AdSense Mobile Ad

Wednesday, November 12, 2008

Configuring NTP server and client on Solaris 10 and Solaris 11

One of the task which often performed during the setup of a machine is the setup of the NTP daemon.

NTP is one of the oldest internet protocol still in use and it allows the synchronization of computer clocks distributing UTC (Coordinated Universal Time) over the network. NTP design is focused on compensating the variable latency of the network.

A machine may be an NTP client or an NTP server. Roughly, an NTP client it's a machine that uses the NTP protocol to synchronize its clock and an NTP server it's a machine that provides NTP client the information needed to synchronize their clocks. An NTP server often uses other NTP servers to keep its own clock in sync.

This blog post has been slightly updated to accomodate some minor modifications to support Solaris 11.

NTP on Solaris 10 and Solaris 11

Solaris 10 introduced the SMF framework (to simplify and enhance the service management tasks in Solaris environments) and the NTP service is now managed by SMF. Solaris ships with an NTP daemon, ntpd, configured via SMF (svc:/network/ntp:default) and a bunch of sample ntp.conf files to quickly configure a machine as a client or as a server.

# svcs ntp
STATE  STIME   FMRI
online 0:43:33 svc:/network/ntp:default

Solaris 11 only ships with NTP v. 4, while your Solaris 10 installation may ship with both. In this case, the NTP v. 4 service is identified by the name ntp4. I suggest you always use the latest version. As we'll see in the following sections, NTP v. 4 offers you more flexibility when configuring your server.


Configuring a client

If your machine is just a client, you can just pick the /etc/inet/ntp.client and copy it to /etc/inet/ntp.conf. The default client configuration it's just a one-liner:

multicastclient 224.0.0.1


This configuration, as explained in the same file, it's a passive configuration for a host that just listens for NTP server putting packets on the NTP multicast network, 224.0.0.1.

Obviously, if your machine it's in a LAN without an NTP server, you're probably never going to receive such a packet, and you should use some public NTP server instead.

Using a server from a pool

I personally recommend using random servers from an NTP pool such as pool.ntp.org. In the official website of the NTP Pool Project you can find instruction about using the pool or picking up some server from the list they maintain. Pools maintained by the NTP Pool Project are organized in geographical hierarchy so that, for example, you can use server from a continent-level pool or, where available, from a country-level pool. The recipe is always the same: the nearer, the quicker and the better. In the case of the NTP protocol, moreover, the nearer the server you use, the more accurate the synchronization.

In my case, I'm using the European pool europe.pool.ntp.org and my configuration file contains:

server 0.europe.pool.ntp.org
server 1.europe.pool.ntp.org
server 2.europe.pool.ntp.org
server 3.europe.pool.ntp.org

Normally NTP requires a poll period to elapse before starting synchronizing your clock. If you want NTP to start immediately, which you most probably will if you're configuring a desktop environment, you can take advantage of iburst keyword, introduced in NTP v. 4: it instructs NTP to start the synchronization almost right away.

server 0.europe.pool.ntp.org iburst
server 1.europe.pool.ntp.org iburst
server 2.europe.pool.ntp.org iburst
server 3.europe.pool.ntp.org iburst

Another option, instead of manually maintaining multiple server lines, is using the pool keyword. The difference between the two is subtle and may be very convenient to use: server just tells NTP to use the first IP address returned by the DNS lookup, while pool tells NTP to use them all.

Beware that iburst and pool are NFS v. 4 specific keywords: make sure you're configuring NTP implementation corresponding to the syntax you're using.

Setting up the drift file

The only thing left to set up it's just the drift file location, which in my case it's:

driftfile /var/ntp/ntp.drift

Starting the service

Once your ntp.conf is set up, you can start (or restart) the ntp service:

# svcadm restart ntp
# svcs ntp
STATE  STIME   FMRI
online 0:43:33 svc:/network/ntp:default

In case you're wondering: there's no need to run the ntpdate command. The SMF scripts of the NTP service takes care of all (in this case, during the execution of the start method).

Querying the service

Once the service is running, you can check which server you're using with ntpq:


$ ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
+dns2.vnet.sk    195.113.144.201  2 u  122  128  377   90.907    5.002   0.678
*ptbtime1.ptb.de .PTB.            1 u   26  128  377   91.754    2.971   2.715
-ntppub.le.ac.uk 158.43.192.66    2 u  105  128  377   76.720   10.182   3.701
+mx-dub.bofh.so  193.1.31.66      2 u   84  128  377   70.090    8.049   0.549

You'll get a similar output. After a while, your query will output similar results. The server prefixed with an asterisk is the server you're synchronizing with. If you don't get an asterisk after a while, probably no NTP server is reachable, which is probably due to a firewall which is blocking UDP port 123.

