Difference between revisions of "OpenNTPD"

From ArchWiki
Jump to: navigation, search
(wikify some external links, use https for archlinux.org)
(Configuration: note missing HTTPS constraint feature)
 
(42 intermediate revisions by 14 users not shown)
Line 1: Line 1:
 
[[Category:Networking]]
 
[[Category:Networking]]
[[Category:Daemons and system services]]
 
 
[[it:OpenNTPD]]
 
[[it:OpenNTPD]]
OpenNTPD (part of the OpenBSD project) is a daemon that can be used to synchronize the system clock to internet time servers using the Network Time Protocol, and can also act as a time server itself if needed.
+
[[ja:OpenNTPD]]
 +
{{Related articles start}}
 +
{{Related|Time}}
 +
{{Related|Network Time Protocol daemon}}
 +
{{Related|systemd-timesyncd}}
 +
{{Related|Chrony}}
 +
{{Related articles end}}
  
{{Warning|''OpenNTPD'' is not currently maintained for Linux (see [https://bbs.archlinux.org/viewtopic.php?id=68627 this thread]): users interested in its functions should better use [[NTPd]].}}
+
[http://www.openntpd.org/ OpenNTPD] (part of the OpenBSD project) is a daemon that can be used to synchronize the system clock to internet time servers using the Network Time Protocol, and can also act as a time server itself if needed. It implements the Simple Network Time Protocol version 4, as described in RFC 5905, and the Network Time Protocol version 3, as described in RFC 1305.
  
 
== Installation ==
 
== Installation ==
[http://www.openntpd.org/ OpenNTPD] can be installed from [community]:
+
[[Install]] the {{Pkg|openntpd}} package.
 +
The default configuration is actually usable if all you want is to sync the time of the local computer.
  
# pacman -S openntpd
+
== Configuration ==
  
The default configuration is actually usable if all you want is to sync the time of the local computer. For more detailed settings, the {{ic|/etc/ntpd.conf}} file must be edited:
+
To configure OpenNTPD, you need to edit {{ic|/etc/ntpd.conf}}.
 +
{{Tip|After configuring, check the configuration file for validity by executing:
 +
$ ntpd -n
 +
}}
 +
{{Note|1=[https://marc.info/?l=openbsd-tech&m=142356166731390&w=2 HTTPS constraint feature] is not supported by {{Pkg|openntpd}}, it requires OpenNTPD to be built with LibreSSL. {{Pkg|openntpd}} is built with OpenSSL.}}
  
To sync to a particular server, uncomment and edit the "server" directive. You can find the server's URL in your area at [http://www.pool.ntp.org/zone/@ www.pool.ntp.org/zone/@].
+
=== Client ===
  
server ntp.example.org
+
To sync to a single particular server, uncomment and edit the "server" directive.
  
The "servers" directive works the same as the "server" directive, however, if the DNS name resolves to multiple IP address, ALL of them will be synced to. The default, "pool.ntp.org" is working and should be acceptable in most cases.
+
{{hc|/etc/ntpd.conf|
 +
server ntp.example.org
 +
}}
  
  pool.ntp.org
+
The "servers" directive works the same as the "server" directive, however, if the DNS name resolves to multiple IP address, ALL of them will be synced to. The default, "pool.ntp.org" is working and should be acceptable in most cases. You can find the server's URL in your area at [http://www.pool.ntp.org/zone/@ www.pool.ntp.org/zone/@].
 +
 
 +
{{hc|/etc/ntpd.conf|
 +
servers pool.ntp.org
 +
}}
  
 
Any number of "server" or "servers" directives may be used.
 
Any number of "server" or "servers" directives may be used.
 +
 +
=== Server ===
  
 
If you want the computer you run OpenNTPD on to also be a time server, simply uncomment and edit the "listen" directive.
 
