System Time could go out of sync on SSP cluster nodes after reboot, causing TN Flow Exp Disconnected alarms on NSX manager
Article ID: 403352
Updated On:
Products
VMware vDefend Firewall
Issue/Introduction
NTP service gets stopped on SSP cluster nodes (worker/controller nodes), if they are rebooted.
Environment
Security Services Platform 5.0.0
Cause
- The ntp service gets started during deployment but remains in disabled state on SSP controller/worker nodes. This causes ntp service to go into stopped state after reboot of worker/controller node, which may lead to system time going out of sync on the controller/worker nodes.
- To check status of NTP service on controller/worker node(s) -
- SSH into SSP Installer as root
- run
k get nodes -o wideto get the node IP. - SSH into controller / worker node IP addresses, and go to root shell from the root shell of SSP Installer node.
root@sspi-node:~# ssh capv@<node-IP>capv@ssp-6rvcd:~$ sudo -iroot@ssp-6rvcd:~# - Run command "
systemctl is-enabled ntp". If the status is "disabled", it needs to be enabled, so that ntp does not get stopped after reboots. - Run command "
service ntp status" to check if service status is shown as "active (running)" - To verify if NTP time is not getting synced run the command "
ntpq -pn". If the command does not show at least 1 ntp server with "*", time is not getting synced.
Resolution
- Run the following command from root shell of each controller/worker node to enable ntp service, so that ntp does not get stopped after reboots.
systemctl enable ntp - If ntp service is stopped on some node, start the ntp service on that controller/worker node. From root shell, run -
service ntp start
- Verify if the time is syncing by running command "
ntpq -pn" from the root shell of SSP Installer. If the command shows at least 1 ntp server entry with a "*", time is getting synced.
Note : This Issue is fixed in SSP 5.1
Feedback
Yes
No
Powered by
