Node_exporter: The value of ntpServer in ntp.go must be prefixed with "127."

Created on 12 Sep 2018  路  6Comments  路  Source: prometheus/node_exporter

Host operating system: output of uname -a

Linux centos-big 3.10.0-693.el7.x86_64 #1 SMP Tue Aug 22 21:09:27 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

node_exporter version: output of node_exporter --version


>= v0.15.0

node_exporter command line flags


./node_exporter --collector.ntp.server="ntpserver.xxx.local" failed
./node_exporter --collector.ntp.server="192.168.2.2" failed
./node_exporter --collector.ntp.server="127.168.2.2" ok

What did you do that produced an error?

Read the offset of node from a remote NTP server

What did you expect to see?

INFO[0000] Listening on :9100 source="node_exporter.go:111"

What did you see instead?

FATA[0000] Couldn't create collector: only IP address of local NTP server is valid for --collector.ntp.server source="node_exporter.go:88"

question

Most helpful comment

I think this is simply a mistunderstanding. You need to set server-is-local to true, to use a non 127. ip. Might need to improve docs.. The idea is that you certify that it's a local (as in, not public pool) NTP address.

All 6 comments

Root Cause: "!ipaddr.IsLoopback()" is always true when the value of *ntpServer is not prefixed with "127."

Source Code URL: https://github.com/prometheus/node_exporter/blob/master/collector/ntp.go#L62

You are required to add an additional flag to enable off-node NTP checks. This is done intentionally to avoid node_exporter users from accidentally hitting public pool.ntp.org servers.

The NTP collector in this exporter is not meant as a generic NTPd server monitor.

I didn't find that parameter.

The most similar parameter is "--collector.ntp.server-is-local", but the default value is "false", that's exactly what I want, so i don't need to configure the parameter.

i know that ntp collector is disabled by default, but the bug is reported after i enable that in code, and the binary is built by myself:

image

image

Sorry, but this code is intentionally written that you must understand it in order to use it outside of localhost. It is too easy for people to accidentally DDoS pool.ntp.org with this code.

There is no bug, you must understand the code.

I think this is simply a mistunderstanding. You need to set server-is-local to true, to use a non 127. ip. Might need to improve docs.. The idea is that you certify that it's a local (as in, not public pool) NTP address.

Was this page helpful?
0 / 5 - 0 ratings