Important: You are required to change your passwords used for Gentoo services and set an email address for your Wiki account if you haven't done so. See the full announcement and Wiki email policy change for more information.

ntp

From Gentoo Wiki
(Redirected from NTP)
Jump to: navigation, search

External resources

NTP (Network Time Protocol) is used to synchronize the system time with other devices over the network. This usually happens in a client-server model.

Installation

Install net-misc/ntp:

→ Information about USE flags
USE flag Default Recommended Description
caps No Use Linux capabilities library to control privilege
debug No No Enable extra debug codepaths, like asserts and extra output. If you want to get meaningful backtraces see http://www.gentoo.org/proj/en/qa/backtraces.xml
ipv6 Yes Adds support for IP version 6
openntpd No Allow ntp to be installed alongside openntpd
parse-clocks No Add support for PARSE clocks
samba No Provide support for Samba's signing daemon (needed for Active Directory domain controllers)
selinux No  !!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur
snmp No Adds support for the Simple Network Management Protocol if available
ssl Yes Adds support for Secure Socket Layer connections
vim-syntax No Pulls in related vim syntax scripts
zeroconf No Support for DNS Service Discovery (DNS-SD)
root # emerge --ask ntp

Or alternatively, you can use OpenNTPD instead.

Configuration

Ntp-Client

to adjust ntp-client's command & upstream servers.

File/etc/conf.d/ntp-client

NTPCLIENT_CMD="ntpdate"
NTPCLIENT_OPTS="-s -b -u \
	0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org \
	2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"

Server

Here you can specify with which servers you want to synchronize your local time for ntpd.

The default configuration is populated with

File/etc/ntp.conf

server 0.gentoo.pool.ntp.org
server 1.gentoo.pool.ntp.org
server 2.gentoo.pool.ntp.org
server 3.gentoo.pool.ntp.org
Note
Time zones and location of the server do not matter, it synchronizes the UTC time.

Per default the Gentoo servers are listed and enabled. A list of available servers can be found here: ntp.org. You can also define a home or company server here, given that ntpd is running and the machine is allowed to.

On systems, where network connection is not always available at boot (laptops etc.) it might be helpful to add the following lines to server configuration:

File/etc/ntp.conf

server 127.127.1.0
fudge  127.127.1.0 stratum 10

This sets localhost as a server with low priority, so that the daemon starts properly even without network connection and switches to using network servers when connection is established.

Permissions

To control who is allowed to synchronize with this machine and change the configuration, you can change these options.

  • access to NTP service allowed only from localhost. 'noquery' can be added to help prevent your server from being abused to conduct DDOS attacks
File/etc/ntp.conf

# To deny other machines from changing the
# configuration but allow localhost:
restrict default nomodify nopeer noquery
restrict 127.0.0.1
  • access to NTP service allowed only from the 192.168.0.0/24 network.
File/etc/ntp.conf

# To allow machines within your network to synchronize
# their clocks with your server, but ensure they are
# not allowed to configure the server or used as peers
# to synchronize against, uncomment this line.
#
restrict 192.168.0.0 mask 255.255.255.0 nomodify nopeer notrap
  • denying access to NTP's monlist functionality, used for querying traffic stats but also exploited in a denial-of-service attack.
File/etc/ntp.conf

disable monitor

Usage

Basic tools and common usage

Client

Ntp-Client

root # rc-service ntp-client start

To monitor status of the client.

root # rc-service ntp-client status

To start at boot.

root # rc-update add ntp-client default

Ntpdate

This used to be the client, but its functionality is now moved into ntpd & ntp-client itself. It is purely to set the local time when started and then exits (not a service):

root # ntpdate pool.ntp.org

Server

Note
The server is both a client, and server. If your setup can't access net early in init, use server only instead.

Ntpd Service

If ntpd is run as a service, the time will automatically synchronize as long as the difference between the local time and the time on the server is less than 1000s (~17min). So it is pretty common to adjust the time initially to whatever the server time is as a trusted source:

root # ntpd -g -c /etc/ntp.conf
Note
If ntpd is already running, it won't start a second time.

Add ntpd to the default runlevel to have the time synchronized automatically. There is no need to run a client when the service is running. Make sure you are not running ntp-client or ntpdate.

root # rc-service ntpd start
root #
rc-update add ntpd default

To monitor status of the server.

root # rc-service ntpd status

Hardware Clock

To write your NTP sync time to the hardware at shutdown, and read hardware clock at start.

root # echo 'clock_hctosys="YES"' >> /etc/conf.d/hwclock
root #
echo 'clock_systohc="YES"' >> /etc/conf.d/hwclock
root #
rc-service hwclock restart
root #
rc-update add hwclock boot

Or on a sufficiently modern kernel (3.9 or newer), you can configure Linux to handle it automatically:

Kernel configuration

Device Drivers  --->
  [*] Real Time Clock  --->
    [*]   Set system time from RTC on startup and resume
    [*]   Set the RTC time based on NTP synchronization

The hwclock init script is not needed at all with this method, which speeds up the boot/shutdown process slightly.

See also

External Resources