Configuring NTP Services for Oracle VM 3.0

In Oracle VM 3.0, when a new Oracle VM Server is discovered by Oracle VM Manager, NTP is automatically configured and enabled on the Oracle VM Server to ensure time synchronization. Oracle VM automatically configures the Oracle VM Manager machine as the NTP time source used by the Oracle VM Servers. This post will explain how to configure NTP on your Oracle VM Manager to provide time services.

Prior to starting this process, you should ensure that your Oracle VM Manager host is either registered with the Unbreakable Linux Network (ULN) or configured to use Oracle's public yum service.  Oracle Linux 5 servers registered with ULN can use either the up2date or yum tool to install updates. If you are not registered with ULN or you are using Oracle Linux 6, you can only use the yum tool.

The following procedures  should be carried out on the Oracle VM Manager host, unless otherwise specified.

Download and Install NTP

First, ensure the NTP package is installed by running (as appropriate):

# up2date -i ntp

or

# yum install ntp

Enable Upstream Synchronization

Once NTP is installed, we need to configure it to both synchronize with upstream servers as well as provide time services to the local network. To do this, open /etc/ntp.conf with your favourite text editor. The default /etc/ntp.conf file that ships with Oracle Linux is configured to use three public NTP servers as upstream time sources. You may want to check with your network administrator if time services are provided on your corporate network and replace these entries.

To change your upstream time servers, search /etc/ntp.conf for:

server 0.rhel.pool.ntp.org
server 1.rhel.pool.ntp.org
server 2.rhel.pool.ntp.org

And replace with entries that refer to your local time server names or IP addresses.

Configuring Downstream Access

Next, we need to allow the Oracle VM Servers to synchronize with this server. To do that, we need to disable the default "noquery" option for the Oracle VM Server Management network.

Again in /etc/ntp.conf, search for the following line:

#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

Replace 192.168.1.0 with the network address for the Oracle VM Server Management network. You may also need to adjust the mask. Finally, remove the # character to uncomment this line. Once you've finished editing, save the file.

Start NTP and Check Upstream Synchronization

Once you've made the appropriate changes, start NTP by issuing the following command:

# service ntpd start

You should also set NTP to start automatically on boot:

# chkconfig ntpd on

Once NTP has started, you can check whether it has achieved upstream synchronization by using the ntpq tool:

# ntpq -p

This will output something similar to:

     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 lists2.luv.asn. 203.161.12.165   3 u   25   64    3    3.495  -3043.1   0.678
 yarrina.connect 130.95.179.80    2 u   27   64    3   26.633  -3016.1   0.797
 2402:d800:0:1:: 130.234.255.83   2 u   24   64    3    4.314  -3036.3   1.039

If everything is working properly, the delay and offset values should be non-zero and the jitter value should be below 100.

Test Downstream Synchronization

Once your NTP server is up and running, you can test from another server to ensure that NTP services are working. Note that it can take several minutes before your NTP server is able to provide time services to downstream clients. First, check the stratum level of your server:

# ntpq -c rv

assID=0 status=c011 sync_alarm, sync_unspec, 1 event, event_restart,
version="ntpd 4.2.4p8@1.1612-o Tue Jul  6 21:50:26 UTC 2010 (1)",
processor="x86_64", system="Linux/2.6.32-200.19.1.el6uek.x86_64",
leap=11, stratum=16, precision=-20, rootdelay=0.000,
rootdispersion=1.020, peer=0, refid=INIT,
reftime=00000000.00000000  Thu, Feb  7 2036 17:28:16.000, poll=6,
clock=d21d4a96.a26c5962  Fri, Sep 16 2011 14:09:58.634, state=0,
offset=0.000, frequency=0.000, jitter=0.001, noise=0.001,
stability=0.000, tai=0

If your server is still showing stratum=16, wait a few minutes and try again. It can take up to 10-15 minutes for an NTP server to stabilize sufficiently to lower its stratum level. Downstream clients will not synchronize with a server at stratum level 16.

Once the stratum level has dropped, log in to an Oracle VM Server or any available Linux host on your network and issue the following command:

# ntpdate -d manager.server.name

This will run the ntpdate in debug mode, which checks to see if the remote time server is available. If the stratum is still too high, you may see "Server dropped: strata too high". In which case, wait until the previous command shows that your stratum level has dropped from 16. A successful debug run should finish with a line similar to:

16 Sep 13:58:25 ntpdate[1603]: step time server 192.168.168.6 offset 3.009257 sec

Once you have confirmed that NTP is working, you should not need to check this  again.

Troubleshooting

NTP communicates over UDP port 123. Ensure that this port is opened on your Oracle VM Manager machine. Also, NTP clients will only synchronize with servers that have a lower than 16 stratum. This will only happen several minutes after upstream synchronization has settled. Ensure that your upstream synchronization is working prior to testing downstream.

Comments:

Hi,

Actually you need to be a bit more careful to ensure that its working correctly.

When the ntp service starts, at boot or an admin restart, the service initially runs a command 'ntpdate' which is a quick way to get your clock close to a real time. Ntpd can't sync with anything that is too far out, ntpdate fixes this. Ntpdate works with anything I have tried and is not fussy, ntp, sntp, Microsoft time. Anything.

The problem is that ntpdate only fires once, if your ntpd daemon does not latch on there and then and keep sync your times may drift, never to return. When you initially start the box/service you may think its good to go because ntpdate will get you within a second or so.

The trick is to ensure that the ntpq-p command has put an asterisk * at the beginning of one of the time sources. This will appear after about 5 minutes (reachable more than 3 times at 64 second intervals).

Check your clients do the same with your vmmanager as their source.

Do not use Microsoft in any flavour, you will lose sync.
Set your hosts timezone correctly, or you will be called at 3am when the clocks change ;-)

Regards
neil

Posted by Neil williams on November 08, 2011 at 05:13 AM PST #

Hi Neil,

The -x option in /etc/sysconfig/ntpd is set on Oracle VM Servers: this triggers ntpdate to run before ntpd starts, so that we are assured that time is synchronised properly before NTP itself starts.

Thanks,
Avi

Posted by Avi Miller on November 08, 2011 at 05:43 AM PST #

Hi Avi,

That was a lightening quick reply ;-)

Yep I do agree that ntpdate is crucial and needs to run before ntpd starts.

It's just that if you don't see an "*" at the beginning of the line when you run "ntpq -p" your time hasnt sync'ed properly using the ntpd daemon and may drift and never sync again. I like to see stars at least once ;-)

Thanks
Neil

Posted by Neil Williams on November 08, 2011 at 06:36 AM PST #

Post a Comment:
Comments are closed for this entry.
About

Get the latest scoop on products, strategy, events, news, and more, from Oracle's virtualization experts

Twitter

Facebook

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
5
6
7
8
9
10
12
13
14
15
16
17
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today