provide a free time service. Start by Googling stratum 1 time server Canada and see where that takes you. Really, this stuff isn't hard and you will be up and running in no time. The hard part is when *you* provide a public service and need to pay attention to the insane amount of detail inherent in this subject. -- Alan McKinnon alan.mckin...@gmail.com
Re: [gentoo-user] Server system date synchronizaion
On 27/04/2013 05:44, Andrew Lowe wrote: Get over it and enjoy the extra hour in the evening. But then again I'm in Australia where [snip here] OK, stop right there. I see where the disconnect comes in. You are in Australia. The sun happens to shine in Australia. It shines a lot there. I am in South Africa. The sun happens to shine a lot in South Africa. It shines a lot here. Neil is in England. The sun never shines in England. It makes the English confused and fries their brains. -- Alan McKinnon alan.mckin...@gmail.com
Re: [gentoo-user] Server system date synchronizaion
On Sat, 27 Apr 2013 17:15:37 +0200, Alan McKinnon wrote: You are in Australia. The sun happens to shine in Australia. It shines a lot there. I am in South Africa. The sun happens to shine a lot in South Africa. It shines a lot here. Neil is in England. The sun never shines in England. It makes the English confused and fries their brains. Of course it shines over here, it does it non-stop every time I go abroad on holiday :( For the record, I wasn't one of those complaining about DST, it makes little difference to me whether or not there is a sun the other side of those rain clouds. -- Neil Bothwick Copper wire was invented by two Scotsmen fighting over a penny! signature.asc Description: PGP signature
Re: [gentoo-user] Server system date synchronizaion
On 04/25/13 10:33, Nick Khamis wrote: Hello Everyone, We are trying to sync our server's time with an accurate ntp server, and was wondering which of the many solutions are considered viable. I did see the http://en.gentoo-wiki.com/wiki/Time_Synchronization. Our services are quite time sensitive. Thanks in Advance, N. put this script on a cron and enjoy :-) #!/bin/sh /usr/bin/rdate -s 128.138.140.44 /sbin/hwclock --systohc -- Joseph
Re: [gentoo-user] Server system date synchronizaion
On 26-Apr-13 16:10, Joseph wrote: On 04/25/13 10:33, Nick Khamis wrote: We are trying to sync our server's time with an accurate ntp server, and was wondering which of the many solutions are considered viable. I did see the http://en.gentoo-wiki.com/wiki/Time_Synchronization. Our services are quite time sensitive. put this script on a cron and enjoy :-) #!/bin/sh /usr/bin/rdate -s 128.138.140.44 /sbin/hwclock --systohc Yeah, enjoy mysterious crashes of some services which die whenever system time changes rapidly, in one big step (i.e. dovecot, TS, etc)! Man, I sincerely hope you do *NOT* mean this seriously. It might work on desktop but that's definitely NOT the way time on servers should be updated! Some services are so sensitive they crash even if you shift time 0.2s back or forth! I had even to include tinker step 0 in my ntpd.conf just because of that problem (it means ntpd will now never adjust time by stepping, always only by slewing, which in my case is max 0.5ms per second)... Jarry -- ___ This mailbox accepts e-mails only from selected mailing-lists! Everything else is considered to be spam and therefore deleted.
Re: [gentoo-user] Server system date synchronizaion
On 4/26/13, Jarry mr.ja...@gmail.com wrote: On 26-Apr-13 16:10, Joseph wrote: On 04/25/13 10:33, Nick Khamis wrote: We are trying to sync our server's time with an accurate ntp server, and was wondering which of the many solutions are considered viable. I did see the http://en.gentoo-wiki.com/wiki/Time_Synchronization. Our services are quite time sensitive. put this script on a cron and enjoy :-) #!/bin/sh /usr/bin/rdate -s 128.138.140.44 /sbin/hwclock --systohc Yeah, enjoy mysterious crashes of some services which die whenever system time changes rapidly, in one big step (i.e. dovecot, TS, etc)! Man, I sincerely hope you do *NOT* mean this seriously. It might work on desktop but that's definitely NOT the way time on servers should be updated! Some services are so sensitive they crash even if you shift time 0.2s back or forth! I had even to include tinker step 0 in my ntpd.conf just because of that problem (it means ntpd will now never adjust time by stepping, always only by slewing, which in my case is max 0.5ms per second)... Jarry -- ___ This mailbox accepts e-mails only from selected mailing-lists! Everything else is considered to be spam and therefore deleted. Hello Everyone, Thank you for the many solutions however, I am totally lost as to which would be most reliable in a collocation setting vs. office desktop. What we would like is to set up our own ntp server which other servers and desktops in our office syncs to. Is this advised? If so, is there a nice tutorial online? Kind Regards, N.
