Max time adjustment - NTP

This is a discussion on Max time adjustment - NTP ; Hi Our Active Directory admin wants to start syncing time with our ESX hosts. But he has one requirement, he wants me to limit the clock adjustment to max 1 hour. So if our ESX host has an incorrect time ...

+ Reply to Thread
Results 1 to 9 of 9

Thread: Max time adjustment

  1. Max time adjustment

    Hi

    Our Active Directory admin wants to start syncing time with our ESX hosts.
    But he has one requirement, he wants me to limit the clock adjustment to max
    1 hour. So if our ESX host has an incorrect time compared to the ntp server,
    the ESX host should not correct it if it is off more then one hour.

    Which ntp setting can I use for this?

    (Redhat EL)
    Gabrie

  2. Re: Max time adjustment

    Gabrie wrote:
    > Hi
    >
    > Our Active Directory admin wants to start syncing time with our ESX hosts.
    > But he has one requirement, he wants me to limit the clock adjustment to max
    > 1 hour. So if our ESX host has an incorrect time compared to the ntp server,
    > the ESX host should not correct it if it is off more then one hour.
    >
    > Which ntp setting can I use for this?


    NTP has a default max adjustment of about 1000 seconds (WAYTOOBIG is the
    #define value), but you can override this with a config file parameter.

    Terje

    --
    -
    "almost all programming can be viewed as an exercise in caching"

  3. Re: Max time adjustment

    Gabrie wrote:
    > Our Active Directory admin wants to start syncing time with our ESX hosts.
    > But he has one requirement, he wants me to limit the clock adjustment to max
    > 1 hour. So if our ESX host has an incorrect time compared to the ntp server,
    > the ESX host should not correct it if it is off more then one hour.
    >
    > Which ntp setting can I use for this?


    Don't use -g. ntpd will then abort if one tries to change the time by
    more than 1000 seconds. I.E., by default, ntpd will not allow a large
    correction.

    In the unlikely event that you really do want to tolerate up to 1 hour
    (I imagine you would at least want reduce this by twice the maximum
    assumed manual setting error), you would use "tinker panic 3600", I
    believe. Please read the health warnings about tinker.


  4. Re: Max time adjustment

    David Woolley wrote:
    > Gabrie wrote:
    >> Our Active Directory admin wants to start syncing time with our ESX
    >> hosts.
    >> But he has one requirement, he wants me to limit the clock adjustment
    >> to max
    >> 1 hour. So if our ESX host has an incorrect time compared to the ntp
    >> server,
    >> the ESX host should not correct it if it is off more then one hour.
    >>
    >> Which ntp setting can I use for this?

    >
    > Don't use -g. ntpd will then abort if one tries to change the time by
    > more than 1000 seconds. I.E., by default, ntpd will not allow a large
    > correction.
    >


    ISTR that "-g" unconditionally sets the clock to whatever time is
    supplied by the source(s)! It should bring your clock to within a few
    milliseconds of whatever source(s) was/were used. This is a ONCE only
    setting. Thereafter, less drastic methods are used and the size of any
    correction is subject to "sanity checking".



  5. Re: Max time adjustment

    Richard B. Gilbert wrote:

    >
    > ISTR that "-g" unconditionally sets the clock to whatever time is
    > supplied by the source(s)! It should bring your clock to within a few
    > milliseconds of whatever source(s) was/were used. This is a ONCE only
    > setting. Thereafter, less drastic methods are used and the size of any
    > correction is subject to "sanity checking".
    >
    >

    Not what the documentation (4.2.4p4) says. It only says that it removes
    the 1000 second limit.

    > -g
    > Normally, ntpd exits with a message to the system log if the
    > offset exceeds the panic threshold, which is 1000 s by default.
    > This option allows the time to be set to any value without
    > restriction; however, this can happen only once. If the
    > threshold is exceeded after that, ntpd will exit with a message
    > to the system log. This option can be used with the -q and -x
    > options. See the tinker command for other options.


