[OpenAFS] Time on AFS-cell
Mon, 28 Feb 2005 15:50:36 -0500
On Monday, February 28, 2005 08:33:40 -0800 ted creedon
> NTP needs to run on all servers and workstations, use the real ntp not the
> one bundled with AFS. Use the --nosettime switch to disable ntp in the AFS
This is somewhat misleading.
All servers and clients need time synchronization. If you have more than
one database server, the database servers must be within about 15 seconds
of each other, or voting will not work correctly. All other servers and
clients need to have time within about 5 minutes of the database servers
(or KDC's, if you are running a full Kerberos realm), or authentication
will not work.
You can synchronize time using NTP (http://www.ntp.org) or using the
time-synchronization feature built in to the AFS cache manager. Either
approach will provide sufficient accuracy to make AFS work. Because the
built-in mechanism works by syncing clients' clocks to the fileservers, it
cannot be used to set fileserver clocks; fileservers pretty much MUST run
The built-in mechanism will be used automatically by any machine running
afsd, unless you start afsd (not the fileserver) with the switch
'-nosettime' (one dash, not two). You must do this on any machine running
an NTP client, or NTP and afsd will fight over control of the system clock.
That also means you need to do it on every fileserver. Perhaps at some
point in the future, this will become the default.
> To keep your ISP happy, suggest pointing one or two AFS servers at 2 of
> the the nearest Cicso routers and point the remainder of the local boxes
> at the AFS servers (typically time should come from at least 2 servers in
> case one fails).
You should set up a local NTP server (ideally, three servers), and
configure the rest of your machines to talk to it. That will improve
synchronization within your cell, which is what you really care about, and
reduce load on your external network connection. You should ask your
upstream network provider if they operate NTP servers at which you can
point your local NTP servers -- DO NOT just assume that any nearby Cisco
router is a good choice. While devices running IOS are capable of acting
as NTP servers, they are not always configured to do so, they may not be
configured with a reliable upstream time source, and even if they are, that
does not necessarily mean that it is OK to use them.
-- Jeffrey T. Hutzelman (N3NHS) <email@example.com>
Sr. Research Systems Programmer
School of Computer Science - Research Computing Facility
Carnegie Mellon University - Pittsburgh, PA