Synchronizing Clocks with NTP Servers
You can synchronize an event broker’s clock with a networked Network Time Protocol (NTP) server. This is especially helpful for event brokers that are using redundancy and replication. For example, if your event brokers are synchronized with the same NTP server, message expiry times will be consistent across all of them.
The procedure for synchronizing with an NTP server differs for appliances and software event brokers.
At any point, use the show clock
command to display the current date and time on appliances or software event brokers.
Appliances
An appliance can be time synchronized using either the setup commands explained in Initial Setup, or the clock synchronization CLI commands shown below:
enable configure clock synchronization [create|no] ntp-source <host> [no] nts [no] shutdown [no] protocol {ntp | ptp} [no] shutdown
Where:
[create|no] ntp-source <host>
allows you to configure up to eight NTP sources (if you're using NTP).
[no] nts
allows you to enable or disable NTS (Network Time Security) on any or all of these protocols.
[no] protocol {ntp | ptp}
allows you to select the synchronization protocol (NTP or PTP).
Using mixed authentication modes for clock synchronization is not recommended. In scenarios where mixed authentication modes are required (for example, if you have multiple NTP servers where some use authenticated connections with NTS and some do not), Solace uses the chrony implementation of NTP, which uses the mix
mode for authentication selection and favors NTP servers that use authenticated connections with NTS. For more information, see the Chrony Project Documentation.
For appliances using SolOS 10.6.0 or earlier, the ntp-server
command is used as shown below:
solace(configure)# clock solace(configure/clock)# synchronization solace(configure/clock/synchronization)# shutdown solace(configure/clock/synchronization)# protocol ntp solace(configure/clock/synchronization)# ntp-server <ip-addr> solace(configure/clock/synchronization)# no shutdown
Where:
ip-addr
is the IP address or fully qualified domain name (FQDN) of a reachable NTP server.
The no
version of this command, no ntp-server
, removes the NTP server information.
The ntp-server
command configures only one non-authenticated NTP server connection. In this way, it replaces existing configuration (no matter how many sources you have previously configured).
Software Event Brokers
Software event broker clocks can be synchronized with one of the three methods shown in the following list.
With the PubSub+ AWS AMI, clock synchronization is preconfigured to use AWS time servers. Use chronyd
to change the clock server.
- In your hypervisor or cloud environment:
Use DHCP to configure NTP. This requires no host configuration.
- For software event broker machine images:
Set up NTP through the event broker host.
To do so, perform the following steps:
- Log in to your event broker's host as the root user.
- Edit the
/etc/ntp.conf
file and enter the following configuration.tinker panic 0
disable monitor
restrict default ignore
restrict 127.0.0.1
restrict ::1
server <server-ip>
restrict <server-ip> - Enable
ntpd
. - Then reboot the event broker.
- In the event broker host shell, enter the following command to check whether the NTPD status is working:
systemctl status ntpd
In the displayed output, to confirm ntpd is active, check for a line that looks like this:
"Active: active (running)" portion.
- Once NTPD is confirmed active, wait several minutes and enter the following command to verify that the event broker is now in sync.
ntpstat
In the displayed output, to confirm that the event broker is in sync, check the output for a line that looks like this:
synchronised to NTP server (192.168.40.80) at stratum 3
systemctl enable ntpd
reboot
- Use Cloud-Init:
Set up NTP with the same configuration information provided in steps 2.2 and 2.3 above.
Example:write_files: - path: /etc/ntp.conf permissions: 0600 owner: root:root content: | tinker panic 0 disable monitor restrict default ignore restrict 127.0.0.1 restrict ::1 server <server-ip> restrict <server-ip> runcmd: - systemctl enable ntpd - systemctl start ntpd