Re: [gentoo-user] Server system date synchronizaion
On 26/04/2013 17:27, Nick Khamis wrote: Hello Everyone, Thank you for the many solutions however, I am totally lost as to which would be most reliable in a collocation setting vs. office desktop. What we would like is to set up our own ntp server which other servers and desktops in our office syncs to. Is this advised? If so, is there a nice tutorial online? The subject of time is vastly more complex than anyone ever thinks at first look. Time servers are tiered and are themselves both clients and servers... So here's what you do: sync everything to your ISP's time servers. Chances are good they do a better job than you can, just like with DNS caching. When you know more about the subject than you do now, you can venture into rolling your own. I'm not being rude or funny - time servers are just one of those things that unless you have special needs and LOTS of cash, it is so much easier to just let someone else do all the heavy lifting. -- Alan McKinnon alan.mckin...@gmail.com
Re: [gentoo-user] Server system date synchronizaion
On 4/26/13, Alan McKinnon alan.mckin...@gmail.com wrote: On 26/04/2013 17:27, Nick Khamis wrote: Hello Everyone, Thank you for the many solutions however, I am totally lost as to which would be most reliable in a collocation setting vs. office desktop. What we would like is to set up our own ntp server which other servers and desktops in our office syncs to. Is this advised? If so, is there a nice tutorial online? The subject of time is vastly more complex than anyone ever thinks at first look. Time servers are tiered and are themselves both clients and servers... So here's what you do: sync everything to your ISP's time servers. Chances are good they do a better job than you can, just like with DNS caching. When you know more about the subject than you do now, you can venture into rolling your own. I'm not being rude or funny - time servers are just one of those things that unless you have special needs and LOTS of cash, it is so much easier to just let someone else do all the heavy lifting. -- Alan McKinnon alan.mckin...@gmail.com Hello Alan, Thank you so much for your response, and I totally understand the effort vs. benefit challenge. However, is it really that much trouble/unstable to setup our own ntp server that syncs with our local isp, and have our internal network sync on it? N.
Re: [gentoo-user] Server system date synchronizaion
On 26/04/2013 17:54, Nick Khamis wrote: On 4/26/13, Alan McKinnon alan.mckin...@gmail.com wrote: On 26/04/2013 17:27, Nick Khamis wrote: Hello Everyone, Thank you for the many solutions however, I am totally lost as to which would be most reliable in a collocation setting vs. office desktop. What we would like is to set up our own ntp server which other servers and desktops in our office syncs to. Is this advised? If so, is there a nice tutorial online? The subject of time is vastly more complex than anyone ever thinks at first look. Time servers are tiered and are themselves both clients and servers... So here's what you do: sync everything to your ISP's time servers. Chances are good they do a better job than you can, just like with DNS caching. When you know more about the subject than you do now, you can venture into rolling your own. I'm not being rude or funny - time servers are just one of those things that unless you have special needs and LOTS of cash, it is so much easier to just let someone else do all the heavy lifting. -- Alan McKinnon alan.mckin...@gmail.com Hello Alan, Thank you so much for your response, and I totally understand the effort vs. benefit challenge. However, is it really that much trouble/unstable to setup our own ntp server that syncs with our local isp, and have our internal network sync on it? No, it's not THAT much effort. You can get by with installing ntpd on a single machine, pointing it at the upstream time server and pointing all your clients to it. It's clearly recorded in the config file, you can't go wrong. It's understanding how this weird thing called time works that is the issue. Take for example leap seconds. urggg... The basic question I suppose is why do you want to do it this way? What do you feel you will gain by doing it yourself? -- Alan McKinnon alan.mckin...@gmail.com
