Troubleshooting
Problem
Receiving NTP error on Cloud Pak for Security:
"Clock on <HOST> is not synchronizing. Ensure NTP is configured on this host
machine <HOST> is in phase: Failed"
Cause
- The controller nodes are not in sync with the NTP server configured.
- If the system is installed on VMware, the VMtools daemon populates that information from the ESXi host. Both the domain error and the NTP sync error are affected by the VMtools daemon.
- By default, unless explicitly overridden, the control plane & worker nodes ignition are configured to use public NTP servers. Although NTP servers can be overridden at ignition file generation time, if it isn't, it is then hardcoded going forward. The configuration can be overridden by using a DHCP providing NTP records. If default NTP servers were never changed, time lookups might be blocked by internal Firewall.
Resolving The Problem
Check Firewalls
Verify with your Network Administrator that your Firewall isn't blocking:
- Either outbound NTP port UDP 323 or UDP 123.
- Default NTP servers of Red Hat OpenShift:
0.rhel.pool.ntp.org 1.rhel.pool.ntp.org 2.rhel.pool.ntp.org 3.rhel.pool.ntp.org
Verify Correct NTP Servers
Use internal NTP addresses to resolve the issue in chrony node.
- Log in to servers command-line interface (CLI).
- Backup time service configuration:
cp -p /etc/chrony.conf <BACKUP>
<BACKUP>
with your remote, or local, backup location. - Verify that configuration contains server definitions and the lines with "server" are correct:
sudo vi /etc/chrony.conf
- If changes were made, restart time service:
sudo systemctl restart chronyd
Hypervisor Special Instructions
Disable all-time synchronization from chronyd, as well as real-time clock updates, on hypervisor-based nodes:
- Log in to app host as user "
appadmin
" - Backup time service configuration:
cp -p /etc/chrony.conf <BACKUP>
<BACKUP>
with your remote, or local, backup location. - Comment out the lines that start with "server" and "rtcsync":
sudo vi /etc/chrony.conf
- Restart time service:
sudo systemctl restart chronyd
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTDPP","label":"IBM Cloud Pak for Security"},"ARM Category":[{"code":"a8m3p0000000rbnAAA","label":"Administration Task"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
17 July 2023
UID
ibm16962363