I still don't understand NTP :-(
Hi SInce I have my Suse 10.0 I sometimes adjust the time using the command line: ntpdate -u time.uni-freiburg.de ; hwclock --systohc This works. After reading a thread here this morning I configured NTP in Yast, so that this could be done automatically. But my var/log/messages says: Oct 2 10:08:09 venus ntpd[6614]: ntpd 4.2.0a@1.1191-r Fri Sep 9 17:17:17 UTC 2005 (1) Oct 2 10:08:09 venus ntpd[6614]: precision = 1.000 usec Oct 2 10:08:09 venus ntpd[6614]: Listening on interface wildcard, 0.0.0.0#123 Oct 2 10:08:09 venus ntpd[6614]: Listening on interface wildcard, ::#123 Oct 2 10:08:09 venus ntpd[6614]: Listening on interface lo, 127.0.0.1#123 Oct 2 10:08:09 venus ntpd[6614]: Listening on interface eth0, 192.168.2.2#123 Oct 2 10:08:09 venus ntpd[6614]: kernel time sync status 0040 the only thing I found after googling for status 0040 was, that I should check that the firewall allows port 123 (UDP) in both directions. But can it really be the firewall? Why does it work perfectly from command line then? Output of xntpdc is: ntpdc> peer remote local st poll reach delay offset disp ======================================================================= =LOCAL(0) 127.0.0.1 10 64 377 0.00000 0.000000 0.03087 *swisstime.ee.et 192.168.2.2 2 1024 377 0.02505 0.009517 0.11856 ntpdc> (I must confess that I have not the slightest idea what these messages want to tell me, and I havn't found out in xntp_doc...) Can someone help me understanding a bit more? Daniel -- Daniel Bauer photographer Basel Switzerland professional photography: http://www.daniel-bauer.com Madagascar special: http://www.sanic.ch
Daniel Bauer wrote:
Output of xntpdc is:
ntpdc> peer remote local st poll reach delay offset disp
=======================================================================
=LOCAL(0) 127.0.0.1 10 64 377 0.00000 0.000000 0.03087 *swisstime.ee.et 192.168.2.2 2 1024 377 0.02505 0.009517 0.11856 ntpdc>
(I must confess that I have not the slightest idea what these messages want to tell me, and I havn't found out in xntp_doc...)
The LOCAL(0) line says that your localhost is a time-source at stratum 10. This is created by the "fudge" line in ntp.conf. The next line says that you are synced to swisstime.ee... You can also try to do an "ntptrace" and study the output. /Per Jessen, Zürich
On Monday 02 October 2006 14:37, Per Jessen wrote:
Daniel Bauer wrote:
Output of xntpdc is:
ntpdc> peer remote local st poll reach delay offset disp
=======================================================================
=LOCAL(0) 127.0.0.1 10 64 377 0.00000 0.000000 0.03087 *swisstime.ee.et 192.168.2.2 2 1024 377 0.02505 0.009517 0.11856 ntpdc>
(I must confess that I have not the slightest idea what these messages want to tell me, and I havn't found out in xntp_doc...)
The LOCAL(0) line says that your localhost is a time-source at stratum 10. This is created by the "fudge" line in ntp.conf. The next line says that you are synced to swisstime.ee...
You can also try to do an "ntptrace" and study the output.
/Per Jessen, Zürich
Hm... when I typed ntptrace (as root) I got: localhost: stratum 3, offset 0.002145, synch distance 0.974084 swisstime.ee.ethz.ch: stratum 2, offset 0.000051, synch distance 0.015953 129.132.2.22: timed out, nothing received ***Request timed out So I thought, swisstime is too slow in answering, went to Yast, choosed another timeserver, but then ntptrace gave only: localhost: stratum 16, offset 0.000000, synch distance 0.000615 So I switched back to swisstime (in Yast) and now I still get only this single line. Or is this already the "good" line??? However, clicking "test" in Yast after choosing a timeserver says it's reached and answered. But var/log/messages still says Oct 2 15:12:17 venus ntpdate[20412]: adjust time server 129.132.2.21 offset -0.001462 sec Oct 2 15:12:17 venus ntpd[20417]: ntpd 4.2.0a@1.1191-r Fri Sep 9 17:17:17 UTC 2005 (1) Oct 2 15:12:17 venus ntpd[20417]: precision = 1.000 usec Oct 2 15:12:17 venus ntpd[20417]: Listening on interface wildcard, 0.0.0.0#123 Oct 2 15:12:17 venus ntpd[20417]: Listening on interface wildcard, ::#123 Oct 2 15:12:17 venus ntpd[20417]: Listening on interface lo, 127.0.0.1#123 Oct 2 15:12:17 venus ntpd[20417]: Listening on interface eth0, 192.168.2.2#123 Oct 2 15:12:17 venus ntpd[20417]: kernel time sync status 0040 Oct 2 15:12:17 venus ntpd[20417]: frequency initialized -18.184 PPM from /var/lib/ntp/drift/ntp.drift while my search in google lead me to a page telling me that this is a "firewall error", in the doc I found that "kernel time sync status 0040" is "for information only. See the codes in the timex.h file." However doing a time update manually from the command line says that my local time is almost exact. So maybe it just works fine and the message means just nothing??? Anyway I still would like to find out, if, when and how many times this deamon will check my time, but all those messages are really cryptic to me. I even don't know what "stratum" means. When I was younger, there was a disco here called "stratos" :-) Any more hints that even I can understand? Daniel -- Daniel Bauer photographer Basel Switzerland professional photography: http://www.daniel-bauer.com Madagascar special: http://www.sanic.ch
On 10/2/06, Daniel Bauer
However doing a time update manually from the command line says that my local time is almost exact. So maybe it just works fine and the message means just nothing???