Re: [gentoo-user] Server system date synchronizaion
On 4/26/13, Alan McKinnon alan.mckin...@gmail.com wrote: On 26/04/2013 17:54, Nick Khamis wrote: On 4/26/13, Alan McKinnon alan.mckin...@gmail.com wrote: On 26/04/2013 17:27, Nick Khamis wrote: Hello Everyone, Thank you for the many solutions however, I am totally lost as to which would be most reliable in a collocation setting vs. office desktop. What we would like is to set up our own ntp server which other servers and desktops in our office syncs to. Is this advised? If so, is there a nice tutorial online? The subject of time is vastly more complex than anyone ever thinks at first look. Time servers are tiered and are themselves both clients and servers... So here's what you do: sync everything to your ISP's time servers. Chances are good they do a better job than you can, just like with DNS caching. When you know more about the subject than you do now, you can venture into rolling your own. I'm not being rude or funny - time servers are just one of those things that unless you have special needs and LOTS of cash, it is so much easier to just let someone else do all the heavy lifting. -- Alan McKinnon alan.mckin...@gmail.com Hello Alan, Thank you so much for your response, and I totally understand the effort vs. benefit challenge. However, is it really that much trouble/unstable to setup our own ntp server that syncs with our local isp, and have our internal network sync on it? No, it's not THAT much effort. You can get by with installing ntpd on a single machine, pointing it at the upstream time server and pointing all your clients to it. It's clearly recorded in the config file, you can't go wrong. It's understanding how this weird thing called time works that is the issue. Take for example leap seconds. urggg... The basic question I suppose is why do you want to do it this way? What do you feel you will gain by doing it yourself? -- Alan McKinnon alan.mckin...@gmail.com Hello Alan, Thank you so much for your time. Our voip cluster time always vary for some reason And with long distance, that could mean upwards to a dollar a call. N.
Re: [gentoo-user] Server system date synchronizaion
On 26 April 2013, at 16:41, Alan McKinnon wrote: ... So here's what you do: sync everything to your ISP's time servers. Chances are good they do a better job than you can, just like with DNS caching. I'm not sure if my ISP offers time servers, but Apple and MS both run time servers which are publicly accessible (presumably from any o/s). I've never changed my laptop from its default, to sync with time.euro.apple.com, but my Linux boxes all use the public ntp pool, so I was surprised to read the other comments claiming the latter to be inaccurate. Whenever I restart /etc/init.d/ntpd on my Linux boxes I can see their time match that of my laptop, as consistent as I can see, i.e. less than a second's difference between them. Stroller.
Re: [gentoo-user] Server system date synchronizaion
On Thu, Apr 25, 2013 at 9:33 AM, Nick Khamis sym...@gmail.com wrote: Hello Everyone, We are trying to sync our server's time with an accurate ntp server, and was wondering which of the many solutions are considered viable. I did see the http://en.gentoo-wiki.com/wiki/Time_Synchronization. Our services are quite time sensitive. I think the classic method is to use net-misc/ntp See the extensive article at http://en.gentoo-wiki.com/wiki/NTP for great examples and description.
