This document (10100597) is provided subject to the disclaimer at the end of this document.
fact
Novell Open Enterprise Server (OES) for Linux
Novell eDirectory 8.7.3 for Linux
SUSE LINUX Enterprise Server 9
VMware ESX server
NTP Times Synchronization
symptom
Time drifting when running eDirectory on a Linux guest under VMware ESX server.
Ndsrepair -T reports time is not in synch.
Error: -659 adding a server to the tree
cause
The 2.6 Linux kernel in SLES9 changes the amount of interrupts it uses for clock ticks as compared to the 2.4 kernel in SLES8 from 100\second to 1000\second. A dual-processor Linux 2.6 kernel can fire up to 3000\sec. This is usually not an issue when running on a bare metal server.
Issues with time moving forward: clock=pit
Due to the descrepency of how many interrupts the Linux kernel can generate and the amount the ESX host kernel can service, clock tics can be lost. The Linux kernel contain algorithms to correct for lost tics. However, this can lead to to many extra tics to correct for the lost ones which may lead to time moving forward. This boot parameter on the guest corrects for this.
For more information please refer the the following VMware Faq ID:
http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1420
Issues with time drifting: Misc.TimerHardPeriod
Setting the misc.timer to 333 or 250 (may need to try both) increases the hardware clock interrupt rate of ESX server in order to keep up with the guests requests. This is needed since ESX by default uses a fixed host timer interrupt rate of 1000Hz whereas a dual-cpu 2.6 kernel linux server can fire off 3000. It is always best to have the host rate faster than the guests.
For more information please refer the the following VMware Faq ID:
http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1518
The following recommendations in the section entitled "Making changes in the VMware Environment" are designed to minimize or eliminate these time related issues, both with time drifting and advancing.
fix
The following settings and recommendations for Linux guests running under ESX should avoid timesynch issues in this environment:
1. Setup NTP
a. Ensure that an external reliable NTP time source is used.
b. Setup the NTP Source.
- Modify the /etc/ntp.conf file. Rem out the following entries by placing # signs before them:
#server 127.127.1.0 # local clock
#fudge 127.127.1.0 stratum 10
- Add an entry for this time source at the end of the file replacing x.x.x.x with the server's ip address:
server x.x.x.x prefer
c. Slam time, start the NTP daemon and verify time.
- Stop the daemon by typing: /etc/init.d/xntpd stop
- Slam the current time by typing: ntpdate x.x.x.x (where x.x.x.x is the NTP source's ip address)
(Force this command several times until the offset displayed is less than one second.)
- Start the daemon by typing: /etc/init.d/xntpd start
- Wait for this server to show a reach of 377 by typing: ntpq -p This may take 15-20 minutes.
2. Make changes to the VMware Environment
a. Change the ESX Misc.TimerHardPeriod setting.
- Using ESX's Status Monitor select Options - Advanced Settings - Scroll to the setting " Misc.TimerHardPeriod ". Change the value from the default of 1000 to 333 (or 250) and OK it. This change is dynamic and takes place immediately.
b. Add the clock=pit boot parameter to the SLES9 guest.
- This change helps with overcorrection of time. Within the guest, open the /boot/grub/menu.lst file within vi and add " clock=pit " to the end of the kernel line in the title Linux section. Below is an example:
title Linux
kernel (hd0,2)/boot/vmlinuz root=/dev/hda3 vga=0x317 selinux=0 splash=silent
resume=/dev/hda1 elevator=cfq showopts clock=pit
If using LILO, add the clock=pit parameter to the append= line in the /etc/lilo.conf file as follows:
append="resume=/dev/hda6 splash=silent clock=pit"
Remember to run /sbin/lilo after editing lilo.conf, so that your edits take effect.
Whether using LILO or GRUB, please reboot the server after adding this parameter.
Normally the above two VMware ESX server and guest changes should be enough to resolve NTP time issues within the guests. If NTP time issues persist then also perform this additional step:
c. Change the VMX configuration file of the guest.
- Locate the *.vmx configuration file for the guest on the ESX filesystem. (Default location is /root/vmware.) Open this file in vi and change the statement " tools.syncTime=FALSE " to " tools.syncTime=TRUE ". For this change to take effect, the SLES9 guest will need to be completely powered off, not just reset, in order to re-read its configuration file. When powering the guest back up the guest should notice that its configuration file has been changed and ask if it should be re-read. Answer " yes " to this question.
Should you find NTP time is not being reliably synchronized the following steps may be useful:
- Verify that the choosen time souce has given us time and is trusted:
Ensure that when typing " ntpq -p " that there is an asterisk by the chosen time provider entry. If an asterisk is not seen it may be that APIC is interferring with time synchronization. This can be disabled by passing the " noapic " parameter at bootup by adding this parameter to the boot switch in /boot/grub/menu.lst.
Type " ntpd ". At the command window grab a list of association indexes by typing " as ". Then grab a detailed debug report on this server by typing " rv assid " where assid=the number seen in the previous step. Many of the values displayed are useful in debugging NTP. Once of the most useful is the flash value. This displays the results of the sanity checks placed on the incoming NTP packets. This value should be " flash=00 ok ".
document
| Document Title: | Time drifting when running eDirectory on a Linux guest under VMware ESX server. |
| Document ID: | 10100597 |
| Solution ID: | NOVL105307 |
| Creation Date: | 28Feb2006 |
| Modified Date: | 19Jul2006 |
| Novell Product Class: | Novell Directory Services |
disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.