1

I have CentOS 5.5 32 bit. I have a service provider that enables NTP on their routers. They have checked and doubled check their access list and I can ping the time servers but I'm getting a strange error.I have set up NTP and my conf file looks like this:

   # Permit time synchronization with our time source, but do not
   # permit the source to query or modify the service on this system
   # restrict default kod nomodify notrap nopeer noquery
   #restrict -6 default kod nomodify notrap nopeer noquery

  '#' Permit all access over the loopback interface.  This could be tightened as well, but to do so would effect some of
 # the administrative functions.
restrict 127.0.0.1
restrict -6 ::1

# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org
#server 1.centos.pool.ntp.org
#server 2.centos.pool.ntp.org
#server 3.centos.pool.ntp.org
server 10.5.1.1 minpoll 17 maxpoll 17
server 10.50.2.2 minpoll 17 maxpoll 17

#broadcast 192.168.1.255 key 42         # broadcast server
#broadcastclient                        # broadcast client
#broadcast 224.0.1.1 key 42             # multicast server
#multicastclient 224.0.1.1              # multicast client
#manycastserver 239.255.254.254         # manycast server
#manycastclient 239.255.254.254 key 42  # manycast client

# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available.
server  127.127.1.0     # local clock

I have executed a ntpq -p command and it returns the following:

 [root@10 ~]# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 10.5.1.1        209.130.198.70   3 u  34m  36h    1   33.048  459.586   0.004
 10.50.2.2       209.130.198.70   3 u  34m  36h    1  130.797  431.009   0.004
[root@10 ~]#

showing me that it is using the time servers specified in the NTP.conf file.

When I execute the date command on one machine that's working and the machine I'm having issues with you they are 5 seconds out when comparing the time.

So why is the service ntpd restart command failing on the time server sync even though it is syncing? 

[root@10 ~]# service ntpd status
ntpd (pid  10724) is running...
[root@10 ~]# service ntpd restart
Shutting down ntpd:                                        [  OK  ]
ntpd: Synchronizing with time server:                      [FAILED]
Starting ntpd:                                             [  OK  ]
[root@10 ~]#





[root@10 ~]# chkconfig --list ntpd
ntpd            0:off   1:off   2:on    3:off   4:on    5:off   6:off
[root@10 ~]#


[root@10 ~]# cd /etc/init.d/
[root@10 init.d]# vi ntpd
[root@10 init.d]#    


 !/bin/bash
 #
 # ntpd          This shell script takes care of starting and stopping
 #               ntpd (NTPv4 daemon).
 #
 # chkconfig: - 58 74
 # description: ntpd is the NTPv4 daemon. \
 # The Network Time Protocol (NTP) is used to synchronize the time of \
 # a computer client or server to another server or reference time source, \
 # such as a radio or satellite receiver or modem.

 # Source function library.
 . /etc/init.d/functions

 # Source networking configuration.
 . /etc/sysconfig/network

 if [ -f /etc/sysconfig/ntpd ];then
    . /etc/sysconfig/ntpd
 fi

 ntpconf=/etc/ntp.conf
 ntpstep=/etc/ntp/step-tickers


      RETVAL=0
      prog="ntpd"

      sync_hwclock() {
          ARC=0
          SRM=0
         UTC=0

          if [ -f /etc/sysconfig/clock ]; then
             . /etc/sysconfig/clock


  [root@10 sysconfig]# vi /etc/sysconfig/ntpd

  # Drop root to id 'ntp:ntp' by default.
 OPTIONS="-u ntp:ntp -p /var/run/ntpd.pid"

  # Set to 'yes' to sync hw clock after successful ntpdate
  SYNC_HWCLOCK=no

 # Additional options for ntpdate
  NTPDATE_OPTIONS=""
  ~

  [root@10 sysconfig]# vi /etc/sysconfig/network

  NETWORKING=yes
  NETWORKING_IPV6=no
  HOSTNAME=10.1.1.66
Bob
  • 11
  • 2
  • Anything relevant in the logs? – BE77Y Jun 04 '15 at 10:48
  • Hi BE77Y, no nothing that I can see. Its strange as its only four machines i'm having issues with but the other 10 I have set up are working fine. – Bob Jun 04 '15 at 10:51
  • 1
    What does the start script look like? I'm guessing that at some point it'll call ntpdate to set the clock correctly to start with, and then it'll start ntpd to keep the clock from drifting. It seems to be the ntpdate command that is failing. – Jenny D Jun 04 '15 at 10:54
  • Does it also lag in general speaking among other of your services of the host? – Faron Jun 04 '15 at 11:08
  • Hi Jenny, I can run a "ntpdate -u IPOFTIMESERVER" and this executes correctly so thats definitely working. Faron, the lag is not noticeable at all. We only require this time up date everything 36 hours or so. – Bob Jun 04 '15 at 12:11
  • @Bob That's nice, but unless we *know* that this is how the start script does it, it doesn't help with the issue. That's why I asked about what the start script does. – Jenny D Jun 04 '15 at 12:43
  • @Jenny, yes that is nice. Please see outputs above in original post – Bob Jun 04 '15 at 13:23
  • What's in `/etc/ntp/step-tickers`? – MadHatter Jun 04 '15 at 13:29
  • Hi MadHatter, i've checked the step tickers file and its empty – Bob Jun 04 '15 at 13:31
  • That's probably why it's failing - you have to give it a server to `ntpdate`-sync to. Try putting the single line `10.5.1.1` in there, and see if that improves things. – MadHatter Jun 04 '15 at 13:35
  • It worked thankyou, i have checked the other 10 machines step-tickers files and they are all empty. I'm not arguing I'm merely trying to understand if the other 10 machines step-ticker files are empty why NTP is working with no issues? – Bob Jun 04 '15 at 13:42

2 Answers2

2

The time servers you are using are synced to the same (possibly local) time server. I have seen servers claiming to be stratum 0 or 1 that had time services that were days off the correct time. Depending on where they get there time service they can be of by a few seconds. My ISPs public time server is current off bu 1.8 seconds.

Setting the min poll to 36 hours will severely degrade the ability of NTP to correct your time. The fact your server is offset half a second from your time servers is the result.

Try enabling one or two of the pool servers and see if you can connect. This will provide you better time service.

BillThor
  • 27,737
  • 3
  • 37
  • 69
1

To answer your specific question, the error on service ntpd restart is caused by your having an empty /etc/ntp/step-tickers file. As you probably know, ntpd won't by default resync a system clock that's more than 20 minutes off, so most ntpd start scripts try to use ntpdate to wrench the system clock into line, before starting ntpd to keep it that way.

In your case, putting a valid server into the step-tickers file caused the error to go away.

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
MadHatter
  • 79,770
  • 20
  • 184
  • 232