Embedded Linux distribution executes a NTP client not intentionally installed. But which? - time

I'm trying to manage the system time of an yocto-base Linux distribution (zeus release) by NTP (Network Time protocol).
I know that an available NTP client is ntpdate, bu without installing ntpdate, the system time synchronizes itself with a not known NTP server.
The system is connected to Internet by a WiFi network and if I disconnect it from Internet the date synchronization stops.
This proofs that there is a process running on my distribution which set the system date by a connection to a not known NTP Server.
Because the distribution comes from the yocto core image core-image-minimal.bb, it is one of the packages installed by it which adds a NTP client to the distribution.
But which is this client?
I hope I was clear! Don't hesitate to ask for more details.

By default (and so without that I know it) in my Linux distribution has been installed the systemd service: systemd-timesyncd.
This service starts automatically at boot and, by default, try to connect to one of the following public NTP Server:
time1.google.com time2.google.com time3.google.com time4.google.comtime1.google.com time2.google.com time3.google.com time4.google.com
So it is systemd-timesyncd that gets the UTC date and time from one of the previous servers.
About the list of default NTP servers it is useful read the following info from the timesyncd.conf man page:
CONFIGURATION DIRECTORIES AND PRECEDENCE
The default configuration is defined during COMPILATION, so a configuration file is only needed when it is necessary to deviate from those defaults. By default, the configuration file in /etc/systemd/ contains commented out entries showing the defaults as a guide to the administrator. This file can be edited to create local overrides.

Related

Can someone elaborate on the necessary proxy settings in the install-config.yaml file for an OKD installation in an air-gapped environment?

I am attempting an installation of OKD 4.5 in a restricted (i.e. air-gapped) environment. I am running into an issue during the installation process where-in, as far as I can tell, the bootstrap machine is attempting and failing to access the mirrored registry I have running.
Based on my research, I believe this issue is stemming from a lack of proxy settings within the install-config.yaml file as described in the documentation here, however I am having trouble wrapping my brain around what functions I'm attempting to accommodate by adding this proxy information into the configuration and exactly what information I should be adding. I haven't been able to find any other segments of the documentation that go into details about this either (however if someone can simply point me in the direction of such documentation, that would be extremely helpful).
Would anyone be willing to explain to me what values should be going into the proxy lines in this file and why? Does this information replace, compliment, or require changes in any way to the networking segment of the configuration?
As a related question, do I need to change any of the networking subnet values to reflect my local network? In all examples I've seen the clusterNetwork.cidr and serviceNetwork subnets are the same as the documentation (cidr: 10.128.0.0/14, serviceNetwork: - 172.30.0.0/16), and some include an additional machineNetwork field. Is this field something I should be adding and if so, should I just be including my subnet for this field?
As context for my specific scenario, here are my environment specifications as well as the specific errors I am getting:
OKD Release: `4.5.0-0.okd-2020-10-15-235428`
Environment: Virtualized Bootstrap, Master and Worker nodes, in virt-manager, running on Centos 7 in
air-gapped environment. This host machine contains the install directory and also provides DNS,
Apache Server, HAProxy for load balancing and the mirrored registry.
Errors:
From <log-bundle>/bootstrap/journals/release-image.log:
localhost.localdomain release-image-download.sh[114151]: Error: Error initializing source docker://okd-services.okd.local:5000/okd#sha256<.....>:
error pinging docker registry okd-services.okd.local:5000: Get "https://okd-services.okd.local:5000/v2/":
dial tcp <okd-services.okd.local ip>:5000: connect: connection refused
From systemctl status named (several requests to IPs I don't recognize which seem to be NTP requests):
network unreachable resolving '2.fedora.pool.ntp.org.okd/AAAA..
network unreachable resolving './NS/IN': 199.7.91.13#53
etc
I have ensured that host-node and node-node communication is present, and that the registry is accessible from the nodes ( to test, I netcat the certificate pem into a node and update its trusts, then curl -u the registry using https://fqdn:5000/v2/_catalog), so I am fairly certain all the connections are established properly.
To conclude, since I'm fairly sure that the proxy/network settings in the install-config.yaml file are to blame, and since I am unable to find more elaboration on these configurations in the official docs or elsewhere, I would very much appreciate any in-depth explanation of how I should be configuring this for an air-gapped environment. Additionally, if anyone believes that another issue is the cause, any input regarding that would be great.

