Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   CentOS (http://www.linux-archive.org/centos/)
-   -   CentOs 5.6 and Time Sync (http://www.linux-archive.org/centos/513619-centos-5-6-time-sync.html)

Mailing List 04-13-2011 11:35 AM

CentOs 5.6 and Time Sync
 
Hi,

I have upgraded my Dell C151 to the latest 5.6. I have always used
ntp to sync this machine and then the rest of the machines in the
network would sync from it. Since the update I cannot keep the right
time on the machine. This is with / without ntp. I have attempted
various scenario's with no luck. I am now trying the old kernel now as I
type this out. If anyone else has any links or ideas that I should check
out It would be greatly appreciated.


Just a quick note about my setup. I do not use any gui. As
mentioned I have not had any issues with this machine and it's time
until I upgrade.


AMD Athlon(tm) 64 X2 Dual Core Processor 3800+
3gb of ram.

TIA.

Brian.

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Mailing List 04-13-2011 03:31 PM

CentOs 5.6 and Time Sync
 
On 4/13/2011 7:35 AM, Mailing List wrote:

Hi,

I have upgraded my Dell C151 to the latest 5.6. I have always used
ntp to sync this machine and then the rest of the machines in the
network would sync from it. Since the update I cannot keep the right
time on the machine. This is with / without ntp. I have attempted
various scenario's with no luck. I am now trying the old kernel now as
I type this out. If anyone else has any links or ideas that I should
check out It would be greatly appreciated.


Just a quick note about my setup. I do not use any gui. As
mentioned I have not had any issues with this machine and it's time
until I upgrade.


AMD Athlon(tm) 64 X2 Dual Core Processor 3800+
3gb of ram.

TIA.

Brian.


Just to follow up, I had switched to the old kernel before the 5.6
upgrade, and at this time my clock is working flawlessly.


kernel v. 2.6.18-194.32.1.el5 Works as it should...
kernel v. 2.6.18-238.5.1.el5 I cannot get my clock accurate.

If there is anything I can do to help solve this IE: information or
test. please let me know.At this point I will just make the old kernel
default boot until there is a kernel update where which I will try again.


Brian.

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Rob Kampen 04-13-2011 05:08 PM

CentOs 5.6 and Time Sync
 
Mailing List wrote:

On 4/13/2011 7:35 AM, Mailing List wrote:

Hi,

I have upgraded my Dell C151 to the latest 5.6. I have always used
ntp to sync this machine and then the rest of the machines in the
network would sync from it. Since the update I cannot keep the right
time on the machine. This is with / without ntp. I have attempted
various scenario's with no luck. I am now trying the old kernel now
as I type this out. If anyone else has any links or ideas that I
should check out It would be greatly appreciated.


Just a quick note about my setup. I do not use any gui. As
mentioned I have not had any issues with this machine and it's time
until I upgrade.


AMD Athlon(tm) 64 X2 Dual Core Processor 3800+
3gb of ram.

TIA.

Brian.


Just to follow up, I had switched to the old kernel before the 5.6
upgrade, and at this time my clock is working flawlessly.


kernel v. 2.6.18-194.32.1.el5 Works as it should...
kernel v. 2.6.18-238.5.1.el5 I cannot get my clock accurate.


there are two other 238 kernels - do they show the same behavior?
If there is anything I can do to help solve this IE: information or
test. please let me know.At this point I will just make the old kernel
default boot until there is a kernel update where which I will try again.


Brian.

------------------------------------------------------------------------

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Mailing List 04-13-2011 06:42 PM

CentOs 5.6 and Time Sync
 
On 4/13/2011 1:08 PM, Rob Kampen wrote:




there are two other 238 kernels - do they show the same behavior?


I will install kernel-2.6.18-238.5.1.el5.centos.plus and let the list
know how it goes. I totally forgot that there was a Plus repo. I
actually had it disabled.


Brian.

