Installing and Configuring NTP on VMware ESX Server by kellena90

VIEWS: 215 PAGES: 4

									Installing and Configuring NTP on VMware ESX Server                    http://kb.vmware.com/selfservice/viewContent.do?externalId=1339&slic...



                      Installing and Configuring NTP on VMware ESX Server
         Products

         VMware ESX

         Details


         How do I install and configure NTP on an ESX Server system?



         Solution

         Note: This article was updated March 16, 2007 to add vmware to the pool designation. All examples for
         x.pool.ntp.org have been changed to x.vmware.pool.ntp.org. The last line pool.ntp.org in
         /etc/ntp/step-tickers and /etc/hosts has been removed from the examples. This line is no longer required.

         Beginning with ESX Server 2.0.1, NTP is installed by default during the installation of ESX Server. See the following
         instructions to configure this service.

         For ESX Server 2.0.0, see the instructions later in this article to install and configure NTP.

         ESX Server 2.0.1 and Later

         To configure NTP on the service console, you must:

             1. Edit the following configuration files, as described in the following sections:
                       /etc/ntp.conf
                       /etc/ntp/step-tickers
                       /etc/hosts

             2. For ESX Server 3.0 only, run the following command. This opens the appropriate ports and enables the NTP
                daemon to talk with the external server.

                [root@esxhost]# esxcfg-firewall --enableService ntpClient

             3. Restart ntpd.

         Editing /etc/ntp.conf

         Specify a pool of NTP servers to which your ESX Server system will sync (for more information about using NTP
         server pools, see http://www.pool.ntp.org/use.html).

             1. Log on to the service console as the root user.

             2. You are going to replace the content of /etc/ntp.conf, so make a backup copy of this file:

                cp /etc/ntp.conf /etc/ntp.conf.bk

             3. Edit the contents of the default /etc/ntp.conf, which the ESX Server installation creates for you, so the file
                looks like this:

                restrict 127.0.0.1
                restrict default kod nomodify notrap
                server 0.vmware.pool.ntp.org
                server 1.vmware.pool.ntp.org
                server 2.vmware.pool.ntp.org
                driftfile /etc/ntp/drift

                       restrict – The first restrict is required because ntpd needs to resolve hostname addresses via
                       the loopback network. If this entry does not exist, the system log ( /var/log/messages) will show
                       something like this:




1 of 4                                                                                                                   7/31/2008 10:30 AM
Installing and Configuring NTP on VMware ESX Server                    http://kb.vmware.com/selfservice/viewContent.do?externalId=1339&slic...



                       ntpd_initres: ntpd returns a permission denied error

                       For systems directly connected to the Internet, the second restrict line provides a basic level of
                       protection from general UDP spoofing of NTP.

                       kod – Sends a KoD packet when an access violation occurs.

                       nomodify – Denies ntpq and ntpdc queries that attempt to modify the run-time configuration of the
                       server. Queries that return information are permitted.

                       notrap – Declines to provide mode 6 control message trap service to matching hosts. The trap
                       service is a subsystem of the ntpdq control message protocol, which is intended for use by remote
                       event logging programs.

         For better protection, you may want to add noquery, which prevents remote queries, and nopeer, which prevents
         a host from trying to peer with your server and to allow a rogue server to control the clock.

         Refer to http://www.eecis.udel.edu/~mills/ntp/html/accopt.html for a full description of these access control
         commands.

         The 0, 1, and 2.vmware.pool.ntp.org names point to a random set of servers that change every hour.

         The driftfile line indicates the name of the file where the value for the system's clock drift (frequency error) is
         stored. For a more complete definition of driftfile, see http://www.eecis.udel.edu/~mills/ntp/html/notes.html.

         Editing /etc/ntp/step-tickers

         Perform the following steps as the root user on the service console.

             1. If you want, make a backup copy of your /etc/ntp/step-tickers file:

                cp /etc/ntp/step-tickers /etc/ntp/step-tickers.bk

             2. Edit /etc/ntp/step-tickers so that the file looks like the following example:

                0.vmware.pool.ntp.org
                1.vmware.pool.ntp.org
                2.vmware.pool.ntp.org

         Editing /etc/hosts

         Perform the following step as the root user on the service console.