what command do you run to manually update time from the ntp server? stratum refers to whether the ntp server is a primary (stratum 1) or secondary (stratum 2) time server. Peter
On Monday 02 October 2006 15:54, Peter Van Lone wrote:
On 10/2/06, Daniel Bauer
wrote: <snip>
what command do you run to manually update time from the ntp server?
ntpdate -u time.uni-freiburg.de ; hwclock --systohc -- Daniel Bauer photographer Basel Switzerland professional photography: http://www.daniel-bauer.com Madagascar special: http://www.sanic.ch
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2006-10-02 at 15:47 +0200, Daniel Bauer wrote:
Hm... when I typed ntptrace (as root) I got:
localhost: stratum 3, offset 0.002145, synch distance 0.974084 swisstime.ee.ethz.ch: stratum 2, offset 0.000051, synch distance 0.015953 129.132.2.22: timed out, nothing received ***Request timed out
So I thought, swisstime is too slow in answering, went to Yast, choosed another timeserver, but then ntptrace gave only: localhost: stratum 16, offset 0.000000, synch distance 0.000615
You should have more than one server to read the time from. A dozen or two would be apropiate. Enter several server lines like this: server pool.ntp.org server pool.ntp.org server pool.ntp.org server pool.ntp.org server es.pool.ntp.org server uk.pool.ntp.org server fr.pool.ntp.org server ch.pool.ntp.org
But var/log/messages still says
That's not the log file to look at - instead: logfile /var/log/ntp # alternate log file logconfig =all Example log: 2 Oct 14:53:39 ntpd[4601]: synchronized to 194.*.*.*, stratum 2 2 Oct 14:59:10 ntpd[4601]: time reset -0.799129 s 2 Oct 14:59:10 ntpd[4601]: system event 'event_clock_reset' (0x05) status 'leap_none, sync_unspec, 15 events, event_peer/strat_chg' (0xf4) 2 Oct 14:59:10 ntpd[4601]: system event 'event_peer/strat_chg' (0x04) status 'leap_none, sync_unspec, 15 events, event_clock_reset' (0xf5) 2 Oct 14:59:12 ntpd[4601]: peer 194.*.*.* event 'event_reach' (0x84) status 'unreach, conf, 4 events, event_reach' (0x8044) 2 Oct 14:59:15 ntpd[4601]: peer 195.*.*.* event 'event_reach' (0x84) status 'unreach, conf, 4 events, event_reach' (0x8044) 2 Oct 14:59:22 ntpd[4601]: synchronized to 194.*.*.*, stratum 2 2 Oct 15:00:12 ntpd[4601]: peer LOCAL(0) event 'event_reach' (0x84) status 'unreach, conf, 4 events, event_reach' (0x8044) 2 Oct 15:00:14 ntpd[4601]: peer 193.*.*.* event 'event_reach' (0x84) status 'unreach, conf, 4 events, event_reach' (0x8044) 2 Oct 15:00:14 ntpd[4601]: peer 194.*.*.* event 'event_reach' (0x84) status 'unreach, conf, 4 events, event_reach' (0x8044) 2 Oct 15:00:16 ntpd[4601]: peer 213.*.*.* event 'event_reach' (0x84) status 'unreach, conf, 4 events, event_reach' (0x8044) 2 Oct 15:00:19 ntpd[4601]: offset -0.016159 sec freq 4.865 ppm error 0.008658 poll 6 2 Oct 15:44:19 ntpd[4601]: synchronized to 193.*.*.*, stratum 2 2 Oct 16:00:19 ntpd[4601]: offset 0.013454 sec freq 3.475 ppm error 0.048369 poll 8 localhost: stratum 3, offset 0.005532, synch distance 0.167255 193.*.*.*: stratum 2, offset 0.000921, synch distance 0.085274 *.*.es: stratum 1, offset 0.000000, synch distance 0.000537, refid 'GPS'
Anyway I still would like to find out, if, when and how many times this deamon will check my time,
Good luck! It does it when it wants to do it :-)
but all those messages are really cryptic to me.
So they are :-P
I even don't know what "stratum" means. When I was younger, there was a disco here called "stratos" :-)
Have a look at "http://www.ntp.org/". Or install package "xntp-doc" and read it. "Stratum" tells the level in the ntp server chain. Stratum 1 is a server with a direct connection to a precise clock, like a GPS card, a special radio, or one of the atomic clocks mantained by some labs. We, as users, should not request the time form them, but use level 2 or 3 instead (however, if they are in the pool, that's their fault). - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFFIR5htTMYHG2NR9URAs7DAJ9hjvAUzYDPcuEXy3ApY5ubi0wv/QCfQt+c HvSWjtg0SsP5YHVTC5hnMm0= =jTV7 -----END PGP SIGNATURE-----
Carlos E. R. wrote:
You should have more than one server to read the time from. A dozen or two would be apropiate. Enter several server lines like this:
I'm not sure why you'd have that many - maybe in your pool-example, but Daniel is pulling time from a very reliable stratum 1 server.
Anyway I still would like to find out, if, when and how many times this deamon will check my time,
It syncs your clock as and when it thinks it's necessary. Think of it as continually keeping your clock in sync.
I even don't know what "stratum" means. When I was younger, there was a disco here called "stratos" :-)
I like to think of an NTP "stratum" as "layer" or "ring". The further away you are from an absolute source (DCF77 receiver, a caesium clock etc.), the higher your stratum.
