Get the most out of your Centmin Mod LEMP stack
Become a Member

Install Problem with NTPD after install

Discussion in 'Install & Upgrades or Pre-Install Questions' started by denellum, Jan 26, 2017.

  1. denellum

    denellum Member Premium Member

    79
    19
    8
    May 11, 2016
    Dallas
    Ratings:
    +24
    Local Time:
    6:24 PM
    1.11.10
    10.1.21
    Having issues with NTPD :

    [root@WEB01 log]# ntpdate 3.centos.pool.ntp.org
    25 Jan 17:45:26 ntpdate[2721]: no server suitable for synchronization found
    [root@WEB01 log]# ping 3.centos.pool.ntp.org
    PING 3.centos.pool.ntp.org (64.113.32.5) 56(84) bytes of data.
    64 bytes from nist.netservicesgroup.com (64.113.32.5): icmp_seq=1 ttl=55 time=88.7 ms
    64 bytes from nist.netservicesgroup.com (64.113.32.5): icmp_seq=3 ttl=55 time=88.0 ms
    64 bytes from nist.netservicesgroup.com (64.113.32.5): icmp_seq=4 ttl=55 time=88.0 ms
    64 bytes from nist.netservicesgroup.com (64.113.32.5): icmp_seq=5 ttl=55 time=87.6 ms
    64 bytes from nist.netservicesgroup.com (64.113.32.5): icmp_seq=6 ttl=55 time=88.0 ms
    ^C
    --- 3.centos.pool.ntp.org ping statistics ---
    6 packets transmitted, 5 received, 16% packet loss, time 5006ms
    rtt min/avg/max/mdev = 87.687/88.117/88.716/0.465 ms

    My time is all messed up :/
     
  2. denellum

    denellum Member Premium Member

    79
    19
    8
    May 11, 2016
    Dallas
    Ratings:
    +24
    Local Time:
    6:24 PM
    1.11.10
    10.1.21
    An update :

    [root@WEB01 ~]# ntpdate -d pool.ntp.org
    25 Jan 18:06:27 ntpdate[2750]: ntpdate 4.2.6p5@1.2349-o Mon Nov 14 18:25:09 UTC 2016 (1)
    Looking for host pool.ntp.org and service ntp
    host found : 104.131.53.252
    transmit(104.131.53.252)
    transmit(148.167.132.201)
    transmit(45.127.112.2)
    transmit(208.82.104.205)
    transmit(104.131.53.252)
    transmit(148.167.132.201)
    transmit(45.127.112.2)
    transmit(208.82.104.205)
    transmit(104.131.53.252)
    transmit(148.167.132.201)
    transmit(45.127.112.2)
    transmit(208.82.104.205)
    transmit(104.131.53.252)
    transmit(148.167.132.201)
    transmit(45.127.112.2)
    transmit(208.82.104.205)
    transmit(104.131.53.252)
    transmit(148.167.132.201)
    transmit(45.127.112.2)
    transmit(208.82.104.205)
    104.131.53.252: Server dropped: no data
    148.167.132.201: Server dropped: no data
    45.127.112.2: Server dropped: no data
    208.82.104.205: Server dropped: no data
    server 104.131.53.252, port 123
    stratum 0, precision 0, leap 00, trust 000
    refid [104.131.53.252], delay 0.00000, dispersion 64.00000
    transmitted 4, in filter 4
    reference time: 00000000.00000000 Sun, Dec 31 1899 18:00:00.000
    originate timestamp: 00000000.00000000 Sun, Dec 31 1899 18:00:00.000
    transmit timestamp: dc33bc09.96c666a3 Wed, Jan 25 2017 18:06:33.588
    filter delay: 0.00000 0.00000 0.00000 0.00000
    0.00000 0.00000 0.00000 0.00000
    filter offset: 0.000000 0.000000 0.000000 0.000000
    0.000000 0.000000 0.000000 0.000000
    delay 0.00000, dispersion 64.00000
    offset 0.000000

