I have two systems One acts as Primary/Active and has Internet connection and gets time from NTP server. The second system is Secondary/Passive and has no connection to the external world.
Primary and Secondary are connected on a private network interface eth1.
Primary has IP 169.254.10.10 Subnet: 255.255.255.248 Broadcast: 169.254.10.15
Secondary has IP 169.254.10.11 Subnet: 255.255.255.248 Broadcast: 169.254.10.15
Primary has the following ntp.conf Configuration
driftfile /var/lib/ntp/ntp.drift
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
server 91.189.94.4
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery
restrict 127.0.0.1
restrict ::1
restrict 169.254.10.0 mask 255.255.255.248
broadcast 169.254.10.15
disable auth
broadcastclient
I sync time on Secondary with only ntpdate and do not run ntpd daemon on Secondary.
on Secondary i run ntpdate -b -t 4 -p 4 -u 169.254.10.10 (Primary Interface IP)
And Ntpd server is running on Primary with the above said Configuration.
The time on Secondary is not updated and throws error
ntpdate[3636]: no server suitable for synchronization found
Thanks
Visu
Related
I'm using a Linux VM (Ubuntu 15.10) to spin up a Postgres Database, and as far as I can tell, everything should be configured right.
My firewall is disabled:
user#UBUNTUMACHINE:~$ sudo ufw status numbered Status: inactive
But it's only listening on port 22
user#UBUNTUMACHINE:~$ netstat -an | grep "LISTEN "
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp6 0 0 :::22 :::* LISTEN
If I enable the firewall, and tell it to listen to 5432, it shows up in the rules:
user#UBUNTUMACHINE:~$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
22 ALLOW IN Anywhere
22/tcp ALLOW IN Anywhere
5432/tcp ALLOW IN Anywhere
5432 ALLOW IN Anywhere
22 (v6) ALLOW IN Anywhere (v6)
22/tcp (v6) ALLOW IN Anywhere (v6)
5432/tcp (v6) ALLOW IN Anywhere (v6)
5432 (v6) ALLOW IN Anywhere (v6)
But I get the same results as above for netstat.
As far as I can tell from researching the issue, I have the correct values in my postgresql.conf file:
#------------------------------------------------------------------------------
# CONNECTIONS AND AUTHENTICATION
#------------------------------------------------------------------------------
# - Connection Settings -
listen_addresses = '*' # what IP address(es) to listen on;
# comma-separated list of addresses;
# defaults to 'localhost'; use '*' for all
# (change requires restart)
port = 5432 # (change requires restart)
and I've tried both IP ranges and specific IPs as trusted in the pg_hba.conf file.
# Database administrative login by Unix domain socket
local all postgres ident sameuser
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all md5
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local replication postgres peer
#host replication postgres 127.0.0.1/32 md5
#host replication postgres ::1/128 md5
host all all 10.0.0.0/255 trust
host all all 10.11.0.0/255 trust
host all all 0.0.0.0/0 trust
Lastly, Postgres is running, per
user#UBUNTUMACHINE:~$ sudo service postgresql status
● postgresql.service - PostgreSQL RDBMS
Loaded: loaded (/lib/systemd/system/postgresql.service; enabled; vendor preset: enabled)
Active: active (exited) since Wed 2017-03-08 11:09:57 CST; 57min ago
Process: 787 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 787 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/postgresql.service
Mar 08 11:09:57 UBUNTUMACHINEsystemd[1]: Starting PostgreSQL RDBMS...
Mar 08 11:09:57 UBUNTUMACHINEsystemd[1]: Started PostgreSQL RDBMS.
Mar 08 11:32:21 UBUNTUMACHINEsystemd[1]: Started PostgreSQL RDBMS.
Mar 08 11:32:26 UBUNTUMACHINEsystemd[1]: Started PostgreSQL RDBMS.
The log is telling me invalid CIDR mask in address 10.0.0.0/255
:: 255 might be larger than 32
Postgres refuses to start, because it refuses the netmask /255 which islarger than the possible number of bits in the (32 bits) IP-address. You could consider this to be a bit picky for the .hba parser, but it could also be considerered a configuration error.
In any case: replace the /255 by something sensible, like /24 (or /16, since you have two of these entries) And: replace the trust by something more safe, after it appears to work.
For some strange reason unknown to me, my RPi appears to have been set incorrectly to UTC +65s. The output I receive is the following:
sudo ntpd -gq
ntpd: time set -65.706156s
I have tried stopping and restarting ntp server (no effect).
When I check the sync servers using the following command, I do receive a ping back so it's not a case of the servers not responding, or a firewall issue:
grep -P "^server" /etc/ntp.conf
server 0.debian.pool.ntp.org iburst
server 1.debian.pool.ntp.org iburst
server 2.debian.pool.ntp.org iburst
server 3.debian.pool.ntp.org iburst
ping -c 1 0.debian.pool.ntp.org
PING 0.debian.pool.ntp.org (193.1.219.116) 56(84) bytes of data.
