Synchronize the system time across an ONTAP cluster
Suggest changes
PDFs
Synchronizing the time ensures that every node in the cluster has the same time, and prevents CIFS and Kerberos failures.
A Network Time Protocol (NTP) server should be set up at your site. Beginning with ONTAP 9.5, you can set up your NTP server with symmetric authentication. For more information, see documentation for managing the cluster time (cluster administrators only).
You synchronize the time across the cluster by associating the cluster with one or more NTP servers.
-
Verify that the system time and time zone is set correctly for each node:
cluster date showAll nodes in the cluster should be set to the same time zone.
This example shows the date and time zone for each node in the cluster.
cluster1::> cluster date show Node Date Time zone ------------ ------------------- ----------------- cluster1-01 01/06/2015 09:35:15 America/New_York cluster1-02 01/06/2015 09:35:15 America/New_York cluster1-03 01/06/2015 09:35:15 America/New_York cluster1-04 01/06/2015 09:35:15 America/New_York 4 entries were displayed.
-
Change the date or time zone for all of the nodes:
cluster date modifyThis example changes the time zone for the cluster to be GMT:
cluster1::> cluster date modify -timezone GMT
-
Associate the cluster with your NTP server:
To set up your NTP server without symmetric authentication enter the following command:
cluster time-service ntp server create -server <server_name>To set up your NTP server with symmetric authentication, enter the following command:
cluster time-service ntp server create -server <server_ip_address> -key-id <key_id>
Symmetric authentication is available beginning with ONTAP 9.5. It is not available in ONTAP 9.4 or earlier. This example assumes that DNS has been configured for the cluster. If you have not configured DNS, you must specify the IP address of the NTP server:
cluster1::> cluster time-service ntp server create -server ntp1.example.com
-
Verify that the cluster is associated with an NTP server:
cluster time-service ntp server showThis example shows that the cluster is associated with the NTP server ntp1.example.com.
cluster1::> cluster time-service ntp server show Server Version -------------------- ----------- ntp1.example.com auto
Commands for managing symmetric authentication on NTP servers
Beginning with ONTAP 9.5, Network Time Protocol (NTP) version 3 is supported. NTPv3 includes symmetric authentication using SHA-1 keys which increases network security.
| To do this… | Use this command… |
|---|---|
Configure an NTP server without symmetric authentication |
|
Configure an NTP server with symmetric authentication |
|
Enable symmetric authentication for an existing NTP server An existing NTP server can be modified to enable authentication by adding the required key-id. |
|
Configure a shared NTP key |
Note: Shared keys are referred to by an ID. The ID, its type, and value must be identical on both the node and the NTP server |
Configure an NTP server with an unknown key ID |
|
Configure a server with a key ID not configured on the NTP server. |
Note: The key ID, type, and value must be identical to the key ID, type, and value configured on the NTP server. |
Disable symmetric authentication |
|