Loading

How to Use Local NTP Server on RTF Appliance

Date de publication: Mar 2, 2024
Étapes

CONTENTS

By default, RTF appliance enables UDP port 123 to the internet (link). You can instead have local NTP servers in order to avoid this. 

STEPS TO FOLLOW

1. In an existing local server, install chrony: 
sudo yum install chrony

2. Edit /etc/chrony.conf: 
sudo vi /etc/chrony.conf

3. Change this line to the CIDR range for your RTF cluster: 
# Allow NTP client access from local network.
allow 172.31.16.0/20
4. Save and exit vi.

5. Run the following to restart chrony: 
sudo systemctl restart chronyd

6. SSH into one RTF node and make the chrony look at your new chrony time server: 
sudo vi /etc/chrony.conf
7. At the top of the document, you will see a bunch of public NTP servers:
  
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst


8. Replace that with your own server from step 1 (please change to your local chrony time server IP address)  
server 172.31.31.75 iburst
9. Save and exit vi.

10. Run the following to restart chrony: 
sudo systemctl restart chronyd
11. Run the following to ensure chronyd is getting synced to a NTP server. 
[centos@ip-172-31-16-141 etc]$ timedatectl status
      Local time: Fri 2021-07-02 21:06:23 UTC
  Universal time: Fri 2021-07-02 21:06:23 UTC
        RTC time: Fri 2021-07-02 21:00:49
       Time zone: UTC (UTC, +0000)
     NTP enabled: yes
NTP synchronized: yes
 RTC in local TZ: no
      DST active: n/a

12. Check to ensure it is getting information from your local NTP server: 
[centos@ip-172-31-16-141 etc]$ chronyc sources
210 Number of sources = 1
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* ip-172-31-31-75.ca-central>     2   6    17    44  -2239ns[-5664ns] +/- 5196us

13. Repeat steps 6-12 for each RTF node, including both workers and controllers.

14. Now, with this all set up, you may work with your system admin to block UDP port 123 access to the internet.
 
 
Numéro d’article de la base de connaissances

001116156

 
Chargement
Salesforce Help | Article