Re: [gentoo-user] Server system date synchronizaion
On 26/04/2013 19:11, Nick Khamis wrote: Thank you so much for your response, and I totally understand the effort vs. benefit challenge. However, is it really that much trouble/unstable to setup our own ntp server that syncs with our local isp, and have our internal network sync on it? No, it's not THAT much effort. You can get by with installing ntpd on a single machine, pointing it at the upstream time server and pointing all your clients to it. It's clearly recorded in the config file, you can't go wrong. It's understanding how this weird thing called time works that is the issue. Take for example leap seconds. urggg... The basic question I suppose is why do you want to do it this way? What do you feel you will gain by doing it yourself? -- Alan McKinnon alan.mckin...@gmail.com Hello Alan, Thank you so much for your time. Our voip cluster time always vary for some reason And with long distance, that could mean upwards to a dollar a call. Ah, OK. That changes things quite a bit. I have a little bit of experience with that - I work for a large ISP, we have a large VOIP department and we run a stratum 2 time server that serves most of the country. First things first: you can't just stick any old upstream ntp server in your config and walk away. You are then reliant on the quality of that upstream, and far too often other time servers operate on a good enough policy - if it's accurate to about a second, it's good enough (and for desktop users i.e. most ISP clients, it is good enough). I don't know how big your operation is, if you have budget I suggest you invest in a proper master time source that is GPS-driven. We have a Symmetricom (http://www.symmetricom.com) but it's a mature market with several vendors. Shop around, prices are less than you'd expect (about the same as a decent mid-range server and much less than Cisco's routers...) Weather can get in the way, so back up the device with a decent second upstream. I have a good one available run by the Science and Technology Research part of the Dept of Trade and Industry and the third option is all the other big ISPs around. Depending on your accuracy needs you could get away without the GPS unit and just use a good upstream, but I'd fight for the budget for it - tell management it puts control of billing back in your hands, they always fall for that one :-) So the summary would be that I reckon ntpd will do what you want as long as you chose good reliable time sources. With that in hand, the config is easy as rather well documented. Shout here ont he list if you need a hand with this when you come to deployment time -- Alan McKinnon alan.mckin...@gmail.com
Re: [gentoo-user] Server system date synchronizaion
On 26/04/2013 20:36, Stroller wrote: On 26 April 2013, at 16:41, Alan McKinnon wrote: ... So here's what you do: sync everything to your ISP's time servers. Chances are good they do a better job than you can, just like with DNS caching. I'm not sure if my ISP offers time servers, but Apple and MS both run time servers which are publicly accessible (presumably from any o/s). I've never changed my laptop from its default, to sync with time.euro.apple.com, but my Linux boxes all use the public ntp pool, so I was surprised to read the other comments claiming the latter to be inaccurate. Whenever I restart /etc/init.d/ntpd on my Linux boxes I can see their time match that of my laptop, as consistent as I can see, i.e. less than a second's difference between them. ntpd has some wicked amazing optimizations built in, much more so if you use multiple upstream sources. If one of them drifts, the software is able to recognize it and defer instead to other sources that seem more stable. It's like magic, the dodgy data tends to fall out of the system leaving just the good data. Which is exactly what you want when using volunteer resources of unknown and variable quality. I'd compare the public ntp pool to a privateer race team - they can be awesome, do amazing things with limited resources and often win races. But for consistency and the best of the best, you need the Honda and Yamaha factory teams (complete with obscene budgets). For laptop, desktop and even most company's server needs, the public ntp pool is perfectly good enough, which is what I think you observe in your environment. -- Alan McKinnon alan.mckin...@gmail.com
Re: [gentoo-user] Server system date synchronizaion
On 26/04/2013 20:54, Paul Hartman wrote: On Thu, Apr 25, 2013 at 9:33 AM, Nick Khamis sym...@gmail.com wrote: Hello Everyone, We are trying to sync our server's time with an accurate ntp server, and was wondering which of the many solutions are considered viable. I did see the http://en.gentoo-wiki.com/wiki/Time_Synchronization. Our services are quite time sensitive. I think the classic method is to use net-misc/ntp See the extensive article at http://en.gentoo-wiki.com/wiki/NTP for great examples and description. Do none of us here ever deal with Windows? :-) I notice that no-one has yet mentioned that Windows does not do ntp, as Windows does not do time right, doesn't do timezones right and I strongly suspect can't even do dates right (this latter still unproven) Windows time servers need some magic Microsoft thing called ENTP which is in no way related to the ntp we all know and love -- Alan McKinnon alan.mckin...@gmail.com
Re: [gentoo-user] Server system date synchronizaion
