外部 NTP リレーを構成する
コレクションでコンテンツを整理
必要に応じて、コンテンツの保存と分類を行います。
このページでは、Google Distributed Cloud(GDC)エアギャップ アプライアンスの外部 NTP リプレイを構成する方法について説明します。
これらの手順は、アプライアンスの接続が切断された後に外部時刻と同期する場合にのみ必要です。
始める前に
アプライアンスを外部 NTP と同期する手順は次のとおりです。
開始する前に、NTP リレーが 1 つだけであることを確認してください。確認するには、ブートストラッパー マシンで次のコマンドを実行します。
kubectl get ntprelay -A
出力は、次の例のようになります。
NAMESPACE NAME AGE
gpc-system bi-ntp-relay 4d21h
ブートストラップをアプライアンス デバイスに接続し、接続されたインターフェースの IP アドレスを特定します。
ifconfig
mgmt: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 198.18.0.30 netmask 255.255.255.224 broadcast 198.18.0.31
inet6 fe80::20c:29ff:fea8:fc35 prefixlen 64 scopeid 0x20<link>
...
ブートストラッパーの管理 IP をアップストリーム IP として含めて、ntprelay CR を編集します。
kubectl edit ntprelay bi-ntp-relay -n gpc-system
ntprelay.system.private.gdc.goog/bi-ntp-relay edited
kubectl get ntprelay bi-ntp-relay -n gpc-system -oyaml
出力は、次の例のようになります。この例では、upstreamServers の IP アドレスが変更されています。
apiVersion: system.private.gdc.goog/v1alpha1
kind: NTPRelay
metadata:
creationTimestamp: "2025-05-16T08:44:21Z"
generation: 2
name: bi-ntp-relay
namespace: gpc-system
resourceVersion: "10871409"
uid: 6cde8e65-791c-4bc6-9a8b-d5c9bf103f8b
spec:
upstreamServers:
- 192.0.2.030
NTP 同期を確認します。
kubectl get pods -l app.kubernetes.io/name=ntp -n ntp-system -o name | xargs -I {} kubectl exec {} -n ntp-system -- chronyc sources -v; echo
出力は次のようになります。
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current best, '+' = combined, '-' = not combined,
| / 'x' = may be in error, '~' = too variable, '?' = unusable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 192.0.2.026 1 6 17 43 +286ns[ +36us] +/- 1160us
=? 192.0.2.029 0 6 0 - +0ns[ +0ns] +/- 0ns
=? 192.0.2.051 0 6 0 - +0ns[ +0ns] +/- 0ns
=? 192.0.2.059 0 6 0 - +0ns[ +0ns] +/- 0ns
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current best, '+' = combined, '-' = not combined,
| / 'x' = may be in error, '~' = too variable, '?' = unusable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 192.0.2.026 1 6 37 2 +2ns[ +90us] +/- 84us
=? 192.0.2.029 2 6 1 8 +368us[ +449us] +/- 3761us
=? 192.0.2.051 0 6 1 - +0ns[ +0ns] +/- 0ns
=? 192.0.2.059 2 6 1 8 +663us[ +744us] +/- 11ms
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current best, '+' = combined, '-' = not combined,
| / 'x' = may be in error, '~' = too variable, '?' = unusable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 192.0.2.026 1 6 37 29 -6ns[ -759us] +/- 92us
=? 192.0.2.029 2 6 1 36 +334us[ -346us] +/- 3775us
=? 192.0.2.051 2 6 1 35 -125us[ -813us] +/- 5839us
=? 192.0.2.059 0 6 1 - +0ns[ +0ns] +/- 0ns
NTP Pod の chronyc が新しく追加された IP を参照しているかどうかを確認します。
kubectl exec -it -n ntp-system ntp2-84ddf7cd99-96vqn -- sh
出力は、次の例のようになります。
Defaulted container "ntp-image" out of: ntp-image, ntp-node-exporter
# chronyc tracking
Reference ID : C612001E (198.18.0.30)
Stratum : 2
Ref time (UTC) : Wed May 21 07:28:38 2025
System time : 0.000000005 seconds slow of NTP time
Last offset : +0.000025645 seconds
RMS offset : 0.000082131 seconds
Frequency : 15.671 ppm slow
Residual freq : +0.024 ppm
