PDA

View Full Version : Problem With 7016020: NTP Security update



ppatarcsity
27-Dec-2014, 08:02
Hi All,

I found a problem after I installed the ntp update on 24th december.
I use the next configuration on SLES 11 SP3 servers (One DomU server and 10 Virtual server with Xen Virtualization):
Region: Europe, Time Zone: Hungary, Hardware Clock set to UTC - Yes
The network time comes from the hu.pool.ntp.org servers. (But after the update the time show + 1 hour on all server -on the DomU also.)

The last some lines from the ntp daemon log:


24 Dec 10:18:51 ntpd[2593]: kernel time sync status change 6001
24 Dec 10:40:32 ntpd[2593]: ntpd exiting on signal 15
24 Dec 10:43:46 ntpd[15157]: synchronized to LOCAL(0), stratum 10
24 Dec 10:43:46 ntpd[15157]: kernel time sync status change 2001
24 Dec 10:44:52 ntpd[15157]: synchronized to 62.112.194.89, stratum 3
24 Dec 10:48:17 ntpd[15157]: ntpd exiting on signal 15
24 Dec 12:02:53 ntpd[2569]: synchronized to LOCAL(0), stratum 10
24 Dec 12:03:01 ntpd[2569]: kernel time sync status change 2001
24 Dec 12:05:08 ntpd[2569]: synchronized to 62.112.195.55, stratum 3
24 Dec 12:06:14 ntpd[2569]: time correction of -3600 seconds exceeds sanity limit (1000); set clock manually to the correct UTC time.


In the Virtual servers the /etc/sysctl.conf file contains the xen.independent_wallclock=1 parameter.

Why changed the time on all servers after the ntp update???
Is this a bug in the ntp update?

Peter

jmroth
27-Dec-2014, 14:57
What does "ntpq -p" show? (on both DomU and servers)

ppatarcsity
03-Jan-2015, 10:17
domU:

ntpq: read: Connection refused

VirtServer1 (local ntp server)

remote refid st t when poll reach delay offset jitter
================================================== ============================
LOCAL(0) .LOCL. 10 l 9 64 377 0.000 0.000 0.001
*service0-eth4.d 195.111.107.114 2 u 793 1024 377 7.904 -0.067 0.046


VirtServer2

remote refid st t when poll reach delay offset jitter
================================================== ============================
LOCAL(0) .LOCL. 10 l 6 64 377 0.000 0.000 0.001
*VirtServer1.ourdomian.hu 193.225.118.162 3 u 1020 1024 377 0.159 0.017 0.010


Our IP scope is 10.0.10.0/24

jmroth
04-Jan-2015, 00:26
So is ntpd runing in the domU at all?

All I see is:

no ntpd running on domU
ntpds on virtualhosts synched against internet time servers


If that is not what you like to do then you should post process lists, ntpd configuration and ntp logs distinctly for domU, and virtualhosts.