Discussion:
[j-nsp] deleting ntp server from config, perhaps a bug?
Drew Weaver
2018-09-27 11:43:10 UTC
Permalink
Hello,

I added 0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org, 3.pool.ntp.org to system ntp on an MX80 running JunOS 15.

[edit system ntp]
***@charlie# show
server 216.230.228.242;
server 45.79.109.111;
server 172.98.193.44;
server 69.195.159.158;

I need to deactivate/delete a few of these:

[edit system ntp]
***@charlie# delete server 216.230.228.242
warning: statement not found

***@charlie# deactivate server 216.230.228.242
warning: statement not found

Is there any way to do this other than simply deleting the entire block and starting over?

Thanks,
-Drew

_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Olivier Benghozi
2018-09-27 11:57:49 UTC
Permalink
Works as expected here (16.1R7)...
Post by Drew Weaver
I added 0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org, 3.pool.ntp.org to system ntp on an MX80 running JunOS 15.
[edit system ntp]
server 216.230.228.242;
server 45.79.109.111;
server 172.98.193.44;
server 69.195.159.158;
[edit system ntp]
warning: statement not found
warning: statement not found
Is there any way to do this other than simply deleting the entire block and starting over?
_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-
Chris Morrow
2018-09-27 13:19:52 UTC
Permalink
On Thu, 27 Sep 2018 07:57:49 -0400,
Post by Olivier Benghozi
Works as expected here (16.1R7)...
Post by Drew Weaver
I added 0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org, 3.pool.ntp.org to system ntp on an MX80 running JunOS 15.
[edit system ntp]
server 216.230.228.242;
server 45.79.109.111;
server 172.98.193.44;
server 69.195.159.158;
[edit system ntp]
warning: statement not found
warning: statement not found
Is there any way to do this other than simply deleting the entire block and starting over?
there's (of course) the 'you should always deploy a full config' crew, but...
can you try deleting the NTP server in question from the top of the config tree?
delete system ntp server 216<tab>

that ought to complete and then work (does for me anyway).
_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Saku Ytti
2018-09-27 14:51:50 UTC
Permalink
Post by Chris Morrow
there's (of course) the 'you should always deploy a full config' crew, but...
Reporting for duty.
--
++ytti, immutable configs 4 lyfe
_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Jared Mauch
2018-09-27 14:57:43 UTC
Permalink
Post by Saku Ytti
Post by Chris Morrow
there's (of course) the 'you should always deploy a full config' crew, but...
Reporting for duty.
The ability of routers to use DNS for service names is getting to be more of a soft-requirement => hard requirement these days. I may want to configure a DNS name for my BMP/KFAFKA magic and have it fail over if we renumber the machine (for example).

Cisco/Juniper require IPs for the NTP configuration, and if you type in something like a NTP pool name/label it will resolve it and store that in the config vs follow based on the pool measurement/accuracy over time.

- Jared
_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Chris Morrow
2018-09-27 17:14:44 UTC
Permalink
On Thu, 27 Sep 2018 10:57:43 -0400,
Post by Jared Mauch
Post by Saku Ytti
Post by Chris Morrow
there's (of course) the 'you should always deploy a full config' crew, but...
Reporting for duty.
I should be clear, the 'full config only' thing is good, but not
everyone is capable of getting there in the short-term. It also means
quite a bit of infra needs to exist, so not everyone is willing to
commit to it.
Post by Jared Mauch
The ability of routers to use DNS for service names is getting to be
more of a soft-requirement => hard requirement these days. I may
want to configure a DNS name for my BMP/KFAFKA magic and have it
fail over if we renumber the machine (for example).
intersting, what cadence would you expect for re-resolving named
resources though? hourly? at RR ttl expiry? other? Why is it not
acceptable to just run 'services' on a VIP, and not on the physical
machine's IP ? (ie: why would you ever renumber?)
Post by Jared Mauch
Cisco/Juniper require IPs for the NTP configuration, and if you type
in something like a NTP pool name/label it will resolve it and store
that in the config vs follow based on the pool measurement/accuracy
over time.
see cadence question.
_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Netravnen
2018-09-27 17:22:35 UTC
Permalink
Post by Drew Weaver
I added 0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org, 3.pool.ntp.org to system ntp on an MX80 running JunOS 15.
Maybe look into a way to dynamically update the ntp servers list?
(using automation?)