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Cal Webster 04-13-2011 06:50 PM

CentOs 5.6 and Time Sync
 
On Wed, 2011-04-13 at 13:08 -0400, Rob Kampen wrote:
> Mailing List wrote:
> > On 4/13/2011 7:35 AM, Mailing List wrote:
> >> Hi,
> >>
> >> I have upgraded my Dell C151 to the latest 5.6. I have always used
> >> ntp to sync this machine and then the rest of the machines in the
> >> network would sync from it. Since the update I cannot keep the right
> >> time on the machine. This is with / without ntp. I have attempted
> >> various scenario's with no luck. I am now trying the old kernel now
> >> as I type this out. If anyone else has any links or ideas that I
> >> should check out It would be greatly appreciated.
> >>
> >> Just a quick note about my setup. I do not use any gui. As
> >> mentioned I have not had any issues with this machine and it's time
> >> until I upgrade.
> >>
> >> AMD Athlon(tm) 64 X2 Dual Core Processor 3800+
> >> 3gb of ram.
> >>
> >> TIA.
> >>
> >> Brian.
> >
> > Just to follow up, I had switched to the old kernel before the 5.6
> > upgrade, and at this time my clock is working flawlessly.
> >
> > kernel v. 2.6.18-194.32.1.el5 Works as it should...
> > kernel v. 2.6.18-238.5.1.el5 I cannot get my clock accurate.
> >
> there are two other 238 kernels - do they show the same behavior?
> > If there is anything I can do to help solve this IE: information or
> > test. please let me know.At this point I will just make the old kernel
> > default boot until there is a kernel update where which I will try again.
> >
> > Brian.

You don't say what version of ntp you are using or whether the system in
question can access the Internet.

Should be: ntp-4.2.2p1-9.el5.centos.2.1.i386


[Refs]

http://www.ntp.org/
http://support.ntp.org/bin/view/Support/WebHome
http://www.eecis.udel.edu/~mills/ntp/html/index.html
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Deployment_Guide/s1-dateconfig-ntp.html
/usr/share/doc/ntp-<version>/ntpd.htm


[Main config files]

/etc/ntp.conf
/var/lib/ntp/drift
/etc/ntp/step-tickers


[Time Sources]

Three time sources you can use for your ntpd:

1. Public or corporate NTP servers

If you have an Internet connection using a public ntp pool is the
simplest.

http://www.pool.ntp.org/en/use.html

2. An accurate external reference clock

http://doc.ntp.org/4.2.0/refclock.html

Use if you need microsecond or better accuracy and you've got time and
money to setup.

3. Undisciplined local clock on a local computer

http://doc.ntp.org/4.2.0/drivers/driver1.html

This is what I use. You can use this if a few seconds off every few
months is less important than all clients being in sync. If it drifts at
least all clients will drift with it. You can compensate easily for
minor drift too.

As long as all clocks are synced to the same source you should be able
to tolerate being off by even a few minutes from the "real" time. Some
networked services such as Kerberos cannot tolerate differences in time
stamps between client and server. You'll get lots of seemingly arbitrary
faults and errors with AD Windows Domains and Linux-based directory
authentication and such if all participants are not time-synced.



Sounds like you're using your system clock.

Here's how my isolated networks are configured:

[Primary server]

Machine with most stable system clock - uses system clock, compensating
for calculated drift in /var/lib/ntp/drift.

[Secondary servers]

One main RHEL/CentOS server in each of 3 buildings uses primary ntp
server as master and sister servers as peers.

[Clients]

CentOS, Windoze DC, Windows stand-alone, and Unix configured to sync
with secondary ntp servers using the closest first.



[Using undisciplined system clock]


Best way to determine most stable clock is to:

1. turn ntpd off
2. Sync time with accurate server
I use http://wwp.greenwichmeantime.com/time-zone/usa/eastern-time/
3. Wait days or weeks to check system time against same source
4. Calculate and set drift
5. Start ntpd
6. Check against same time source periodically... every few weeks at
first until it's as close as you can get it.
7. Adjust frequency offset and drift values for local (system) clock
8. Start ntpd and use this as "server" in secondary servers.

Sync secondary servers or just clients off this primary.




There are many ways to configure and implement ntp. You should study the
references and determine which options are best for your specific needs.


If you wish I can provide sample ntp.conf files, and details of my
calibration process. I'm kind of busy right now but I'll throw something
together as time permits and forward if you want.

