Excellent commentary. Needs to be in the docs. Didn't realize there were 2 time slots involved.
Relying on a local timeserver works here but I'm not trying to sync outside the local realm either. tedc -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeffrey Hutzelman Sent: Monday, February 28, 2005 12:51 PM To: ted creedon; openafs-info@openafs.org Subject: RE: [OpenAFS] Time on AFS-cell On Monday, February 28, 2005 08:33:40 -0800 ted creedon <[EMAIL PROTECTED]> wrote: > NTP needs to run on all servers and workstations, use the real ntp not > the one bundled with AFS. Use the --nosettime switch to disable ntp in > the AFS server. This is somewhat misleading. All servers and clients need time synchronization. If you have more than one database server, the database servers must be within about 15 seconds of each other, or voting will not work correctly. All other servers and clients need to have time within about 5 minutes of the database servers (or KDC's, if you are running a full Kerberos realm), or authentication will not work. You can synchronize time using NTP (http://www.ntp.org) or using the time-synchronization feature built in to the AFS cache manager. Either approach will provide sufficient accuracy to make AFS work. Because the built-in mechanism works by syncing clients' clocks to the fileservers, it cannot be used to set fileserver clocks; fileservers pretty much MUST run NTP. The built-in mechanism will be used automatically by any machine running afsd, unless you start afsd (not the fileserver) with the switch '-nosettime' (one dash, not two). You must do this on any machine running an NTP client, or NTP and afsd will fight over control of the system clock. That also means you need to do it on every fileserver. Perhaps at some point in the future, this will become the default. > To keep your ISP happy, suggest pointing one or two AFS servers at 2 > of the the nearest Cicso routers and point the remainder of the local > boxes at the AFS servers (typically time should come from at least 2 > servers in case one fails). You should set up a local NTP server (ideally, three servers), and configure the rest of your machines to talk to it. That will improve synchronization within your cell, which is what you really care about, and reduce load on your external network connection. You should ask your upstream network provider if they operate NTP servers at which you can point your local NTP servers -- DO NOT just assume that any nearby Cisco router is a good choice. While devices running IOS are capable of acting as NTP servers, they are not always configured to do so, they may not be configured with a reliable upstream time source, and even if they are, that does not necessarily mean that it is OK to use them. -- Jeffrey T. Hutzelman (N3NHS) <[EMAIL PROTECTED]> Sr. Research Systems Programmer School of Computer Science - Research Computing Facility Carnegie Mellon University - Pittsburgh, PA _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info