You can optionally configure an external NTP server for use by API Connect when deploying
on a VMware virtual machine.
About this task
Secure communication between API Connect subsystems
relies on the system time being in sync on all hosts. For example, time stamps are checked to ensure
that certificates are valid. When API Connect is deployed
behind a firewall that blocks access to the internet, the API Connect subsystems
cannot by default access a Network Time Protocol (NTP) server.
You can use an additional cloud-init file to manually specify an NTP server for use by the
subsystems. Complete the following steps.
Procedure
- Create the cloud-init file extra values file, and enter the configuration
details that you want to overwrite. For example:
ntp:
enabled: true
ntp_client: systemd-timesyncd
servers:
- time.google.com
-
Use
apicup
to specify the cloud-init file.
Syntax:
apicup subsys set <subsys> additional-cloud-init-file <path-to-cloud-init-file>
Example:
apicup subsys set mgmt additional-cloud-init-file myCloudInitFile.yaml
- Install the subsystem. Note that the output directory must be empty:
apicup subsys install mgmt --out mgmtplan-out
- Deploy the VMware image (.ova) with the ISO file that is generated.
- Verify that the correct NTP server is being used:
journalctl -u systemd-timesyncd
Example output for the NTP server that was set in Step 1:
Nov 05 21:09:24 h-apicdev-4 systemd[1]: Starting Network Time Synchronization...
Nov 05 21:09:24 h-apicdev-4 systemd[1]: Started Network Time Synchronization.
Nov 05 21:09:24 h-apicdev-4 systemd-timesyncd[1697]: Synchronized to time server 216.239.35.8:123 (time.google.com).