Jul 222015
 

As I was setting up the new varm server, one of the Nagios checks I included was check_ntp_time. It comes standard with nagios-plugins.

The check was reporting NTP CRITICAL: Offset unknown. Running the check from the command line showed:

[dan@webserver:/usr/local/libexec/nagios] $ ./check_ntp_time -4 -H varm
NTP CRITICAL: Offset unknown|

Running the check with a timeout showed:

[dan@webserver:/usr/local/libexec/nagios] $ ./check_ntp_time -4 -H varm -t 1
CRITICAL - Socket timeout after 1 seconds

I checked sockstat

output on a machine with worked and then on varm. They both looked similar to this:

$ sockstat -p 123 -4
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS      
root     ntpd       778   21 udp4   *:123                 *:*
root     ntpd       778   22 udp4   10.0.0.20:123         *:*
root     ntpd       778   27 udp4   127.0.0.1:123         *:*

Next, I compared configuration files. I noticed the differences were:

$ diff  /etc/ntp.conf ~/ntp.conf 
1a2
> 
3c4
< # $FreeBSD: stable/10/etc/ntp.conf 285612 2015-07-15 19:21:26Z delphij $
---
> # $FreeBSD: releng/9.3/etc/ntp.conf 259974 2013-12-27 23:09:40Z delphij $
47,48c48,49
< restrict default limited kod nomodify notrap nopeer noquery
< restrict -6 default limited kod nomodify notrap nopeer noquery
---
> restrict default kod nomodify notrap nopeer noquery
> restrict -6 default kod nomodify notrap nopeer noquery

It seems the default on 10 STABLE doesn’t allow check_ntp_time to do its stuff. I copied in the values from 9.3, restarted ntpd, and the Nagios check then worked.

But there were interesting bits in /var/log/messages

ntpd[36357]: ntpd 4.2.8p3-a (1): Starting
ntpd[36358]: restrict default: KOD does nothing without LIMITED.
ntpd[36358]: restrict ::: KOD does nothing without LIMITED.

I started looking at the FreeBSD repo to see what changes had occurred to this file. Of note was this change which led me to the ntpd documentation.

I reverted my changes and added this entry to /etc/ntp.conf instead:

# allow nagios/webserver to query
#
restrict 10.0.0.3

Then all worked just fine.

Website Pin Facebook Twitter Myspace Friendfeed Technorati del.icio.us Digg Google StumbleUpon Premium Responsive