redhat – 在NTP中禁用tinker panic 0有什么缺点?

前端之家收集整理的这篇文章主要介绍了redhat – 在NTP中禁用tinker panic 0有什么缺点?前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我们有时会遇到新服务器在B IOS中有错误时间的问题,因此有一段时间可以关闭.

在VMware中挂起VM然后取消挂起时,时间也将关闭.因为NTP在最大偏移量后没有同步,所以我正在考虑在/etc/ntp.conf中使用tinker panic 0.

导致NTP停止同步时间的默认最大偏移量为1000秒的原因是什么?我们正在使用Puppet设置NTP,我正在考虑让它在ntp.conf中设置tinker panic 0,所以NTP无论如何都会同步.这样做的缺点是什么?

解决方法

对于时间如此不同的服务器不同步的原因记录在 here

5.1.1.4. What happens if the Reference Time changes?

Ideally the reference time is the same everywhere in the world. Once synchronized,there should not be any unexpected changes between the clock of the operating system and the reference clock. Therefore,NTP has no special methods to handle the situation.

Instead,ntpd’s reaction will depend on the offset between the local clock and the reference time. For a tiny offset ntpd will adjust the local clock as usual; for small and larger offsets,ntpd will reject the reference time for a while. In the latter case the operation system’s clock will continue with the last corrections effective while the new reference time is being rejected. After some time,small offsets (significantly less than a second) will be slewed (adjusted slowly),while larger offsets will cause the clock to be stepped (set anew). Huge offsets are rejected,and ntpd will terminate itself,believing something very strange must have happened.

在我当前的NTP配置中,也由puppet控制,我强制与服务器同步,在ntp.conf文件中,使用tinker panic,以及在守护进程设置(/ etc / sysconfig / ntpd)中,如ntpd(8)中所述手册页:

-g Normally,ntpd exits with a message to the system log if the offset exceeds the panic threshold,which is 1000 s by default. This option allows the time to be set to any value without restriction; however,this can happen only once. If the threshold is exceeded after that,ntpd will exit with a message to the system log. This option can be used with the -q and -x options.

我这样做是因为我可以信任我正在连接的NTP服务器.

适用于客户的模块的相关部分如下:

class ntp (
  $foo
  $bar
  ...
  ){

  $my_files = {
    'ntp.conf'      => {
      path    => '/etc/ntp.conf',content => template("ntp/ntp.conf.$template.erb"),selrole => 'object_r',seltype => 'net_conf_t',require => Package['ntp'],},'ntp-sysconfig' => {
      path    => '/etc/sysconfig/ntpd',source  => 'puppet:///modules/ntp/ntp-sysconfig',...
  }

  $my_files_defaults = {
    ensure   => file,owner    => 'root',group    => 'root',mode     => '0644',selrange => 's0',selrole  => 'object_r',seltype  => 'etc_t',seluser  => 'system_u',}

  create_resources(file,$my_files,$my_files_defaults)

  exec { 'ntp initial clock set':
    command     => '/usr/sbin/ntpd -g -q -u ntp:ntp',refreshonly => true,timeout     => '-1',subscribe   => File['/etc/ntp.conf'],}

}

并且引用文件内容是:

$cat devops/puppet/modules/ntp/files/ntp-sysconfig
# Drop root to id 'ntp:ntp' by default.
OPTIONS="-u ntp:ntp -p /var/run/ntpd.pid -g -a"

和:

$cat devops/puppet/modules/ntp/templates/ntp.conf.RedHat.erb
# HEADER: This file was autogenerated by puppet.
# HEADER: While it can still be managed manually,it
# HEADER: is definitely not recommended.
tinker panic 0
<% server.each do |ntpserver| -%>
server <%= ntpserver %> autokey
<% end -%>
server  127.127.1.0     # local clock
fudge   127.127.1.0 stratum 10
driftfile /var/lib/ntp/drift
crypto pw hunter2
crypto randfile /dev/urandom
keysdir /etc/ntp

这里没有hiera部分,但你明白了.

猜你在找的Linux相关文章