  6. Re: Max time adjustment

    David Woolley writes:

    >Richard B. Gilbert wrote:


    >>
    >> ISTR that "-g" unconditionally sets the clock to whatever time is
    >> supplied by the source(s)! It should bring your clock to within a few
    >> milliseconds of whatever source(s) was/were used. This is a ONCE only
    >> setting. Thereafter, less drastic methods are used and the size of any
    >> correction is subject to "sanity checking".
    >>
    >>

    >Not what the documentation (4.2.4p4) says. It only says that it removes
    >the 1000 second limit.


    Yes. it says exactly that. See the "this can happen only once" line. And
    the other docs which say that if ntp is off by more than 128ms it will step
    rather than slew.



    >> -g
    >> Normally, ntpd exits with a message to the system log if the
    >> offset exceeds the panic threshold, which is 1000 s by default.
    >> This option allows the time to be set to any value without
    >> restriction; however, this can happen only once. If the
    >> threshold is exceeded after that, ntpd will exit with a message
    >> to the system log. This option can be used with the -q and -x
    >> options. See the tinker command for other options.


  7. Re: Max time adjustment

    Unruh wrote:
    > David Woolley writes:
    >
    >> Richard B. Gilbert wrote:

    >
    >>> ISTR that "-g" unconditionally sets the clock to whatever time is
    >>> supplied by the source(s)! It should bring your clock to within a few
    >>> milliseconds of whatever source(s) was/were used. This is a ONCE only
    >>> setting. Thereafter, less drastic methods are used and the size of any
    >>> correction is subject to "sanity checking".
    >>>
    >>>

    >> Not what the documentation (4.2.4p4) says. It only says that it removes
    >> the 1000 second limit.

    >
    > Yes. it says exactly that. See the "this can happen only once" line. And
    > the other docs which say that if ntp is off by more than 128ms it will step
    > rather than slew.


    You need to consider the context of the thread. It is not uncoditional,
    because offsets of less than 128ms do not result in a step.
    >
    >
    >
    >>> -g
    >>> Normally, ntpd exits with a message to the system log if the
    >>> offset exceeds the panic threshold, which is 1000 s by default.
    >>> This option allows the time to be set to any value without
    >>> restriction; however, this can happen only once. If the
    >>> threshold is exceeded after that, ntpd will exit with a message
    >>> to the system log. This option can be used with the -q and -x
    >>> options. See the tinker command for other options.


  8. Re: Max time adjustment

    David Woolley wrote:
    > Richard B. Gilbert wrote:
    >
    >>
    >> ISTR that "-g" unconditionally sets the clock to whatever time is
    >> supplied by the source(s)! It should bring your clock to within a few
    >> milliseconds of whatever source(s) was/were used. This is a ONCE only
    >> setting. Thereafter, less drastic methods are used and the size of
    >> any correction is subject to "sanity checking".
    >>
    >>

    > Not what the documentation (4.2.4p4) says. It only says that it removes
    > the 1000 second limit.
    >
    >> -g
    >> Normally, ntpd exits with a message to the system log if the
    >> offset exceeds the panic threshold, which is 1000 s by default.
    >> This option allows the time to be set to any value without
    >> restriction; however, this can happen only once. If the
    >> threshold is exceeded after that, ntpd will exit with a message
    >> to the system log. This option can be used with the -q and -x
    >> options. See the tinker command for other options.


    I'm not sure what you are trying to say here! As I read the above text,
    it does not seriously disagree with what I wrote.

  9. Re: Max time adjustment

    On Mon, Sep 29, 2008 at 7:41 AM, Gabrie wrote:
    > Our Active Directory admin wants to start syncing time with our ESX hosts.
    > But he has one requirement, he wants me to limit the clock adjustment to max
    > 1 hour. So if our ESX host has an incorrect time compared to the ntp server,
    > the ESX host should not correct it if it is off more then one hour.
    >
    > Which ntp setting can I use for this?


    Actually, you should probably to make a setting on the Active
    Directory servers, not on your ESX hosts. That way the AD servers will
    ignore your source servers if they are acting crazy. I believe the
    settings are MaxNegPhaseCorrection and MaxPosPhaseCorrection.

    See:
    http://technet.microsoft.com/en-us/l.../cc773263.aspx

    --
    RPM

+ Reply to Thread