Call from Cartman:
Problems with NTP in nonprod, he's locking firewalls and sees some strange calls.�
Investigation / background
- All of nonprod syncs ntp with a vip named 'ntp' in DMZ and 'time' in CORE
- CORE/time vip points to NW for time
- DMZ/ntp vip points to non-prod server skylla on mage
%%
With the dmx migration Slick and I shut down NTP on all vms and instructed them to sync time with their ESX host.� All ESX hosts were pointed to 'ntp' for their time, under the mistaken assumption that the 'ntp' vip also pointed to NW for time.
We also shut down ntp on skylla.� This effectively left all of nonprod without a timesource.� It will drift.
I asked Cartman this:
"If it's a known issue that Virtual Guests don't sync time properly using the NTP protocol, did it ever make sense to use a Virtual Guest as a primary time source?"
He agreed that it does not.
Cartman volunteered to assign NTP duties to our nonprod Cisco switch and to point the ntp VIP to it.
That means all of our Virtual Guests will sync time with their ESX host and the ESX host will sync time with the 'ntp' VIP, which will use the nonprod Cisco switch as its time authority.
%%%
Cartman will get this set up "sometime next week" because he's "busy".
Meanwhile, time on these machines will drift.� I ran through today and punched it down for all of the nonprod boxes and found them all .5 sec off.� Apollo was 15sec off.