On 4/26/13, Alan McKinnon alan.mckin...@gmail.com wrote: On 26/04/2013 19:11, Nick Khamis wrote: Thank you so much for your response, and I totally understand the effort vs. benefit challenge. However, is it really that much trouble/unstable to setup our own ntp server that syncs with our local isp, and have our internal network sync on it? No, it's not THAT much effort. You can get by with installing ntpd on a single machine, pointing it at the upstream time server and pointing all your clients to it. It's clearly recorded in the config file, you can't go wrong. It's understanding how this weird thing called time works that is the issue. Take for example leap seconds. urggg... The basic question I suppose is why do you want to do it this way? What do you feel you will gain by doing it yourself? -- Alan McKinnon alan.mckin...@gmail.com Hello Alan, Thank you so much for your time. Our voip cluster time always vary for some reason And with long distance, that could mean upwards to a dollar a call. Ah, OK. That changes things quite a bit. I have a little bit of experience with that - I work for a large ISP, we have a large VOIP department and we run a stratum 2 time server that serves most of the country. First things first: you can't just stick any old upstream ntp server in your config and walk away. You are then reliant on the quality of that upstream, and far too often other time servers operate on a good enough policy - if it's accurate to about a second, it's good enough (and for desktop users i.e. most ISP clients, it is good enough). I don't know how big your operation is, if you have budget I suggest you invest in a proper master time source that is GPS-driven. We have a Symmetricom (http://www.symmetricom.com) but it's a mature market with several vendors. Shop around, prices are less than you'd expect (about the same as a decent mid-range server and much less than Cisco's routers...) Weather can get in the way, so back up the device with a decent second upstream. I have a good one available run by the Science and Technology Research part of the Dept of Trade and Industry and the third option is all the other big ISPs around. Depending on your accuracy needs you could get away without the GPS unit and just use a good upstream, but I'd fight for the budget for it - tell management it puts control of billing back in your hands, they always fall for that one :-) So the summary would be that I reckon ntpd will do what you want as long as you chose good reliable time sources. With that in hand, the config is easy as rather well documented. Shout here ont he list if you need a hand with this when you come to deployment time -- Alan McKinnon alan.mckin...@gmail.com Any suggestions for a reliable, use that word cautiously ntp server. Requests are coming from canada. Was there not a project that dealt with setting up a network across the globe just for serving up NTP services? Did that marvelous idea die out? N.
Re: [gentoo-user] Server system date synchronizaion
Nick Khamis wrote: Hello Everyone, We are trying to sync our server's time with an accurate ntp server, and was wondering which of the many solutions are considered viable. I did see the http://en.gentoo-wiki.com/wiki/Time_Synchronization. Our services are quite time sensitive. Thanks in Advance, N. net-misc/ntp net-misc/openntpd net-misc/chrony One of those should work. I think the plain ntp has been around the longest. I couldn't get it to work right on my rig so I switched to chrony. Basically, I would try ntp first then go from there if needed. Hope that helps. Dale :-) :-) -- I am only responsible for what I said ... Not for what you understood or how you interpreted my words!
Re: [gentoo-user] Server system date synchronizaion
On 04/25/2013 10:33 AM, Nick Khamis wrote: Hello Everyone, We are trying to sync our server's time with an accurate ntp server, and was wondering which of the many solutions are considered viable. I did see the http://en.gentoo-wiki.com/wiki/Time_Synchronization. Our services are quite time sensitive. My best results so far have been to have one node on my network sync to pool.ntp.org, and to have all other nodes on my network sync to that one node. Short of having a stratum 1 time server on my network, that seems to work the best; done that way, my nodes are within a few milliseconds of each other, near as I can figure. For contrast, having all nodes sync to pool.ntp.org results in time variance of up to 2-3 minutes across a dozen or so machines. signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] Server system date synchronizaion
On 2013-04-25 10:40 AM, Michael Mol mike...@gmail.com wrote: For contrast, having all nodes sync to pool.ntp.org results in time variance of up to 2-3 minutes across a dozen or so machines. That makes no sense... Not calling you a liar or anything, but it just doesn't make sense. I can see that it might take each system different times to get fully sync'd, but for them to consistently vary by this amount? No, something else is wrong. Are these virtualized servers?
Re: [gentoo-user] Server system date synchronizaion
On 2013-04-25 10:33 AM, Nick Khamis sym...@gmail.com wrote: We are trying to sync our server's time with an accurate ntp server, and was wondering which of the many solutions are considered viable. I did see the http://en.gentoo-wiki.com/wiki/Time_Synchronization. Are these virtualized? It makes a difference, and from everything I've read, you don't sync virtualized servers the same as bare metal servers. Our services are quite time sensitive. Ummm... *all* servers are critically time-sensitive.
