Section 18.6. Objective 6: Maintain System Time


18.6. Objective 6: Maintain System Time

An accurate system clock is important on a Linux system for a variety of reasons. Timestamps are used for logs. Programs such as make and anacron require accurate modification times on files. The time is used in mail and news headers.

Luckily, there are many ways to keep the time on an Internet-connected Linux system correct. The most popular of these is to use the Network Time Protocol (NTP) and the NTP software package from http://www.ntp.org.

18.6.1. NTP Concepts

The NTP is used to set and synchronize the internal clocks of network-connected systems. When properly configured, systems running the NTP daemon can be synchronized within a few milliseconds (or better), even over relatively slow WAN connections.

The NTP daemon also supports synchronization with an external time source, such as a GPS receiver. Systems directly connected to an external time source (and properly configured) are the most accurate, so they are designated stratum 1 servers. Systems synchronizing to stratum 1 servers are designated stratum 2 and so on down to stratum 15.


Tip: The NTP software package has support for cryptographic key-based authentication, although setting this up is outside the scope of the LPI Level 1 Exams and will not be covered here.

18.6.2. The NTP Software Package Components

The NTP software package consists of several programs, including the NTP daemon and a number of programs used to configure and query NTP servers. The more commonly used programs from the package are listed here.


Syntax

 ntpd [options] 


Description

ntpd is the heart of the NTP software package. It performs the following functions:

  • Synchronizes the PC clock with remote NTP servers

  • Allows synchronization from other NTP clients

  • Adjusts (slews) the rate of the kernel's clock tick so that it tends to keep the correct time

  • Reads time synchronization data from hardware time sources such as GPS receivers


Frequently used options


-c file

This option tells ntpd to use file as its configuration file instead of the default /etc/ntpd.conf.


-g

This option will let ntpd start on a system with a clock that is off by more than the panic threshold (1,000 seconds by default).


-n

Normally ntpd runs as a daemon, in the background. This option disables that behavior.


-q

This option tells ntpd to exit after setting the time once.


-N

When this option is specified, ntpd attempts to run at the highest priority possible.


-P priority

When this option is specified, ntpd attempts to run with a nice value of priority.

ntpd is configured using the file /etc/ntp.conf. The file is fully documented in a series of files linked to from the ntpd documentation, found in the software distribution or at http://www.eecis.udel.edu/~mills/ntp/html/ntpd.html.

The most important configuration options are restrict, which is used to implement access controls, and server, which is used to direct ntpd to an NTP server. Another often-used configuration option (not mentioned in the sample ntp.conf in Example 18-5) is peer, which is used much like server, but implies that the system is both a client and a server. A peer is usually a system that is nearby on the network, but uses different time sources than the local system.

Example 18-5. Sample /etc/ntp.conf

 # Prohibit general access to this service. restrict default ignore # Permit all access over the loopback interface.  This could # be tightened as well, but to do so would affect some of # the administrative functions. restrict 127.0.0.1 # -- CLIENT NETWORK ------- # Permit systems on this network to synchronize with this # time service.  Do not permit those systems to modify the # configuration of this service.  Also, do not use those # systems as peers for synchronization. restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap # --- OUR TIMESERVERS ----- # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. # time.nist.gov restrict 192.43.244.18 mask 255.255.255.255 nomodify notrap noquery server 192.43.244.18 # time-b.nist.gov restrict 129.6.15.29 mask 255.255.255.255 nomodify notrap noquery server 129.6.15.29 # --- GENERAL CONFIGURATION --- # # Undisciplined Local Clock. This is a fake driver intended for backup # and when no outside source of synchronized time is available. # server        127.127.1.0        # local clock fudge        127.127.1.0 stratum 10 # # Drift file.  Put this in a directory which the daemon can write to. # No symbolic links allowed, either, since the daemon updates the file # by creating a temporary in the same directory and then renaming # it to the file. # driftfile /etc/ntp/drift broadcastdelay        0.008 


Example

Normally ntpd slowly adjusts the time of the system to the correct time. To use it to force the system time to the right time (for example, when occasionally setting the correct time from cron), use the following:

 # ntpd -g -n -q 


Syntax

 ntpdate [options] server [server [...]] 


Description

ntpdate is used to set the time of the local system to match a remote NTP host.

Note that the authors intend to drop ntpdate in the future since ntpd can perform essentially the same function when used with the -q option.


Frequently used options


-b

Using this option, the system time is set instead of being slowly adjusted, no matter how far off the local time is.


