[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [hobbit] ntpdate deprecated
- To: Buchan Milne <bgmilne (at) staff.telkomsa.net>
- Subject: Re: [hobbit] ntpdate deprecated
- From: Peter Welter <peter.welter (at) gmail.com>
- Date: Wed, 11 Nov 2009 16:14:44 +0100
- Cc: hobbit (at) hswn.dk
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :from:date:message-id:subject:to:cc:content-type; bh=qRGRrxssQuQ/xhQSbuGF1RjQAhKCk/GPJq3G9EKyZrc=; b=l2oEOpPcQ8xT2UpnV0i+K0ekyKYlfCkOBxTfj6T49IiNc5fjOLj+eVWV2cDk4k7XPQ gTv/H0WnBQJzXIQFjKWzZdZ+Cywzi+vQP1HRCnyzrlIIGRvbVDfnvlvIROezAMPNKmLY TQmHHg/29cC8dC9nc+fkvziHrrOSbWGznWVG8=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; b=NIoHdKOXbfqCWz+0DE9XMoKoXefLBbRWnIJ4/1iLJsfyqdZ2vArvNNW62T6Twtaka9 ZPFmH9nK+9uhI9ycwfqhojZEiJXnNqiP3J77JttV4mzUxZdfItpTT0KThX3oSdgEPB4A y3KKYso7uGOUb1yzc1AlBe4Z/yUhijlcYhBec=
- References: <af5861d60911110300l2a45d732od87076f4be76ee7b (at) mail.gmail.com> <200911111352.18786.bgmilne (at) staff.telkomsa.net>
Hi Buchan,
Thanks for the response. I will disable the ntp-test. it's running on three
hosts and all of them report the same WARNING-output.
However, the reason I came up with this is that in our network we have some
W2K-hosts (the Domain Controllers) who have (according to Xymon) a time that
is not accurate (I'm using the CLOCK option and Xymon thinks they are
drifting too far; above threshold of 30 seconds).
I wondered: how is this determined on the Windows side? Because when we have
a look at this system, the time is correct? It looks like the time
difference between the page generation and the send time (12:38:57 -
12:37:19) = 98 seconds off (see below).
The time on the server however IS correct. I've seen it, but since the total
MSG-size for these servers is so large (a few hundreds KB to 1 or 2 MB,
because of the domain controller function, there are hundreds of open ports
- netstat output), it does take some addiotinal time for the Xymon
client/server combination, to proces?!
Can I limit this output. For example: do NOT send UDP output? That would be
a quick fix solution?
Or better: split the output in several files, since the other (netstat) info
is valuable, but it should NOT interfere with the normal functionality of
Xymon and/of its clients. So the output should be send seperately to the
server.
Regards, Peter
*Wed Nov 11 12:38:57 2009*
------------------------------
Wed Nov 11 12:37:19 2009 NOT ok
[image: yellow] System clock is 98 seconds off (max 30)
local: Wed Nov 11 12:37:19 2009
UTC: Wed Nov 11 11:37:19 2009
2009/11/11 Buchan Milne <bgmilne (at) staff.telkomsa.net>
> On Wednesday, 11 November 2009 12:00:19 Peter Welter wrote:
> > Today, I discovered the following for the ntp-test on our Xymon server:
> >
> > Service ntp on xymon is OK (up)
> >
> >
> > Command: ntpdate -u -q -p 2 132.229.84.242 2>&1
> >
> > !!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!
> >
> > The ntpdate program is deprecated and should not be used any more. To
> >
> > quote the upstream ntp developers:
> >
> > "The functionality ntpdate offered is now provided by the ntpd daemon
> > itself. If you call ntpd with the command line option -q it will
> > retrieve the current time and set it accordingly."
> >
> > Please check the Network Time Protocol (NTP) daemon man page and
> > http://support.ntp.org/bin/view/Dev/DeprecatingNtpdate
> > for further information.
> >
> > You can replace the ntpdate call with "rcntp ntptimeset" to achieve an
> > inital poll of the servers specified in /etc/ntp.conf.
> >
> > The program /usr/sbin/sntp offers comparable functionality to ntpdate.
>
> Except the option flags are totally different.
>
> >
> > Specifically
> > sntp -P no -r pool.ntp.org
> > is equivalent to
> > ntpdate pool.ntp.org
> >
> > For further details please refer to the man page of sntp.
> >
> > sntp: unable to write PID to /etc/sntp.pid
> > sntp: Permission denied
> >
> >
> >
> http://support.ntp.org/bin/view/Dev/DeprecatingNtpdate#Set_the_time_before_
> >running_ntpd
> >
> >
> > I always thought I needed to run this ntp-test to make sure the time is
> > correct on the central monitor server, to make sure that the time on
> other
> > monitored hosts is checked correctly.
> >
> > Should I
> >
> > - change the NTPDATE="ntpdate"-location in /etc/hobbit/hobbitserver.cfg
> to
> > NTPDATE="sntp -u" to make it work again?
>
> This on it's own won't be enough, as additional options are added to the
> NTPDATE path:
>
> $ grep -n -A7 NTPDATE ./bbnet/bbtest-net.c
> 991: p = xgetenv("NTPDATE");
> 992- strcpy(cmdpath, (p ? p : "ntpdate"));
> 993- for (t=service->items; (t); t = t->next) {
> 994- if (!t->host->dnserror) {
> 995- sprintf(cmd, "%s -u -q -p 2 %s 2>&1", cmdpath,
> ip_to_test(t->host));
> 996- t->open = (run_command(cmd, "no server suitable for
> synchronization", t->banner, 1, extcmdtimeout) == 0);
> 997- }
> 998- }
>
> These options aren't supported by sntp. You could hack this by modifying
> the
> options, but the long-term fix (for people who don't have sntp yet) would
> have
> to be different.
>
> > - disable the ntp-test since because it is useless for checking the
> correct
> > time on monitored hosts.
>
> NTP is not that useful for monitoring the time on monitored hosts, (the
> client's built-in check is better, see the CLOCK option for
> hobbit-clients.cfg
> thresholds), unless you are running all your hosts as ntp servers. It is
> however useful for checking whether the host believes it should be able to
> provide time services to other hosts.
>
> I only run this network test against NTP servers that other hosts use as
> time
> sources.
>
> Regards,
> Buchan
>