f



setting up simple ntp server...

Hello all,
I want to synchronize the slaves nodes of a cluster to the master node,
which is the only one connected to the outside.
The master node uses ntp to get its time to an outside source, so I just
want to redistribute it.
Here's my /etc/ntp.conf file (Linux RH 8.0):

restrict default ignore
restrict 127.0.0.1
restrict 192.168.1.0 mask 255.255.0.0 notrust nomodify notrap
server gohan.engr.colostate.edu
fudge   127.127.1.0 stratum 10
driftfile /etc/ntp/drift
broadcastdelay 0.008
authenticate no
keys        /etc/ntp/keys

The slaves are on 192.168.1.0/16 and gohan is the outside time server.
Here's what I get:

Master# ntpq -p
     remote           refid      st t when poll reach   delay   offset
jitter
 gohan.engr.colo 0.0.0.0         16 u    -   64    0    0.000    0.000
4000.00

Master# ntpq -c as
ind assID status  conf reach auth condition  last_event cnt
  1 64252  8000   yes   yes  none    reject

Slave1# ntpq -p neumann
     remote           refid      st t when poll reach   delay   offset
jitter
 129.82.224.96   0.0.0.0         16 u    -   64    0    0.000    0.000
4000.00

Slave1# ntpq -c as Master
ind assID status  conf reach auth condition  last_event cnt
  1 64252  8000   yes   yes  none    reject


Why is the master unreachable ? What's missing in my config file ?
Thanks.
-- 
Guillaume Dargaud
Colorado State University - Dept of Atmospheric Science
http://www.gdargaud.net/
  "Q: How many software engineers does it take to change a lightbulb ?
  A: It can't be done; it's a hardware problem."

0
Guillaume
6/25/2003 10:28:48 PM
comp.protocols.time.ntp 4895 articles. 2 followers. Post Follow

5 Replies
700 Views

Similar Articles

[PageSpeed] 53

>Master# ntpq -p
>     remote           refid      st t when poll reach   delay   offset
>jitter
> gohan.engr.colo 0.0.0.0         16 u    -   64    0    0.000    0.000
>4000.00

reach is a bit mask of the answers that it gets back.  You aren't getting
anything back.  (Try ntpq -p gohan.engr.colostate.edu for a normal
example.)  (I'm assuming you have let it run for a while.)

There are two common ways that happens.  One is firewall rules.  The other
is restrict rules.  I don't see anything in your config file that lets
answers from gohan.engr.colostate.edu back in.  (Restrict lines
need numeric IP address, not host names.)  Adding a machine as a server or
peer doesn't automatically add it to the restrict rules.

-- 
The suespammers.org mail server is located in California.  So are all my
other mailboxes.  Please do not send unsolicited bulk e-mail or unsolicited
commercial e-mail to my suespammers.org address or any of my other addresses.
These are my opinions, not necessarily my employer's.  I hate spam.

0
hmurray
6/26/2003 3:16:37 AM
Yes, I could see in the man pages that having reach=0 is not a good thing.

> There are two common ways that happens.  One is firewall rules.  The
> other is restrict rules.  I don't see anything in your config file
> that lets answers from gohan.engr.colostate.edu back in.  (Restrict
> lines need numeric IP address, not host names.)  Adding a machine as
> a server or peer doesn't automatically add it to the restrict rules.

I'm trying to understand. Do you mean I should rewrite it something like
this ? (gohan is 192..96, but it cannot be seen from the slave nodes, that's
why I want Master to be an ntp server):

restrict default ignore
server 192.168.224.96
restrict 192.168.224.96
restrict 127.0.0.1
restrict 192.168.1.0 mask 255.255.0.0 notrust nomodify notrap
fudge 127.127.1.0 stratum 10
driftfile /etc/ntp/drift
broadcastdelay 0.008
authenticate no
keys  /etc/ntp/keys
-- 
Guillaume Dargaud
Colorado State University - Dept of Atmospheric Science
http://www.gdargaud.net/
  "If it jams, force it. If it breaks, it needed replacing anyway."

0
Guillaume
6/26/2003 6:53:41 PM
>I'm trying to understand. Do you mean I should rewrite it something like
>this ? (gohan is 192..96, but it cannot be seen from the slave nodes, that's
>why I want Master to be an ntp server):
>
>restrict default ignore
>server 192.168.224.96
>restrict 192.168.224.96

I think that will work, but I'm not a wizard on this area.

If it doesn't work, try commenting out all the restrict lines
to verify that is the problem.


-- 
The suespammers.org mail server is located in California.  So are all my
other mailboxes.  Please do not send unsolicited bulk e-mail or unsolicited
commercial e-mail to my suespammers.org address or any of my other addresses.
These are my opinions, not necessarily my employer's.  I hate spam.

0
hmurray
6/27/2003 4:03:38 PM
"Guillaume Dargaud" <USENETnospam@gdargaud.net> writes:

> Yes, I could see in the man pages that having reach=0 is not a good thing.
> 
> > There are two common ways that happens.  One is firewall rules.  The
> > other is restrict rules.  I don't see anything in your config file
> > that lets answers from gohan.engr.colostate.edu back in.  (Restrict
> > lines need numeric IP address, not host names.)  Adding a machine as
> > a server or peer doesn't automatically add it to the restrict rules.
> 
> I'm trying to understand. Do you mean I should rewrite it something like
> this ? (gohan is 192..96, but it cannot be seen from the slave nodes, that's
> why I want Master to be an ntp server):
> 
> restrict default ignore
> server 192.168.224.96
> restrict 192.168.224.96

Yes, it'll be ok.
0
Denis
6/29/2003 9:36:03 PM
> Yes, it'll be ok.

Argh, just found out that the domain name for the server was mispelled !!!
What a waste of time !

Thanks, at least I got to read a lot more of the ntp manual than I normally
would have...
-- 
Guillaume Dargaud
Colorado State University - Dept of Atmospheric Science
http://www.gdargaud.net/
  "Did anyone see my lost carrier ?"

0
Guillaume
7/1/2003 8:25:05 PM
Reply: