NTP server how to

 
Network Time Protocol (NTP)
It’s a protocol used to synchronize Linux system’s clock with an accurate time source. This little yet powerful tool is very important for every big network. And I have few bad experiences with this NTP. Mostly because of either I forgot to configure or ignored for the time being and forgot later.

As I am working with Eucalyptus cloud platform, NTP is a must for the system to work perfectly. It is also used in Openstack cloud platform. In Eucalyptus if you ever find that Cloud Controller and Node Controller is not talking or Node controller is not sharing resources and throwing an error it is very wise to check the NTP configuration in the first place, and make sure that all the machines are following the correct time protocol.

[EUCAERROR ] ERROR: DescribeResource() could not be invoked (check NC host, port, and credentials)

Well, for both the platforms, there are two basic installation needed, one as a server and others as clients. Commands are mostly same for all the Linux platforms.

First install NTP on the server.

$ yum install ntp

it is important that we make sure that run level is set properly

$ chkconfig ntpd on

on server lets synchronize the system clock with an outer source which is more reliable.

$ ntpdate pool.ntp.org

/etc/ntp.conf
for advanced configuration, we can set multiple sources here. Here is a very important catch. Servers who are able to figure out what time it is all on their own, without using the Internet are stratum 1 and then secondary stratum 2. for example,

ntp.amnic.net # stratum 1 timeserver
ntp.adc.am    # stratum 2 timeserver

Then if we want to restrict the access of the servers on our machine,

restrict ntp.amnic.net   mask 255.255.255.255 nomodify notrap noquery
restrict ntp.adc.am      mask 255.255.255.255 nomodify notrap noquery

noquery denies ntpq and ntpdc queries. So the time service does not get affected.
nomodify denies ntpq and ntpdc queries which attempt to modify the state of the server.
Instead of noquery, notrap will still allow queries from ntpq and ntpdc. traps are used by remote event logging programs. Traps provides a way off collecting ntpd information from another machine and require the use a special trap client program.

When the server is going to provide time to a certain network, just allow the network to query the NTP server

restrict 10.10.10.0 mask 255.255.255.0 nomodify notrap

The localhost needs to have the full access, so make sure it has no restriction keywords,

restrict 127.0.0.1

Another thing we should make sure, that if the NTP server is disconnected from the internet, the server provides time from its local system clock,

server  127.127.1.0     # local clock
fudge   127.127.1.0 stratum 10

server says that the local system clock is the timeserver, fudge is the keyword to fake the local server with a high stratum. So, when the server is connected with the internet it will still use the l33t timeserver who has the lowest stratum.

After configuration we must [re]start the NTP server,

$ service ntpd start

check if NTP server is configured properly, it’ll show all the time servers,

$ ntpq -p

To configure Linux Client just add the NTP servers IP with following,

$ ntpdate -u xxx.xxx.xxx.xxx

To check which stratum is running on NTP server,

$ ntptrace

And that’s all. If I miss something important please feel free to add in the comment.

Static IP Address Fedora 16

This is another quick post on Fedora 16. Setting up static IP address is little different from Debian based distros and also there is a slight change from the previous Fedora distros.

first check the network devices installed in the machine

$ ifconfig

for me, there is a device installed p1p1 (except lo). Now, create a network script file.

$ vi /etc/sysconfig/network-scripts/ifcfg-p1p1

and fill it up with your hardware and connection detail.

DEVICE=p1p1
BOOTPROTO=static
IPADDR=10.10.10.100
NETMASK=255.255.255.0
GATEWAY=10.10.10.2
HWADDR=94:0C:6D:86:95:F7
DNS1=8.8.4.4
DNS2=203.112.72.5
ONBOOT=yes
NM_CONTROLLED=no

I think most of the attributes are understandable. however, NM_CONTROLLED means Network Manager Controlled.

now, restart the network

$ sudo /etc/init.d/network restart

$ ping yahoo.com

….tada!!!

Enable SSH on Fedora 16

A very quick post, I needed after a fresh Fedora 16 install.

Enable sshd service.

$ systemctl enable sshd.service

start sshd service

$ systemctl start sshd.service

check sshd status if needed.

$ systemctl status sshd.service

restart sshd service, when needed.

$ systemctl restart sshd.service

stop sshd service and duck down 😛

$ systemctl stop sshd.service

well, make sure you have port 22 open.

$ system-config-firewall

….and that’s all for this quick note.