Remember using this trick[0] when running small end-site with mikrotik
as gateway.

[0]: https://wiki.mikrotik.com/wiki/Manual:Scripting-examples#Allow_use_of_ntp.org_pool_service_for_NTP

-Netravnen
_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Pierre Emeriaud
2018-09-27 18:54:39 UTC
Permalink
Post by Netravnen
Post by Drew Weaver
I added 0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org, 3.pool.ntp.org to system ntp on an MX80 running JunOS 15.
Maybe look into a way to dynamically update the ntp servers list?
(using automation?)
ntpd from ntp.org has some additional logic to handle the pool.
Instead of configuring 'server 0.pool.ntp.org', use 'pool
0.pool.ntp.org':

ntpq> peers
remote refid st t when poll reach delay offset jitter
==============================================================================
0.debian.pool.n .POOL. 16 p - 64 0 0.000 0.000 0.000
1.debian.pool.n .POOL. 16 p - 64 0 0.000 0.000 0.000
*ntp1.rrze.uni-e .DCFp. 1 u 428 1024 377 12.567 -0.544 0.285
+srcf-ntp.stanfo .GPSs. 1 u 876 1024 377 138.149 -0.128 0.397
-ntp-1.arkena.ne 145.238.203.14 2 u 764 1024 317 15.210 -7.569 0.990
+regar42.fr 62.210.244.146 4 u 375 1024 377 5.038 -1.523 0.310

Only 0.debian.pool.ntp.org and 1.debian.pool.ntp.org are defined in
ntp.conf. (this is not mentioned in the manpage - yay).

Is Junos using ntpd from ntp.org or openntpd?
_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
http
Phil Shafer
2018-09-27 18:46:50 UTC
Permalink
Post by Drew Weaver
I added 0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org, 3.pool.ntp.org to system ntp on an MX80 running JunOS 15.
I am unable to reproduce this, and it's pretty basic ui functionality,
so I'm a bit puzzled. I'll keep looking but are you seeing this
broken behavior anywhere else in the config? Can I get the specific
version number?

Is this a lab box? If so, can you copy your database files
(/var/db/j*) to a backup location and run "mgd -I" (from the shell)
to rebuild it? If that succeeds, open a support case with JTAC and
give them both the backup and rebuilt files and we can take a look
and see what failed.

Sorry I don't have a better answer at this point, but this ability
to delete specific statements is a core piece of ui functionality
and I can explain its failure. Hopefully the data files will show
us.

Thanks,
Phil
_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Phil Shafer
2018-09-27 19:07:36 UTC
Permalink
Post by Jared Mauch
The ability of routers to use DNS for service names is getting to be more of a soft-requirement => hard requirement these days. I may want to configure a DNS name for my BMP/KFAFKA magic and have it fail over if we renumber the machine (for example).
Yup, this one's on my list of features I haven't added yet. The
plan was to have the value contain both the DNS and the address so
we (a) always have an address, and (b) can re-resolve at some
specific future time. It's less of an issue for NTP, but imagine
having DNS fail for your syslog server and not getting logs. The
re-resolve would be an explicit action, done at the user's direction
(or via event policy, etc).

Anyway, it would look something like:

[edit system ntp]
***@charlie# show
server 0.pool.ntp.org%216.230.228.242;
server 1.pool.ntp.org%45.79.109.111;
server 2.pool.ntp.org%172.98.193.44;
server 3.pool.ntp.org%69.195.159.158;

where the junos system components would see only the address, but
the UI would hold both and "request system configuration resolve"
would perform the magic. There'd be an "opt in" knob to turn on
this new behavior, so API clients (and humans) wouldn't freak at
these hybrid values.

Thanks,
Phil
_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Loading...