在VMware中挂起VM然后取消挂起时,时间也将关闭.因为NTP在最大偏移量后没有同步,所以我正在考虑在/etc/ntp.conf中使用tinker panic 0.
导致NTP停止同步时间的默认最大偏移量为1000秒的原因是什么?我们正在使用Puppet设置NTP,我正在考虑让它在ntp.conf中设置tinker panic 0,所以NTP无论如何都会同步.这样做的缺点是什么?
解决方法
5.1.1.4. What happens if the Reference Time changes?
Ideally the reference time is the same everywhere in the world. Once synchronized,there should not be any unexpected changes between the clock of the operating system and the reference clock. Therefore,NTP has no special methods to handle the situation.
Instead,ntpd’s reaction will depend on the offset between the local clock and the reference time. For a tiny offset ntpd will adjust the local clock as usual; for small and larger offsets,ntpd will reject the reference time for a while. In the latter case the operation system’s clock will continue with the last corrections effective while the new reference time is being rejected. After some time,small offsets (significantly less than a second) will be slewed (adjusted slowly),while larger offsets will cause the clock to be stepped (set anew). Huge offsets are rejected,and ntpd will terminate itself,believing something very strange must have happened.
在我当前的NTP配置中,也由puppet控制,我强制与服务器同步,在ntp.conf文件中,使用tinker panic,以及在守护进程设置(/ etc / sysconfig / ntpd)中,如ntpd(8)中所述手册页:
-g normally,ntpd exits with a message to the system log if the offset exceeds the panic threshold,which is 1000 s by default. This option allows the time to be set to any value without restriction; however,this can happen only once. If the threshold is exceeded after that,ntpd will exit with a message to the system log. This option can be used with the -q and -x options.
我这样做是因为我可以信任我正在连接的NTP服务器.
适用于客户的模块的相关部分如下:
class ntp (
$foo
$bar
...
){
$my_files = {
'ntp.conf' => {
path => '/etc/ntp.conf',content => template("ntp/ntp.conf.$template.erb"),selrole => 'object_r',seltype => 'net_conf_t',require => Package['ntp'],},'ntp-sysconfig' => {
path => '/etc/sysconfig/ntpd',source => 'puppet:///modules/ntp/ntp-sysconfig',...
}
$my_files_defaults = {
ensure => file,owner => 'root',group => 'root',mode => '0644',selrange => 's0',selrole => 'object_r',seltype => 'etc_t',seluser => 'system_u',}
create_resources(file,$my_files,$my_files_defaults)
exec { 'ntp initial clock set':
command => '/usr/sbin/ntpd -g -q -u ntp:ntp',refreshonly => true,timeout => '-1',subscribe => File['/etc/ntp.conf'],}
}
$cat devops/puppet/modules/ntp/files/ntp-sysconfig # Drop root to id 'ntp:ntp' by default. OPTIONS="-u ntp:ntp -p /var/run/ntpd.pid -g -a"
和:
$cat devops/puppet/modules/ntp/templates/ntp.conf.RedHat.erb # HEADER: This file was autogenerated by puppet. # HEADER: While it can still be managed manually,it # HEADER: is definitely not recommended. tinker panic 0 <% server.each do |ntpserver| -%> server <%= ntpserver %> autokey <% end -%> server 127.127.1.0 # local clock fudge 127.127.1.0 stratum 10 driftfile /var/lib/ntp/drift crypto pw hunter2 crypto randfile /dev/urandom keysdir /etc/ntp
这里没有hiera部分,但你明白了.
