0

Daylight Saving Time is coming soon so I would like to face with problem with NTP. I've got around 500 devices which should be synchronized through NTP.

DST is good oportunity to perform it becouse of possible downtime. The question is if Y'all guys have some ideas how to perform it over 500 devices on one time.

I was thinking about perform it through Ansible but I am not an expert of it so maybe You've got any other good ideas?

Thanks in advance

Servers: Windows 2012 R2 Windows 2016 R2 CentOS 7.x

--- Server's are not connected to the Domain.

NTP Server: Windows Server 2016 R2

Theo
  • 31
  • 5
  • Does this answer your question? [How do you configure Authoritative Time Service in Group Policy so all the domain members use the domain controller with the PDC FSMO role?](https://serverfault.com/questions/226761/how-do-you-configure-authoritative-time-service-in-group-policy-so-all-the-domai) – Gerald Schneider Oct 15 '20 at 10:34
  • 1
    What relation does NTP have to DST? One works in universal time, the other is a setting on the local computer. – TomTom Oct 15 '20 at 10:50
  • Meh, During DST I've possibility to reconfigure NTP settings and synchronize all servers without interrupt DB's / Application's, so no - it deosn't have any relation. – Theo Oct 15 '20 at 10:59
  • 1
    You have 500 unmanaged servers? I think configuring NTP is the least of your problems. – Gerald Schneider Oct 15 '20 at 11:15
  • @Gerald - I wouldn't say unamanaged. Most of them are running the same way (policies, application etc). There is no reason to keep them in domain. And no - I don't have many problems with them so NTP is one of major topics to me at the moment ;-) Feel free to share with me Your idea to solve my 'problem'. ;-)))) – Theo Oct 15 '20 at 12:13
  • 1
    No, you need to pick the automation tool. Only you know why you are disqualifying AD DS and Ansible, and only you can select something based on your criteria. – John Mahowald Oct 16 '20 at 17:27

2 Answers2

2

On windows I hav heard that you do such changes using windows management tools in the domain. Not sure about that. I see a comment from Gerald Schneider about that.

For Linux, you can do manually on one machine and prepare an ansible playbook or a script even. Here's some random howto from the internet (it is for debian based distro but things are similar on CentOS). Also CentOS supports chronyd which is in some situations better, perhaps for servers it doesn't matter whether you use ntpd or chronyd.

Now what I'd suggest to you is to perform the changes in chunks. If you apply change to 500 machines at the same time, many things can go wrong. You shouldn't need downtime to apply NTP config.

Agood way to avoid issues is to first check which servers have a too big time difference, where you could expect more troubles. But it is very much application dependent.

akostadinov
  • 1,178
  • 1
  • 9
  • 18
  • Thanks for the anwser. Most of our server's are not in the domain so I can't force it through WMT. Regarding downtime I was thinking about down DB service. Performing it in chunks seems good and probably I will go that way. – Theo Oct 15 '20 at 11:08
2

A couple of ideas:

  • I'd recommend not making a large change with unknown impact to 500 machines at once.
  • Test out whatever you come up with on maybe 5 servers of each "type", whatever you decide is a good category is fine, just as long as you have around 5 categories of diverse servers.
  • Consider running NTP on something other than Windows, and check that your server actually supports NTP and not just SNTP.
  • Ansible is usually a good choice for these kinds of operations, and supports Windows as well.
  • Adding servers in production to Active Directory isn't something that's usually a good idea (especially if the run MSSQL), but it's probably a good idea going forward to add any new servers to AD as that's the management tool of choice for Windows.
  • I'd leave database servers to the very last in your migration to NTP, as they are usually the most sensitive to time changes, pay especially close attention to any servers that have clock very far off from "real time", as installing NTP on them can cause NTP to step time, instead of slewing it, aka. forcefully changing the clock to the correct time instead of just speeding it up or slowing it down so it'll reach "correct time" over time.
Stuggi
  • 3,506
  • 4
  • 19
  • 36
  • 1
    Thank you for Your insights, I am going to perform it by few groups. And try to adjust time group by group through Ansible. Many of servers are using MSSQL that's why it isn't connected to AD. Anyway, Your reply is helpfully, thank You. – Theo Oct 20 '20 at 15:30