Ask Your Question
0

ntpq: read: Connection refused

asked 2016-05-06 19:31:04 -0700

wu.zhihui gravatar image

updated 2016-05-10 00:20:49 -0700

mskalski gravatar image

I deployed OPNFV Brahmaputra 1.0. After finishing deployment, I checked the status of ntp on one controller node. Ntp could not connect to server. The status of ntp service on ntp client and ntp server were normal. Then I restarted ntp service on client. It conneted a while but disconnected quickly. The ntp server is on jumpserver(ip: 10.20.0.1). The log is below:

root@node-41:~# ntpq -p
ntpq: read: Connection refused
root@node-41:~# service ntp status
* NTP server is running
root@node-41:~# service ntp restart
* Stopping NTP server ntpd                   [ OK ]   
* Starting NTP server ntpd                    [ OK ]
root@node-41:~# ntpq -p
 remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*10.20.0.1       LOCAL(0)         9 u    1    8    1    0.130    2.362   0.004
root@node-41:~# ntpq -p
 remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*10.20.0.1       LOCAL(0)         9 u    5    8    3    0.130    2.362   0.257
root@node-41:~# ntpq -p
ntpq: read: Connection refused

Here is content of ntp.conf.

root@node-41:/etc# cat ntp.conf
# ntp.conf: Managed by puppet.
#
# Enable next tinker options:
# panic - keep ntpd from panicking in the event of a large clock skew
# when a VM guest is suspended and resumed;
# stepout - allow ntpd change offset faster
tinker panic 0 stepout 5

disable monitor

# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict -4 default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict ::1

# Set up servers for ntpd with next options:
# server - IP address or DNS name of upstream NTP server
# iburst - allow send sync packages faster if upstream unavailable
# prefer - select preferrable server
# minpoll - set minimal update frequency
# maxpoll - set maximal update frequency
server 10.20.0.1 iburst minpoll 3

# Driftfile.
driftfile /var/lib/ntp/drift

Any ideas why this is happening?

edit retag flag offensive close merge delete

4 answers

Sort by ยป oldest newest most voted
1

answered 2016-05-09 08:05:22 -0700

mskalski gravatar image

Ntp daemon operates inside vrouter namespace

root@node-2:~# ip netns exec vrouter netstat -lpen --udp | grep ntpd
udp        0      0 240.1.0.4:123           0.0.0.0:*                           0          71394       27631/ntpd
udp        0      0 192.168.0.1:123         0.0.0.0:*                           0          71392       27631/ntpd
udp        0      0 172.16.0.2:123          0.0.0.0:*                           0          71390       27631/ntpd
udp        0      0 240.0.0.6:123           0.0.0.0:*                           0          71388       27631/ntpd
udp        0      0 127.0.0.1:123           0.0.0.0:*                           0          71386       27631/ntpd
udp        0      0 0.0.0.0:123             0.0.0.0:*                           0          71380       27631/ntpd

You should run ntpq in the context of this namespace:

root@node-2:~# ip netns exec vrouter ntpq -c lpeer 127.0.0.1
remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 pob01.aplu.fr   .INIT.          16 u    - 1024    0    0.000    0.000   0.000
+fr1.tomhek.net  95.81.173.8      3 u   31   64  377    0.665    0.275   0.085
*fairy.mattnordh 200.98.196.212   2 u   44   64  377   90.178   -0.979   0.148

When you used standard init script to restart ntpd (which you should avoid), daemon start out of the namespace and you was able to use ntpq from cmdline. Instead you can do:

root@node-2:~# crm resource restart p_ntp
INFO: ordering p_ntp to stop
waiting for stop to finish .. done
INFO: ordering p_ntp to start
edit flag offensive delete link more
0

answered 2016-06-29 01:26:19 -0700

The NTP service running in vrouter namespace, is only listening to IPv4 requests.

If you check the OCF Resource Agent for NTP: /usr/lib/ocf/resource.d/fuel/ns_ntp you will see that:

ocfrunasroot ${COMMAND} ${OCFRESKEYextraconf} -u ntp:ntp -p "${PIDFILE}" -4 -g -c "${CONFFILE}"

the launcher contains -4 parameter which means that the NTP daemon will be listening for IPv4 packets and prohibits IPv6

ntpd --help ... -4 ipv4 Force IPv4 DNS name resolution - prohibits the option 'ipv6'

try running the command below with -4 param and you will see that NTP daemon is synchronized with the servers as expected

ip netns exec vrouter ntpq -4 -c lpeer

edit flag offensive delete link more
0

answered 2016-05-09 04:02:05 -0700

lmcdasm gravatar image

Hello.

Can you remove the "minpoll 3" arguments after the server definition. to my knowledge, if you leave that there, you are saying that you have to poll 3 servers, but you only have 1 defined. Remove that, restart NTP and verify.

Cheers Daniel

edit flag offensive delete link more

Comments

Thanks Daniel, I think minpoll/maxpoll not means the server number, just the lag between the two polling. https://access.redhat.com/solutions/39194

Julien-zte ( 2016-05-10 06:34:03 -0700 )edit
0

answered 2016-05-10 06:44:54 -0700

Julien-zte gravatar image

updated 2016-05-10 07:04:39 -0700

Thanks mskalski. It's correct, and I can get the output of ntpq now. I just wonder why ntpq -p give the refused result.

root@node-39:~# ip netns exec vrouter ntpq -c lpeer 127.0.0.1
remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*10.20.0.1       LOCAL(0)         9 u  377 1024  377    0.237  -11.089   4.619
root@node-39:~# ip netns exec vrouter ntpq -p
ntpq: read: Connection refused
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

[hide preview]

Question Tools

Follow
1 follower

Stats

Asked: 2016-05-06 19:31:04 -0700

Seen: 6,641 times

Last updated: Jun 29 '16