Network Time Protocol daemon (Русский)

From ArchWiki
Revision as of 17:14, 19 February 2010 by Totalwormage (talk | contribs) (use i18n template)
Jump to navigation Jump to search

This template has only maintenance purposes. For linking to local translations please use interlanguage links, see Help:i18n#Interlanguage links.


Local languages: Català – Dansk – English – Español – Esperanto – Hrvatski – Indonesia – Italiano – Lietuviškai – Magyar – Nederlands – Norsk Bokmål – Polski – Português – Slovenský – Česky – Ελληνικά – Български – Русский – Српски – Українська – עברית – العربية – ไทย – 日本語 – 正體中文 – 简体中文 – 한국어


External languages (all articles in these languages should be moved to the external wiki): Deutsch – Français – Română – Suomi – Svenska – Tiếng Việt – Türkçe – فارسی

Tango-preferences-desktop-locale.pngThis article or section needs to be translated.Tango-preferences-desktop-locale.png

Notes: please use the first argument of the template to provide more detailed indications. (Discuss in Talk:Network Time Protocol daemon (Русский)#)

Эта статья описывает различные возможности по поддержанию точного системного времени и даты вашего Arch Linux. В первую очередь описано лёгкое в использовании решение — OpenNTPD. Во вторую — оригинальный ntpd.

OpenNTPD

Использование OpenNTPD вместо ntpd

OpenNTPD — это свободная, простая в использовании реализация протокола NTP. OpenNTPD предоставляет возможность синхронизации локальных часов с удалённым сервером NTP и может сам работать в качестве NTP-сервера, передавая локальное время.

OpenNTPD в основном разрабатывается Henning Brauer как часть проекта OpenBSD. Он представляет из себя написанную с нуля реализацию протокола NTP и его гораздо проще настраивать и использовать, чем ntpd.

В первую очередь, необходимо установить пакет openntpd. Он доступен в репозитории community.

# pacman -S openntpd

После установки надо отредактировать файл /etc/ntpd.conf. Это совсем несложно.

Конфигурация по умолчанию вполне пригодна, если всё, что вам нужно — это синхронизация времени на локальном компьютере.

# $OpenBSD: ntpd.conf,v 1.7 2004/07/20 17:38:35 henning Exp $
# sample ntpd configuration file, see ntpd.conf(5)

# Addresses to listen on (ntpd does not listen by default)
#listen on *
#listen on 127.0.0.1
#listen on ::1

# sync to a single server
#server ntp.example.org

# use a random selection of 8 public stratum 2 servers
# see http://twiki.ntp.org/bin/view/Servers/NTPPoolServers
servers pool.ntp.org

Чтобы синхронизировать время с каким-либо конкретным сервером, раскомментируйте и поправьте директиву server.

server ntp.example.org

Директива servers работает так же, как и server, с той разницей, что если доменному имени сервера соответствуют несколько IP-адресов, время будет синхронизировано со всеми из них. Значение по умолчанию, "pool.ntp.org", пригодно в большинстве случаев.

servers pool.ntp.org

Также можно воспользоваться пулом российских серверов:

servers ru.pool.ntp.org

Допускается использовать любое количество директив server и servers.

Если вы хотите, чтобы компьютер, на котором запущен OpenNTPD, также сам являлся NTP-сервером, просто раскомментируйте и поправьте директиву listen.

Например:

listen on *

будет слушать порт на всех сетевых интерфейсах, а

listen on 127.0.0.1

будет слушать только на кольцевом интерфейсе.

Если вы хотите, чтобы OpenNTPD запускался при старте системы, добавьте openntpd в массив DAEMONS вашего /etc/rc.conf.

Посмотреть состояние синхронизации можно в файле /var/log/daemon.log.

