Configuring NTP On Solaris10
Configuring NTP On Solaris10一、
Identifying NTP Basics
Before you configure NTP, you must be aware of some basic computer clock and NTP-related concepts.
This section describes how computers keep time. This is a high-level introduction and is not meant to be all inclusive.
When the system is not running the Solaris OS, the time-of-day chip maintains basic 24-hour time.
This time is copied into a 64-bit counter used by the kernel to maintain 24-hour time for a running system.
Sun systems use a combination of an oscillator and a 64-bit counter to keep track of time.
A specific number of oscillations cause an interrupt that, if processed, will cause the counter to increment.
The Sun system central processing units (CPUs) generate the regular interrupts. By default, 100 interrupts are generated per second.
For the system’s counter to increment, the CPUs interrupt must be processed by the kernel.
Each interrupt that gets processed is known as a clock tick. However, not all interrupts get processed.
This is often due to high system loads and higher priority tasks that take precedence within the kernel.
Therefore, gradually, a clock will fall slightly behind because not all time interrupts are processed.
However, the controller boards in Sun FireTM 12k to 25k high-end servers use a real-time clock,
not the normal 100 interrupts per second method. This makes them excellent NTP servers, since the clock
does not drift as it does on a regular server or workstation. However, making them an NTP client
can cause issues with the SMS software.
Note: The 32-bit time counter would reach its limit in the year 2038. The 64-bit time counter was
started at 0 at midnight, January 1, 1970 Greenwich Mean Time (GMT). The counter will reach its
limit in about 290 million years.
Variation in the frequency of the oscillator and delays to the kernel interrupt routine cause clock drifts.
NTP disciplines the system clock frequency and time, producing more accurate timing mechanisms for the system.
Many network applications need synchronized clocks to properly function. For example:
[*]Encryption - This application often uses time as a component of encryption keys.
[*]Network management - This application uses time to determine exactly when something took place.
[*]Logging - The syslog facility uses time to display system events.
[*]File systems - Applications time stamp files when they are created or modified.
[*]Many backup applications are configured to use time as a criteria for determining backups,
[*]so that clock synchronization between the backup server and other systems is important.
[*]Cluster Nodes - Individual nodes in a Sun Cluster configuration use NTP to ensure that they all agree on the time.
Several terms are used when describing time-related topics. These terms are described in The table.
NTP Terms
Term
Description
Reference clock
A clock that provides current time by accurately following a time standard, such as Coordinated Universal Time (UTC).
Strata
NTP servers are arranged in a hierarchy of levels, called strata. A stratum-1 server is more accurate than a stratum-10 server. There are 16 strata.
Stratum-1 server
A highly available NTP server that has its own reference clock.
Resolution
The smallest increment in time that a clock offers. For example, a wristwatch usually has a resolution of one second.
Precision
The smallest increase in time that a computer program can use.
Jitter
The difference of the differences experienced when repeatedly measuring time.
Accuracy
How close a clock follows an official time reference, such as UTC.
Reliability
The length of time that a clock can remain accurate within a specified range.
Wander
All clocks suffer from frequency variations. This variation is called wander.
Drift file
A file that contains the frequency offset of the local system’s clock oscillator. Drift file contents can be used by protocols, like NTP, to cause a system’s clock to be more accurate. The default location for Sun’s NTP drift file is /var/ntp/ntp.drift.
xntpd
The NTP daemon.
The ntp.conf file
A file that causes the xntpd daemon to start in either the client or the server mode and provides configuration statements that control the behavior of the xntpd daemon.
The fudge command
You can use the fudge command in the ntp.conf file as a keyword to configure reference clocks in special ways, such as defining calibration constants to force a time offset to a particular external-time standard.
Discipline
A general term used for various actions carried out by some protocol, which helps keep a local clock better synchronized to an official time source, such as UTC.
二、
Configuring an NTP Server
The /etc/inet/ntp.server file is a template for configuring an NTP server. Copy this file to /etc/inet/ntp.conf,
and edit it to meet your network’s requirements. When viewing contents of the /etc/inet/ntp.server file, remember that an
NTP server is also an NTP client.
The xntpd daemon is started at system boot if the /etc/inet/ntp.conf file exists and the NTP service is enabled by the SMF.
The xntpd daemon starts in either the client or the server mode, depending on the contents of the ntp.conf file.
The table shows the parts of an NTP server’s configuration file and their descriptions.