We, as users, should not request the time form them, but use level 2 or 3 instead (however, if they are in the pool, that's their fault).
I would generally agree with that, but some stratum 1 servers are for public consumption and allow you to subscribe if you ask. /Per Jessen, Zürich
On Monday 02 October 2006 16:43, Per Jessen wrote:
Carlos E. R. wrote:
You should have more than one server to read the time from. A dozen or two would be apropiate. Enter several server lines like this:
I'm not sure why you'd have that many - maybe in your pool-example, but Daniel is pulling time from a very reliable stratum 1 server.
Anyway I still would like to find out, if, when and how many times this deamon will check my time,
It syncs your clock as and when it thinks it's necessary. Think of it as continually keeping your clock in sync.
I even don't know what "stratum" means. When I was younger, there was a disco here called "stratos" :-)
I like to think of an NTP "stratum" as "layer" or "ring". The further away you are from an absolute source (DCF77 receiver, a caesium clock etc.), the higher your stratum.
We, as users, should not request the time form them, but use level 2 or 3 instead (however, if they are in the pool, that's their fault).
I would generally agree with that, but some stratum 1 servers are for public consumption and allow you to subscribe if you ask.
/Per Jessen, Zürich
Thanks Carl, Carlos, Per for the explenations! As my /var/log/ntp shows some synchronized to... messages I guess it just works (and worked from the beginning) and the "kernel time sync status 0040" was just misleading me. Not for the first and probably not for the last time... Daniel -- Daniel Bauer photographer Basel Switzerland professional photography: http://www.daniel-bauer.com Madagascar special: http://www.sanic.ch
On Monday 02 October 2006 09:43, Per Jessen wrote:
Carlos E. R. wrote:
You should have more than one server to read the time from. A dozen or two would be apropiate. Enter several server lines like this:
I'm not sure why you'd have that many - maybe in your pool-example, but Daniel is pulling time from a very reliable stratum 1 server.
/Per Jessen, Zürich
Please pull from lower level time servers though. That is why Carlos' suggestions to use the <country code>.pool.ntp.org is a very great suggestion. Most of us are home/small business users and we have no need to touch the main stratum 1 ntp servers. That way we keep the traffic off those servers and distribute it to lower levels. One of our machines talking to a stratum 1 time server is not a huge deal but its the traffic generated by the hundreds of thousands of us that is the issue. http://en.wikipedia.org/wiki/NTP_vandalism has a few examples. Thanks for your consideration, Stan
Stan Glasoe wrote:
Please pull from lower level time servers though. That is why Carlos' suggestions to use the <country code>.pool.ntp.org is a very great suggestion. Most of us are home/small business users and we have no
Well, I'm running a slightly bigger setup :-) /Per Jessen, Zürich
On Monday 02 October 2006 20:18, Stan Glasoe wrote:
On Monday 02 October 2006 09:43, Per Jessen wrote:
Carlos E. R. wrote:
You should have more than one server to read the time from. A dozen or two would be apropiate. Enter several server lines like this:
I'm not sure why you'd have that many - maybe in your pool-example, but Daniel is pulling time from a very reliable stratum 1 server.
/Per Jessen, Zürich
Please pull from lower level time servers though. That is why Carlos' suggestions to use the <country code>.pool.ntp.org is a very great suggestion. Most of us are home/small business users and we have no need to touch the main stratum 1 ntp servers. That way we keep the traffic off those servers and distribute it to lower levels.
One of our machines talking to a stratum 1 time server is not a huge deal but its the traffic generated by the hundreds of thousands of us that is the issue.
http://en.wikipedia.org/wiki/NTP_vandalism has a few examples.
Thanks for your consideration, Stan
Many interesting answers here - I couldn't imagine that just "getting the time" implies so many things to think about. After reading here and the wikipedia-link, and also reading http://ntp.isc.org/bin/view/Servers/RulesOfEngagement where it says "As the load on the hosts supporting NTP primary (stratum 1) time service is heavy and always increasing, clients should avoid using the primary servers whenever possible" I now decided to remove the "stratum 1" server from my list and just entered three different NTP Pool Servers, as I don't care too much, if my PC's time is soooo very accurate (before I adjusted the time once every week or so). As a simple "just user" I wonder, why the servers you can choose in Yast are not explained a bit closer (for example that it isn't necessary for user like me to choose a st1 etc.). As I am in Switzerland I've just chosen a public server from Switzerland, and there is only one in Yast - and that's a stratum 1 server... On the said page there are lists of servers to choose from. Thanks again to all of you for your help and engagement! Daniel -- Daniel Bauer photographer Basel Switzerland professional photography: http://www.daniel-bauer.com Madagascar special: http://www.sanic.ch
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2006-10-03 at 11:05 +0200, Daniel Bauer wrote:
As a simple "just user" I wonder, why the servers you can choose in Yast are not explained a bit closer (for example that it isn't necessary for user like me to choose a st1 etc.). As I am in Switzerland I've just chosen a public server from Switzerland, and there is only one in Yast - and that's a stratum 1 server...
