Best choice for NTP client configuration

ntp centos hadoop

Lets see if someone can throw a bit of light on this subject..

I'm making a server installation in the next days. My client wants to deploy a Hortonworks HDP with 2 servers as master servers and 5 workers servers. One of the requirements for all of them is to be NTP enabled. But that's all the info I have, he hasn't told me if he wants a local server acting as NTP server or wants all 7 serves to acting as clients. The OS will be Centos 6.6 or 6.7.

So my question would be:

Taking into account that this will not be a production enviroment, but more like a "testing" enviroment, which would be your choice for configuring NTP on these machines? All 7 acting as clients or 1-2 servers and five clients?


Solution 1:

I feel quite strongly that two local servers, which everyone else binds to, is the right way to go. NTP is designed to work that way, and it minimises the load on the public/pool servers.

I run an NTP pool server. Even in areas with well-populated pools the load is still significant (I'm running at an annualised average of 25 client requests per second, which means about 2.5 million a day). In some parts of the world, the pools are so small that the few people who run pool servers are getting quite overwhelmed.

Edit: Aaron Copley makes the excellent point that two servers will both be rejected by clients if only one of them is out-of-sync but still thinks it's correct (see, eg, this question), and that having two (instead of just one) simply doubles the single-point-of-failure. He is absolutely right that three would be better, and in a larger production network I would agree that it is appropriate for this usage case. In my experience, however, properly-configured NTPd works a lot more often than it fails, and the risk of a single server being unavailable and client clocks getting too far out of sync to recover automatically much outweighs the risk of one server advertising a faulty time and invalidating both.

For me, two is the right number of upstream-synced servers for this network - but there is definitely a legitimate discussion to be had around the issue, and I'm grateful to Aaron for raising the point.

Solution 2:

With such a small environment, and it designated as just "testing", I would push NTP to the edge of the network. Run the NTP server on your switch or router if you can and configure it for 3 or more upstream time sources. Then, point all 7 nodes here. Likely, this is your only path out to the Internet so configuring additional time sources "inside" wouldn't do you any favors if there's a switch failure or network outage. You'll have worse problems than time sync if your network is down.

Related

Where does finger connect to by default?
Can't open and lock privilege tables: Table 'mysql.user' doesn't exist - Trying to run second instance of myslq
using flock with cron
Remove reboot request for DISM
Why does DMARC operate on the From-address, and not the envelope sender (Return-Path)?
Apache2: allow/disallow access to a directory by time on day
Storage Spaces Direct very low available space
AWS CIDR is not within the CIDR ranges of VPC
Virtualization for hardware resiliency?
SSL_CLIENT_CERT_CHAIN not being passed to backend server
mysql connection is slow (5seconds)
What is a "hot spare" on FreeNAS?