NTP sync over 500 devices

automation ntp windows-server-2016 windows-server-2012-r2

Daylight Saving Time is coming soon so I would like to face with problem with NTP. I've got around 500 devices which should be synchronized through NTP.

DST is good oportunity to perform it becouse of possible downtime. The question is if Y'all guys have some ideas how to perform it over 500 devices on one time.

I was thinking about perform it through Ansible but I am not an expert of it so maybe You've got any other good ideas?

Thanks in advance

Servers: Windows 2012 R2 Windows 2016 R2 CentOS 7.x

--- Server's are not connected to the Domain.

NTP Server: Windows Server 2016 R2


On windows I hav heard that you do such changes using windows management tools in the domain. Not sure about that. I see a comment from Gerald Schneider about that.

For Linux, you can do manually on one machine and prepare an ansible playbook or a script even. Here's some random howto from the internet (it is for debian based distro but things are similar on CentOS). Also CentOS supports chronyd which is in some situations better, perhaps for servers it doesn't matter whether you use ntpd or chronyd.

Now what I'd suggest to you is to perform the changes in chunks. If you apply change to 500 machines at the same time, many things can go wrong. You shouldn't need downtime to apply NTP config.

Agood way to avoid issues is to first check which servers have a too big time difference, where you could expect more troubles. But it is very much application dependent.


A couple of ideas:

  • I'd recommend not making a large change with unknown impact to 500 machines at once.
  • Test out whatever you come up with on maybe 5 servers of each "type", whatever you decide is a good category is fine, just as long as you have around 5 categories of diverse servers.
  • Consider running NTP on something other than Windows, and check that your server actually supports NTP and not just SNTP.
  • Ansible is usually a good choice for these kinds of operations, and supports Windows as well.
  • Adding servers in production to Active Directory isn't something that's usually a good idea (especially if the run MSSQL), but it's probably a good idea going forward to add any new servers to AD as that's the management tool of choice for Windows.
  • I'd leave database servers to the very last in your migration to NTP, as they are usually the most sensitive to time changes, pay especially close attention to any servers that have clock very far off from "real time", as installing NTP on them can cause NTP to step time, instead of slewing it, aka. forcefully changing the clock to the correct time instead of just speeding it up or slowing it down so it'll reach "correct time" over time.

Related

zfs is mounted after mongod starts: how do I set the boot order?
Is there an online service for checking the health of online services? [closed]
control internet speed windows server 2012 r2
Configure a server program to restart after crash
Apache Alias file could not be found
Trigger a command when two files have arrived in different directories in Centos 7
SSH cannot login with root pasword
Use custom video to feed camera
Lack of package shadowsocks-qt5
On two different servers, different services will not start, but if they are restarted, start successfully
Is there Ubuntu Unstable/Development, like Debian Sid (Unstable)?
What layout/files should debian repository have?