NTP server how to

 
Network Time Protocol (NTP)
It’s a protocol used to synchronize Linux system’s clock with an accurate time source. This little yet powerful tool is very important for every big network. And I have few bad experiences with this NTP. Mostly because of either I forgot to configure or ignored for the time being and forgot later.

As I am working with Eucalyptus cloud platform, NTP is a must for the system to work perfectly. It is also used in Openstack cloud platform. In Eucalyptus if you ever find that Cloud Controller and Node Controller is not talking or Node controller is not sharing resources and throwing an error it is very wise to check the NTP configuration in the first place, and make sure that all the machines are following the correct time protocol.

[EUCAERROR ] ERROR: DescribeResource() could not be invoked (check NC host, port, and credentials)

Well, for both the platforms, there are two basic installation needed, one as a server and others as clients. Commands are mostly same for all the Linux platforms.

First install NTP on the server.

$ yum install ntp

it is important that we make sure that run level is set properly

$ chkconfig ntpd on

on server lets synchronize the system clock with an outer source which is more reliable.

$ ntpdate pool.ntp.org

/etc/ntp.conf
for advanced configuration, we can set multiple sources here. Here is a very important catch. Servers who are able to figure out what time it is all on their own, without using the Internet are stratum 1 and then secondary stratum 2. for example,

ntp.amnic.net # stratum 1 timeserver
ntp.adc.am    # stratum 2 timeserver

Then if we want to restrict the access of the servers on our machine,

restrict ntp.amnic.net   mask 255.255.255.255 nomodify notrap noquery
restrict ntp.adc.am      mask 255.255.255.255 nomodify notrap noquery

noquery denies ntpq and ntpdc queries. So the time service does not get affected.
nomodify denies ntpq and ntpdc queries which attempt to modify the state of the server.
Instead of noquery, notrap will still allow queries from ntpq and ntpdc. traps are used by remote event logging programs. Traps provides a way off collecting ntpd information from another machine and require the use a special trap client program.

When the server is going to provide time to a certain network, just allow the network to query the NTP server

restrict 10.10.10.0 mask 255.255.255.0 nomodify notrap

The localhost needs to have the full access, so make sure it has no restriction keywords,

restrict 127.0.0.1

Another thing we should make sure, that if the NTP server is disconnected from the internet, the server provides time from its local system clock,

server  127.127.1.0     # local clock
fudge   127.127.1.0 stratum 10

server says that the local system clock is the timeserver, fudge is the keyword to fake the local server with a high stratum. So, when the server is connected with the internet it will still use the l33t timeserver who has the lowest stratum.

After configuration we must [re]start the NTP server,

$ service ntpd start

check if NTP server is configured properly, it’ll show all the time servers,

$ ntpq -p

To configure Linux Client just add the NTP servers IP with following,

$ ntpdate -u xxx.xxx.xxx.xxx

To check which stratum is running on NTP server,

$ ntptrace

And that’s all. If I miss something important please feel free to add in the comment.

Advertisements

connect: Network is unreachable

So suddenly I was getting this weird error. Don’t know the exact reason. But some forum says it may happens because of having multiple NICs.

Anyway, then I checked $ sudo netstat -nr

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
10.10.10.0      0.0.0.0         255.255.255.0   U         0 0          0 eth0

then run the following command

$ /sbin/route add -net 0.0.0.0 gw 10.10.10.1 eth0

and this time the result was different

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         10.10.10.1      0.0.0.0         UG        0 0          0 eth0
10.10.10.0      0.0.0.0         255.255.255.0   U         0 0          0 eth0

….tada!!! It started working!

Restore panel in ubuntu

Well, this was funny though, but today I messed up the top panel of my desktop 😛

So, a little search gave me some results and which actually worked for me. Just few lines of commands gave me the top panel back again.

$ gconftool-2 --shutdown
$ gconftool --recursive-unset /apps/panel
$ rm -rf ~/.gconf/apps/panel
$ pkill gnome-panel

tada!!!

Internet sharing using a gateway computer

Gateway setup:
eth0 = the network adapter with internet (IP: 10.10.10.2)
eth1 = the network adapter with client machine (IP: 192.168.20.1)
The local network card cannot have the same subnet with the internet adapter.

Now, configure the internal network card for a static IP address as you need.

Configure the NAT (Network Address Translation):
Basically, here I’ll be configuring the iptables for NAT translation so that packets can be routed through the gateway.

$ sudo iptables -A FORWARD -o eth0 -i eth1 -s 192.168.20.0/24 -m conntrack --ctstate NEW -j ACCEPT
$ sudo iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
$ sudo iptables -A POSTROUTING -t nat -j MASQUERADE

These are the iptables rules.
Rule 1: It allows the packets being forwarded
Rule 2: Allows forwarding of established connection packets
Rule 3: It does the NAT

iptables rule doesn’t save by default. It has to be saved manually.

$ sudo iptables-save | sudo tee /etc/iptables.sav

Edit the /etc/rc.local and add the following lines so that it calls that file every time when the gateway machine is booted.

iptables-restore < /etc/iptables.sav

Run the following line

sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"

Uncomment the following line from /etc/sysctl.conf

net.ipv4.ip_forward=1

Client setup:
eth0 = the network adapter with the gateway pc (IP: 192.168.20.2)

Change the gateway to the host machines IP address.

To configure DNS server edit the /etc/resolv.conf file and add ISP’s DNS servers.

nameserver xx.xx.xx.xx

And Boom!! 😀

apache2: apr_sockaddr_info_get() failed

While I was trying to restart apache from a VM, I was getting this weird error!

* Restarting web server apache2
apache2: apr_sockaddr_info_get() failed for ip-172-19-1-2
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
... waiting apache2: apr_sockaddr_info_get() failed for ip-172-19-1-2
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
[ OK ]
But the solution for this problem is problem is too simple 🙂
just try the following steps:
 sudo nano /etc/apache2/httpd.conf 
Most probably the file is empty.
Just add the following line, and done!
 ServerName localhost 

[ localhost will be the servername. ]

Switch between eth0 and eth1 in debian based system

So I bought a new NIC. Putting two NICs together I was having a little annoying problem as I had to setup mac and IP bindings every time I give a new installation. Sometimes the devices was choosing their sequences randomly. I don’t know what’s the methodology behind choosing in their architecture. But they obviously put a ways to fix it.

To change the detect the ethernet in your way just do a simple editing.

 sudo nano /etc/udev/rules.d/70-persistent-net.rules 

and change the NAME as you want it e.g. eth0 or eth1.

Reboot the machine. That’s it!

Installing Vim from source in Ubuntu

Vim can be easily found in Synaptic Package Manager. But sometimes that is the oder version. Like I need Vim 7.3 where the available version in synaptic package manager is 7.2. Then I thought I should go for the source file available on the site. I downloaded the file and tried to run as the site said. But it was showing some errors. Then I googled again to get some more idea. I found a simple process. Which says four steps after going to the vim directory:
1. ./configure
2. make
3. sudo make install
4. sudo ln -s /usr/local/bin/vim /usr/bin/vim (process 4 is optional)
But then I got a new error message telling me something like these You need to install a terminal library: for example ncurses. Or specify the name of the library with –with-tlib
This particular error informs us that we need an additional dev library to compile the file.
To get the library simply type:

sudo apt-get install libncurses5-dev

Then follow the four simple steps mentioned earlier in the post.
Now new version of Vim should be installed in your system.