-d

This option enables debugging mode. ntpdate goes through the motions and prints debugging information, but does not actually set the local clock.


-p n

Use this option to specify the number of samples (where n is from 1 to 8) to get from each server. The default is 4.


-q

This option causes ntpdate to query the servers listed on the command line without actually setting the clock.


-s

This option causes all output from ntpdate to be logged via syslog instead of being printed to stdout.


-t n

This option sets the timeout for a response from any server to n seconds. n may be fractional. It will be rounded to the nearest 0.2 second. The default value is 1 second.


-u

Normally ntpdate uses a privileged port (123) as the source port for outgoing packets. Some firewalls block outgoing packets from privileged ports, so with this option, ntpdate uses an unprivileged port (1024 or higher).


-v

This option makes ntpdate more verbose.


-B

Using this option, the system time is slowly adjusted to the proper time even if the local time is off by more than 128 ms. Normally the time is forcibly set if it is off by more than 128 ms.

If the time is off by very much, it can take a very long time to set it with this option.


Example

Quietly sync the local clock with two stratum 1 NTP servers:

 # ntpdate -s time.nist.gov time-b.nist.gov 


Syntax

 ntpq [options] [host] 


Description

ntpq is the standard NTP query program. It is used to send NTP control messages to host (or localhost if no host is specified), which can be used to check the status of ntpd on host or change its configuration.

The commands that can be used with ntpq are documented in the NTP software documentation included with the distribution and at http://www.eecis.udel.edu/~mills/ntp/html/ntpq.html.


Frequently used options


-c command

Execute command as if it were given interactively.


-i

Enter interactive mode. This is the default.


-n

Suppress reverse DNS lookups. Addresses are printed instead of hostnames.


-p

Query the server for a list of peers. This is equivalent to the peers interactive command or -c peers on the command line.


Example

Print the list of peers known to the server by IP address:

 # ntpq -p -n 

or

 # ntpq -c peers -n 

or

 # ntpq -n ntpq> peers remote           refid       st t when poll reach delay  offset jitter = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = 127.127.1.0      127.127.1.0  10  l  7   64   377   0.000  0.000  0.004 +10.100.187.194  172.30.191.1    2  u 72    1024  377   0.536  47.092  2.088 *10.100.187.222  172.16.123.163 2  u 35 1024 377   0.736   3.394 8.806 +192.168.0.100    10.100.187.222 3  u  90  1024  377    0.928  31.727  2.412 ntpq> 


Syntax

 ntpdc [options] [host] 


Description

ntpdc is much like ntpq, except that it supports some extended commands. For this reason, it is likely to work only when talking to ntpd from the same version of the NTP software package.

For the most part, the command-line options it supports are the same as those of ntpq. Full documentation for ntpdc can be found in the NTP software distribution or at http://www.eecis.udel.edu/~mills/ntp/html/ntpdc.html.


Syntax

 ntptrace [options] server [server [...]] 


Description


Frequently used options


-n

Turn off reverse DNS lookups.


-r n

This option sets the number of attempts to contact a host to n. The default is 5.


-t n

Set the time between retries to n seconds. The default is 2.


-v

Make ntptrace output much more verbose information about the hosts it contacts.


Examples

To see where the local system is synchronizing its lock to, run ntptrace with no options:

 $ /usr/sbin/ntptrace localhost: stratum 4, offset 0.000109, synch distance 0.16133 ntp1.example.net: stratum 3, offset 0.004605, synch distance 0.06682 ntp-1.example.edu: stratum 2, offset 0.001702, synch distance 0.01241 stratum1.example.edu:        *Timeout* 

In this example, the stratum 1 server is not directly accessible.

ntptrace can also be used on any arbitrary NTP server, assuming it is accessible. In this example, we query two publicly accessible stratum 2 NTP servers:

 $ /usr/sbin/ntptrace ntp0.cornell.edu cudns.cit.cornell.edu: stratum 2, offset -0.004214, synch distance 0.03455 dtc-truetime.ntp.aol.com: stratum 1, offset -0.005957, synch distance 0.00000, refid 'ACTS' $ /usr/sbin/ntptrace ntp-2.mcs.anl.gov mcs.anl.gov: stratum 2, offset -0.004515, synch distance 0.06354 clepsydra.dec.com: stratum 1, offset 0.002045, synch distance 0.00107, refid 'GPS' 



LPI Linux Certification in a Nutshell
LPI Linux Certification in a Nutshell (In a Nutshell (OReilly))
ISBN: 0596005288
EAN: 2147483647
Year: 2004
Pages: 257

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net