Re: [gentoo-user] Server system date synchronizaion
On 4/25/13, Michael Mol mike...@gmail.com wrote: On 04/25/2013 10:33 AM, Nick Khamis wrote: Hello Everyone, We are trying to sync our server's time with an accurate ntp server, and was wondering which of the many solutions are considered viable. I did see the http://en.gentoo-wiki.com/wiki/Time_Synchronization. Our services are quite time sensitive. My best results so far have been to have one node on my network sync to pool.ntp.org, and to have all other nodes on my network sync to that one node. Short of having a stratum 1 time server on my network, that seems to work the best; done that way, my nodes are within a few milliseconds of each other, near as I can figure. For contrast, having all nodes sync to pool.ntp.org results in time variance of up to 2-3 minutes across a dozen or so machines. Thank you so much for your response. Michael, were you using ntp to sync that initial server? If so, can we get that setup up and running easily? I've been putting the time issue off for way too long... Thanks in Advance, Nick
Re: [gentoo-user] Server system date synchronizaion
Ummm... *all* servers are critically time-sensitive. Yeah... I concur ;)
Re: [gentoo-user] Server system date synchronizaion
On 04/25/2013 10:46 AM, Tanstaafl wrote: On 2013-04-25 10:40 AM, Michael Mol mike...@gmail.com wrote: For contrast, having all nodes sync to pool.ntp.org results in time variance of up to 2-3 minutes across a dozen or so machines. That makes no sense... Not calling you a liar or anything, but it just doesn't make sense. I can see that it might take each system different times to get fully sync'd, but for them to consistently vary by this amount? No, something else is wrong. Are these virtualized servers? Some are virtualized, some are hosts, some are standalone. When all machines were configured to speak to pool.ntp.org, the variance was high. Obviously more so any time a guest was using its host's clock, and both guest and host were trying to adjust. There was still significant difference even between standalone systems. pool.ntp.org pulls from a huge pool of timeservers, and there is visible variance between more than a few of them. It's a volunteer effort. *shrug* Unfortunately, I don't have the exact variances in my notes. When I used a single standalone to connect to pool.ntp.org, and had all other systems (standalone, virtualized and guest) connect to that standalone system, virtually all variance went away. The stability of having a single local time source for all but one local machine to sync against overcame the instability caused by having host and guest ntp clients stacked. Of course, ideally, you want VM guests to rely on the VM host for their clock, and have the VM host configured with a good time source. And you would want all bare iron configured to talk to a small pool of tightly synchronized time servers. And if you can trust your layer 2 (or secure your layer 3 with, e.g. ipsec), you may further benefit from setting up a multicast time source. Further, ideally, you want a stratum 1 time server locally. signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] Server system date synchronizaion
On 04/25/2013 11:02 AM, Tanstaafl wrote: On 2013-04-25 10:33 AM, Nick Khamis sym...@gmail.com wrote: We are trying to sync our server's time with an accurate ntp server, and was wondering which of the many solutions are considered viable. I did see the http://en.gentoo-wiki.com/wiki/Time_Synchronization. Are these virtualized? It makes a difference, and from everything I've read, you don't sync virtualized servers the same as bare metal servers. Our services are quite time sensitive. Ummm... *all* servers are critically time-sensitive. Some are more critical than others. If you're primarily worried about kerberos, variance of up to a couple minutes will likely go unnoticed. If you're dumping logs into splunk, and need second-precision timestamps to be comparable to each other across a multi-campus network, that's a different degree of time-sensitive. If you're using a distributed filesystem with time-sensitive conflict resolution algorithms, you could easily start caring down to sub-millisecond ranges. signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] Server system date synchronizaion