./Cal






_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Cal Webster 04-13-2011 06:55 PM

CentOs 5.6 and Time Sync
 
On Wed, 2011-04-13 at 14:42 -0400, Mailing List wrote:
> On 4/13/2011 1:08 PM, Rob Kampen wrote:
> >>
> >
> > there are two other 238 kernels - do they show the same behavior?
>
> I will install kernel-2.6.18-238.5.1.el5.centos.plus and let the list
> know how it goes. I totally forgot that there was a Plus repo. I
> actually had it disabled.
>
> Brian.

That's probably not what you want. See this first:

http://wiki.centos.org/AdditionalResources/Repositories/CentOSPlus?highlight=%28centosplus%29




_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Mailing List 04-13-2011 07:10 PM

CentOs 5.6 and Time Sync
 
On 4/13/2011 2:50 PM, Cal Webster wrote:


You don't say what version of ntp you are using or whether the system in
question can access the Internet.

Should be: ntp-4.2.2p1-9.el5.centos.2.1.i386


[Refs]

http://www.ntp.org/
http://support.ntp.org/bin/view/Support/WebHome
http://www.eecis.udel.edu/~mills/ntp/html/index.html
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Deployment_Guide/s1-dateconfig-ntp.html
/usr/share/doc/ntp-<version>/ntpd.htm


[Main config files]

/etc/ntp.conf
/var/lib/ntp/drift
/etc/ntp/step-tickers


[Time Sources]

Three time sources you can use for your ntpd:

1. Public or corporate NTP servers

If you have an Internet connection using a public ntp pool is the
simplest.

http://www.pool.ntp.org/en/use.html

2. An accurate external reference clock

http://doc.ntp.org/4.2.0/refclock.html

Use if you need microsecond or better accuracy and you've got time and
money to setup.

3. Undisciplined local clock on a local computer

http://doc.ntp.org/4.2.0/drivers/driver1.html

This is what I use. You can use this if a few seconds off every few
months is less important than all clients being in sync. If it drifts at
least all clients will drift with it. You can compensate easily for
minor drift too.

As long as all clocks are synced to the same source you should be able
to tolerate being off by even a few minutes from the "real" time. Some
networked services such as Kerberos cannot tolerate differences in time
stamps between client and server. You'll get lots of seemingly arbitrary
faults and errors with AD Windows Domains and Linux-based directory
authentication and such if all participants are not time-synced.



Sounds like you're using your system clock.

Here's how my isolated networks are configured:

[Primary server]

Machine with most stable system clock - uses system clock, compensating
for calculated drift in /var/lib/ntp/drift.

[Secondary servers]

One main RHEL/CentOS server in each of 3 buildings uses primary ntp
server as master and sister servers as peers.

[Clients]

CentOS, Windoze DC, Windows stand-alone, and Unix configured to sync
with secondary ntp servers using the closest first.



[Using undisciplined system clock]


Best way to determine most stable clock is to:

1. turn ntpd off
2. Sync time with accurate server
I use http://wwp.greenwichmeantime.com/time-zone/usa/eastern-time/
3. Wait days or weeks to check system time against same source
4. Calculate and set drift
5. Start ntpd
6. Check against same time source periodically... every few weeks at
first until it's as close as you can get it.
7. Adjust frequency offset and drift values for local (system) clock
8. Start ntpd and use this as "server" in secondary servers.

Sync secondary servers or just clients off this primary.




There are many ways to configure and implement ntp. You should study the
references and determine which options are best for your specific needs.


If you wish I can provide sample ntp.conf files, and details of my
calibration process. I'm kind of busy right now but I'll throw something
together as time permits and forward if you want.

./Cal






_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos



The ntp server does connect to the internet fine. the version of
ntp is as follows.


ntp-4.2.2p1-9.el5.centos.2.1

The time is not off by a matter of minutes or I would not crab so
much. It gets to the point of being more then an hour off after setting
it. And also Dovecot dies after setting the tuime so much.


As I had posted before, I never had any issue with the sync till I
updated to 5.6. And whe I rolled it back to the old kernel time and sync
went along flawlessly.


Brian.