I had a similar problem when I set it up in my machine, too. I knew nothing about the pool, it was people here who told me. Yes, I think that Yast should use servers from the pool; people needing higher precission can read the docs and find out ;-) - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFFIjydtTMYHG2NR9URAiMkAJ94S57tk0KmmzFmEzz38KJtcgCgIACfV7Ga qVaWP9uKgU4ImV9NnMejJKo= =b2xn -----END PGP SIGNATURE-----
Most of us are home/small business users and we have no need to touch the main stratum 1 ntp servers. That way we keep the traffic off those servers and distribute it to lower levels. Yes. In fact, there is no need to use a time "server" at all. In the first
On Monday 02 October 2006 13:18, Stan Glasoe wrote: place opening a port for NTP to the network opens a vulnerability--however remote--that is not necessary. Secondly, radio down link from GPS is cheap, fast, reliable, and secure. Basically, you tie an inexpensive GPS receiver to your local network. One machine on the local network becomes the NTP server for the entire network behind your local firewall, and that server gets the time from GPS. (In this scenario we are only interested in the time, not the positioning, so expensive receivers and fancy software are not necessary) I have been investigating two possibilities for my home network: 1) The GPS receiver from DeLORME 2) The GPS receiver from Megellan (plugs into my Visor Palm. The difficulty as always is the problem of drivers (or writing open code). What would be really cool is if some vendor like LinkSys would build a GPS timebase receiver into their wireless routers/modems. -- Kind regards, M Harris <><
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2006-10-02 at 16:43 +0200, Per Jessen wrote:
You should have more than one server to read the time from. A dozen or two would be apropiate. Enter several server lines like this:
I'm not sure why you'd have that many - maybe in your pool-example, but Daniel is pulling time from a very reliable stratum 1 server.
It may be reliable, but even so, it might not be, or his network path to it might not be. The daemon is designed to use a bunch of servers, compare them, then chose one, and switch to another if it needs. If you only supply one or two, you deny the measures built into the daemon. On the other hand, I use servers that explicitly make themselves public by being listed in the pool.ntp.org list. Some of them are on adsl, so it is in my interest to ask a fairly sized bunch in case some of them are out of alignment - network delays or just booted up are fairly common occurrences.
We, as users, should not request the time form them, but use level 2 or 3 instead (however, if they are in the pool, that's their fault).
I would generally agree with that, but some stratum 1 servers are for public consumption and allow you to subscribe if you ask.
Maybe so, but I can not justify needing such a precise time keeping. It is more polite to use other servers. However, some stratum 1 servers are in the pool, in which case I use them, although not explicitly. The article "http://en.wikipedia.org/wiki/NTP_vandalism" that Stan Glasoe mentioned is very interesting. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFFIbpwtTMYHG2NR9URAiebAJ9ijFX1HfT1q3L7aySRIW5numax/gCeJQtU rvFJF6zTlv7mNpw9/PfKd44= =XRnp -----END PGP SIGNATURE-----
Carlos E. R. wrote:
It may be reliable, but even so, it might not be, or his network path I would generally agree with that, but some stratum 1 servers are for public consumption and allow you to subscribe if you ask.
Maybe so, but I can not justify needing such a precise time keeping. It is more polite to use other servers.
I guess it's a matter of opinion - when a stratum 1 operator clearly invites you/the public to use their services, as long as you tell them, I don't see anything impolite in using it.
The article "http://en.wikipedia.org/wiki/NTP_vandalism" that Stan Glasoe mentioned is very interesting.
Yep, that was worth reading. I'd already read about Poul-Henning Kamps troubles in the Danish papers a while ago. Interesting story. /Per Jessen, Zürich
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2006-10-03 at 08:52 +0200, Per Jessen wrote:
Maybe so, but I can not justify needing such a precise time keeping. It is more polite to use other servers.
I guess it's a matter of opinion - when a stratum 1 operator clearly invites you/the public to use their services, as long as you tell them, I don't see anything impolite in using it.
I have a list of stratum 1 servers somewhere, but the list doesn't say what the policy is for them.
The article "http://en.wikipedia.org/wiki/NTP_vandalism" that Stan Glasoe mentioned is very interesting.
Yep, that was worth reading. I'd already read about Poul-Henning Kamps troubles in the Danish papers a while ago. Interesting story.
My access router has none configured by default; I wrote the the name of the pool. They must be learning. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFFIju1tTMYHG2NR9URAkJJAJ9YCNuaW+baHYh4EVHD9skcJqIupQCffAzl g5id/KJydlSA0mVJmFSShF0= =vEyM -----END PGP SIGNATURE-----
Carlos E. R. wrote:
I have a list of stratum 1 servers somewhere, but the list doesn't say what the policy is for them.
Usually there will be a website or similar that described the policy, for instance: http://ntp.isc.org/bin/view/Servers/SwisstimeEthzCh http://ntp.isc.org/bin/view/Servers/NtpMetasCh
The article "http://en.wikipedia.org/wiki/NTP_vandalism" that Stan Glasoe mentioned is very interesting.
Yep, that was worth reading. I'd already read about Poul-Henning Kamps troubles in the Danish papers a while ago. Interesting story.
My access router has none configured by default; I wrote the the name of the pool. They must be learning.
I don't have any D-Link equipment, but the couple of Zyxels routers I've had didn't have anything configured by default. /Per Jessen, Zürich
On Monday 02 October 2006 09:47, Daniel Bauer wrote:
Anyway I still would like to find out, if, when and how many times this deamon will check my time...
Hi Daniel, From one of my previous posts on SLE:
From my not always perfect memory:
When you first set your system up as an ntp client, the script(s) accomplish the following:
1. determines the latency between the two systems, i.e. requests the time from the ntp server N times over the course of Y period, calculates the latencies and uses the average in later calculations.
2. with the average latency measured, it again requests the current time from the ntp server and adjusts the received time for latency. With the "true" time known, it then determines if the client is "fast" or "slow" and by how much.
3. it then calculates a series of small, incremental adjustments designed to gently "nudge" the client system into sync with the server without disrupting time sensitive processes and data.
4. When the above process is completed, the client is effectively synced to the server. This makes two things possible: a) the hardware clock drift can be accurately measured and, b) that drift can be compensated for in software until the hardware clock is next set.
Now, I could be "all wet" but this is how I understand the overall design of the process.
1. YaST -> System -> System Services (Runlevel) let the list refresh. 2. Select 'Expert' mode and 'stop' SuSEFirewall2 phase 2 only (not "disable"... use the start/stop/refresh drop-down control) (this temporarily 'drops' the firewall) 3. Leave above window open, open Network Services -> NTP Client 4. Enter the time server by name, not IP, and test. 5. If the test succeeds, click "OK" or "Done" or "Finish" (whatever is
From another of my past SLE posts... I believe this applies as you're running 10.0, correct?: there)
6. If the test fails, try another. Repeat until the test succeeds. 7. Start SuSEFirewall2 phase 2 again to bring the firewall back up. 8. select "Done" or "Finish" or "OK" and close YaST
My understanding is you really only want to sync to *one* known reliable server (or pool) because the syncing process is just that: a process which takes time to complete. This is how I set my 10.0 system up immediately following installation and it's been a real "set and forget" arrangement. hth & regards, Carl
On Monday 02 October 2006 06:44, Carl Hartung wrote:
My understanding is you really only want to sync to *one* known reliable server (or pool) because the syncing process is just that: a process which takes time to complete.
Not exactly Carl. NTP is smart enough to pick the best server from a bunch. 3 or 4 is usually enough. You provide more than one because the client is smart enough to fall back to another when one becomes un-reachable. Any ntp server beyond strata 2 is likely to be up and down occasionally because they are not usually a priority service. Hence the need for more than one. Most ISPs supply an ntp server. Just ping ntp.yourisp.net/com to find out. Most EDU domains also have one. -- _____________________________________ John Andersen
On Tuesday 03 October 2006 00:07, John Andersen wrote:
On Monday 02 October 2006 06:44, Carl Hartung wrote:
My understanding is you really only want to sync to *one* known reliable server (or pool) because the syncing process is just that: a process which takes time to complete.
Not exactly Carl.
Well, sort of...
NTP is smart enough to pick the best server from a bunch.
Yes, if you have such a critical time sensitive application, otherwise you should conserve the traffic. And the point that I was actually focusing on was this: syncing is a process, not a one time event. You don't a) set it up b) expect the time to correct itself immediately and c) when it doesn't, start 'server shopping'. Is that clearer? ;-) Carl
On 10/3/06, Carl Hartung
On Tuesday 03 October 2006 00:07, John Andersen wrote:
On Monday 02 October 2006 06:44, Carl Hartung wrote:
My understanding is you really only want to sync to *one* known reliable server (or pool) because the syncing process is just that: a process which takes time to complete.
Not exactly Carl.
Well, sort of...
NTP is smart enough to pick the best server from a bunch.
Yes, if you have such a critical time sensitive application, otherwise you should conserve the traffic. And the point that I was actually focusing on was this: syncing is a process, not a one time event. You don't a) set it up b) expect the time to correct itself immediately and c) when it doesn't, start 'server shopping'. Is that clearer? ;-)
I have followed this thread with interest, because it has not seemed to me, that configuring the ntp client just has not really worked to keep either a SLES or my current suse 10.0 desktop synced. So, following the advice in the cool solutions article to add the burst and iburst paraemeters in advanced settings. However, this is what still seems to be happening: Before going into yast, but after reboot (if I had made changes to the ntp client earlier), when I issue the command xntpdc -p I get: p02-dcs13:~ # xntpdc -p remote local st poll reach delay offset disp ======================================================================= *LOCAL(0) 127.0.0.1 10 64 377 0.00000 0.000000 0.03078 This, despite the fact that I have specified a time server in the config, and that the server tested properly (ie no issue with needing to drop the firewall). If I then go back into YAST to look at the settings (just checking, you know!) but don't change the server that is listed, then, when I issue the xntpdc -p command (and it is the same if I do xntpdc and then type peers at the ntp prompt), I get: p02-dcs13:~ # xntpdc -p xntpdc: read: Connection refused Then, if I go back into YAST and change the time server ... when I issue the xntpdc -p command, I get: p02-dcs13:~ # xntpdc -p remote local st poll reach delay offset disp ======================================================================= =LOCAL(0) 127.0.0.1 10 64 1 0.00000 0.000000 2.81735 =taylor.cs.wisc. 192.168.2.100 2 64 1 0.04097 -0.002045 1.98431 p02-dcs13:~ # However, after a reboot, I am back to square 1, with only the local server showing. So, what the ??? It seems like this should be pretty damn simple ... Peter
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Wednesday 2006-10-04 at 00:24 -0500, Peter Van Lone wrote: ...
However, after a reboot, I am back to square 1, with only the local server showing.
So, what the ???
It seems like this should be pretty damn simple ...