             1. Edit /etc/hosts.

             2. Add the following list of NTP pool servers to the end of your existing hosts list.

                0.vmware.pool.ntp.org
                1.vmware.pool.ntp.org
                2.vmware.pool.ntp.org

                Adding this list of NTP servers minimizes the impact of DNS lookup failures during NTP synchronization.

         ESX 3.0 Only: Enabling NTP Client for Firewall

         As noted earlier in this article, remember to run the following command. This opens the appropriate ports and
         enables the NTP daemon to talk with the external server.

         [root@esxhost]# esxcfg-firewall --enableService ntpClient

         Restarting and Monitoring the NTP Service

         Perform these steps as root on the service console.

             1. After you have edited the previous files, restart the NTP service.




2 of 4                                                                                                                   7/31/2008 10:30 AM
Installing and Configuring NTP on VMware ESX Server                    http://kb.vmware.com/selfservice/viewContent.do?externalId=1339&slic...




                       To restart the service now, run:

                       service ntpd restart

                       To enable the NTP daemon to autostart when the server is rebooted, run:

                       chkconfig --level 345 ntpd on

             2. Now you can set the local hardware clock to the NTP synchronized local system time. Run:

                hwclock --systohc

                As ntpd successfully polls NTP servers, the kernel automatically sets the hardware clock to the system clock
                time periodically.

             3. Monitor the NTP service as desired:

                       To see the offset (in seconds) between the local clock and the source clock, run:

                       ntpdate -q time_server_name_or_ip_address

                       If the correction resulting from synchronizing the local clock with the time server is large enough, it
                       could affect the operating systems or applications running in virtual machines when they synchronize
                       their clocks with the ESX Server system on which they are running.

                       To watch the status of the ntpd process, run:

                       watch "ntpq -p"

                       Press Ctrl-c to stop watching the process.

                       Note the information in the following columns:

                              The character in the first column indicates the quality of the source.

                              The asterisk ( * ) indicates the source is the current reference.

                              remote lists the IP address or host name of the source.

                              when indicates how many seconds have passed since the source was polled.

                              poll indicates the polling interval. This value increases depending on the accuracy of the local
                              clock.

                              reach is an octal number that indicates reachability of the source. A value of 377 indicates the
                              source has answered the last eight consecutive polls.

                              offset is the time difference between the source and the local clock in milliseconds.

                       Note: If ntpq -p returns ntpq: read: Connection refused, check /var/log/messages for a more
                       detailed error message.

         Additional documentation for NTP is available at http://ntp.isc.org/bin/view/Main/DocumentationIndex.

         ESX Sever 2.0.0

         To install and configure NTP on the console operating system (service console):

             1. Log on to the console as the root user.

             2. Mount the ESX Server CD on the console:

                mount /mnt/cdrom




3 of 4                                                                                                                   7/31/2008 10:30 AM
Installing and Configuring NTP on VMware ESX Server                   http://kb.vmware.com/selfservice/viewContent.do?externalId=1339&slic...



             3. Change to the /mnt/cdrom/RedHat/RPMS directory.

             4. Install the NTP package:

                rpm -Uhv ntp-*.i386.rpm

             5. Change to the /etc directory.

             6. You should be able to find a file called ntp.conf (after the rpm installation) in the /etc directory (you
                changed into this directory in step 5). Edit this file using:

                vi ntp.conf

             7. Find the the line that reads:

                server 127.127.1.0 # local clock

                Change it to:

                server 192.6.38.127 # This is an example only

                Save the file.

             8. Create a file named step-tickers in the /etc/ntp directory. In this file, list the host name of your
                reference time server.

             9. To enable the ntp daemon to autostart when the server is rebooted, run:

                chkconfig ntpd on

           10. To start it now without rebooting, run:

                /etc/rc.d/init.d/ntpd start

                The time drift corrects after a while.

           11. Wait a few seconds (up to a minute), then run:

                ntpq -p

                This lists the current status.

           12. Use umount to unmount the ESX Server CD:

                umount /mnt/cdrom

         These examples use a source server IP address obtained from a list of open access NTP servers. You may select
         one that suits you from http://ntp.isc.org/bin/view/Servers/WebHome.



         Product Versions

         VMware ESX Server 2.1.x
         VMware ESX Server 2.5.x
         VMware ESX Server 3.0.x

         Keywords

         1339; 868; urlz; kssfeedback

         Last Modified Date: 06-09-2008 ID: 1339




4 of 4                                                                                                                  7/31/2008 10:30 AM

								
To top