How to login to Jenkins from any network

I’m an absolute beginner when it comes to setting up a Jenkins environment but I have just installed Jenkins on a MAC v10.15.5 using home-brew and would like the capability to:
Open a web browser
Login to Jenkins from any machine on any network
Trigger a job.
I’m able to do this using a different machine on the same network but unable to do this using a machine on a different network. I changed the "httpListenAddress" value within the jenkins-lts.plist file to 0.0.0.0 to allow the web interface to be accessible from anywhere as mentioned at https://www.macminivault.com/installing-jenkins-on-macos/ but apart from that I’m not sure where to go from here.
I’ve heard about Apache Tomcat but not sure if it's necessary for what I need to do. If anyone can provide instructions / safe approaches about how to login to the Jenkins environment on my MAC from any network that would be appreciated.
To get jenkins web interface use $JENKINS_HOST_IP:8080 (by default jenkins uses port 8080) and then make first-run-configure.
Login to Jenkins from any machine on any network - it depends on network topology, what is used in your organisation. So, to reach jenkins host from any network where should be allowed traffic from/into network where jenkins host is placed.
Trigger a job - where are a lot of triggers you can use. Take a look at official documentation here

3 layer application non networked?

I have a system named Windchill which runs in a CentOS 5.7 virtualbox;
The system consists of apache, oracle 11g, listener, windchillDS(openLDAP) and the application core (method server) which is a java process. All installed in the same vm(monolithic)
My question is related with the network, The system runs smooth on the network, but once I remove the network cable it stops working and the method server keeps restarting with the socket timeout error.
Im not a IT specialist, I manage the internal configuration of the system and I dont have an specialist to help me right now but I need desperately to make it run non networked in a laptop to show it for a customer.
I just want a hint of where may be the problem:
Does oracle runs non networked? Which configurations do I need to make it run without a network?
Maybe the problem is the listener?
I guess the problem is the oracle because of the socket timeout error with the database but Im not sure...
Sorry this is long and probably needs more explanation, please ask whathever you want!
I found this tip in another forum specific for the windchill product(login needed)
http://portal.ptcuser.org/p/fo/st/thread=52005&posted=1
It is related with Linux configuration to resolve the IPs:
"Edit your /etc/resolv.conf to look like this when not connected to a network:
domain local domain
search localdomain
nameserver 127.0.0.1"
Worked perfectly!
Thank you for your prompt answers guys!!!

Setting Windows server as NTP server but keeping client settings untouched

I'm working on an installation module (C#) for a distributed system.
One of the requirements is being able to setup one of the servers as an NTP server (windows time service).
I've followed several MS articles, for example:this one
but it seems that each one also requires to configure the NTP client settings (for example changing the server type from Nt5DS to NTP).
Any idea of how to keep a server's existing NTP client settings untouched while setting it as NTP server?
Thanks,
After investigating this issue for a while, looks like that's impossible.
After reading this post, I understand that the same registry key is used for both NTP client and server protocols, meaning, if the same machine needs to be a client and a serve but the client should work with, let's say, NT5DS and the server's protocol is obviously NTP than it can't work.

How do I determine the identity of a Windows machine?

I have a program consisting of a server and a client processes. Both run on Windows systems - Windows 2000 or later versions. The two processes can run on the same machine or on two different machines.
How can the client determine if it is run on the same machine as the server? If the server is not running the client can't work anyway and doesn't care where the server possibly is - so this case is out of the question. I've heard that each Windows machine has an UUID - can I obtain it and use for that purpose?
Windows networking requires computer names to be unique, so calling the GetComputerName api and having the client and server swap names (and compare the received name to the name they see) should suffice. If the client and server can start up independently of one another then you'll need some sort of protocol for this process. It seems logical for the client to initiate the exchange, and the server to only send its name when it has received a name from a client. The client can then abort the connection if it sees the same name.
I believe most virtual machine systems will allow the virtual machine to have its own name, so it should still be possible for you to test on virtual machines. However I don't have extensive experience of all the virtualisation technologies out there, so can't say for sure.
Previous question about generating a unique machine id that might help.
Link to previous answer which mentions MachineGUID
It is straightforward to add an API to the server that reports its machine name. The environment variable is COMPUTERNAME. The client could check that, right?
Do you need to deal with any of these cases?
The client is running, but the server is not responding, and you want to know whether the unresponsive server is on a remote machine.
The client and the server are running in two distinct virtual machines on the same host machine, and you want to report that as "running on the same machine."
The client is running in a virtual machine hosted by the same machine as the server is running on, and you want to report that as "running on the same machine."
The client and the server are running on uncoordinated networks and both might have been assigned the same name.
The server is possibly hostile, and will attempt to deceive the client.
The network card will have a unique MAC. If both server and client report the same MAC then they are using the same network card. If both client and server are running in different virtual machines but using the same network card, do you consider them running on the same machine or different machines?
how about trying to establish a loopback tcp connection? or maybe checking for some lock file created by the server in a predefined folder...
I don't know exactly how, but there's for sure something equivalent in Win32 to the /proc filesystem in Unix (I think there are free replacements for the windows taskmanager, maybe you could look at their sources) where you could search for your server process.

Resources