On Thursday 25 April 2013 08:09 PM, Dale wrote: Nick Khamis wrote: Hello Everyone, We are trying to sync our server's time with an accurate ntp server, and was wondering which of the many solutions are considered viable. I did see the http://en.gentoo-wiki.com/wiki/Time_Synchronization. Our services are quite time sensitive. Thanks in Advance, N. net-misc/ntp net-misc/openntpd net-misc/chrony One of those should work. I think the plain ntp has been around the longest. I couldn't get it to work right on my rig so I switched to chrony. Basically, I would try ntp first then go from there if needed. Hope that helps. Dale :-) :-) You forgot busybox-ntpd smime.p7s Description: S/MIME Cryptographic Signature
Re: [gentoo-user] Server system date synchronizaion
On 25/04/13 23:07, Nick Khamis wrote: Ummm... *all* servers are critically time-sensitive. Yeah... I concur ;) Define critical! - to my mind if its critical you should be running your own atomic clock, and something like a pps system to distribute it ... or somewhere in the middle a local gps receiver for time lock. Or do you mean reasonably accurate, but closely synced local systems? My interest after having a stable ntp based hierarchy for years is in trying to get the same using a cisco router and VMs' - not easy so far! When I used an ancient netgear adsl, and a linux firewall/ntp server it was very good, now ... Does anyone know a good guide to using time sync in VM's, for both windows and linux (gentoo) guests using libvirt? Especially for guests that are resumed, or the whole virtualisation system is hibernated? (ntp refuses to resync after guest pause/save/restore/resume (known problem), even with tinker panic 0 My current setup is complicated by using a cisco router (adsl) as the localnet master via local (ISP/University) time servers - its rather inaccurate so while the machines are often locked, its in rather relative terms :) ghost#sh ntp ass address ref clock st when poll reach delay offset disp +~130.95.128.36210.9.192.50 24464 37711.9 -844.4 213.6 +~116.66.162.4 130.234.255.832 864 37748.7 -907.5 213.3 +~203.0.178.19143.128.117.84 22364 37712.2 -891.0 213.3 ~192.168.48.1 134.115.4.33 3 9h3964017.3 -616.8 16000. *~27.54.95.11 218.100.43.70 24264 37712.7 -846.7 221.4 +~202.127.210.36 223.255.185.2 23164 37762.2 -845.3 211.2 +~130.102.128.23 132.163.4.101 23864 37777.3 -850.4 212.4 * master (synced), # master (unsynced), + selected, - candidate, ~ configured ghost# asterisk ~ # ntpq -p remote refid st t when poll reach delay offset jitter == ghost.lan.local 27.54.95.11 3 u 64 64 3771.386 2838.19 513.843 asterisk
Re: [gentoo-user] Server system date synchronizaion
Nilesh Govindrajan wrote: On Thursday 25 April 2013 08:09 PM, Dale wrote: Nick Khamis wrote: Hello Everyone, We are trying to sync our server's time with an accurate ntp server, and was wondering which of the many solutions are considered viable. I did see the http://en.gentoo-wiki.com/wiki/Time_Synchronization. Our services are quite time sensitive. Thanks in Advance, N. net-misc/ntp net-misc/openntpd net-misc/chrony One of those should work. I think the plain ntp has been around the longest. I couldn't get it to work right on my rig so I switched to chrony. Basically, I would try ntp first then go from there if needed. Hope that helps. Dale :-) :-) You forgot busybox-ntpd Didn't forget, didn't know about it. ;-) I just listed the ones I have heard of and either tried or was told about. Let's see if I can remember it for next time tho. :-) Dale :-) :-) -- I am only responsible for what I said ... Not for what you understood or how you interpreted my words!
