Skip to content

Rage Against the Shell

Linux tips and other things…

  • Home
  • Contact
  • Privacy Policy

Category: NTP

NTP daemon status

Posted on September 27, 2015 - September 18, 2016 by Mr. Reboot

The ntpq utility is the tool to monitor the NTP daemon status. After configure NTP server you can use this tool to see the synchronization server status, and determine performance:

~ $ ntpq -pn
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================

*217.114.59.66   75.12.230.181    2 u  127  128  377    8.786   -0.448   0.094
-193.225.118.163 228.143.95.23    2 u   70  128  377   36.129   -1.790   0.079
-46.22.223.220   129.242.4.241    2 u   52  128  377   40.330    3.975   0.055
+91.234.160.19   162.23.41.55     2 u   57  128  377   21.482   -0.364   0.093
 127.127.1.0     .LOCL.          10 l  37m   64    0    0.000    0.000   0.000

remote column:

* : custom time server source
# : source selected, distance exceeds maximum value
o : the PPS (Pulse Per Second) source if you have a PPS capable system and refclock
+ : candidate, it is considered a good source
– : discarded, quality is not good
x : false ticker, this one is considered to distribute bad time
blank : source discarded, failed sanity or high stratum

refid column:

The identification of the time source to which the remote machine is synced. May be a radio clock or another ntp server.

st column:

Stratum of the remote machine, 16 is “unsynchronized”, 0 is the best value. A stratum 0 could be a radio clock or the ntp servers private caesium clock.

t column:

l = local (such as a GPS, WWVB)
u = unicast (most common)
m = multicast
b = broadcast
– = netaddr

when column:

Seconds since the last poll of the remote machine.

poll column:

The polling interval in seconds.

reach column:

Connections to reach source, 377 means all connections got success.

delay column:

The time delay (in milliseconds) to communicate with the remote source.

offset column:

The offset (in milliseconds) between our time and that of the remote source.

jitter column:

The observed difference (in milliseconds) of time with the remote source.

Posted in NTPLeave a comment

Configure a NTP server

Posted on September 24, 2015 - August 14, 2016 by Mr. Reboot

S.O: Ubuntu 14.04 LTS

Install ntp daemon:

~ $ apt-get install ntp

Now modify the configuration file /etc/ntp.conf, first configure the servers which will synchronize, for example:

server 1.2.3.1 prefer
server 1.2.3.2
server 1.2.3.3
server 1.2.3.4

With the option prefer you can establish preferred servers, in this case server 1.2.3.1. It’s optional.

Add drift file and log file:

driftfile /var/lib/ntp/ntp.drift
logfile /var/log/ntp.log

The drift file contains the latest estimate of clock frequency error, and taking it as a reference, the NTP daemon will learn to adjust clock automatically.

Add localhost as a fallback server con a high stratum so that if none of our synchronization servers are working, NTP daemon can serve the local time (system clock time):

server 127.127.1.0
fudge 127.127.1.0 stratum 10

Stratum is a parameter used to synchronize the time based on distance. A server working at stratum 1 belongs to the class of best NTP servers available, because it has an accurate reference clock. So a stratum 10 server will have a low priority and usually will not be used for synchronize unless all other servers fail.

We want make a restrictive configuration so block all traffic by default:

restrict -4 default ignore
restrict -6 default ignore

And then permit the localhost;

restrict 127.0.0.1
restrict ::1

Synchronization servers:

restrict 1.2.3.1 kod notrap nomodify nopeer noquery
restrict 1.2.3.2 kod notrap nomodify nopeer noquery
restrict 1.2.3.3 kod notrap nomodify nopeer noquery
restrict 1.2.3.4 kod notrap nomodify nopeer noquery

And clients:

restrict 10.10.10.0 mask 255.255.0.0 nomodify notrap
restrict 192.168.172.0 mask 255.255.255.0 nomodify notrap
restrict 192.168.0.10 nomodify notrap

The meaning of the restriction options is the next:

notrap: rejects packets not authenticated
nomodify: blocks access to ntpq and ntpdc queries which try to change the state of the server
nopeer: deny packets that try to making peering
noquery: rejects ntpq and ntpdc queries, time service is not affected

Finally restart the server:

~ $ /etc/init.d/ntp restart

TIP: if you want start service on IPv4 only, you can configure this at /etc/default/ntp file:

NTPD_OPTS='-4 -g'

Now at the client side you can use ntpdate to synchronize time. Install the packet:

~ $ apt-get install ntpdate

And create a cront task to execute ntpdate every 10 minutes:

*/10 * * * * /usr/sbin/ntpdate -u myntpserver.domain.com
Posted in NTPLeave a comment

Search

Calendar

February 2023
M T W T F S S
 12345
6789101112
13141516171819
20212223242526
2728  
« Jan    

Categories

  • Apache
  • Cisco
  • Command line
  • Distros
  • Dovecot
  • File systems
  • Gadgets
  • GlusterFS
  • MySQL
  • Nginx
  • NTP
  • Opendkim
  • Pacemaker + Corosync
  • Postfix
  • Raspberrypi
  • SSH
  • SSL
  • Varnish

RSS RSS

  • Using qrencode January 16, 2022
  • Compile varnish module vmod_vsthrottle April 22, 2020
  • SSH vpn with sshuttle April 9, 2020
  • Disable swap in systemd December 16, 2019
  • Getting the parent process pid October 12, 2018
Proudly powered by WordPress | Theme: micro, developed by DevriX.