NTP Configuration File Parts
Part
Description
server 127.127.1.0 prefer
The
IP address
of the preferred NTP server. In this case, the loopback
network
is used, indicating the use of a local clock. The server keyword indicates an IP address of an NTP server from which time will be received.
If the system is a stratum-1 server, then you use X in the 127.127.X.0 syntax to identify a reference clock source. If X is set to 1, the system uses its local clock as the reference clock source.
If the server is a stratum-2 (or higher), this entry is an IP address of another NTP server to contact for time information. The prefer keyword means that if multiple systems of the same strata are used to getting clock information, a preferred server is the one that is always used when performing calculations.
fudge 127.127.1.0 stratum 0
The fudge entry is available to change (fudge) the stratum that the server advertises.
broadcast 224.0.1.1 ttl 4
The address the server uses to advertise to the network along with the TTL value to use in IP datagrams.
enable auth monitor
The configuration entry that enables authentication and the monitoring facility.
driftfile /var/ntp/ntp.drift
The location of the drift file.
statsdir /var/ntp/ntpstats/
The location of NTP statistics.
keys /etc/inet/ntp.keys
The conventional name of the key file used for authentication.
trustedkey 0
The encryption identifier. (Refer to RFC 1305 for more information.)
controlkey 0
The key identifier. (Refer to RFC 1305 for more information.)
Note: Different types of facilities, such as loopstats or clockstats, can also be enabled (refer to the xntpd man page for more details).
NTP servers can, but should not, use their own undisciplined local clock as an official, reliable time source.
To use an undisciplined local clock, complete the following steps:
[*]Copy the /etc/inet/ntp.server file to the /etc/inet/ntp.conf file. # cp /etc/inet/ntp.server /etc/inet/ntp.conf
#
[*]Open the /etc/inet/ntp.conf file for editing, and change the server IP address to 127.127.1.0, where the number 1 represents the undisciplined local clock. Comment out the fudge keyword because special configuration is not needed for the local reference clock. # vi /etc/inet/ntp.conf
Change:server 127.127.XType.0
fudge 127.127.XType.0 stratum 0
to:server 127.127.1.0 prefer
# fudge 127.127.XType.0 stratum 0
Note: Choices for XType are listed in the comments of the /etc/inet/ntp.server file.
[*]Create a drift file as specified by the driftfile /var/ntp/ntp.drift entry in the /etc/inet/ntp.conf file.
# touch /var/ntp/ntp.drift
#
Note: The xntpd daemon creates the contents of the drift file dynamically.
[*]Verify that the file exists. # ls -al /var/ntp/ntp.drift
-rw-r–r– 1 root root 0 Aug 16 11:06 /var/ntp/ntp.drift
#
[*]Start the NTP daemon by using the svcadm command. # svcadm -v enable svc:/network/ntp
network/ntp enabled.
#
[*]Verify that the NTP daemon is running. # pgrep -lf ntp
1585 /usr/lib/inet/xntpd
#
7.Use the snoop utility to view NTP server multicast advertisements.
# snoop | grep -i ntp
Using device /dev/hme (promiscuous mode)
sys11 -> 224.0.1.1 NTPbroadcast (2004-08-16 11:11:52.98017)
sys11 -> 224.0.1.1 NTPbroadcast (2004-08-16 11:12:56.98017)
sys11 -> 224.0.1.1 NTPbroadcast (2004-08-16 11:14:00.98016)
sys11 -> 224.0.1.1 NTPbroadcast (2004-08-16 11:15:04.98016)
…
…
Note: Notice the 64-second interval between NTP advertisements sent out. This is due to the NTP polling value of 6; 26 is 64. The polling value can be seen by using the snoop -v command.
Configure the Stratum
You can configure the stratum of an NTP server manually by editing the fudge entry in the /etc/inet/ntp.conf file.
This is useful when you do not have access to an external NTP server and you have to synchronize with another system manually.
When a local clock is configured to act as an accurate source of time, NTP detects this.
Systems that use their own clock as a time source advertise themselves as a stratum-4 server by default.
However, the fudge keyword can be used to alter this behavior. The fudge configuration entry can use
the stratum option to override the stratum level sent out with the NTP server’s time advertisements.
Note: The snoop utility output includes the stratum level of the server. NTP servers and clients that
are in the process of synchronization have a stratum level of 0 (zero) initially, until they establish
their correct stratum level.
