Last month I wrote about how you could get your IBM i to automatically adjust its clock for Daylight Saving Time adjustments, this month we take it one step further and see how its trivial to get your clock to keep itself in sync constantly with other services on your network using SNTP Simple Network Time Protocol.
Don’t confuse SNTP with the email standard SMTP or the monitoring and management standard SNMP, they are different and as different as the languages spoken in Austria and Australia! For this reason, many IT folks just refer to SNTP as NTP and I will do this for the rest of this article.
What is NTP?
Keeping it simple, NTP is a network based set of standards that allow computers to share and synchronise the clocks. You have a server element that allows the computer in question to tell others what time it is and a client element that allows it to query another computer to get its time and adjust its own clock to exactly match down to tiny fractions of a second.
This used to be something that was nice to have but, with many security and encryption methodologies not including date and time in their criteria, this is now a key requirement. Furthermore, many business standards like the mandated credit card processing PCI-DSS require all computers that fall into its scope to not only synchronise their clocks but also keep a log of changes and send alerts when significant or unexpected changes are made.
The good news is that if you use the NTP on IBM i you automatically get such a log and I’ll show you how to access that later.
Why bother synchronising your clocks?
Ok, so this section is a direct repeat of last months, if you have read it then skip down to the how to configure NTP section below.
These days no one server does everything and almost no servers do an entire job from beginning to end without talking to another device. What does this have to do with clocks? In a word troubleshooting!
The moment something goes wrong we end up diving into logs, and usually logs on more than one system, and it is at this point that having the clocks synchronised is truly a blessing. That way events logged at 11:24:13 (AM) according to the clock on SERVER1 correspond to events logged at that exact time on servers 2, 3 and 4.
This may sound like a small thing but believe me when you are troubleshooting a busy environment that can generate a thousand log entries a minute, you really don’t want to have to remember that the one server is 14 seconds behind another let alone an hour.
So even if you already have got your server to adjust itself for Daily Saving Time you would still benefit from configuring NTP (Network Time Protocol) to keep your clocks locked in sync across your network. More on that next time.
How difficult is it to configure NTP?
It really is quick and easy to both turn it on or off, no system restarts and you can do the whole thing with as little as two commands!
You can do this from the command line or the GUI, but this is so much quicker from the command line. I really would suggest the 5250 green screen for the process, that said I’ll include the iNav ones as well for those who love a GUI.
What do you need to know in order to configure NTP? Just one thing, the name or IP address of an NTP server that your system can see.
Before you say “how the hell would I know that?” You can use the IP address of pretty much any Windows domain controller on your network and if you don’t trust those windows guys; there is a whole host of them on the Internet for free, just check out https://www.pool.ntp.org the screen shot below shows the one for my home country UK.POOL.NTP.ORG
How to you configure SNTP?
First step is to tell the IBM i server that you want to get its clock synced (this makes it a client) and where to look to get the canonical value for the time using CHGNTPA command.
In this example I use a local Windows Domain Controller as my first choice (and if that is unavailable due to some unforeseen act of Microsoft) then it goes out to the internet to use a public time server.
Generally, it is also best practice to set the NTP service to start whenever you start TCP on your server (usually at IPL).
Protip: If you want your IBM i server to sync the time with other computers (i.e. to be an NTP server as well as or instead of being a client) then you can change the Server autostart parameter to *YES as well.
Next you need to start the NTP service on you server, this should be a one-time only thing as after the above command is run it will, of course, autostart from now on. You do this with the STRTCPSVR *NTP command.
Protip: If you are configuring an IBM i and an NTP server, then you will need to use the *SERVER or *ALL parameter here.
How do you view the NTP logs?
The log files are stored in the IFS in directory /QIBM/USERDATA/OS400/TCPIP/NTP you can access them with the WRKLNK or EDTF commands.
The log itself is a little verbose but no too techie, just pick the log file that matches the date you are interested in (the clue is in the name of the log file) and view it with option 5, sample below:
How do you configure NTP use the GUI?
Below is a series of screen grabs for using the IBM Navigator for i (iNav) interface, as I’ve explained in the “whys and wherefores” above I won’t repeat them, just lay them out in the normal order you would use and circle the areas you click and file in to do the job.
Nice to see you
Please come and join us at one of our 2017 User Group meetings.We will be putting on two events in March, the first in Rochdale on Thursday 2nd and the second in London on Wednesday 15th.
More details and a booking form are available at our website www.i-ug.co.uk
Comments
4 responses to “IBM i SNTP – Automatic Time Adjustment”
Steve, thanks for the tutorial. I also found that these IFS “logs” can get overlooked in general housekeeping so use the following Shell script (called /Utils/clrlogs.sh) to delete them:
< /tmp/filedellist$$
<< end of clrlogs.sh
I then schedule a job in Robot/SCHEDULE (or your own favourite scheduler) to run:
QSH CMD('/Utils/clrlogs.sh /QIBM/USERDATA/OS400/TCPIP/NTP QTOT*.* +1')
QSH CMD('/Utils/clrlogs.sh /tmp filedellist* +1')
Keeps the IFS tidy(er) !
Regards, Steve
Steve,
Hi, seems the shell script didn’t get pasted correctly so here goes a second time:
<>
#!/bin/qsh
#
# Command line to remove “old” (not modified in 1 day) NTP logs
# QSH CMD(‘/Utils/clrlogs.sh /QIBM/USERDATA/OS400/TCPIP/NTP QTOT*.* +1’)
#
# Command line to remove “old” (not modified in 1 day) “error logs” from running the above command
# QSH CMD(‘/Utils/clrlogs.sh /tmp/ filedellist* +1’)
#
# $1 – Directory structure to look in [this is “/QIBM/USERDATA/OS400/TCPIP/NTP” in the above]
# $2 – File name to search for and delete [this is “QTOT*.*” in the above]
# $3 – Number of days to keep [this is “+1” in the above]
find $1 -type f -name “$2” -mtime $3 -exec rm {} \; > /tmp/filedellist$$
<>
Thanks for the info Steve.
If you had this NTP configured , would it be necessary to have daylight savings auto adjutment configured as well?
If both were configured, would NTP work in conflict or in conjunction with the Auto Daylight savings settings?
Hello together,
if someone tried Steve’s tidy-up-script:
Instead of
QSH CMD(‘/Utils/clrlogs.sh /QIBM/USERDATA/OS400/TCPIP/NTP QTOT*.* +1’)
this did the trick:
QSH CMD(‘/Utils/clrlogs.sh /QIBM/USERDATA/OS400/TCPIP/NTP QTOT* +1’)
The files do not have an extension, so the find did not work here.
Maybe it helps someone else.
Nice site btw 🙂
Regards,
Mario