64 bytes from tbag.heanet.ie (193.1.219.116): icmp_req=1 ttl=51 time=18.8 ms
--- 0.debian.pool.ntp.org ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 18.818/18.818/18.818/0.000 ms
I'm at a loss as to how to correct this.
UPDATE:
Running the ntpq -p command yields the following info:
remote refid st t when poll reach delay offset jitter
==============================================================================
*adsl-172-10-0-1 117.70.*.110 4 u 2 64 7 0.617 -0.070 0.109
Is this the ntp server that I'm trying to sync to - because that IP belongs to CHINANET (I don't know how or why).
I also tried to manually set the RPi time, after stopping ntp service, setting the time correctly and restarting the service.
What I noticed was that the time was correctly set for a good 5 seconds, before reverting back to it's 65s offset. So it appears that this is the issue.
Found the solution as described in post 6 of the link:
http://forum.openmediavault.org/index.php/Thread/13035-Raspberry-Pi-NTP-service-not-using-etc-ntp-conf/
Basically, connecting the RPi to the network, the DHCP server acts as the NTP server and creates a copy of the ntp.conf file in the location /var/lib/ntp/ntp.conf.dhcp
This file overrides the default /etc/ntp.conf file, so deleting it and then stopping the ntp service, performing a resync, and then starting the service is the only way to resolve this.
The command for resync is:
sudo ntpdate -b pool.ntp.org
The original issue was that the ntp server was syncing with a CHINANET server and causing a 65s offset, which I suspect is down to a misconfigured DCHP/NTP server on our network.
We are encountering clock drift issues with our MongoDB replica set running on AWS. This just seemed to start happening recently after we added additional data to the set, before then we did not really notice this issue unless the system was under heavy load. The following error is logged in the mongod.log file sporadically and the system is not under load.
To test this we have isolated a set of machines with the same dataset and not in use by our web application though the error is still occurring;
2014-12-12T13:33:51.333+0000 [rsBackgroundSync] changing sync target
because current sync target's most recent OpTime is Dec 12 13:32:42:c
which is more than 30 seconds behind member mongo1:27017 whose most
recent OpTime is 1418391230
From the above the time stamp shows that one of the mongodb replica set members is over a minute behind. The worst we have seen is 12 minutes out of sync.
This error in turn causes replication lag and we receive the notification about this from the Mongo Monitoring Service although it does correct itself.
The setup is 3 x r3.xlarge AWS Linux instances, 1 in each availability zone of the EU-West-1A region. The machines have been setup using the Mongo recommended settings with a Raid array and the cloud formation scripts provided by Mongo. The data is around 4GB in size.
We think the issue is related to the NTP sync, by default on the AWS Linux Amazon Machine Image the ntpd service is configured to go to a pool of aws ntp servers hosted on www.pool.ntp.org.
To try and rule this out we setup our own NTP server on AWS that the MongoDB servers could sync to. The issue still occurred so we changed the maxpoll and minpoll time for the ntpd service on the mongo machines to sync the time every 16 seconds from the NTP server but the error is still occurring.
We increased the MongoDB OpLog size as well to see if that would make any difference but it didn’t.
Does anyone else encounter this type of issue? Is there something we are missing?
Cheers,
Colin.
ps -ef |grep ntp;
mongodb1
ntp 5163 1 0 Dec11 ? 00:00:00 ntpd -u ntp:ntp -p /var/run/ntpd.pid -g
ec2-user 15865 15839 0 09:31 pts/2 00:00:00 grep ntp
mongodb2
ntp 4834 1 0 Dec11 ? 00:00:00 ntpd -u ntp:ntp -p /var/run/ntpd.pid -g
ec2-user 19056 19029 0 09:31 pts/0 00:00:00 grep ntp
mongodb3
ntp 5795 1 0 Dec11 ? 00:00:00 ntpd -u ntp:ntp -p /var/run/ntpd.pid -g
ec2-user 26199 26173 0 09:31 pts/0 00:00:00 grep ntp
cat /etc/ntp.conf;
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile /var/lib/ntp/drift
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict -6 ::1
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.amazon.pool.ntp.org iburst dynamic
#server 1.amazon.pool.ntp.org iburst dynamic
#server 2.amazon.pool.ntp.org iburst dynamic
#server 3.amazon.pool.ntp.org iburst dynamic
server time-server.domain.com iburst
#broadcast 192.168.1.255 autokey # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 autokey # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 autokey # manycast client
# Enable public key cryptography.
#crypto
includefile /etc/ntp/crypto/pw
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats
# Enable additional logging.
logconfig =clockall =peerall =sysall =syncall
# Listen only on the primary network interface.
interface listen eth0
interface ignore ipv6
ntpq -npcrv;
remote refid st t when poll reach delay offset jitter
==============================================================================
*172.31.14.137 91.*.*.* 3 u 557 1024 377 1.121 -0.264 0.161
associd=0 status=0615 leap_none, sync_ntp, 1 event, clock_sync,
version="ntpd 4.2.6p5#1.2349-o Sat Mar 23 00:37:31 UTC 2013 (1)",
processor="x86_64", system="Linux/3.14.23-22.44.amzn1.x86_64", leap=00,
stratum=4, precision=-23, rootdelay=23.597, rootdisp=109.962,
refid=172.31.14.137,
reftime=d83a757a.175b5fa1 Tue, Dec 16 2014 9:10:18.091,
clock=d83a77a7.82431efa Tue, Dec 16 2014 9:19:35.508, peer=27361,
tc=10, mintc=3, offset=-0.264, frequency=-13.994, sys_jitter=0.000,
clk_jitter=0.358, clk_wander=0.053
After upgrading to MongoDB 3 using the WiredTiger storage engine we do not see this issue any more.