Устранение неполадок

Если вы видите, что время вашего компьютера установлено неправильно и в логе присутствует строка

openntpd adjtime failed: Invalid argument

тогда попробуйте набрать ntpd -s -d в консоли.

ntp

Установка

# pacman -S ntp

/etc/ntp.conf Configuration

The very first line of your ntp.conf file should contain a line such as the following:

restrict default noquery notrust nomodify

This essentially restricts everyone from modifying anything. Following this, you need to let ntpd know what you want to let through into your NTP server. Here is where you would specify any other ip addresses you would like to synchronize on your NTP server. For example:

restrict 1.2.3.4
restrict 192.168.0.0 mask 255.255.255.0 nomodify

This tells ntpd that 1.2.3.4 and all ip addresses from the 192.168.0.0 range will be allowed to synchronize on this server, but they will not be allowed to modify anything. All other IP addresses in the world will still obey the default restrictions (the first line in the ntp.conf).

Now, is where the stratum 2 servers that our server will synchronize with come into play. The lines in ntp.conf will be used to tell ntpd what servers we would like to use for synchronizing (these are just examples; use ntp servers that are closest to your location). Please see http://ntp.isc.org/bin/view/Servers/NTPPoolServers for a list a closer servers.

server ntp1.cs.wisc.edu
server ntp3.cs.wisc.edu
server ntp3.sf-bay.org

Unless you have a good reason not to, it is advisable to use the pool.ntp.org servers: http://www.pool.ntp.org/. Alternatively, a list of ntp servers is available at http://www.eecis.udel.edu/~mills/ntp/clock2a.html. Please pay attention to the Access Policies.

If we left it alone right now, we would never connect to a server because the response from any of the three servers listed above would never be allowed back into our server due to the fact that our default restrict statement would be in use (since we did not add the servers to our lesser restrictions (like we did with 127.0.0.1 and the subnet of 192.168.0.0).

To correct this, enter the following lines in ntp.conf:

restrict ntp1.cs.wisc.edu noquery nomodify
restrict ntp3.cs.wisc.edu noquery nomodify
restrict ntp3.sf-bay.org noquery nomodify

This will allow the response from the above servers into our system so our local clock can be synchronized. The noquery restriction will not allow any of the above three servers to query for information from our server. The nomodify restriction will not allow the three servers to modify anything (synchronization will still take place).

The only thing left to do is add the drift file (which keeps track of yours clocks time deviation). and the log file location:

driftfile /etc/ntp.drift
logfile /var/log/ntp.log

The complete file will look like this:

# default restrictions
restrict default noquery notrust nomodify

# override the default restrictions here
restrict 10.1.1.0 mask 255.255.255.0 nomodify

# public NTP servers to sync with (all stratum 2)
server ntp1.cs.wisc.edu
server ntp3.cs.wisc.edu
server ntp3.sf-bay.org

restrict ntp1.cs.wisc.edu noquery nomodify
restrict ntp3.cs.wisc.edu noquery nomodify
restrict ntp3.sf-bay.org noquery nomodify

# NTP drift file - used to keep track of your system clocks
# time deviation
driftfile /etc/ntp.drift

# NTP log file
logfile /var/log/ntp.log

Take note that this is for a client and a server ntp.conf configuration. If you just want to synchronize with a stratum server and are not concerned with other PCs synchronizing with your ntp server, then you can do something like the following (note that only 127.0.0.1 is allowed to be synchronized):

# default restrictions
restrict default noquery notrust nomodify

# Permit all access over the loopback interface
restrict 127.0.0.1

# public NTP servers to sync with (all stratum 2)
server ntp1.cs.wisc.edu
server ntp3.cs.wisc.edu
server ntp3.sf-bay.org

restrict ntp1.cs.wisc.edu noquery nomodify
restrict ntp3.cs.wisc.edu noquery nomodify
restrict ntp3.sf-bay.org noquery nomodify

# NTP drift file - used to keep track of your system clocks
# time deviation
driftfile /etc/ntp.drift

# NTP log file
logfile /var/log/ntp.log

... or if you don't care about restrictions at all, something like this (note there are no restrictions, thus no need to reduce restrictions for 127.0.0.1 to allow your local clock to synchronize):

# public NTP servers to sync with (all stratum 2)
server ntp1.cs.wisc.edu
server ntp3.cs.wisc.edu
server ntp3.sf-bay.org

# NTP drift file - used to keep track of your system clocks
# time deviation
driftfile /etc/ntp.drift

# NTP log file
logfile /var/log/ntp.log

A Note about Security

You may wonder about all of the restrict lines. The reason for them is security. If you don't want a secure NTP server, don't add any restrict lines to your ntp.conf file. If you want a secure NTP server, start out by adding a default restrict that doesn't allow anything to contact your server, then add more (less restrictive) restrict lines - allowing certain addresses various access privileges.

