Tag Archives: NTP

Modifying vCenter Server Appliance 6 (VCSA) NTP settings

For some unknown reason that I’m yet to learn.  The VAMI in vCenter Server Appliance 6 has been removed.  VAMI is the management interface that you usually connect to on port 5480 for most VMware appliances.  Prior to vCenter 6 you could connect to your VCSA appliance on port 5480.  In the VAMI you could check that status of the appliance services, change its network settings, perform updates, and change NTP settings.

vcsa_ntp0

It’s this last  setting that quickly alerted me to this change shortly after deploying my first VCSA 6.  During the initial deployment of my vCenter Appliance I would specify my NTP servers when prompted.  During my first two attempts the deployment would error out and fail because my NTP time sources specified were timing out.  So on the third attempt I decided to skip the NTP servers and configure them post install.

Here in lies the new way of modifying NTP settings on a vCenter 6 Appliance.

Firstly we need to log into the appliance via SSH or via the console using the root account.

vcsa_ntp01

We will be presented with a VMware shell with instructions on how to enable BASH.  For this task and many other vCenter tasks the current shell is good enough.  From here we can run our NTP commands.  If we type ntp followed by the ‘TAB’ key we get a list of ntp commands we can run.

vcsa_ntp02

Typing ntp.get lists the current status of NTP and what NTP servers are configured.  In this case the status is Down and no servers have been configured.

Command> ntp.get
Config:
Status: Down
Servers:
Command>

As we have no NTP servers listed we can use the ntp.server.set command.  This will override any current servers that may also be listed.

Command> ntp.server.set --servers 0.au.pool.ntp.org
Command> ntp.get
Config:
Status: Down
Servers: 0.au.pool.ntp.org
Command>

We now have one NTP time source set.  If we wish to make modifications to the list of servers without overriding them we can use the ntp.server.add command.

Command> ntp.server.add --servers 1.au.pool.ntp.org
Command> ntp.get
Config:
Status: Down
Servers: 0.au.pool.ntp.org 1.au.pool.ntp.org
Command>

With our NTP time sources set we now enable and start NTP using the command timesync

Command> timesync.set --mode NTP
Command> timesync.get
Config:
Mode: NTP

Command> ntp.get
Config:
Status: Up
Servers: 0.au.pool.ntp.org 1.au.pool.ntp.org

And that’s really all that is required.  Relatively straight forward to perform.  From my point of view it’s certainly not as convenient as using the VAMI web portal from previous versions.  As mentioned above.  I don’t know why it was removed.  Perhaps time constraints meant that it will be introduced in a future update.  Or perhaps it’s just hidden on a different port I’m not aware of.  In any case it would be nice to officially know.

Note; ‘--servers’ above is a double dash.

References

Add or Replace NTP Servers in the vCenter Server Appliance Configuration

Configuring and Testing NTP on ESXi

I hate NTP.  I hate time sync issues.  I hate time skew issues on ESXi.

So now that I’ve got that out I feel a whole lot better.  I can now talk about how to configure and importantly validate your NTP settings on an ESXi host.

Setting and syncing time on an ESXi host is done within Time Configuration on the Settings tab of an ESXi host.

timesync02

The time can either be set manually or it can be set via NTP.  Setting the time manually is self explanatory.  Basically change your time and click OK.  It’s not something I’m going to go into any further.  Ideally, though, you want to be setting your time with NTP.  Using NTP is relatively easy too, the hardest part will be making sure you have the correct ports open on all parts of the network.  NTP generally uses UDP port 123 btw.

timesync03

So firstly you want to select Use Network Time Protocol.  You next want to head over to http://www.pool.ntp.org and find your closest NTP time sources.  Understanding how the underlying technology of how NTP works is actually quite interesting but beyond what this post is about.  Wikipedia is a good start on NTP.  Each region around the world has a number of NTP pools and within those regions many countries have pools of their own.  For me my closest pool is Australia within the Oceania region.  Australia has 4 pools.  Within these pools are actually a number of servers.  I can use one of these pools or I can use them all.  I’ll be using them all for redundancy.  Once I enter these pool addresses and separate them with commas I click the Start button and click OK.

timesync04

The Time Configuration should now look something similar to below.  The time change in not instant and can take… well… time.

timesync05

But how do you test that these settings are correct, considering that the time sync process is not instant.  Further more, NTP uses UDP port 123 which is connectionless.  Well, we can query the output our NTP sources gives us, which can be done from the CLI of the ESXi host.

Log into the console of the ESXi host using whatever method you prefer.  The simplest is usually just starting and connecting to SSH.

We use the NTPQ command and type the following.

ntpq -p localhost

The output should be sometime similar to below.  VMware have a good KB article which explains what it all means if your really want to know.

timesync06

If we see something similar we know we’re good and the time should start to change shortly.  If we get all zeros we probably have network and DNS working but NTP is block at the firewall somewhere.