Skew : 0.628 ppm
Root delay : 0.000164273 seconds
Root dispersion : 0.000180630 seconds
Update interval : 64.8 seconds
Leap status : Normal
# exit
特に記載のない限り、このページのコンテンツはクリエイティブ・コモンズの表示 4.0 ライセンスにより使用許諾されます。コードサンプルは Apache 2.0 ライセンスにより使用許諾されます。詳しくは、Google Developers サイトのポリシーをご覧ください。Java は Oracle および関連会社の登録商標です。
最終更新日 2025-09-04 UTC。
[[["わかりやすい","easyToUnderstand","thumb-up"],["問題の解決に役立った","solvedMyProblem","thumb-up"],["その他","otherUp","thumb-up"]],[["わかりにくい","hardToUnderstand","thumb-down"],["情報またはサンプルコードが不正確","incorrectInformationOrSampleCode","thumb-down"],["必要な情報 / サンプルがない","missingTheInformationSamplesINeed","thumb-down"],["翻訳に関する問題","translationIssue","thumb-down"],["その他","otherDown","thumb-down"]],["最終更新日 2025-09-04 UTC。"],[],[],null,["# Configure an external NTP relay\n\nThis page describes how to configure an external NTP replay for\nGoogle Distributed Cloud (GDC) air-gapped appliance.\n\nThese steps are only required if you want to synchronize the appliance\nwith external time after being disconnected.\n\n### Before you begin\n\nTo sync the appliance with external NTP, complete the following steps:\n\n1. Before you begin, make sure that there is only one NTP relay. To verify, run\n the following command on the bootstrapper machine:\n\n kubectl get ntprelay -A\n\n The output looks like the following example: \n\n NAMESPACE NAME AGE\n gpc-system bi-ntp-relay 4d21h\n\nConfigure the NTP relay\n-----------------------\n\n1. Connect the bootstrapper to the appliance device and determine the IP\n address of the connected interface:\n\n ifconfig\n mgmt: flags=4163\u003cUP,BROADCAST,RUNNING,MULTICAST\u003e mtu 1500\n inet 198.18.0.30 netmask 255.255.255.224 broadcast 198.18.0.31\n inet6 fe80::20c:29ff:fea8:fc35 prefixlen 64 scopeid 0x20<link>\n ...\n\n2. Edit the `ntprelay` CR by including the bootstrapper mgmt IP as the upstream IP.\n\n kubectl edit ntprelay bi-ntp-relay -n gpc-system\n ntprelay.system.private.gdc.goog/bi-ntp-relay edited\n kubectl get ntprelay bi-ntp-relay -n gpc-system -oyaml\n\n The output looks like the following example. In this example the IP address\n for `upstreamServers` is changed: \n\n apiVersion: system.private.gdc.goog/v1alpha1\n kind: NTPRelay\n metadata:\n creationTimestamp: \"2025-05-16T08:44:21Z\"\n generation: 2\n name: bi-ntp-relay\n namespace: gpc-system\n resourceVersion: \"10871409\"\n uid: 6cde8e65-791c-4bc6-9a8b-d5c9bf103f8b\n spec:\n upstreamServers:\n - 192.0.2.030\n\n3. Verify the NTP synchronization:\n\n **Note:** Wait about three minutes before running the following command as chrony takes some time for the first sync and adjust. Check that the IP address added in the previous step starts with \\^\\*. Verify that the adjusted offset (+286ns in the first output) is the amount of difference between the time of the appliance and the external time source. \n\n kubectl get pods -l app.kubernetes.io/name=ntp -n ntp-system -o name | xargs -I {} kubectl exec {} -n ntp-system -- chronyc sources -v; echo\n\n The output looks like the following: \n\n .