[OpenAFS] Time on AFS-cell

ted creedon tcreedon@easystreet.com
Mon, 28 Feb 2005 15:24:35 -0800 

Excellent commentary.

Needs to be in the docs. Didn't realize there were 2 time slots involved.

Relying on a local timeserver works here but I'm not trying to sync outside
the local realm either.

tedc 

-----Original Message-----
From: openafs-info-admin@openafs.org [mailto:openafs-info-admin@openafs.org]
On Behalf Of Jeffrey Hutzelman
Sent: Monday, February 28, 2005 12:51 PM
To: ted creedon; openafs-info@openafs.org
Subject: RE: [OpenAFS] Time on AFS-cell



On Monday, February 28, 2005 08:33:40 -0800 ted creedon
<tcreedon@easystreet.com> wrote:

> NTP needs to run on all servers and workstations, use the real ntp not 
> the one bundled with AFS. Use the --nosettime switch to disable ntp in 
> the AFS server.

This is somewhat misleading.

All servers and clients need time synchronization.  If you have more than
one database server, the database servers must be within about 15 seconds of
each other, or voting will not work correctly.  All other servers and
clients need to have time within about 5 minutes of the database servers (or
KDC's, if you are running a full Kerberos realm), or authentication will not
work.

You can synchronize time using NTP (http://www.ntp.org) or using the
time-synchronization feature built in to the AFS cache manager.  Either
approach will provide sufficient accuracy to make AFS work.  Because the
built-in mechanism works by syncing clients' clocks to the fileservers, it
cannot be used to set fileserver clocks; fileservers pretty much MUST run
NTP.

The built-in mechanism will be used automatically by any machine running
afsd, unless you start afsd (not the fileserver) with the switch
'-nosettime' (one dash, not two).  You must do this on any machine running
an NTP client, or NTP and afsd will fight over control of the system clock. 
That also means you need to do it on every fileserver.  Perhaps at some
point in the future, this will become the default.


> To keep your ISP happy, suggest pointing one or two AFS servers at 2 
> of the the nearest Cicso routers and point the remainder of the local 
> boxes at the AFS servers (typically time should come from at least 2 
> servers in case one fails).

You should set up a local NTP server (ideally, three servers), and configure
the rest of your machines to talk to it.  That will improve synchronization
within your cell, which is what you really care about, and reduce load on
your external network connection.  You should ask your upstream network
provider if they operate NTP servers at which you can point your local NTP
servers -- DO NOT just assume that any nearby Cisco router is a good choice.
While devices running IOS are capable of acting as NTP servers, they are not
always configured to do so, they may not be configured with a reliable
upstream time source, and even if they are, that does not necessarily mean
that it is OK to use them.

-- Jeffrey T. Hutzelman (N3NHS) <jhutz+@cmu.edu>
   Sr. Research Systems Programmer
   School of Computer Science - Research Computing Facility
   Carnegie Mellon University - Pittsburgh, PA






_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info