    server 148.167.132.201, port 123
    stratum 0, precision 0, leap 00, trust 000
    refid [148.167.132.201], delay 0.00000, dispersion 64.00000
    transmitted 4, in filter 4
    reference time: 00000000.00000000 Sun, Dec 31 1899 18:00:00.000
    originate timestamp: 00000000.00000000 Sun, Dec 31 1899 18:00:00.000
    transmit timestamp: dc33bc09.c9f8d93c Wed, Jan 25 2017 18:06:33.788
    filter delay: 0.00000 0.00000 0.00000 0.00000
    0.00000 0.00000 0.00000 0.00000
    filter offset: 0.000000 0.000000 0.000000 0.000000
    0.000000 0.000000 0.000000 0.000000
    delay 0.00000, dispersion 64.00000
    offset 0.000000

    server 45.127.112.2, port 123
    stratum 0, precision 0, leap 00, trust 000
    refid [45.127.112.2], delay 0.00000, dispersion 64.00000
    transmitted 4, in filter 4
    reference time: 00000000.00000000 Sun, Dec 31 1899 18:00:00.000
    originate timestamp: 00000000.00000000 Sun, Dec 31 1899 18:00:00.000
    transmit timestamp: dc33bc09.fd2cab14 Wed, Jan 25 2017 18:06:33.988
    filter delay: 0.00000 0.00000 0.00000 0.00000
    0.00000 0.00000 0.00000 0.00000
    filter offset: 0.000000 0.000000 0.000000 0.000000
    0.000000 0.000000 0.000000 0.000000
    delay 0.00000, dispersion 64.00000
    offset 0.000000

    server 208.82.104.205, port 123
    stratum 0, precision 0, leap 00, trust 000
    refid [208.82.104.205], delay 0.00000, dispersion 64.00000
    transmitted 4, in filter 4
    reference time: 00000000.00000000 Sun, Dec 31 1899 18:00:00.000
    originate timestamp: 00000000.00000000 Sun, Dec 31 1899 18:00:00.000
    transmit timestamp: dc33bc0a.3060f32c Wed, Jan 25 2017 18:06:34.188
    filter delay: 0.00000 0.00000 0.00000 0.00000
    0.00000 0.00000 0.00000 0.00000
    filter offset: 0.000000 0.000000 0.000000 0.000000
    0.000000 0.000000 0.000000 0.000000
    delay 0.00000, dispersion 64.00000
    offset 0.000000

    25 Jan 18:06:36 ntpdate[2750]: no server suitable for synchronization found
     
  3. eva2000

    eva2000 Administrator Staff Member

    30,161
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    9:24 AM
    Nginx 1.13.x
    MariaDB 5.5
    Fresh install that has never had working system time ? Is CSF Firewalll running ? It should of whitelisted required ports.

    You'll need to post on the forums with the following info
    • Server or VPS details ? XEN, KVM, OpenVZ, VMWare or dedicated server ? OS ? CentOS 6.7 or 7.2 ? 32bit or 64bit ?
    • What version of Centmin Mod ? .07 stable or 08 stable or .09 beta01 or another branch version ?
    • Was it fresh install or upgrade ?
    • Method of install ? Via centmin.sh menu option 1, Git install or curl one liner install as outlined at centminmod.com/download.html ?
    • How long ago did you install Centmin Mod ?
    • There's numerous code changes, bug fixes over time, so ensure you have latest Centmin Mod code installed by upgrading your Centmin Mod code as instructed below.

    Troubleshooting Initial Install



    To troubleshoot initial installation, you need to check the initial install log at /root/centminlogs and instructions under Sharing logs and errors heading for using Pastebin.com or Gists to share a sanitised version of the contents of the initial install log. You can see full details at How to troubleshoot Centmin Mod initial install issues

    Example list /root/centminlogs files in date ascending order and grep for install.log
    Code (Text):
    ls -lahrt /root/centminlogs | grep install.log
    

    example output returns install log at /root/centminlogs/centminmod_1.2.3-eva2000.09.001_111016-112321_install.log
    Code (Text):
    ls -lahrt /root/centminlogs | grep install.log
    -rw-r--r--  1 root root 2.2M Oct 11 01:40 centminmod_1.2.3-eva2000.09.001_111016-112321_install.log
    

    in SSH use cat to ouput contents of /root/centminlogs/centminmod_1.2.3-eva2000.09.001_111016-112321_install.log. Clear your SSH client window/buffer so only output is the contents of the file
    Code (Text):
    cat /root/centminlogs/centminmod_1.2.3-eva2000.09.001_111016-112321_install.log
    

