(Optional) Configuring the eSight Server as the NTP Client (CLI Mode)
If eSight is deployed in eSight HA scenarios, both the active and standby eSight servers must be configured as NTP clients to ensure that time is consistent between the active and standby servers.
Procedure
The following uses the active server as an example. After the operations are complete, perform the operations again on the standby server.
- Stop eSight. For how to stop the eSight service, see Stopping eSight.
- Use PuTTY to log in to the operating system of the active server as the root user.
- Run the following command to configure the IP address of the NTP server clock source:
- To configure an NTP service clock source, run the following command:
# echo "server 10.136.249.22 iburst" >> /etc/ntp.conf
- In the command, 10.136.249.22 is the IP address of the NTP service clock source. Change it based on the site requirements.
- Before deleting a clock source, for example, 10.129.0.7, check whether the clock source is in /etc/ntp.conf.
grep 10.129.0.7 /etc/ntp.conf
If the following information is displayed, the clock source 10.129.0.7 is in the file. Take iburst as an example.
server 10.129.0.7 iburst
Delete the line server 10.129.0.7 iburst from /etc/ntp.conf. Take iburst as an example. The parameter in this command must be the one in the command output of the query operation.
sed -i '/^server 10.129.0.7 iburst/d' /etc/ntp.conf
Run the cat /etc/ntp.conf command to check whether the sed command is successfully run.
- To configure multiple NTP service clock sources, perform the following steps:
- Run the following command to configure the active NTP service clock source:
# echo "server 10.136.249.22 prefer iburst" >> /etc/ntp.conf
- In the command, 10.136.249.22 is the IP address of the active NTP service clock source. Change it based on the site requirements.
- Before deleting a clock source, for example, 10.129.0.7, check whether the clock source is in /etc/ntp.conf.
grep 10.129.0.7 /etc/ntp.conf
If the following information is displayed, the clock source 10.129.0.7 is in the file. Take prefer iburst as an example.
server 10.129.0.7 prefer iburst
Delete the line server 10.129.0.7 prefer iburst from /etc/ntp.conf. Take prefer iburst as an example. The parameter in this command must be the one in the command output of the query operation.
sed -i '/^server 10.129.0.7 prefer iburst/d' /etc/ntp.conf
Run the cat /etc/ntp.conf command to check whether the sed command is successfully run.
- Run the following command to configure the standby NTP service clock source:
# echo "server 10.136.249.23 iburst" >> /etc/ntp.conf
- In the command, 10.136.249.23 is the IP address of the standby NTP service clock source. Change it based on the site requirements.
- To configure multiple standby clock sources, repeat this step to add another standby NTP clock source.
- Before deleting a clock source, for example, 10.129.0.7, check whether the clock source is in /etc/ntp.conf.
grep 10.129.0.7 /etc/ntp.conf
If the following information is displayed, the clock source 10.129.0.7 is in the file. Take iburst as an example.
server 10.129.0.7 iburst
Delete the line server 10.129.0.7 iburst from /etc/ntp.conf. Take iburst as an example. The parameter in this command must be the one in the command output of the query operation.
sed -i '/^server 10.129.0.7 iburst/d' /etc/ntp.conf
Run the cat /etc/ntp.conf command to check whether the sed command is successfully run.
- Run the following command to configure the active NTP service clock source:
- To configure an NTP service clock source, run the following command:
- Configure the NTP service to start automatically upon server startup.# systemctl enable ntpd
Created symlink from /tc/systemd/system/multi-user.target.wants/ntpd.service to /usr/lib/systemd/system/ntpd.service.
- Run the following commands to harden the NTP:
# sed -i '/^restrict[[:space:]].*$/d' /etc/ntp.conf
# sed -i '$a\restrict -4 default notrap nomodify nopeer noquery' /etc/ntp.conf
# sed -i '$a\restrict -6 default notrap nomodify nopeer noquery' /etc/ntp.conf
# sed -i '$a\restrict 127.0.0.1' /etc/ntp.conf
# sed -i '$a\restrict ::1' /etc/ntp.conf
- Run the cat /etc/ntp.conf command to check whether the sed command is successfully run.
- Execute the time synchronization task.
# systemctl stop ntpd
# ntpdate -u 10.136.249.23
# systemctl start ntpd
In the command, 10.136.249.23 is the IP address of the NTP service clock source. Change it based on the site requirements.
- The ntpdate command immediately synchronizes the system time with the time of the clock source. The system time may change abruptly.
- If no server suitable for synchronization found is displayed in the ntpdate command output, check the NTP server configurations.
- Check whether the NTP client is correctly configured.
# ntpq -p
remote refid st t when poll reach delay offset jitter ============================================================================== 10.136.249.23 .LOCL. 1 u 42 64 377 1.273 10.146 4.257
If the IP address of the NTP server is displayed, the configuration is successful.
- The remote column indicates the configured NTP clock source. If the displayed clock source name is incomplete, run the ntpq -p -n -w command to view the clock source name.
- The refid column indicates the upper-level clock source of the NTP clock source. If the value is .INIT., the clock source is being initialized. Query the upper-level clock source later. If the value is .LOCL., the clock source does not have an upper-level clock source.
- Start eSight. For details, see "Common Operations and Configuration" in the Maintenance Guide"Common Operations and Configuration" in the Maintenance Guide.
If you receive a message indicating that the certificate verification fails, the certificate does not exist, or the certificate has expired during the startup, rectify the fault by referring to How Do I Do If eSight Cannot Start Because No Certificate Exists or the Certificate Expires.