Re: [gentoo-user] Server system date synchronizaion
On 26/04/2013 01:42, William Kenworthy wrote: Does anyone know a good guide to using time sync in VM's, for both windows and linux (gentoo) guests using libvirt? Especially for guests that are resumed, or the whole virtualisation system is hibernated? (ntp refuses to resync after guest pause/save/restore/resume (known problem), even with tinker panic 0 That's not a bug, it's by design. If ntpd detects the clock is out by more than X seconds [1], it will not try to correct the difference, concluding that something is wrong and a human must decide. It can't easily tell the difference between a resumed guest (or even that it was resumed at all) and a severe problem. We fixed this by taking the easy route of least resistance; 1. run ntpdate on startup/restart once before ntpd starts 2. start ntpd as normal 3. a colleague wrote a $MAGIC_HOOK to detect resumed guests that runs ntpdate once True, it's a brutal solution and uses a baseball bat where some finesse might be less ugly, but it suits our needs just fine. [1] I forget what X is and am too lazy to look it up. Is it 30 seconds or thereabouts? -- Alan McKinnon alan.mckin...@gmail.com
Re: [gentoo-user] Server system date synchronizaion
On 4/25/2013 19:50, Alan McKinnon wrote: On 26/04/2013 01:42, William Kenworthy wrote: Does anyone know a good guide to using time sync in VM's, for both windows and linux (gentoo) guests using libvirt? Especially for guests that are resumed, or the whole virtualisation system is hibernated? (ntp refuses to resync after guest pause/save/restore/resume (known problem), even with tinker panic 0 That's not a bug, it's by design. If ntpd detects the clock is out by more than X seconds [1], it will not try to correct the difference, concluding that something is wrong and a human must decide. It can't easily tell the difference between a resumed guest (or even that it was resumed at all) and a severe problem. We fixed this by taking the easy route of least resistance; 1. run ntpdate on startup/restart once before ntpd starts 2. start ntpd as normal 3. a colleague wrote a $MAGIC_HOOK to detect resumed guests that runs ntpdate once True, it's a brutal solution and uses a baseball bat where some finesse might be less ugly, but it suits our needs just fine. [1] I forget what X is and am too lazy to look it up. Is it 30 seconds or thereabouts? When first started, the daemon normally polls the servers listed in the configuration file at 64-s intervals. In order to allow a sufficient number of samples for the NTP algorithms to reliably discriminate between correctly operating servers and possible intruders, at least four valid messages from the majority of servers and peers listed in the configuration file is required before the daemon can set the local clock. However, if the difference between the client time and server time is greater than the panic threshold, which defaults to 1000 s, the daemon will send a message to the system log and shut down without setting the clock. [0] [0] - http://doc.ntp.org/4.1.1/debug.htm -- staticsafe O ascii ribbon campaign - stop html mail - www.asciiribbon.org Please don't top post - http://goo.gl/YrmAb Don't CC me! I'm subscribed to whatever list I just posted on.
Re: [gentoo-user] Server system date synchronizaion
On 26/04/13 07:57, staticsafe wrote: On 4/25/2013 19:50, Alan McKinnon wrote: On 26/04/2013 01:42, William Kenworthy wrote: Does anyone know a good guide to using time sync in VM's, for both windows and linux (gentoo) guests using libvirt? Especially for guests that are resumed, or the whole virtualisation system is hibernated? (ntp refuses to resync after guest pause/save/restore/resume (known problem), even with tinker panic 0 That's not a bug, it's by design. If ntpd detects the clock is out by more than X seconds [1], it will not try to correct the difference, concluding that something is wrong and a human must decide. It can't easily tell the difference between a resumed guest (or even that it was resumed at all) and a severe problem. We fixed this by taking the easy route of least resistance; 1. run ntpdate on startup/restart once before ntpd starts 2. start ntpd as normal 3. a colleague wrote a $MAGIC_HOOK to detect resumed guests that runs ntpdate once True, it's a brutal solution and uses a baseball bat where some finesse might be less ugly, but it suits our needs just fine. [1] I forget what X is and am too lazy to look it up. Is it 30 seconds or thereabouts? When first started, the daemon normally polls the servers listed in the configuration file at 64-s intervals. In order to allow a sufficient number of samples for the NTP algorithms to reliably discriminate between correctly operating servers and possible intruders, at least four valid messages from the majority of servers and peers listed in the configuration file is required before the daemon can set the local clock. However, if the difference between the client time and server time is greater than the panic threshold, which defaults to 1000 s, the daemon will send a message to the system log and shut down without setting the clock. [0] [0] - http://doc.ntp.org/4.1.1/debug.htm Keep reading :) Check out tinker panic o I mentioned, or the -g argument to ntpd The docs say its a once only adjustment in one place, but I am not sure thats actually the case. BillK