    Then copy and paste into Pastebin.com or Gists entry. If your SSH window scroll buffer isn't that large to get the whole contents of the install log, you can download file manually and copy and paste contents. But makes sure it's sanitised version of the contents of the initial install log as outlined at How to troubleshoot Centmin Mod initial install issues
     
  4. denellum

    denellum Member Premium Member

    79
    19
    8
    May 11, 2016
    Dallas
    Ratings:
    +24
    Local Time:
    6:24 PM
    1.11.10
    10.1.21
    Just tested it some more (was worn out, spent all day in the hospital so i passed out)

    Alright the culprit seems to be Voxility since ntpd ports are blocked... i have another external ip.(using buyvm with a DDOS ip) what would you recommend me to do to get this working?
     
  5. eva2000

    eva2000 Administrator Staff Member

    30,161
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    9:24 AM
    Nginx 1.13.x
    MariaDB 5.5
    who is your webhost ? if ntpd ports are blocked you'd have issues with ntpd so probably need to find another web host
     
  6. denellum

    denellum Member Premium Member

    79
    19
    8
    May 11, 2016
    Dallas
    Ratings:
    +24
    Local Time:
    6:24 PM
    1.11.10
    10.1.21
    I am using buyvm, it works NOT on the DDOS protected IP... they use Voxility, their reponse was :

    But, on my regular IP it works fine...
    What i suggested as "fix" was :


    What do you think Eva? I don't HAVE to use the DDOS ip, but i like the option.
     
  7. eva2000

    eva2000 Administrator Staff Member

    30,161
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    9:24 AM
    Nginx 1.13.x
    MariaDB 5.5
    ah yes with buyvm and ddos protected ips, you want the main server ip being non-ddos protected ip and setup site domain vhosts on ddos protected ip

    in centmin mod 123.09beta01, there's an option for SECOND_IP variable in nginx vhost add routine at centminmod/nginx_addvhost.inc at 123.09beta01 · centminmod/centminmod · GitHub

    Code (Text):
    # Support secondary dedicated IP configuration for centmin mod
    # nginx vhost generator, so out of the box, new nginx vhosts
    # generated will use the defined SECOND_IP=111.222.333.444 where
    # the IP is a secondary IP addressed added to the server.
    # You define SECOND_IP variable is centmin mod persistent config
    # file outlined at http://centminmod.com/upgrade.html#persistent
    # you manually creat the file at /etc/centminmod/custom_config.inc
    # and add SECOND_IP=yoursecondary_IPaddress variable to it which
    # will be registered with nginx vhost generator routine so that
    # any new nginx vhosts created via centmin.sh menu option 2 or
    # /usr/bin/nv or centmin.sh menu option 22, will have pre-defined
    # SECOND_IP ip address set in the nginx vhost's listen directive
    if [[ -z "$SECOND_IP" ]]; then
      DEDI_IP=""
      DEDI_LISTEN=""
    elif [[ "$SECOND_IP" ]]; then
      DEDI_IP=$(echo $(echo ${SECOND_IP}:))
      DEDI_LISTEN="listen   ${DEDI_IP}80;"
    fi


    if if your ddos protected ip = 1.2.3.4, set in persistent config /etc/centminmod/custom_config.inc
    Code (Text):
    SECOND_IP=1.2.3.4
    


    so when you create new nginx vhost via centmin.sh menu option 2 etc, all vhosts use listen 1.2.3.4:80 or 1.2.3.4:443 for vhost directives :)
     
    • Like Like x 1
  8. denellum

    denellum Member Premium Member

    79
    19
    8
    May 11, 2016
    Dallas
    Ratings:
    +24
    Local Time:
    6:24 PM
    1.11.10
    10.1.21
    So would it be best to delete all previous vhosts and start over once i make this change? that wont be too hard as there are only 2 hosts.
     