-- Source mode '^' = server, '=' = peer, '#' = local clock.\n / .- Source state '*' = current best, '+' = combined, '-' = not combined,\n | / 'x' = may be in error, '~' = too variable, '?' = unusable.\n || .- xxxx [ yyyy ] +/- zzzz\n || Reachability register (octal) -. | xxxx = adjusted offset,\n || Log2(Polling interval) --. | | yyyy = measured offset,\n || \\ | | zzzz = estimated error.\n || | | \\\n MS Name/IP address Stratum Poll Reach LastRx Last sample\n ===============================================================================\n \\^\\* 192.0.2.026 1 6 17 43 +286ns\\[ +36us\\] +/- 1160us\n =? 192.0.2.029 0 6 0 - +0ns[ +0ns] +/- 0ns\n =? 192.0.2.051 0 6 0 - +0ns[ +0ns] +/- 0ns\n =? 192.0.2.059 0 6 0 - +0ns[ +0ns] +/- 0ns\n\n .-- Source mode '^' = server, '=' = peer, '#' = local clock.\n / .- Source state '*' = current best, '+' = combined, '-' = not combined,\n | / 'x' = may be in error, '~' = too variable, '?' = unusable.\n || .- xxxx [ yyyy ] +/- zzzz\n || Reachability register (octal) -. | xxxx = adjusted offset,\n || Log2(Polling interval) --. | | yyyy = measured offset,\n || \\ | | zzzz = estimated error.\n || | | \\\n MS Name/IP address Stratum Poll Reach LastRx Last sample\n ===============================================================================\n \\^\\* 192.0.2.026 1 6 37 2 +2ns\\[ +90us\\] +/- 84us\n =? 192.0.2.029 2 6 1 8 +368us[ +449us] +/- 3761us\n =? 192.0.2.051 0 6 1 - +0ns[ +0ns] +/- 0ns\n =? 192.0.2.059 2 6 1 8 +663us[ +744us] +/- 11ms\n\n .-- Source mode '^' = server, '=' = peer, '#' = local clock.\n / .- Source state '*' = current best, '+' = combined, '-' = not combined,\n | / 'x' = may be in error, '~' = too variable, '?' = unusable.\n || .- xxxx [ yyyy ] +/- zzzz\n || Reachability register (octal) -. | xxxx = adjusted offset,\n || Log2(Polling interval) --. | | yyyy = measured offset,\n || \\ | | zzzz = estimated error.\n || | | \\\n MS Name/IP address Stratum Poll Reach LastRx Last sample\n ===============================================================================\n \\^\\* 192.0.2.026 1 6 37 29 -6ns\\[ -759us\\] +/- 92us\n =? 192.0.2.029 2 6 1 36 +334us[ -346us] +/- 3775us\n =? 192.0.2.051 2 6 1 35 -125us[ -813us] +/- 5839us\n =? 192.0.2.059 0 6 1 - +0ns[ +0ns] +/- 0ns\n\n4. Verify if the `chronyc` in the NTP pods refers to the newly added IP.\n\n kubectl exec -it -n ntp-system ntp2-84ddf7cd99-96vqn -- sh\n\n The output looks like the following example: \n\n Defaulted container \"ntp-image\" out of: ntp-image, ntp-node-exporter\n # chronyc tracking\n Reference ID : C612001E (198.18.0.30)\n Stratum : 2\n Ref time (UTC) : Wed May 21 07:28:38 2025\n System time : 0.000000005 seconds slow of NTP time\n Last offset : +0.000025645 seconds\n RMS offset : 0.000082131 seconds\n Frequency : 15.671 ppm slow\n Residual freq : +0.024 ppm\n Skew : 0.628 ppm\n Root delay : 0.000164273 seconds\n Root dispersion : 0.000180630 seconds\n Update interval : 64.8 seconds\n Leap status : Normal\n # exit"]]
