Configuring use of an external NTP server

You must configure an external NTP server for use by API Connect when deploying on a VMware virtual machine.

About this task

Secure communication between API Connect subsystems relies on the system time being in sync on all hosts. For example, time stamps are checked to ensure that certificates are valid. When API Connect is deployed behind a firewall that blocks access to the internet, the API Connect subsystems cannot by default access a Network Time Protocol (NTP) server.

You can use an additional cloud-init file to manually specify an NTP server for use by the subsystems. Complete the following steps.

Procedure

  1. Create the cloud-init file extra values file, and enter the configuration details that you want to overwrite. For example: 
    ntp:
  enabled: true
  ntp_client: systemd-timesyncd
  servers:
    - time.google.com
  2. Use apicup to specify the cloud-init file.

    Syntax:

    apicup subsys set <subsys> additional-cloud-init-file <path-to-cloud-init-file>

    Example:

    apicup subsys set mgmt additional-cloud-init-file myCloudInitFile.yaml
  3. Install the subsystem. Note that the output directory must be empty: 
    apicup subsys install mgmt --out mgmtplan-out
  4. Deploy the VMware image (.ova) with the ISO file that is generated.

    To review the deployment steps, see Deploying the Management subsystem in a VMware environment.

  5. Verify that the correct NTP server is being used: 
    journalctl -u systemd-timesyncd

    Example output for the NTP server that was set in Step 1:

    Nov 05 21:09:24 h-apicdev-4 systemd[1]: Starting Network Time Synchronization...
Nov 05 21:09:24 h-apicdev-4 systemd[1]: Started Network Time Synchronization.
Nov 05 21:09:24 h-apicdev-4 systemd-timesyncd[1697]: Synchronized to time server 216.239.35.8:123 (time.google.com).