Why don't you forget Yast and edit the config file directly? It is not that dificult, and it simply works. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFFI1DJtTMYHG2NR9URAndJAJ0Yr+4yfnv5Ba4fnSyQuGiWmDHRFwCfcdyp 0xpBuU9koHYD4ky+/sgB7dY= =SP3q -----END PGP SIGNATURE-----
On Wednesday 04 October 2006 01:24, Peter Van Lone wrote:
I have followed this thread with interest, because it has not seemed to me, that configuring the ntp client just has not really worked to keep either a SLES or my current suse 10.0 desktop synced.
cat /etc/ntp.conf | grep server (your ntp server should show up as uncommented in one of these lines) cat /var/lib/ntp/drift/ntp.drift (this should show if ntp is successfully calculating the system's drift) cat /var/log/ntp | grep "time reset" (obvious... what adjustments have been made) Carl
On 10/4/06, Carl Hartung
On Wednesday 04 October 2006 01:24, Peter Van Lone wrote:
I have followed this thread with interest, because it has not seemed to me, that configuring the ntp client just has not really worked to keep either a SLES or my current suse 10.0 desktop synced.
cat /etc/ntp.conf | grep server (your ntp server should show up as uncommented in one of these lines)
cat /var/lib/ntp/drift/ntp.drift (this should show if ntp is successfully calculating the system's drift)
cat /var/log/ntp | grep "time reset" (obvious... what adjustments have been made)
thank you, these will be useful to me at some point, I am sure. P
On Tuesday 03 October 2006 21:24, Peter Van Lone wrote:
p02-dcs13:~ # xntpdc -p remote local st poll reach delay offset disp ======================================================================= *LOCAL(0) 127.0.0.1 10 64 377 0.00000 0.000000 0.03078
This, despite the fact that I have specified a time server in the config, and that the server tested properly (ie no issue with needing to drop the firewall).
If I then go back into YAST to look at the settings (just checking, you know!) but don't change the server that is listed, then, when I issue the xntpdc -p command (and it is the same if I do xntpdc and then type peers at the ntp prompt), I get:
p02-dcs13:~ # xntpdc -p xntpdc: read: Connection refused
Then, if I go back into YAST and change the time server ... when I issue the xntpdc -p command, I get:
p02-dcs13:~ # xntpdc -p remote local st poll reach delay offset disp ======================================================================= =LOCAL(0) 127.0.0.1 10 64 1 0.00000 0.000000 2.81735 =taylor.cs.wisc. 192.168.2.100 2 64 1 0.04097 -0.002045 1.98431 p02-dcs13:~ #
You should have a look at the log in /var/log/ntp
Chances are there will be some indication in there as to why it rolled over
and died, (if it did indeed die).
Note that ntpd will refuse to try to sync if your machine clock is hopelessly
out of sync with the reference clock, by (I forget the exact limit) some
fairly large number of minutes.
Also (obviously) ntp needs the network to be up before it can sync, so
you have to make sure the init scripts are run in the right order, but unless
you've been messing with them, SuSE usually gets those right. Still
bears checking that in run level 3 and 5 that the xx in Sxxntp is higher than
Sxxnetwork, and that you actually have a working network at the
time ntp starts.
Then take a look at your /etc/ntp.conf with your favorite editor. As Carl
mentioned its a simple file, and more easily managed at the command line
than thru yast.
Oh, and whats this reboot stuff... don't do that.
All you need is:
rcntp restart
Just to be pedantic I've pasted my /etc/ntp.conf in below for comparison.
BTW: The time zone of the reference clock does not matter. For years
before there were local references in alaska I synced with NIST in Colorado
and a clock in Japan. But now that the University of Alaska is on internet 2
their clock is "closer" than any others. So, what I'm getting at here is that
you could SAVE A BACKUP of your /etc/ntp.conf and swap in mine
to see how it works.
---begin paste
################################################################################
## /etc/ntp.conf
##
## Sample NTP configuration file.
## See package 'ntp-doc' for documentation, Mini-HOWTO and FAQ.
## Copyright (c) 1998 S.u.S.E. GmbH Fuerth, Germany.
##
## Author: Michael Andres,
On 10/4/06, John Andersen
Also (obviously) ntp needs the network to be up before it can sync, so you have to make sure the init scripts are run in the right order, but unless you've been messing with them, SuSE usually gets those right. Still bears checking that in run level 3 and 5 that the xx in Sxxntp is higher than Sxxnetwork, and that you actually have a working network at the time ntp starts.
ding ding ding ... I'll bet that is it. This is a laptop, therefore I shut it down frequently and I almost exclusively connect via wireless -- and, most of the places I go, I have to manually select the wireless access point. So essentially what you are saying is that NTP does not startup if there is no network. Fine. Seems like yet another extra step to have to take, but ... fine. I'll make the burst and iburst changes on the server to see if this addresses the issues there. So, the command to execute from a script on my laptot is rcntp restart .. is there anyway to associate that with the wireless network coming up, so that I don't have to do this extra little step each time?
Then take a look at your /etc/ntp.conf with your favorite editor. As Carl mentioned its a simple file, and more easily managed at the command line than thru yast.
I don't understand why you would not want/expect YAST to work. Seems to me that if the distro provides a management tool, then it should do it's job. Yes, I can learn to manage every system with the conf files ... but, really, while I may want to develop linux skills as an end in itself, most of my customers simply want to use linux to do a job. Hence the management tools, and why they should work.
Oh, and whats this reboot stuff... don't do that. All you need is: rcntp restart
the reboots were only because this is a laptop ....
Just to be pedantic I've pasted my /etc/ntp.conf in below for comparison.
thank you, I appreciate the pedantry and the examples! Peter
* Peter Van Lone
So, the command to execute from a script on my laptot is rcntp restart .. is there anyway to associate that with the wireless network coming up, so that I don't have to do this extra little step each time?
start a script via /etc/init.d/boot.local containing a loop that checks for an internet connection every (?) minute and starts 'rcntpd start' when successful. -- Patrick Shanahan Registered Linux User #207535 http://wahoo.no-ip.org @ http://counter.li.org HOG # US1244711 Photo Album: http://wahoo.no-ip.org/gallery2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Wednesday 2006-10-04 at 10:06 -0400, Patrick Shanahan wrote:
So, the command to execute from a script on my laptot is rcntp restart .. is there anyway to associate that with the wireless network coming up, so that I don't have to do this extra little step each time?
start a script via /etc/init.d/boot.local containing a loop that checks for an internet connection every (?) minute and starts 'rcntpd start' when successful.
