In our shop, we had exactly this problem. Changes we knew had
been made wouldn't make it into the latest test release. Similarly, some
compile cycles would take far too long. We finally tracked this problem
down to its source: the drifting clocks between computers.
rsh Zeus date 1005However, this technique has a couple of minor problems. First, we may not have an account on each of those computers, so we must specify the account on which we want to log in. Second, only the root account may change the time on the computer, and we want to keep the root account secure with a password. Since we have a password on the root account, we can't just tell rsh to execute the date command as root on the remote computer, using the command:
rsh Zeus -l root date $TIMETo solve the first problem, we created a specific user account, named time, to run the date command. We then made the date command always run as if it were the root user. To do so, we turned on the suid permission bit--as well as the execute permissions for the date command--on each computer, like this:
# chmod 4711 /usr/bin/dateMaking these concessions gives us the TimeSync script, as shown in Listing A.
Listing A: TimeSync
#! /bin/ksh # Get the current time on this machine, the # `Time Server'. TIME='date `+%m%d%H%M'' # Set the time on all the client machines # using the time account. rsh Zeus -l time date $TIME rsh Hydra -l time date $TIME rsh Cerebus -l time date $TIME rsh Loki -l time date $TIME rsh Thor -l time date $TIMENow we have a centrally managed method to synchronize time on the network. However, a user can still set the time and date on an individual computer, potentially wreaking havoc. Also, since we made the date command run as root, we opened a possible security loophole.
We could easily fix these problems by making a new copy of the date command and placing it in a secure area that only the time account could access. Instead, we decided to make each user responsible for synchronizing his or her own computer to the time server if they so desired.
rsh Mercury dateAgain, we don't want to put every possible user account on our time server, so we created the time account on it. Now, everyone can use the same account to find the current "correct" time:
rsh Mercury -l time dateAt this point, we only need to make the local computer set the time to the value just stated by Mercury, our time server--a simple enough process. If we pass the proper format string to the date command on Mercury, then we can pass the results directly into the date command on the client machine.
We opted to use the full precision offered by Solaris. Thus, when we install a computer on the network, we needn't worry about setting the date or time at all. It may be set automatically to the correct date, from the century to the second. Our statement that gets the current time from Mercury looks like this:
rsh Mercury -l time /usr/xpg4/bin/date +'%m%d%H%M%C%y.%S'Please note that we're using the XPG4 version of the date command to get the century (%C) from date. If you didn't install the SUNWxcu4 package, you don't have this version of the date command. In that case, go ahead and use the standard date command, and use 19 instead of %C in the format string. (Don't forget to change it in two years!)
First, we create a script file, named Sync, that reads the time from the time server and sets the local time, as shown in Listing B.
Listing B: Sync script
#! /bin/ksh # Ensure that we're using the XPG4 version of date # (it supports the %C format specifier). DATE=/usr/xpg4/bin/date # Specify the host and account that will provide # the `correct' date and time. TSRV="Mercury -lTime"We're almost finished. All that's left is to periodically run the Sync script to synchronize the computer to our reference computer. Again, only the root account may set the date and time on a machine. In this case, however, there's no problem. Since the root account already runs several cron jobs, we're just going to add another one to periodically set the date and time. So we'll just add a crontab entry that runs our Sync script every hour, as in the following line, and never again be bothered about the time:
0 * * * * /usr/local/Sync
One of my team downloaded a copy of xntp, which is a freely available program that implements the NTP protocol for synchronizing time on a network of computers. It's a very powerful tool, but much more than we really needed, especially when some of the network computers were relatively underpowered and had no RAM to spare for yet another application.
Consequently, we decided to run xntp on only one computer, having it keep track of the correct time on one of the available time servers on the Internet. Then we used this as our time server and used our simple synchronization scheme for the other computers on our network.