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Cal Webster 04-13-2011 07:35 PM

CentOs 5.6 and Time Sync
 
On Wed, 2011-04-13 at 15:10 -0400, Mailing List wrote:
> On 4/13/2011 2:50 PM, Cal Webster wrote:
[snip]
>
> The ntp server does connect to the internet fine. the version of
> ntp is as follows.
>
> ntp-4.2.2p1-9.el5.centos.2.1
>
> The time is not off by a matter of minutes or I would not crab so
> much. It gets to the point of being more then an hour off after setting
> it. And also Dovecot dies after setting the tuime so much.
>
> As I had posted before, I never had any issue with the sync till I
> updated to 5.6. And whe I rolled it back to the old kernel time and sync
> went along flawlessly.
>
> Brian.

I'm running the same kernel and ntp versions and I'm having no problems
at all on ntp servers or clients.

If my previous suggestions didn't help maybe you could share contents of
the following files and output of some commands so the list can see what
you've got.

/etc/ntp.conf
/etc/ntp/ntpservers
/etc/ntp/step-tickers
/var/lib/ntp/drift


grep ntpd /var/log/messages*
(please remove repeated messages for clarity)

Most recent entries in /var/log/ntpd.log

SELinux could also be playing a role.

Are you running SELinux enabled, permissive, or disabled?
What mode was it running before it stopped working?
Are there any possibly related "avc" messages in /var/log/messages
or /var/audit/audit.log?

./Cal










_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Daniel J Walsh 04-13-2011 08:00 PM

CentOs 5.6 and Time Sync
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/13/2011 03:35 PM, Cal Webster wrote:
> On Wed, 2011-04-13 at 15:10 -0400, Mailing List wrote:
>> On 4/13/2011 2:50 PM, Cal Webster wrote:
> [snip]
>>
>> The ntp server does connect to the internet fine. the version of
>> ntp is as follows.
>>
>> ntp-4.2.2p1-9.el5.centos.2.1
>>
>> The time is not off by a matter of minutes or I would not crab so
>> much. It gets to the point of being more then an hour off after setting
>> it. And also Dovecot dies after setting the tuime so much.
>>
>> As I had posted before, I never had any issue with the sync till I
>> updated to 5.6. And whe I rolled it back to the old kernel time and sync
>> went along flawlessly.
>>
>> Brian.
>
> I'm running the same kernel and ntp versions and I'm having no problems
> at all on ntp servers or clients.
>
> If my previous suggestions didn't help maybe you could share contents of
> the following files and output of some commands so the list can see what
> you've got.
>
> /etc/ntp.conf
> /etc/ntp/ntpservers
> /etc/ntp/step-tickers
> /var/lib/ntp/drift
>
>
> grep ntpd /var/log/messages*
> (please remove repeated messages for clarity)
>
> Most recent entries in /var/log/ntpd.log
>
> SELinux could also be playing a role.
>
> Are you running SELinux enabled, permissive, or disabled?
> What mode was it running before it stopped working?
> Are there any possibly related "avc" messages in /var/log/messages
> or /var/audit/audit.log?
>
> ./Cal
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
The avc messages are in /var/log/audit/audit.log

ausearch -m avc -ts recent

Will also show you recent AVC messages.

audit2allow -la

will search for any avc message in /var/log/audit/audit.log or
/var/log/messages since the last policy load.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk2mAMgACgkQrlYvE4MpobOfmwCgu5L08ChIqf uUpUEtF8z2yg8Z
Ei4AmwU3l1j1gwLwQuiB2/YJ42WjR0Pm
=kz3z
-----END PGP SIGNATURE-----
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Cal Webster 04-13-2011 08:12 PM

CentOs 5.6 and Time Sync
 
On Wed, 2011-04-13 at 16:00 -0400, Daniel J Walsh wrote:
[snip]
> The avc messages are in /var/log/audit/audit.log
>
> ausearch -m avc -ts recent
>
> Will also show you recent AVC messages.
>
> audit2allow -la
>
> will search for any avc message in /var/log/audit/audit.log or
> /var/log/messages since the last policy load.

Thanks for correcting me and providing the additional tools for the OP
to use. I sometimes mis-type when in a hurry.

I'd use caution with audit2allow, though, as this tool only shows you
what to do to get rid of the avc denial message(s). It makes no
judgement whether the resulting policy will be appropriate or safe.

./Cal

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


All times are GMT. The time now is 08:43 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.