Configuring NTP Services for Oracle VM 3.0
By Avi Miller-Oracle on Sep 19, 2011
In Oracle VM 3.0, when a new Oracle VM Server is discovered by Oracle VM Manager, NTP is automatically configured and enabled on the Oracle VM Server to ensure time synchronization. Oracle VM automatically configures the Oracle VM Manager machine as the NTP time source used by the Oracle VM Servers. This post will explain how to configure NTP on your Oracle VM Manager to provide time services.
Prior to starting this process, you should ensure that your Oracle VM Manager host is either registered with the Unbreakable Linux Network (ULN) or configured to use Oracle's public yum service. Oracle Linux 5 servers registered with ULN can use either the up2date or yum tool to install updates. If you are not registered with ULN or you are using Oracle Linux 6, you can only use the yum tool.
The following procedures should be carried out on the Oracle VM Manager host, unless otherwise specified.
Download and Install NTP
First, ensure the NTP package is installed by running (as appropriate):
# up2date -i ntp
# yum install ntp
Enable Upstream Synchronization
Once NTP is installed, we need to configure it to both synchronize with upstream servers as well as provide time services to the local network. To do this, open /etc/ntp.conf with your favourite text editor. The default /etc/ntp.conf file that ships with Oracle Linux is configured to use three public NTP servers as upstream time sources. You may want to check with your network administrator if time services are provided on your corporate network and replace these entries.
To change your upstream time servers, search /etc/ntp.conf for:
And replace with entries that refer to your local time server names or IP addresses.
Configuring Downstream Access
Next, we need to allow the Oracle VM Servers to synchronize with this server. To do that, we need to disable the default "noquery" option for the Oracle VM Server Management network.
Again in /etc/ntp.conf, search for the following line:
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
Replace 192.168.1.0 with the network address for the Oracle VM Server Management network. You may also need to adjust the mask. Finally, remove the # character to uncomment this line. Once you've finished editing, save the file.
Start NTP and Check Upstream Synchronization
Once you've made the appropriate changes, start NTP by issuing the following command:
# service ntpd start
You should also set NTP to start automatically on boot:
# chkconfig ntpd on
Once NTP has started, you can check whether it has achieved upstream synchronization by using the ntpq tool:
# ntpq -p
This will output something similar to:
remote refid st t when poll reach delay offset jitter
lists2.luv.asn. 18.104.22.168 3 u 25 64 3 3.495 -3043.1 0.678
yarrina.connect 22.214.171.124 2 u 27 64 3 26.633 -3016.1 0.797
2402:d800:0:1:: 126.96.36.199 2 u 24 64 3 4.314 -3036.3 1.039
If everything is working properly, the delay and offset values should be non-zero and the jitter value should be below 100.
Test Downstream Synchronization
Once your NTP server is up and running, you can test from another server to ensure that NTP services are working. Note that it can take several minutes before your NTP server is able to provide time services to downstream clients. First, check the stratum level of your server:
# ntpq -c rv
assID=0 status=c011 sync_alarm, sync_unspec, 1 event, event_restart,
version="ntpd email@example.com Tue Jul 6 21:50:26 UTC 2010 (1)",
leap=11, stratum=16, precision=-20, rootdelay=0.000,
rootdispersion=1.020, peer=0, refid=INIT,
reftime=00000000.00000000 Thu, Feb 7 2036 17:28:16.000, poll=6,
clock=d21d4a96.a26c5962 Fri, Sep 16 2011 14:09:58.634, state=0,
offset=0.000, frequency=0.000, jitter=0.001, noise=0.001,
If your server is still showing stratum=16, wait a few minutes and try again. It can take up to 10-15 minutes for an NTP server to stabilize sufficiently to lower its stratum level. Downstream clients will not synchronize with a server at stratum level 16.
Once the stratum level has dropped, log in to an Oracle VM Server or any available Linux host on your network and issue the following command:
# ntpdate -d manager.server.name
This will run the ntpdate in debug mode, which checks to see if the remote time server is available. If the stratum is still too high, you may see "Server dropped: strata too high". In which case, wait until the previous command shows that your stratum level has dropped from 16. A successful debug run should finish with a line similar to:
16 Sep 13:58:25 ntpdate: step time server 192.168.168.6 offset 3.009257 sec
Once you have confirmed that NTP is working, you should not need to check this again.
NTP communicates over UDP port 123. Ensure that this port is opened on your Oracle VM Manager machine. Also, NTP clients will only synchronize with servers that have a lower than 16 stratum. This will only happen several minutes after upstream synchronization has settled. Ensure that your upstream synchronization is working prior to testing downstream.