[gentoo-user] NTPd limits?

[gentoo-user] NTPd limits?

[Arturo 'Buanzo' Busleiman]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi group,

	I'm about to add my ntp server to the pool at ntp.org, and I was wondering about a memory issue
with certain GNU/Linux distributions. Maybe one of you can shed some light on this?

Typical problems
"Out of memory"

Some linux distributions defaults to only allowing an application to lock 32KB memory. An ntpd in
the pool requires more than that. In the ntpd startup script (often /etc/init.d/ntpd) add this
before ntpd is started:

    ulimit -l 8192


- --
Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica
Servicios Ofrecidos: http://www.buanzo.com.ar/pro/
Unase a los Foros GNU/Buanzo - La palabra Comunidad en su maxima expresion.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFG4+c7AlpOsGhXcE0RCmP4AKCB55gW7dwhN/TDFKnBEsSL8czzSwCfQ8ov
abpjJOF75sgJ4OUxnBYl4p0=
=ZBfJ
-----END PGP SIGNATURE-----
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] NTPd limits?

[Jonas Pedersen]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Arturo 'Buanzo' Busleiman skrev:
> Hi group,
> 
> 	I'm about to add my ntp server to the pool at ntp.org, and I was wondering about a memory issue
> with certain GNU/Linux distributions. Maybe one of you can shed some light on this?
> 
> Typical problems
> "Out of memory"

I have never had that issue on the two Gentoo servers I have in the pool.


- --
Jonas Pedersen - jonas - at - chown.dk / http://chown.dk
Online picture gallery at http://pictureshow.dk
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFG4+h9p8ze5q5EBA8RAlFOAJ4jx33Kz96NlygwOWkRiLQ4yyy5PwCffnfK
eyB2nc8d8WMHTlbRxLf7QYQ=
=sx8F
-----END PGP SIGNATURE-----
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] NTPd limits?

[Arturo 'Buanzo' Busleiman]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Jonas Pedersen wrote:
> I have never had that issue on the two Gentoo servers I have in the pool.

Great, thanks for the data. Would you mind that I contact you privately, so we can compare notes?
It's my first time going public with an NTP server, and the input from a fellow Gentooer will be
greatly appreciatted!

- --
Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica
Servicios Ofrecidos: http://www.buanzo.com.ar/pro/
Unase a los Foros GNU/Buanzo - La palabra Comunidad en su maxima expresion.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFG4+tnAlpOsGhXcE0RCksnAJ46lGkpMyJ/5wN9uavGBLPpv8yzWwCfSN7n
VgktfYkFqV4vJ3hLRHUDr5c=
=ci6Q
-----END PGP SIGNATURE-----
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] NTPd limits?

[Steen Eugen Poulsen]

[-- Attachment #1: Type: text/plain, Size: 218 bytes --]

Arturo 'Buanzo' Busleiman skrev:
> Typical problems
> "Out of memory"

Gentoo doesn't have any default limits, so I don't know how this rumor 
came about.



You find system wide defaults in /etc/security/limits.conf


[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/x-pkcs7-signature, Size: 3412 bytes --]

Re: [gentoo-user] NTPd limits?

[Arturo 'Buanzo' Busleiman]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Steen Eugen Poulsen wrote:
> Gentoo doesn't have any default limits, so I don't know how this rumor
> came about.

It's not a Gentoo-specific rumor, Steen.

- --
Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica
Servicios Ofrecidos: http://www.buanzo.com.ar/pro/
Unase a los Foros GNU/Buanzo - La palabra Comunidad en su maxima expresion.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFG5BGlAlpOsGhXcE0RCo1+AJ9uTu+I8JZyASZxi0L4lJltSHKQzQCfUI01
DAH1lKlug5C17Qdx+hZPQ8M=
=bNR0
-----END PGP SIGNATURE-----
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] NTPd limits?

[Steen Eugen Poulsen]

[-- Attachment #1: Type: text/plain, Size: 419 bytes --]

Arturo 'Buanzo' Busleiman skrev:
> Great, thanks for the data. Would you mind that I contact you privately, so we can compare notes?
> It's my first time going public with an NTP server, and the input from a fellow Gentooer will be
> greatly appreciatted!

You can find details of my US located pool.ntp.org server at:

http://www.arcdraco.net/ntpstats/ntp_stats.txt

That should give you the details of traffic loads.