Or in this case, start a cron job running ntpdate periodically - I mean every fifteen minutes or so. If at that moment there is a network, it will sync. There is little or no point in running ntp if there is no _permanent_ network connection. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFFI8lytTMYHG2NR9URAupwAJ9XmcRip/Gir81/0yUfUpfxdVFU7ACeIygB Jfu+/1EyXfYX3dkD7xuoFYg= =UwLx -----END PGP SIGNATURE-----
On 10/4/06, Carlos E. R.
Or in this case, start a cron job running ntpdate periodically - I mean every fifteen minutes or so. If at that moment there is a network, it will sync. There is little or no point in running ntp if there is no _permanent_ network connection.
a cron job sounds like another good way to go. I heartily disagree with your judgement in the last line ... it seems to me patently ridiculous that my laptop has to have inaccurate time just because it is not permantly network connected -- my computer is my watch basically. It seems like a simple, normal, regular request. It seems like it should not be so hard to do. Now, I have a couple different methods for doing it, so once I figure out how to do either one, I'm set. Thanks again, all ... for the help. Peter
* Peter Van Lone
I heartily disagree with your judgement in the last line ... it seems to me patently ridiculous that my laptop has to have inaccurate time just because it is not permantly network connected -- my computer is my watch basically.
You have taken Carlos' statement out of context and made it infer something entirely different. An every 15 minute attempt to update system time via ntpdate will keep your system time ~accurate for the conditions you present and is probably better usage than ntpd. -- Patrick Shanahan Registered Linux User #207535 http://wahoo.no-ip.org @ http://counter.li.org HOG # US1244711 Photo Album: http://wahoo.no-ip.org/gallery2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Wednesday 2006-10-04 at 09:54 -0500, Peter Van Lone wrote:
On 10/4/06, Carlos E. R. wrote:
Or in this case, start a cron job running ntpdate periodically - I mean every fifteen minutes or so. If at that moment there is a network, it will sync. There is little or no point in running ntp if there is no _permanent_ network connection.
a cron job sounds like another good way to go. I heartily disagree with your judgement in the last line ... it seems to me patently ridiculous that my laptop has to have inaccurate time just because it is not permantly network connected -- my computer is my watch basically.
It seems like a simple, normal, regular request. It seems like it should not be so hard to do. Now, I have a couple different methods for doing it, so once I figure out how to do either one, I'm set.
Er... you misinterpreted me. First, you can keep accurate time by using ntpdate only once a day: I did it that way for years, and the error was a second or two at the end of day: the same as a hand watch. Programming a query interval of fifteen minutes is just for the purpose of ensuring that at least some of the queries fall inside a connected window. Second, I said: «there is little or no point in running ntpd if there is no _permanent_ network connection». This is simply a technical requirement of the ntp daemon, not a judgment. It has to query the time at unknown moments (unknown for us), and having no network when it needs it means it will not work. Notice that it keeps the clock accurate up to about 0.01 S. In other words, ntpd is designed for machines with permanent network connections. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFFJAVXtTMYHG2NR9URAtrVAKCNihIX53UEpXFDEV6/k6uV0LSYuwCfQdmM 3lIQi+T4U1yJTREiFIlIRI4= =RjYW -----END PGP SIGNATURE-----
On Wednesday 04 October 2006 20:02, Carlos E. R. wrote:
In other words, ntpd is designed for machines with permanent network connections.
At the risk of turning this thread circular, ... Even though that's true, what is the reason _not_ to start ntpd (rcntp start) just after a network connection is started, and stop it again just before the network connection is shut down? (Forgive my ignorance, but) does 'rcntp start' effectively perform an 'ntpdate' command, then start ntpd? If so, then simply issuing the 'rcntp stop/start' commands from the NetworkManager applet when the link(s) go up and down would seem ideal for machines with intermittent network connectivity. If not, then first calling 'ntpdate', followed by 'rcntp start' when a link comes up, and 'rcntp stop' before closing a link, would work? KNetworkManager allows commands to be run at "Link Up" and "Link Down", so why not do it there? What are the security implications of making the rcntp script suid root? Hmm, .....
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Wednesday 2006-10-04 at 21:04 +0100, William Gallafent wrote:
On Wednesday 04 October 2006 20:02, Carlos E. R. wrote:
In other words, ntpd is designed for machines with permanent network connections.
At the risk of turning this thread circular, ...
Even though that's true, what is the reason _not_ to start ntpd (rcntp start) just after a network connection is started, and stop it again just before the network connection is shut down?
It is possible, of course, but ntpd may not have time to complete its job.
(Forgive my ignorance, but) does 'rcntp start' effectively perform an 'ntpdate' command, then start ntpd?
