Knowledge Search


×
 

Leap-second handling on Junos Space

  [KB30463] Show Article Properties


Summary:
This article describes the leap-second bug and possible workarounds on Junos Space instances.

Symptoms:
How to configure or adjust the Junos Space appliances against the NTP leap second, which can cause the system to hang.

What is a leap second?

A leap second is a one-second adjustment that is occasionally applied to Coordinated Universal Time (UTC) so as to keep its time of day close to the mean solar time. A leap second is inserted or deleted in the UTC time scale on the last day of June or December.
For more information about leap second, see http://en.wikipedia.org/wiki/Leap_second.
Cause:
After a leap second has been inserted, the system can hang as certain Linux kernels (versions before 2.6.29) have issues handling leap seconds to the point where it can cause a kernel panic.
Space version 13.3Rx and 14.1Rx might not run into this issue as Linux kernel used is 2.6.32-100.24.1.el5.
Space version running 13.1x and older release may run into this as Linux version used is 2.6.18-274.el5.

Solution:
library/CUSTOMERSERVICE/GLOBAL_JTAC/leap%20second/leap_vulnerability.sh
Systems not running NTP:-
Linux or CentOS systems not using NTP to synchronize their timekeeping will not correct for leap seconds and will not be impacted by this bug.
The time reported by these systems will have a one-second difference relative to UTC after the leap-second correction. You should reset the clock manually after leap seconds occur.

Systems running NTP:-
  • Systems running NTP will receive a leap-second correction. Unpatched systems might experience a kernel hang or crash.
You have two options:
1. Patch the system (recommended)
Junos Space appliance:
Note: Package from CentOS website
=>Upgrade the tzdata package on CentOS5 to tzdata-2015a-1.el5,
For CentOS5, tzdata-2015a-1.el5, see http://mirror.centos.org/centos/5/updates/i386/RPMS/.

Note: you must be a root user to run this command.

To install an rpm, you need to use following command:

# rpm -Uvh <package name>
2. Disable NTP
Space nodes will not be impacted by this bug. You would need to reset the clock manually after leap second occurs.
Note: Even if you choose to stop the NTP service during the leap second and start it after the leap second, we recommend upgrading the tzdata package.
References from Red Hat:
To clear the leap-second insertion flag after it has been received, see https://access.redhat.com/articles/199563.
To resolve leap-second issues in Red Hat Enterprise Linux, see https://access.redhat.com/articles/15145.

Attached script to test if your setup is vulnerable and tzdata-rpm
/*** Run vulnerability test again ***/
SCP the script and rpm to Space node under /tmp
chmod +x leap_vulnerability.sh
[root@space-000c29f6925c tmp]# sh leap_vulnerability.sh
Installed kernel version: 2.6.32-100.24.1.el5
Installed tzdata version: tzdata-2014i-1.el5
Installed ntp version: ntp-4.2.2p1-17.jmp.x86_64
[SUGGESTIONS]
The installed tzdata package may need to be updated before the Leap Second Insertion of June 30, 2015.
Please refer to <https://access.redhat.com/articles/15145> for remediation steps.

/*** Upgrading tzdata rpm ***/
[root@space-000c29f6925c tmp]# rpm -Uvh tzdata-2015a-1.el5.i386.rpm
warning: tzdata-2015a-1.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID e8562897
Preparing... ########################################### [100%]
1:tzdata ########################################### [100%]
[root@space-000c29f6925c tmp]#

/*** Run vulnerability test again ***/
[root@space-000c29f6925c tmp]# sh leap_vulnerability.sh
Installed kernel version: 2.6.32-100.24.1.el5
Installed tzdata version: tzdata-2015a-1.el5
Installed ntp version: ntp-4.2.2p1-17.jmp.x86_64
Not vulnerable
[root@space-000c29f6925c tmp]
Related Links: