2

Since the daylight saving time the Sensu monitor indicates that the NTP of multiple servers that run on Digital Ocean (DO) are out of sync (12.345404ms-98.338222ms): 

CheckNTP WARNING: NTP offset by 34.073039ms

Discussion

  1. Perhaps the NTP configuration is incorrect?

    The NTP configuration was deviating, but now the same configuration has been applied using Geerlingguy's ntp role.

  2. What will happen if the NTP server has been restarted?

    The monitor indicated that the NTP has been synced, but in a while the issue occurs again.

  3. What will happen if the NTP server will be stopped, the time is set manually and the ntp server will be started again?

    Identical to three.

  4. Perhaps the issue is related to the DO platform?

    Unknown. No solutions were found on the internet.

  5. What will happen if the nearest location while be chosen as a timeserver?

    server 0.nl.pool.ntp.org iburst
server 1.nl.pool.ntp.org iburst
server 2.nl.pool.ntp.org iburst
server 3.nl.pool.ntp.org iburst

    When the NTP server was restarted, the time was synced and later on the time was out sync again.

  6. Do the droplets sync and later on run out of sync?

Yes that seems to be the case:

enter image description here

030
  • 5,901
  • 13
  • 68
  • 110

2 Answers2

3

NTP (and SNTP) do not provide information about timezones/daylight saving. Rather, it provides a precise UTC reference clock that need to be interpreted by the client to be shown in correct local times. This means that daylight saving should have absolutely no effects on NTP clock drift/skew.

Some suggestions:

  • what NTP client are you using? RHEL7 ships with chrony, which I found to be somewhat less accurate than plain old ntpd + ntpdate

  • remove the iburst option from your ntp config file and restart your NTP client

  • be sure to use NTP servers which are reachable with low RTT (ie: you can ping fast)

  • check for network congestion

  • be sure to read NTP manpage as it really has some great documentation

Alexis Wilke
  • 2,210
  • 1
  • 20
  • 37
shodanshok
  • 47,711
  • 7
  • 111
  • 180
0

Note that from my experience, all VPN systems (not just DigitalOcean ones) make use of the master clock, a.k.a., the clock present on the running the host server. That server is already synchronized as expected (probably with NTP) and I have not seen a VPN which was not already synchronized even without NTP running.

The one issue I've noticed also is that running NTP is more often going to cause issues than the other way around (not running NTP). This is because the CPU clock may not be 100% reserved for your VPN and thus timers are not going to be as precised as expected. NTP needs the accuracy of those timers to know how to skew the system clock. However, I think that, at DigitalOcean, you always get CPUs that are reserved to you. Therefore, the timers work as expected. On my server at home where I run VirtualBox, I get completely skewed time with the CPU timers... because VirtualBox does not reserve a specific set of CPUs for each VPN it runs.

Alexis Wilke
  • 2,210
  • 1
  • 20
  • 37