| Note:This article was updated March 16,200 7 to addVMWareTo the pool designation. All examplesX.pool.ntp.orgHave been changedX.vmware.pool.ntp.org. The last linePool.ntp.orgIn/Etc/NTP/step-tickersAnd/Etc/hostsHas been removed from the examples. This line is no longer required.Beginning with ESX Server 2.0.1, NTP is installed by default during the installation of ESX Server. See the following instructions to configure this service. For ESX Server 2.0.0, see the instructions later in this article to install and configure NTP. ESX Server 2.0.1 and laterTo configure NTP on the service console, you must:
- Edit the following configuration files, as described in the following sections:
- /Etc/NTP. conf
- /Etc/NTP/step-tickers
- /Etc/hosts
- For ESX Server 3.0 only, run the following command. This opens the appropriate ports and enables the NTP daemon to talk with the external server.
[Root @ esxhost] # esxcfg-firewall -- enableservice ntpclient
- RestartNtpd.
Editing/etc/NTP. confSpecify a pool of NTP servers to which your ESX Server System will sync (for more information about using NTP server pools, see http://www.pool.ntp.org/use.html ).
- Log on to the service console as the root user.
- You are going to replace the content/Etc/NTP. conf, So make a backup copy of this file:
CP/etc/NTP. CONF/etc/NTP. conf. BK
- Edit the contents of the default/Etc/NTP. conf, Which the ESX Server Installation creates for you, so the file looks like this:
Restrict 127.0.0.1
Restrict default Kod nomodify notrap
Server 0.vmware.pool.ntp.org (IP addresses can be used)
Server 1.vmware.pool.ntp.org
Server 2.vmware.pool.ntp.org
Driftfile/var/lib/NTP/drift
- Restrict-the first restrict is required because ntpd needs to resolve hostname addresses via the loopback network. if this entry does not exist, the system log (/var/log/messages) will show something like this:
Ntpd_initres: NTPD returns a permission denied Error
For systems directly connected to the Internet, the secondRestrictLine provides a basic level of protection from General UDP spoofing of NTP.
- Kod-Sends a Kod packet when an access violation occurs.
- Nomodify-DeniesNtpqAndNtpdcQueries that attempt to modify the run-time configuration of the server. Queries that return information are permitted.
- Notrap-Declines to provide mode 6 Control Message trap service to matching hosts. The trap service is a subsystem ofNtpdqControl Message Protocol, which is intended for use by remote event logging programs.
For better protection, you may want to addNoquery, Which prevents remote queries, andNopeer, Which prevents a host from trying to peer with your server and to allow a rogue server to control the clock. Refer to http://www.eecis.udel.edu /~ Mills/NTP/html/accopt.html for a full description of these access control commands. The0,1, And2.vmware.pool.ntp.orgNames point to a random set of servers that change every hour. TheDriftfileLine indicates the name of the file where the value for the system's clock drift (frequency error) is stored. For a more complete definitionDriftfile, See http://www.eecis.udel.edu /~ Mills/NTP/html/notes.html. Editing/etc/NTP/step-tickersPerform the following steps as the root user on the service console.
- If you want, make a backup copy of your/Etc/NTP/step-tickersFile:
CP/etc/NTP/step-tickers/etc/NTP/step-tickers.bk
- Edit/Etc/NTP/step-tickersSo that the file looks like the following example:
0.vmware.pool.ntp.org (IP addresses can be used)
1.vmware.pool.ntp.org
2.vmware.pool.ntp.org
Editing/etc/hostsPerform the following step as the root user on the service console.
- Edit/Etc/hosts.
- Add the following list of NTP pool servers to the end of your existing hosts list.
0.vmware.pool.ntp.org
1.vmware.pool.ntp.org
2.vmware.pool.ntp.org
Adding this list of NTP servers minimizes the impact of DNS lookup failures during NTP synchronization.
ESX 3.0 only: Enabling NTP client for firewallas noted earlier in this article, remember to run the following command. This opens the appropriate ports and enables the NTP daemon to talk with the external server.[Root @ esxhost] # esxcfg-firewall -- enableservice ntpclientRestarting and monitoring the NTP service Perform these steps as root on the service console.
- After you have edited the previous files, restart the NTP service.
- Now you can set the local hardware clock to the NTP synchronized local system time. Run:
Hwclock -- systohc
AsNtpdSuccessfully polls NTP servers, the kernel automatically sets the hardware clock to the system clock time periodically.
- Monitor the NTP service as desired:
- To see the offset (in seconds) between the local clock and the source clock, run:
Ntpdate-QTime_server_name_or_ip_address
If the correction resulting from synchronizing the local clock with the time server is large enough, it cocould affect the operating systems or applications running in virtual machines when they synchronize their clocks with the ESX Server System on which they are running.
- To watch the status ofNtpdProcess, run:
Watch "ntpq-P"
Press ctrl-C to stop watching the process. Note the information in the following columns:
- The character in the first column indicates the quality of the source.
- The asterisk (*) Indicates the source is the current reference.
- RemoteLists the IP address or host name of the source.
- WhenIndicates how many seconds have passed since the source was polled.
- PollIndicates the polling interval. This value increases depending on the accuracy of the local clock.
- ReachIs an octal number that indicates reachability of the source. A value377Indicates the source has answered the last eight consecutive polls.
- OffsetIs the time difference between the source and the local clock in milliseconds.
Note:IfNtpq-PReturnsNtpq: Read: Connection refused, Check/Var/log/messagesFor a more detailed error message.
Additional documentation for NTP is available at http://ntp.isc.org/bin/view/Main/DocumentationIndex. ESX sever 2.0.0To install and configure NTP on the console Operating System (service console ):
- Log on to the console as the root user.
- Mount the ESX Server CD on the console:
Mount/mnt/CDROM
- Change to/Mnt/CDROM/RedHat/RPMSDirectory.
- Install the NTP package:
Rpm-uhv ntp-*. i386.rpm
- Change to/EtcDirectory.
- You shoshould be able to find a file calledNTP. conf(AfterRpmInstallation) in/EtcDirectory (you changed into this directory in step 5). Edit this file using:
Vi ntp. conf
- Find the line that reads:
Server 127.127.1.0 # local clock
Change it: Server 192.6.38.127 # this is an example only
Save the file.
- Create a file namedStep-tickersIn/Etc/NTPDirectory. In this file, list the Host Name of your reference time server.
- To enable the NTP daemon to autostart when the server is rebooted, run:
Chkconfig ntpd on
- To start it now without rebooting, run:
/Etc/rc. d/init. d/ntpd start
The time drift corrects after a while.
- Wait a few seconds (up to a minute), then run:
Ntpq-P
This lists the current status.
- UseUmountTo unmount the ESX Server CD:
Umount/mnt/CDROM
These examples use a source server IP address obtained from a list of open access NTP servers. You may select one that suits you from the http://ntp.isc.org/bin/view/Servers/WebHome. |