Determine which NTP servers are reachable by your NTP server.
Refer to http://www.eecis.udel.edu/~mills/ntp/servers.html for links to lists of public NTP servers.
You must notify the NTP server’s administrators of your intention to use their NTP server as a reference server
so that the administrator can properly size NTP servers for the additional NTP load.
To use external NTP reference servers, complete the following steps:
[*]Copy the /etc/inet/ntp.server file to the /etc/inet/ntp.conf file. # cp /etc/inet/ntp.server /etc/inet/ntp.conf
#
[*]Open the /etc/inet/ntp.conf file for editing, and change the server entry. Comment out the fudge keyword because special configuration is not needed for an external reference clock. # vi /etc/inet/ntp.conf
Change:server 127.127.XType.0
fudge 127.127.XType.0 stratum 0
to:server external-time-server-a
server external-time-server-b
server external-time-server-c
# fudge 127.127.XType.0 stratum 0
[*]Create a drift file as specified by the driftfile /var/ntp/ntp.drift entry in the /etc/inet/ntp.conf file. # touch /var/ntp/ntp.drift
#
[*]Verify that the file exists. # ls -al /var/ntp/ntp.drift
-rw-r–r– 1 root root 0 Aug 16 14:41 /var/ntp/ntp.drift
#
[*]Start the NTP daemon by using the svcadm command. # svcadm -v svc:/enable network/ntp
network/ntp enabled.
[*]Check to see if the NTP daemon is running. # pgrep -lf ntp
1595 /usr/lib/inet/xntpd
#
Note: NTP servers and client that are synchronizing with specific servers defined in the /etc/inet/ntp.conf
file use a 64-second polling interval initially. When time synchronization is established, the polling interval
increases to 17 minutes and 4 seconds (that is, 1024 seconds, or 210 seconds).
[*]
By default, all NTP messages are sent to the syslog facility.
[*]
To view the logged information in pseudo real-time, use the tail command with the follow (-f) option. For example:
[*]# tail -f /var/adm/messages
Aug 16 14:25:37 sys11 xntpd: 0 makes a poor control keyid
…
[*]
You can query or configure a running xntpd daemon by using the xntpdc utility, which was introduced in the Solaris 8 OS. The xntpdc command provides an extensive view of the state of the xntpd daemon. You can view statistical information interactively or on the command-line. Use the ? command to view a list of commands available inside xntpdc.
[*]# xntpdc
xntpdc> ?
Commands available:
addpeer addrefclockaddserver addtrap authinfo
broadcast clkbug clockstat clrtrap controlkey
ctlstats debug delay delrestrictdisable
dmpeers enable exit fudge help
host hostnames iostats kerninfo keyid
keytype leapinfo listpeers loopinfo memstats
monlist passwd peers preset pstats
quit readkeys requestkey reset reslist
restrict showpeer sysinfo sysstats timeout
timerstats traps trustedkey unconfig unrestrict
untrustedkey version
xntpdc>
[*]
The commands can be used to display and configure the NTP setup. For example, the sysinfo command displays information about the current configuration:
[*]xntpdc> sysinfo
system peer: instructor
system peer mode: client
leap indicator: 00
stratum: 2
precision: -14
root distance: 0.00081 s
root dispersion: 0.31441 s
reference ID:
reference time: c4cc99b1.2ce5f000Tue, Aug 17 2004 15:50:25.175
system flags: auth monitor pll stats kernel_sync
frequency: -16.000 ppm
stability: 38.345 ppm
broadcastdelay: 0.003906 s
authdelay: 0.000122 s
xntpdc> quit
#
[*]
The NTP service is started automatically at boot time if the /etc/inet/ntp.conf file exists and the NTP service was enabled by SMF. You can stop the service manually by using the svcadm command.
[*]
To stop the daemon, perform the command:
[*]# svcadm -v disable svc:/network/ntp
network/ntp disabled.
#
[*]
To start the daemon, perform the command:
[*]# svcadm -v enable svc:/network/ntp
network/ntp enabled.
#
[*]
The ntpq utility is the standard NTP query program. Use the ntpq utility to identify NTP peers on the network. For example:
[*]# ntpq
ntpq> peers
remote refid st t when poll reach delay offset disp
==============================================================================
*instructor .LCL. 1 u 29 64377 0.69 0.000 0.06
224.0.1.1 0.0.0.0 16 - - 64 0 0.00 0.000 16000.0
ntpq> exit
#
三、
Configuring an NTP Client
Configuration of an NTP client also requires the /etc/inet/ntp.conf file to be created, as it does with NTP
servers
.
To initialize the file configuration, complete the following step:
Copy the /etc/inet/ntp.client file to the /etc/inet/ntp.conf file.# cp /etc/inet/ntp.client /etc/inet/ntp.conf
#
The /etc/inet/ntp.client file contains only one entry, which configures the client to use the default multicast address to solicit for servers.# tail -1 /etc/inet/ntp.client
multicastclient 224.0.1.1
To start the NTP client daemon, perform the following:
Check to determine if the NTP daemon is running. # pgrep -lf ntp
#
Start the NTP daemon by using the svcadm command.
# svcadm -v enable svc:/
network
/ntp
network/ntp enabled.
#
The SMF NTP method, /lib/svc/method/xntp, uses the ntpdate command to synchronize the client’s clock to UTC. After the ntpdate command is executed, the xntpd daemon is started by the SMF method to maintain synchronization.# pgrep -lf ntp
1680 /usr/sbin/ntpdate -s -m 224.0.1.1
1679 /sbin/sh /etc/init.d/xntpd start
1676 /sbin/sh /etc/init.d/xntpd start
#
Note: The ntpdate command runs automatically to gather NTP inputs and to set the initial time on this
system
. The ntpdate command might perform this initial setting by means of a step or a slew. Refer to the ntpdate(1M) man page for further details.
Stop the NTP client daemon by using the svcadm command.# svcadm -v disable network/ntp
network/ntp disabled.
#
The xntpd daemon is no longer running.# pgrep -lf ntp
#四、
Troubleshooting NTP
Use a combination of tools, such as viewing system error logs and using the snoop utility, to troubleshoot NTP.Log messages result from setting the time forward on the system. The system sends out its periodic (every 64 seconds) NTP requests with the incorrect time. The NTP servers respond with the correct time. After receiving multiple updates from the NTP servers, the client changes its time and writes a message to the /var/adm/messages file.# tail -50 /var/adm/messages | grep -i ntp
Aug 17 15:21:46 sys11 ntpdate: no
server
suitable for synchronisation found yet
Aug 17 15:21:46 sys11 ntpdate: trying ttl
1 for multicast server synchronisation
Aug 17 15:21:46 sys11 ntpdate: adjust tim
e server 192.168.30.30 offset 0.004158 sec
Aug 17 15:22:48 sys11 xntpd: xntpd 3-5.93
e+sun 03/08/29 16:23:05 (1.4)
Aug 17 15:22:48 sys11 xntpd: tickadj = 5,
tick = 10000, tvu_maxslew = 495, est. hz = 100
Aug 17 15:22:48 sys11 xntpd: using kernel
phase-lock loop 0041, drift correction 0.00000
#To view NTP server multicast advertisements, use the snoop utility.# snoop port ntp
Using device /dev/hme (promiscuous mode)
sys11 -> 224.0.1.1 NTPbroadcast (2004-08-16 11:11:52.98017)
sys11 -> 224.0.1.1 NTPbroadcast (2004-08-16 11:12:56.98017)
sys11 -> 224.0.1.1 NTPbroadcast (2004-08-16 11:14:00.98016)
sys11 -> 224.0.1.1 NTPbroadcast (2004-08-16 11:15:04.98016)
-C#Clients synchronize with servers using unicast packets, as follows:[*]The NTP client sends a message to an NTP server with its idea of the local time. sys12 -> sys11 NTPclient (2004-08-17 15:24:17.32955)
Note that the client is at stratum 0 initially. It sets the correct stratum level after synchronization is established.
[*]The NTP server responds with the correct time. sys11 -> sys12 NTPserver (2004-08-17 15:24:17.32834)
[*]This exchange between the NTP server and the NTP client repeats many times. Eventually, the NTP client acknowledges that its time is incorrect. The client then takes action to change its own time, based on NTP time advertisements received from one or more NTP servers. Information about the actions taken by the NTP client is sent to the syslog facility for proper processing. sys12 -> sys11 NTPclient (2004-08-17 15:25:21.32958)
[*]The NTP server responds again with the correct time. sys11 -> sys12 NTPserver (2004-08-17 15:25:21.32839)
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u1/36549/showart_467893.html
页:
[1]