Cool Solutions

Web Interface for Monitoring and Managing NTP and Time Synchronisation

peter6960

By:

February 22, 2011 11:15 am

Reads: 7673

Comments:2

License:
GPL

written by Peter van der Walt for www.netcb.com

 

Web Interface for eDirectory TimeSync Checks and attempted Repairs for Linux Servers.

How the application works

  1. It runs ndsrepair -T to get a eDirectory TimeSync report in /timesync.log
  2. The PHP interface starts by using Grep to identify Linux servers in the timesync.log that’s out of sync
  3. The PHP interface generates a Table of the servers out of sync, and in sync
  4. These are displayed on two tabbed pages using a JavaScript
  5. For cosmetic reasons a clock is generated using JavaScript
  6. All actions are posted to PHP or Bash scripts (i.e. Generate TimeSync report, Restart NDS and Fix Time). The results of Generate and Restart refreshes the page and diplays the results in the header as the information in timesync.log can be changed by running these commands. The Fix is run without refreshing the page, instead results are displayed in a status bar at the bottom of the screen. This is because even though time is/is not fixed, you first need to run a Generate new TimeSync report to get this information validated. Not refreshing saves time: as soon as the result is updated in the status bar, you can immediately click Fix for the next server. As soon as you have gone through the list, you can validate the results by Generating a new TimeSync Report
  7. Fixing NTP only works if NTP is properly configured, but for instance the drift is too big therefore NTP is not adjusting the time, or for some other reason – manually setting the time then restarting ntpd is required – this fixes NTP issues 95% of the time on Linux

Requirements:
1. This web interface was only tested on Firefox
2. Server requirements:
2.1 Server must be in the Tree.
2.2 This server’s time must be in sync with the time sources used on all the other servers
2.3 NTP must be properly configured prior to using this tool. i.e. a proper ntp.conf, ntpd running, etc
2.4 Server must have Apache2 and PHP5. To install: ‘zypper in apache2 php5 apache2-mod_php5′
2.5 Paths are for Novell SuSE Linux Enterprise 10 SP3 with OES2 SP2a – if you need to modify, modify references in index.php, timesync.php and the script files in /usr/scripts.
2.6 Install the ‘expect’ shell: zypper in expect – this is required for the Automated fixing of time. It is not part of a Default OES install

How to Install:

  1. Edit /etc/sudoers as reflected in the sample sudoers file in the /etc folder on the installationThe purpose of this step is to allow the Apache daemon to execute the scripts in /usr/scripts as well as ndsrepair (to generate Timesync report) and the cat, touch, ls commands. These bash executables are called from the PHP code
  2. Copy the /usr/scripts into the filesystem. Make sure that wwwrun:www has permissions to access and execute the filesThese are the bash scripts called by the PHP program – to execute certain core parts of the Time Synchronisation interface.
  3. Copy the /srv/www/htdocs/ntp into the filesystem. Make sure that wwwrun:www has permissions as aboveThis is the php, javascript, css stylesheets, images and Password CSV files used by the Web interface.

    NB: See next note about password CSV file.

  4. Using the sample passwd.csv file, construct a list of server names (NCP server names as will be reported in NDSRepair) and their respective root passwords. These passwords will be used when fixing NTP bu using SSH to the server to execute a date -s command with the correct date of the server the Web Interface is running from, then restarting the xntpd daemon. It follows these up, by running ntptime to confirm of NTP is now working properly.The format of this CSV must be servername|password, not separated with Commas, instead seperated by a “|”.

    You could also leave this blank, as the interface allows you to insert a password manually. When I developed this, I added the password lookup as this particular scenario had several password and I was not planning on memorising which password goes with which server.

Please note that this is the first public release. There may still be a bug or two.

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)


Categories: Uncategorized

Disclaimer: This content is not supported by Novell. It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test it thoroughly before using it in a production environment.

2 Comments

  1. By:peterhine

    is expect only for the server hosting the php/scripts, or for all target servers ?

    If i have ssh key access to other servers, does this negate the use of the passwords database (will this break your stuff, eg expect never returning, if expect is run on the host server).

    probably need to run this in cgi directory rather than htdocs, as the password database could be downloaded as it is now.

    change ownership to root:www so as to not give wwwrun write permissions (will that break what you have ?).

    thanks
    p

    VN:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
    • By:peter6960

      Expect is only needed on the server hosting the scripts.

      If you are using SSH keys, you can remove the database, and edit the expect script to not “expect” the password prompt. The customer I built this for has over 4000 server’s so SSH keys was not an option at the time.

      Also, you are welcome to adapt the paths and permissions as suited in you’re environment.

      Regards

      Peter

      VN:F [1.9.22_1171]
      Rating: 0.0/5 (0 votes cast)

Comment

RSS