If you want the computer you run OpenNTPD on to also be a time server, simply uncomment and edit the "listen" directive.
Line 27: Line 45:
 
For example:
 
For example:
  
listen on *
+
{{hc|/etc/ntpd.conf|
 +
listen on *
 +
}}
  
 
will listen on all interfaces, and
 
will listen on all interfaces, and
  
listen on 127.0.0.1
+
{{hc|/etc/ntpd.conf|
 +
listen on 127.0.0.1
 +
listen on ::1
 +
}}
  
 
will only listen on the loopback interface.
 
will only listen on the loopback interface.
Line 37: Line 60:
 
Your time server will only begin to serve time after it has synchronized itself to a high resolution. This may take hours, or days, depending on the accuracy of your system.
 
Your time server will only begin to serve time after it has synchronized itself to a high resolution. This may take hours, or days, depending on the accuracy of your system.
  
If you would like to run OpenNTPD at boot, add {{Ic|openntpd}} the DAEMONS variable in your {{ic|/etc/rc.conf}} following your network daemon.
+
== Usage ==
  
DAEMONS=(syslog-ng network '''openntpd''' ...)
+
=== Start OpenNTPD at boot ===
 +
[[Enable]] {{ic|openntpd.service}}.
  
If openntpd is being used to set local system time only, it may be safely backgrounded.
+
=== Making openntpd dependent upon network access ===
 +
If you have intermittent network access (you roam around on a laptop, you use dial-up, etc), it does not make sense to have {{Ic|openntpd}} running as a system daemon on start up. Here are a few ways you can control {{Ic|openntpd}} based on the presence of a network connection.
  
DAEMONS=(syslog-ng network '''@openntpd''' ...)
+
==== Using NetworkManager dispatcher ====
 +
OpenNTPD can be brought up/down along with a network connection through the use of [[NetworkManager#Network services with NetworkManager dispatcher|NetworkManager's dispatcher scripts]].
  
To see the status of NTP syncing, visit {{ic|/var/log/daemon.log}} and look for entries with "ntpd".
+
Install {{pkg|networkmanager-dispatcher-openntpd}}.
  
OpenNTPD adjusts the clock by small amounts at a time. It is designed this way to prevent sudden, large time fluctuations in your system, which could adversely affect system services (e.g., cron jobs). Thus, it can take some time to correct the time.
+
==== Using wicd ====
  
If your clock is off by more than 180 seconds you can try "{{Ic|ntpd -s -d}}" in the console. If ntpd is already running, you can simply restart it with {{Ic|sudo /etc/rc.d/openntpd restart}}, as the Arch openntpd package uses the "-s" flag by default. See {{Ic|man ntpd}} for more info. You can also set the [[Time#Time_Set|system clock]] to as close to possible to the actual time and then let OpenNTPD fine tune the time.
+
Create these two scripts and mark them executable using [[chmod]].
  
=== Enable OpenNTPD through systemd ===
+
{{hc|/etc/wicd/scripts/postconnect/openntpd-start.sh|
If you are using systemd init instead, you must enable the service related to OpenNTPD as follows:
+
# systemctl enable openntpd
+
Then reboot.
+
 
+
Alternatively start manually without autostart on boot:
+
# systemctl start openntpd
+
 
+
== Making openntpd dependent upon network access ==
+
If you have intermittent network access (you roam around on a laptop, you use dial-up, etc), it does not make sense to have {{Ic|openntpd}} running as a system daemon on start up. Here are a few ways you can control {{Ic|openntpd}} based on the presence of a network connection. These instructions should also work for {{Ic|ntpd}} found further below. 
+
 
+
=== Using netcfg ===
+
If you are using netcfg, you can also start/stop openntpd as a POST_UP/PRE_DOWN command in your network profile:
+
 
+
POST_UP="/etc/rc.d/openntpd start || true"
+
PRE_DOWN="/etc/rc.d/openntpd stop || true"
+
 
+
Of course, you will have to specify this manually for each network profile.
+
 
+
=== Using NetworkManager dispatcher ===
+
OpenNTPD can be brought up/down along with a network connection through the use of [[NetworkManager#Network Services with NetworkManager Dispatcher|NetworkManager's dispatcher scripts]]. You can install the needed script from [community]:
+
# pacman -S networkmanager-dispatcher-openntpd
+
 