/etc/rc.d/network file modification

One more thing that you may want to do. In some cases, your /etc/ntp.conf file may be overwritten by dhcp. To avoid this, edit the /etc/conf.d/dhcpcd file and add -N to the line that starts with 'dhcpcd -t 10'.

Note: This was my experience/solution with setting the time:

On my system my /etc/conf.d/dhcpcd contains a single line:

DHCPCD_ARGS="-t 30 -h $HOSTNAME"

I assume it needs to be changed to:

DHCPCD_ARGS="-N -t 30 -h $HOSTNAME"

Some have suggested adding -R to preserve /etc/resolv.conf as well.

To fix Time use /etc/rc.local

To set the correct time; Set time and start ntpd at boot via /etc/rc.local

Relevant sections of /etc/rc.conf

HARDWARECLOCK="UTC"
TIMEZONE="US/Mountain"

Network/DHCP section:

lo="lo 127.0.0.1"
eth0="dhcp"
INTERFACES=(lo eth0)

Daemons subsection:

DAEMONS=(syslog-ng hotplug !pcmcia network netfs !ntpd crond dbus hal alsa gdm)

This is my /etc/rc.local

#!/bin/bash
#
# /etc/rc.local: Local multi-user startup script.
#

# Re-copy ntp.conf (was over written by dhcp)
cp /root/CONFIG.BAK/ntp.conf.bac /etc/ntp.conf
# I advise you keep your desired /etc/ntp.conf
# OUTSIDE of /etc

# Set time
/usr/bin/ntpdate ntp.nasa.gov #Use any time server you like here

# Start ntpd
/etc/rc.d/ntpd start

And here is my /root/CONFIG.BAK/ntp.conf.bac (this is just a copy of the desired /etc/ntp.conf)

# default restrictions
restrict default noquery notrust nomodify

# override the default restrictions here
restrict 127.0.0.1 nomodify
restrict 192.168.2.0 mask 255.255.255.0 nomodify

# public NTP servers to sync with (all stratum 2)
server ntp.nasa.gov #Use any time server you like here

restrict ntp.nasa.gov noquery nomodify

# NTP drift file - used to keep track of your system clocks
driftfile /etc/ntp.drift

# NTP log file
logfile /var/log/ntp.log

Leave /etc/conf.d/dhcpcd at default. Mine is a single line and reads

DHCPCD_ARGS="-t 30 -h $HOSTNAME"

With this configuration I get the correct time and ntpd running at boot. There may be a better way, but this worked for me. I hope it helps.

Updating your system immediately using ntpdate

It is recommended to add a line like the following to your /etc/rc.local file so when you boot your system, your time will be correct (use an NTP server close to your location).

/usr/bin/ntpdate ntp1.cs.wisc.edu

Running ntpdate when you boot up is a good idea because ntpd may take a long time to synchronize your local clock depending on how far off the time is. If your clock is synchronized when ntpd starts, then it's sole purpose is to keep it synchronized. To run ntpd at startup, add ntpd to the daemons section of the /etc/rc.conf file.

ntpd will work well if you have a connection to the internet all the time. If you are using dialup, you may just want to stick with using ntpdate via the command line.

Querying your NTP server using ntpq

There is a default restrict statement for the localhost that includes an ignore flag. Without overriding it (adding the line restrict 127.0.0.1) you will not be able to query your NTP server. If that's not a concern to you, then leave out the restrict line for your localhost. You will still be able to synchronize with your stratum 2 servers.

External Resources