NTP check OK on public servers, but not on local servers behind NAT

microlinux · October 2, 2020, 10:57am

Hi,

I’m currently struggling with NTP monitoring. Here’s a test setup on one of my public servers.

// /etc/icinga2/zones.d/master/host-alphajet.microlinux.fr.conf

object Endpoint "sd-48011.dedibox.fr" {
}

object Zone "sd-48011.dedibox.fr" {
  endpoints = [ "sd-48011.dedibox.fr" ]
  parent = "master"
}

object Host "sd-48011.dedibox.fr" {
  import "generic-host"
  display_name = "alphajet.microlinux.fr"
  address = "195.154.171.195"
  vars.os = "Linux"
  vars.procs_warning = 350
  vars.client_endpoint = name
  vars.notification["mail"] = {
    groups = [ "icingaadmins" ]
  }

}

object Service "NTP sync" {
  import "generic-service"
  check_command = "ntp_time"
  host_name = "sd-48011.dedibox.fr"
  command_endpoint = "sd-48011.dedibox.fr"
}

This works perfectly. After a few seconds, I get “NTP OK: Offset -1.5020 secs etc.”

Now I try do configure a similar setup on a “dummy” host, e. g. a machine that’s behind a NAT.

// /etc/icinga2/zones.d/master/host-proxy.microlinux.lan.conf

object Endpoint "proxy.microlinux.lan" {
}

object Zone "proxy.microlinux.lan" {
  endpoints = [ "proxy.microlinux.lan" ]
  parent = "master"
}

object Host "proxy.microlinux.lan" {
  check_command = "dummy"
  vars.dummy_state = 0 // UP
  vars.dummy_text = "Everything OK."
  vars.os = "Linux"
  vars.client_endpoint = name
  vars.notification["mail"] = {
    groups = [ "icingaadmins" ]
  }
}

object Service "NTP sync" {
  import "generic-service"
  check_command = "ntp_time"
  host_name = "proxy.microlinux.lan"
  command_endpoint = "proxy.microlinux.lan"
}

All other services on this machine (load, disk, swap, procs, etc.) are monitored perfectly. But here’s what NTP returns:

check_ntp_time: Invalid hostname/address -

I spent about an hour googling for that and tried to follow various suggestions, but to no avail.

BTW both machines are running ntpd and not chronyd.

Any suggestions?

0xliam · October 5, 2020, 4:03am

Can you post the command with parameters this service runs? On first glance it makes me think the remote server is having an issue resolving the NTP server it is querying.

microlinux · October 5, 2020, 5:18am

It looks like I just solved the problem. Adding the vars.ntp_address line explicitly did the trick.

// /etc/icinga2/zones.d/master/service-ntp.conf
//
// NTP sync check executed on client node
apply Service "NTP sync" {
  import "generic-service"
  check_command = "ntp_time"
  vars.ntp_address="pool.ntp.org"
  command_endpoint = host.vars.client_endpoint
  assign where host.vars.client_endpoint
}

Cheers,

Niki