+
=== Using wicd ===
+
These instructions require wicd 1.7.0 or later, which is available in the standard Arch repository.
+
You will also need write access to {{ic|/etc/wicd/scripts}}.
+
 
+
{{Note|Remember to make these two scripts executable using {{Ic|chmod}} }}
+
 
+
Make one shell script inside {{ic|/etc/wicd/scripts/postconnect/openntpd-start.sh}} with the following:
+
<pre>
+
 
#!/bin/sh
 
#!/bin/sh
/etc/rc.d/openntpd start
+
systemctl start openntpd.service
</pre>
+
}}
  
Similarly, make another shell script inside {{ic|/etc/wicd/scripts/predisconnect/openntpd-stop.sh}} with the following:
+
{{hc|/etc/wicd/scripts/predisconnect/openntpd-stop.sh|
<pre>
+
 
#!/bin/sh
 
#!/bin/sh
/etc/rc.d/openntpd stop
+
systemctl stop openntpd.service
</pre>
+
}}
  
=== Using dhclient hooks ===
+
==== Using dhclient hooks ====
 +
{{Expansion|hook example needed}}
 
Another possibility is to use dhclient hooks to start and stop openntpd.
 
Another possibility is to use dhclient hooks to start and stop openntpd.
 
When dhclient detects a change in state it will run the following scripts:
 
When dhclient detects a change in state it will run the following scripts:
Line 98: Line 94:
 
*{{ic|/etc/dhclient-exit-hooks}}
 
*{{ic|/etc/dhclient-exit-hooks}}
  
The following example uses {{ic|/etc/dhclient-exit-hooks}} to start and stop openntpd depending on dhcp status:
+
See dhclient-script(8)
<pre>
+
[ "$interface" != "eth0" ] && exit 0
+
  
 +
==== Using dhcpcd hooks ====
 +
{{hc|/etc/dhcpcd.exit-hook|
 
if $if_up; then
 
if $if_up; then
    pgrep ntpd &> /dev/null || /etc/rc.d/openntpd start
+
systemctl start openntpd.service
 
elif $if_down; then
 
elif $if_down; then
    pgrep ntpd &> /dev/null && /etc/rc.d/openntpd stop
+
systemctl stop openntpd.service
 
fi
 
fi
</pre>
+
}}
 
+
See dhclient-script(8)
+
 
+
=== Using dhcpcd hooks ===
+
{{ic|/usr/lib/dhcpcd/dhcpcd-hooks/*}}
+
 
+
 
See dhcpcd-run-hooks(8)
 
See dhcpcd-run-hooks(8)
  
Line 124: Line 114:
 
Try:
 
Try:
  
  ntpd -s -d
+
  # ntpd -s -d
  
 
This is also how you would manually sync your system.
 
This is also how you would manually sync your system.
Line 130: Line 120:
 
===Increasing time shift===
 
===Increasing time shift===
 
Starting ''openntpd'' in the background could lead to synchronization errors between the actual time and the time stored on your computer. If you recognize an increasing time difference between your desktop clock and the actual time, try to start the ''openntpd'' daemon normal and not in the background.
 
Starting ''openntpd'' in the background could lead to synchronization errors between the actual time and the time stored on your computer. If you recognize an increasing time difference between your desktop clock and the actual time, try to start the ''openntpd'' daemon normal and not in the background.
 
===Initialization Failure===
 
Openntpd may fail to initialize properly if it is started before the network is fully configured. In some cases you may want to remove {{Ic|openntpd}} from the DAEMONS array in {{ic|/etc/rc.conf}} and add the following line to {{ic|/etc/rc.local}}:
 
 
(sleep 300 && /etc/rc.d/openntpd start) &
 
{{Note|This method is an alternative to the four methods listed [[#Making openntpd dependent upon network access|above]]. The other three methods are preferred and work better. Use this as a last resort.}}
 
 
This will wait 5 minutes before starting openntpd, which should give the system sufficient time to set up the network properly. If your network settings change often, you may also consider restarting the daemon regularly with cron.
 
