Under Construction
NTP Configuration on the HMC
The HMC uses Linux as the underlying operating system. This means that an NTP daemon is of course also available. However, the HMC administrator has no access to the root account and is also restricted to the commands provided by IBM due to the restricted bash to be used. It is therefore not possible to configure NTP using a configuration file and the editor vi.
The LPAR tool provides the following commands for administration and configuration:
$ hmc help ntp
USAGE: hmc [ ...] [ ...] [ ...]
Recognized keywords for topic 'ntp' are:
addntpserver [-i ] [-n ] [-v] []
disablentp [-v]
enablentp [-v]
lsntp [-a] [-o ] [{-f|-j|-y}] [-F ] [-s ] [-v] [ ...]
rmntpserver [-i ] [-n ] [-v] []
$
(Note: The associated underlying commands on the HMC CLI are lshmc and chhmc.)
The current status of NTP on an HMC can then be displayed using “hmc lsntp“:
$ hmc lsntp hmc01
NAME XNTP XNTPSTATUS XNTPSERVER
hmc01 disable - -
$
NTP is currently not activated on the HMC (hmc01) (column XNTP: disable).
You can also specify multiple HMCs as an argument, or omit the argument (all HMCs):
$ hmc lsntp
NAME XNTP XNTPSTATUS XNTPSERVER
hmc01 disable - -
hmc02 enable synchronized 192.168.189.77,192.168.189.78
hmc03 enable synchronized 192.168.189.77,192.168.189.78
$
Another NTP server can be added to the NTP configuration of an HMC using the “hmc addntpserver” command:
$ hmc addntpserver hmc01 192.168.189.77
$
Optionally, the interface to be used can be specified using the “-i” option. This has an impact on the firewall rules. By default, when adding an NTP server by IP address, firewall rules are added that allow NTP for the specified IP address. Without the “-i” option, firewall rules are added for all available network interfaces. If you specify an interface with the “-i” option, a firewall rule is only added for this interface.
The desired NTP version (1-4) can also be specified using the “-n” option.
In case the above NTP server is not available, we add a second NTP server:
$ hmc addntpserver hmc01 192.168.189.78
$
A check with “hmc lsntp” shows that two NTP servers are now configured, but NTP is still not activated:
$ hmc lsntp hmc01
NAME XNTP XNTPSTATUS XNTPSERVER
hmc01 disable - 192.168.189.77,192.168.189.78
$
NTP can now be activated with the command “hmc enablentp“:
$ hmc enablentp hmc01
$
The first sync may take a while:
$ hmc lsntp hmc01
NAME XNTP XNTPSTATUS XNTPSERVER
hmc01 enable unsynchronized 192.168.189.77,192.168.189.78
$
The time on the HMC is not yet synchronized immediately after enabling NTP (XNTPSTATUS: unsynchronized).
A detailed status for each NTP server can be obtained by using the “-a” option (all NTP servers):
$ hmc lsntp –a hmc01
NAME SERVER STATE POLL_FREQ_SECONDS SECONDS_SINCE_LAST_POLL
hmc01 192.168.189.77 not connected 64 0
hmc01 192.168.189.78 not connected 64 0
$
The following is the repeated output of “hmc lsntp -a” with the states passed through:
NAME SERVER STATE POLL_FREQ_SECONDS SECONDS_SINCE_LAST_POLL
hmc01 192.168.189.77 not connected 64 0
hmc01 192.168.189.78 not connected 64 0
…
hmc01 192.168.189.77 poll testing 1 of 4 64 1
hmc01 192.168.189.78 poll testing 1 of 4 64 0
…
hmc01 192.168.189.77 poll testing 1 of 4 64 65
hmc01 192.168.189.78 poll testing 1 of 4 64 64
…
hmc01 192.168.189.77 poll testing 1 of 4 64 67
hmc01 192.168.189.78 poll testing 2 of 4 64 1
…
hmc01 192.168.189.77 poll testing 2 of 4 64 1
hmc01 192.168.189.78 poll testing 2 of 4 64 2
…
hmc01 192.168.189.77 poll testing 3 of 4 64 0
hmc01 192.168.189.78 poll testing 2 of 4 64 65
…
hmc01 192.168.189.77 poll testing 3 of 4 64 1
hmc01 192.168.189.78 poll testing 3 of 4 64 0
…
hmc01 192.168.189.77 synchronized 64 1
hmc01 192.168.189.78 poll testing 3 of 4 64 64
…
hmc01 192.168.189.77 synchronized 64 4
hmc01 192.168.189.78 available 64 1
As soon as synchronization with one of the NTP servers is achieved, the overall status is synchronized:
$ hmc lsntp hmc01
NAME XNTP XNTPSTATUS XNTPSERVER
hmc01 enable synchronized 192.168.189.77,192.168.189.78
$
The NTP client on the HMC contacts the configured NTP server at regular intervals (poll interval). The time between polls is shown in the POLL_FREQ_SECONDS column, the time since the last poll in the SECONDS_SINCE_LAST_POLL column:
$ hmc lsntp -a hmc01
NAME SERVER STATE POLL_FREQ_SECONDS SECONDS_SINCE_LAST_POLL
hmc01 192.168.189.77 synchronized 64 40
hmc01 192.168.189.78 available 64 35
$
After the first synchronization (should take about 4 minutes) it starts with a time interval of 64 seconds between the individual queries. However, this interval is dynamically optimized by the NTP client and is usually significantly larger after some time (which ultimately means fewer queries). Here’s an output after an hour:
$ hmc lsntp -a hmc01
NAME SERVER STATE POLL_FREQ_SECONDS SECONDS_SINCE_LAST_POLL
hmc01 192.168.189.77 synchronized 128 16
hmc01 192.168.189.78 available 128 102
$
The period of time after which the time interval has been optimized, can be many hours. After about 3 hours, the following intervals have been observed on the HMC above:
$ hmc lsntp -a hmc01
NAME SERVER STATE POLL_FREQ_SECONDS SECONDS_SINCE_LAST_POLL
hmc01 192.168.189.77 synchronized 512 500
hmc01 192.168.189.78 available 512 467
$
If an NTP server is to be removed from the configuration, the command “hmc rmntpserver” can be used:
$ hmc rmntpserver hmc01 192.168.189.78
$
Of course, NTP can also be completely deactivated again using the “hmc disablentp” command:
$ hmc disablentp hmc01
$
However, this means losing all advantages of temporal synchronization.