The difference between your clock and the data provided by NTP servers can be examined by catting the drift file:

# cat /var/ntp/ntp.drift -50.645

Setting up an NTP server

Now that you have an NTP client running, you'll probably want to setup all of your machines. If you're in a LAN, you can setup an internal NTP server which will provide data to other clients on your LAN. As before, you can take inspiration from the server configuration file shipped with Solaris 10 or Solaris 11, /etc/inet/ntp.server. After setting up the drift file and the clients you're going to use, you can examine the other options and fine-tune them at your taste. Let's give a quick look at it.

server 127.127.XType.0

This line pretty much resembles the server statement we described in the previous sections but it's fundamentally different. The argument of the server keyword, which resembles an IP address, give NTP information about the kind of device used to provide the (supposedly) accurate time to the NTP server.

The server type and the XType value must be substituted with the correct value from the provided table (and reported in the configuration file shipped with Solaris as well):

# XType Device RefID Description

# -------------------------------------------------------
# 1 local LCL Undisciplined Local Clock
# 2 trak GPS TRAK 8820 GPS Receiver
# 3 pst WWV PSTI/Traconex WWV/WWVH Receiver
# 4 wwvb WWVB Spectracom WWVB Receiver
# 5 true TRUE TrueTime GPS/GOES Receivers
# 6 irig IRIG IRIG Audio Decoder
# 7 chu CHU Scratchbuilt CHU Receiver
# 8 parse ---- Generic Reference Clock Driver
# 9 mx4200 GPS Magnavox MX4200 GPS Receiver
# 10 as2201 GPS Austron 2201A GPS Receiver
# 11 arbiter GPS Arbiter 1088A/B GPS Receiver
# 12 tpro IRIG KSI/Odetics TPRO/S IRIG Interface
# 13 leitch ATOM Leitch CSD 5300 Master Clock Controller
# 15 * * TrueTime GPS/TM-TMD Receiver
# 17 datum DATM Datum Precision Time System
# 18 acts ACTS NIST Automated Computer Time Service
# 19 heath WWV Heath WWV/WWVH Receiver
# 20 nmea GPS Generic NMEA GPS Receiver
# 22 atom PPS PPS Clock Discipline
# 23 ptb TPTB PTB Automated Computer Time Service
# 24 usno USNO USNO Modem Time Service
# 25 * * TrueTime generic receivers
# 26 hpgps GPS Hewlett Packard 58503A GPS Receiver
# 27 arc MSFa Arcron MSF Receiver

In my case, it's just a (very) plain 1: an undiscilplined local clock.

broadcast 224.0.1.1 ttl 4

This line is the server equivalent of the multicast line seen in the default client configuration: it tells the NTP server to broadcast on the NTP multicast network.

Further readings

Complete documentation about ntp.conf syntax can be found on the xntpd man page:

# man xntpd

8 comments:

neddy said...

Once you have the NTP Server running, you could also use http://w3dt.net/tools/ntpq/ to check the NTP Server is running and public to the Internet.

Grey said...

Thanks neddy.

If you don't mind, the blog has moved to http://enrico.reacciona.es/

The post you commented can be found at http://enrico.reacciona.es/articles-1/configuringntpserverandclientonsolaris10

I'll be glad to read your comments there.

Thanks,
Enrico.

Vishnu said...

It worked for me
Thank you

Anonymous said...

Thanx for the solaris tipps, helped a linux addict :)

Anonymous said...

Thanks.
Was just able to fix an issue whose underlying problem was with the ntp client config

Anonymous said...
This comment has been removed by a blog administrator.
jrgrant said...

If you are running your Solaris instance on any form of a virtualization environment, you will want to add the configuration statement "tinker panic 0" to the first line of /etc/inet/ntp.conf. Otherwise, your ntp daemon will quit ("panic") when it sees the system clock with a large offset from the ntp source. These large offsets happen quite frequently on a virtual machine, so you need ntp to fixup the time AND you need it to work even when it thinks something is broken!

zonetop10 said...

Hi Grey
i would like restart NTP in 1 time/day.
How to do it? please provide me or suggestion this taste.
Thanks,