[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/x-pkcs7-signature, Size: 3412 bytes --]

Re: [gentoo-user] NTPd limits?

[Arturo 'Buanzo' Busleiman]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Steen Eugen Poulsen wrote:
> You can find details of my US located pool.ntp.org server at:

GREAT!

Would you mind sharing your ntp.conf too?

- --
Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica
Servicios Ofrecidos: http://www.buanzo.com.ar/pro/
Unase a los Foros GNU/Buanzo - La palabra Comunidad en su maxima expresion.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFG5BfkAlpOsGhXcE0RCg0RAJ4vHEacBwUIkZIvdD+pNnJsHHZeOQCcCQX/
VN/CgUffzghph3YYBaIilm4=
=PKPx
-----END PGP SIGNATURE-----
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] NTPd limits?

[Steen Eugen Poulsen]

[-- Attachment #1: Type: text/plain, Size: 1140 bytes --]

Arturo 'Buanzo' Busleiman skrev:
> Would you mind sharing your ntp.conf too?

# /etc/ntp.conf, configuration for ntpd
# 1-3 Servers for a client. 5 servers for a pool.ntp.org server.
server x.x.x.x
server x.x.x.x
server x.x.x.x
server x.x.x.x
server x.x.x

# Default access configuration
# KissOfDeath - A way to tell someone to go away.
# limited - There is limits to how much you can pester us.
# nomodify - We don't want default to have modify access.
# nopeer - Don't accept Joe Smoe as a peer.
# notrap - No trap support.
restrict default kod limited nomodify nopeer notrap

# Don't trust localhost, in case others have shell access.
restrict 127.0.0.1 nomodify

driftfile /var/lib/ntp/ntp.drift

# ntp build in stats is hard for a human to read and tend to flood
# on a pool.ntp.org server.
statsdir /var/log/ntpstats/

#statistics loopstats peerstats
#filegen loopstats file loopstats type day enable
#filegen peerstats file peerstats type day enable



ntp_clients is the script that created 
http://www.arcdraco.net/ntpstats/ntp_stats.txt

Be warned that ntp_clients is going to be the majority of the ntp 
service resource cost.


[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/x-pkcs7-signature, Size: 3412 bytes --]

Re: [gentoo-user] NTPd limits?

[Jonas Pedersen]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Arturo 'Buanzo' Busleiman skrev:
> Jonas Pedersen wrote:
>> I have never had that issue on the two Gentoo servers I have in the pool.
> 
> Great, thanks for the data. Would you mind that I contact you privately, so we can compare notes?
> It's my first time going public with an NTP server, and the input from a fellow Gentooer will be
> greatly appreciatted!
> 

Sure you can do that, or we can stay on the list and share the
information with other people :-)

I have a few stats available at http://ntp.dk.chown.dk and
http://ntp.chown.dk. One is located in Germany and one is located in
Denmark.

- --
Jonas Pedersen - jonas - at - chown.dk / http://chown.dk
Online picture gallery at http://pictureshow.dk
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFG5FKkp8ze5q5EBA8RAnYLAJ94EoBPnlPeqRsu1UQxQ+p/blLMnwCgrBzr
a0jtvJTU63BZ2uu1Zm48jPQ=
=CLrL
-----END PGP SIGNATURE-----
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] NTPd limits?

[Rumen Yotov]

Hi,
On (09/09/07 12:30) Arturo 'Buanzo' Busleiman wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> Steen Eugen Poulsen wrote:
> > Gentoo doesn't have any default limits, so I don't know how this rumor
> > came about.
> 
> It's not a Gentoo-specific rumor, Steen.
> 
Some time ago had such issues using hardened-sources (grsec2).
So also had to increase some limits, but that's related more to grsec's
stricter policy (depends on kernel config).
> - --
> Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica
> Servicios Ofrecidos: http://www.buanzo.com.ar/pro/
> Unase a los Foros GNU/Buanzo - La palabra Comunidad en su maxima expresion.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQFG5BGlAlpOsGhXcE0RCo1+AJ9uTu+I8JZyASZxi0L4lJltSHKQzQCfUI01
> DAH1lKlug5C17Qdx+hZPQ8M=
> =bNR0
> -----END PGP SIGNATURE-----
> -- 
> gentoo-user@gentoo.org mailing list
> 
HTH.Rumen
-- 
gentoo-user@gentoo.org mailing list