  
 
==See also==
 
==See also==
* [[Network Time Protocol daemon]]
 
 
==External links==
 
 
* http://www.openntpd.org
 
* http://www.openntpd.org
 +
* [https://github.com/openntpd-portable/openntpd-portable OpenNTPD Portable]

Latest revision as of 13:50, 8 September 2016

OpenNTPD (part of the OpenBSD project) is a daemon that can be used to synchronize the system clock to internet time servers using the Network Time Protocol, and can also act as a time server itself if needed. It implements the Simple Network Time Protocol version 4, as described in RFC 5905, and the Network Time Protocol version 3, as described in RFC 1305.

Installation

Install the openntpd package. The default configuration is actually usable if all you want is to sync the time of the local computer.

Configuration

To configure OpenNTPD, you need to edit /etc/ntpd.conf.

Tip: After configuring, check the configuration file for validity by executing:
$ ntpd -n
Note: HTTPS constraint feature is not supported by openntpd, it requires OpenNTPD to be built with LibreSSL. openntpd is built with OpenSSL.

Client

To sync to a single particular server, uncomment and edit the "server" directive.

/etc/ntpd.conf
server ntp.example.org

The "servers" directive works the same as the "server" directive, however, if the DNS name resolves to multiple IP address, ALL of them will be synced to. The default, "pool.ntp.org" is working and should be acceptable in most cases. You can find the server's URL in your area at www.pool.ntp.org/zone/@.

/etc/ntpd.conf
servers pool.ntp.org

Any number of "server" or "servers" directives may be used.

Server

If you want the computer you run OpenNTPD on to also be a time server, simply uncomment and edit the "listen" directive.

For example:

/etc/ntpd.conf
listen on *

will listen on all interfaces, and

/etc/ntpd.conf
listen on 127.0.0.1
listen on ::1

will only listen on the loopback interface.

Your time server will only begin to serve time after it has synchronized itself to a high resolution. This may take hours, or days, depending on the accuracy of your system.

Usage

Start OpenNTPD at boot

Enable openntpd.service.

Making openntpd dependent upon network access

If you have intermittent network access (you roam around on a laptop, you use dial-up, etc), it does not make sense to have openntpd running as a system daemon on start up. Here are a few ways you can control openntpd based on the presence of a network connection.

Using NetworkManager dispatcher

OpenNTPD can be brought up/down along with a network connection through the use of NetworkManager's dispatcher scripts.

Install networkmanager-dispatcher-openntpd.

Using wicd

Create these two scripts and mark them executable using chmod.

/etc/wicd/scripts/postconnect/openntpd-start.sh
#!/bin/sh
systemctl start openntpd.service
/etc/wicd/scripts/predisconnect/openntpd-stop.sh
#!/bin/sh
systemctl stop openntpd.service

Using dhclient hooks

Tango-view-fullscreen.pngThis article or section needs expansion.Tango-view-fullscreen.png

Reason: hook example needed (Discuss in Talk:OpenNTPD#)

Another possibility is to use dhclient hooks to start and stop openntpd. When dhclient detects a change in state it will run the following scripts:

  • /etc/dhclient-enter-hooks
  • /etc/dhclient-exit-hooks

See dhclient-script(8)

Using dhcpcd hooks

/etc/dhcpcd.exit-hook
if $if_up; then
	systemctl start openntpd.service
elif $if_down; then
	systemctl stop openntpd.service
fi

See dhcpcd-run-hooks(8)

Troubleshooting

Error adjusting time

If you find your time set incorrectly and in log you see:

openntpd adjtime failed: Invalid argument

Try:

# ntpd -s -d

This is also how you would manually sync your system.

Increasing time shift

Starting openntpd in the background could lead to synchronization errors between the actual time and the time stored on your computer. If you recognize an increasing time difference between your desktop clock and the actual time, try to start the openntpd daemon normal and not in the background.

See also