  9. eva2000

    eva2000 Administrator Staff Member

    30,161
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    9:24 AM
    Nginx 1.13.x
    MariaDB 5.5
  10. denellum

    denellum Member Premium Member

    79
    19
    8
    May 11, 2016
    Dallas
    Ratings:
    +24
    Local Time:
    6:24 PM
    1.11.10
    10.1.21
    I just got one reimaging it all (nothing important was on it)... now the last think. I created the custom config file and added the letsencrypt+secondip... i go to create a vhost and say add letsencrypt, its reverting to the main IP, not the DDOS.
     
  11. eva2000

    eva2000 Administrator Staff Member

    30,161
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    9:24 AM
    Nginx 1.13.x
    MariaDB 5.5
    The resulting nginx vhost is? Or the reported domain dns ip displayed? Did you update your domain dns to ddos ip/second ip?
     
  12. denellum

    denellum Member Premium Member

    79
    19
    8
    May 11, 2016
    Dallas
    Ratings:
    +24
    Local Time:
    6:24 PM
    1.11.10
    10.1.21
    Like this :

    Domain.com is a top level domain
    your server IP address: nonDDOSip
    current DNS A record IP address for domain.com is: DDOSip
    current DNS A record IP address for www.domain.com is: DDOSip
     
  13. eva2000

    eva2000 Administrator Staff Member

    30,161
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    9:24 AM
    Nginx 1.13.x
    MariaDB 5.5
    Ah probably a bug will have to check it out after i wake up
     
  14. denellum

    denellum Member Premium Member

    79
    19
    8
    May 11, 2016
    Dallas
    Ratings:
    +24
    Local Time:
    6:24 PM
    1.11.10
    10.1.21
    Get some rest bud :) ill be here to test for you when you're ready :)
     
  15. eva2000

    eva2000 Administrator Staff Member

    30,161
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    9:24 AM
    Nginx 1.13.x
    MariaDB 5.5
  16. denellum

    denellum Member Premium Member

    79
    19
    8
    May 11, 2016
    Dallas
    Ratings:
    +24
    Local Time:
    6:24 PM
    1.11.10
    10.1.21
    Works like a charm! On pay day ill subscribe to be a premium member :) Thank you thank you thank you!
     
    • Like Like x 2
  17. eva2000

    eva2000 Administrator Staff Member

    30,161
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    9:24 AM
    Nginx 1.13.x
    MariaDB 5.5
    excellent great to hear it's working and much appreciated :D
     
    • Like Like x 1
  18. denellum

    denellum Member Premium Member

    79
    19
    8
    May 11, 2016
    Dallas
    Ratings:
    +24
    Local Time:
    6:24 PM
    1.11.10
    10.1.21
    eva, something i noticed today... randomly i am getting an "ping: sendmsg: opperation not permitted" when trying to ping an internal IP with my host. all ive done is update centminmod as patches come out :/

    edit : this is only effecting my centminmod servers. disabling csf makes it work.
     
    Last edited: Jan 28, 2017
  19. eva2000

    eva2000 Administrator Staff Member

    30,161
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    9:24 AM
    Nginx 1.13.x
    MariaDB 5.5
    Centmin Mod CSF Firewall rate limits pings so probably could be related to that.

    in /etc/csf/csf.conf config file
    Code (Text):
    # Allow incoming PING
    ICMP_IN = "1"
    
    # Set the per IP address incoming ICMP packet rate
    # To disable rate limiting set to "0"
    ICMP_IN_RATE = "1/s"
    
    # Allow outgoing PING
    ICMP_OUT = "1"
    
    # Set the per IP address outgoing ICMP packet rate (hits per second allowed),
    # e.g. "1/s"
    # To disable rate limiting set to "0"
    ICMP_OUT_RATE = "0"
    
     
  20. denellum

    denellum Member Premium Member

    79
    19
    8
    May 11, 2016
    Dallas
    Ratings:
    +24
    Local Time:
    6:24 PM
    1.11.10
    10.1.21
    It's not letting my databases connect either :/ even though i have in the /etc/csf/csf.allow :
    DBA :
    tcp|in|d=3306|s=WEB_INTERNAL_IP

    WEB :
    tcp|out|d=3306|d=DBA_INTERNAL_IP


    side note, if i disable: "csf -x" on the DBA side, everything works.