I am trying to use dnsmasq on Linux to serve as a wifi access point. Windows 7 and an Android smart phone can connect just fine to the Linux system but my iPhone cannot. Both Windows and the iPhone authenticate just fine with wpa_supplicant, but the problem is that the iPhone never gets an ip address.
My config file is very simple for dnsmasq.conf:
# Only listen for DHCP on wlan0
interface=wlan0
# Create a dhcp range on your /24 wlan0 network with a lease time
dhcp-range=192.168.1.6,192.168.1.15,255.255.255.0,5m
# Configure DHCP
dhcp-option=3
dhcp-option=6
# Be authoritative with Windows
dhcp-authoritative
The dnsmasq debug log shows this for Windows and you can see it is successful:
dnsmasq: started, version 2.65 cachesize 150
dnsmasq: compile time options: no-IPv6 GNU-getopt DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack
dnsmasq-dhcp: DHCP, IP range 192.168.1.6 -- 192.168.1.15, lease time 5m
dnsmasq: failed to access /etc/resolv.conf: No such file or directory
dnsmasq: failed to load names from /etc/hosts: No such file or directory
dnsmasq-dhcp: DHCPREQUEST(wlan0) 192.168.1.14 24:77:03:2b:79:20
dnsmasq-dhcp: Ignoring domain global.tektronix.net for DHCP host name PC-MSP-183B
dnsmasq-dhcp: DHCPACK(wlan0) 192.168.1.14 24:77:03:2b:79:20 PC-MSP-183B
dnsmasq-dhcp: DHCPINFORM(wlan0) 192.168.1.14 24:77:03:2b:79:20
dnsmasq-dhcp: DHCPACK(wlan0) 192.168.1.14 24:77:03:2b:79:20 PC-MSP-183B
However, it shows this for the iPhone:
dnsmasq: started, version 2.65 cachesize 150
dnsmasq: compile time options: no-IPv6 GNU-getopt DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack
dnsmasq-dhcp: DHCP, IP range 192.168.1.6 -- 192.168.1.15, lease time 5m
dnsmasq: failed to access /etc/resolv.conf: No such file or directory
dnsmasq: failed to load names from /etc/hosts: No such file or directory
dnsmasq-dhcp: DHCPREQUEST(wlan0) 192.168.1.15 84:38:35:df:5f:c2
dnsmasq-dhcp: DHCPACK(wlan0) 192.168.1.15 84:38:35:df:5f:c2 iPhone
dnsmasq-dhcp: DHCPREQUEST(wlan0) 192.168.1.15 84:38:35:df:5f:c2
dnsmasq-dhcp: DHCPACK(wlan0) 192.168.1.15 84:38:35:df:5f:c2 iPhone
And it just sits there!
Any suggestions or help? Thanks!
It works with iPhone if you remove the following option:
dhcp-option=3
Comment that out and iPhone can connect.
I am running a virtualized (vmware) debian (2.6.26-2-686) which I monitor through Nagios. Lastly, I am getting the following Critical error (reported by the _check_ntp_peer_ script):
NTP CRITICAL: Server not synchronized, Offset unknown
It calls my attent
ion that none of the lines outputted by the _ntpq –no_ command has a star (*)
remote refid st t when poll reach delay offset jitter
==============================================================================
200.144.121.33 193.204.114.232 2 u 1 64 1 187.298 -34742. 32.024
146.164.53.65 200.20.186.75 2 u 2 64 1 185.574 -34716. 0.001
200.160.0.8 200.160.7.186 2 u 1 64 1 186.229 -34734. 0.001
187.49.33.13 .INIT. 16 u - 64 0 0.000 0.000 0.001
Any clue?
Here is the ntp.conf
tinker panic 0
driftfile /var/lib/ntp/ntp.drift
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
server 0.debian.pool.ntp.org iburst dynamic
server 1.debian.pool.ntp.org iburst dynamic
server 2.debian.pool.ntp.org iburst dynamic
server 3.debian.pool.ntp.org iburst dynamic
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery
restrict 127.0.0.1
restrict ::1
So, any idea of what the problem could be?
Thanks in advance,
Wilmer
I had similar problems on ubuntu and ntp. Time was drifting off dramatically and nagios reported NTP CRITICAL: Offset unknown.
Check for status of your vmware timesync
#vmware-toolbox-cmd timesync status
Disable
Enable it if you notice it is disabled.
#vmware-toolbox-cmd timesync enable
Enabled
Helped in my case. May be helpful in yours too. I think it is not in accordance with vmware best practices but it works.