That's what it does, in fact. You can also call "rcntp ntptimeset", it does the same as "ntpdate" but reading the config file ntpd uses. Let me try to clarify things. The ntp daemon does quite more than checking the time periodically and adjust the system time; if it did, your approach would be correct. More or less, it checks the time, adjust the clock speed so that it slowly gets in sync with the real time out there, and then adjust the speed back again so that it maintains in sync from then on, but doing continuous adjustments as soon as it detects a difference. Lets us make an educated guess, and think out what will happen if the network connectivity is intermittent (I haven't studied the code). Suppose the system clock is slow. There is network, so ntpd adjusts it to go faster instead, till it catches; then the network goes off, and... what? The daemon can't know when it catches the real time and thus when to slow it a bit. If the daemon has been running for sufficient time (days) it will know what is the exact adjustment the clock needs and leave it there hopping for the best, till it can read outside time again. If it doesn't know the needed factor, it will probably leave the original value and exit after trying for a while. As I said, this is an educated guess, but I bet you my stipulated amount for sure things (two cents) that the above scenario is correct :-)
KNetworkManager allows commands to be run at "Link Up" and "Link Down", so why not do it there? What are the security implications of making the rcntp script suid root? Hmm, .....
Scripts can not be made suid, I understand. Or if they can they don't work. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFFJD/xtTMYHG2NR9URAiQoAJwPI5XbTEdRpXB/bcy2TF2ok1n6bACfdOTP 5pDJwIFA26IVkNnC+VrRlC4= =5ql4 -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Wednesday 2006-10-04 at 08:19 -0500, Peter Van Lone wrote:
Then take a look at your /etc/ntp.conf with your favorite editor. As Carl mentioned its a simple file, and more easily managed at the command line than thru yast.
I don't understand why you would not want/expect YAST to work. Seems to me that if the distro provides a management tool, then it should do it's job.
If it works, good. If it doesn't, find another way, or report the problem in bugzilla and wait till its solved. Months? Dunno, I've never used that yast module but once, to see what it could do. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFFI8pYtTMYHG2NR9URAgeJAJ9KPykWJklf1wBYgHvPEIywQ8VFNACdEZ+F ++WJFCnU9aJrOZkrZfUOGRM= =amkq -----END PGP SIGNATURE-----
On Wed, October 4, 2006 7:51 am, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Wednesday 2006-10-04 at 08:19 -0500, Peter Van Lone wrote:
Then take a look at your /etc/ntp.conf with your favorite editor. As Carl mentioned its a simple file, and more easily managed at the command line than thru yast.
I don't understand why you would not want/expect YAST to work. Seems to me that if the distro provides a management tool, then it should do it's job.
If it works, good. If it doesn't, find another way, or report the problem in bugzilla and wait till its solved. Months? Dunno, I've never used that yast module but once, to see what it could do.
Never use anything but yast for my ntp settings. I couln't even tell you there was a .conf file. Works perfectly on every machine I setup. (On the laptop I don't have ntpd running typically, however. I will start it once a month or so, when I think about it, just to make sure the clock is more-or-less correct.) -- Kai Ponte www.perfectreign.com || www.4thedadz.com remember - a turn signal is a statement, not a request
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2006-10-02 at 20:07 -0800, John Andersen wrote:
Most ISPs supply an ntp server. Just ping ntp.yourisp.net/com to find out.
Let's see :-) cer@nimrodel:~> ping ntp.telefonica.net ping: unknown host ntp.telefonica.net cer@nimrodel:~> ping ntp.tiscali.es ping: unknown host ntp.tiscali.es cer@nimrodel:~> ping ntp.wanadoo.es ping: unknown host ntp.wanadoo.es cer@nimrodel:~> ping ntp.teleline.es ping: unknown host ntp.teleline.es cer@nimrodel:~> ping ntp.terra.es ping: unknown host ntp.terra.es cer@nimrodel:~> ping ntp.ono.es ping: unknown host ntp.ono.es cer@nimrodel:~> ping ntp.retevision.es ping: unknown host ntp.retevision.es cer@nimrodel:~> ping ntp.auna.es ping: unknown host ntp.auna.es cer@nimrodel:~> ping ntp.madritel.es ping: unknown host ntp.madritel.es All of them are important ISPs here. As so often, things are different in your part of the world and mine. But: cer@nimrodel:~> ping ntp.tiscali.it PING www.tiscali.it (213.205.32.10) 56(84) bytes of data. --- www.tiscali.it ping statistics --- 41 packets transmitted, 0 received, 100% packet loss, time 40150ms
Most EDU domains also have one.
I know there are stratum 1 servers here in the university and investigation network, but they are not listed at http://ntp.isc.org/bin/view/Servers/StratumOneTimeServers. I found it per chance yesterday.
- -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFFIj9BtTMYHG2NR9URAlcFAJ9uXEw/tYa0rbdBUOHkuR4pMGU8cwCfQ1MO rRQQGlXefmby90JduVqT5Xg= =DQE5 -----END PGP SIGNATURE-----
Would one of you please post the text of your /etc/ntpd.conf and /etc/ntp.conf file so I can see what I erased? I lost my localhost entry. Thanks, Fred "Oops" Fumblefingers
Stevens wrote:
Would one of you please post the text of your /etc/ntpd.conf and /etc/ntp.conf file so I can see what I erased? I lost my localhost entry.
server 127.127.1.0 # local clock (LCL) fudge 127.127.1.0 stratum 10 # LCL is unsynchronized server <server> driftfile /var/lib/ntp/drift/ntp.drift # path for drift file logfile /var/log/ntp # alternate log file logconfig =syncall +clockall +peerall +sysall /Per Jessen, Zürich
From /var/log/ntp: ntpd exiting on signal 15 If I read it right, that is a SIGTERM, but does that mean the process terminated early or did it complete then was terminated?
On Monday 02 October 2006 17:31, Stevens wrote:
From /var/log/ntp: ntpd exiting on signal 15
If I read it right, that is a SIGTERM, but does that mean the process terminated early or did it complete then was terminated?
The page http://www.novell.com/coolsolutions/feature/15345.html lists a "healthy /var/log/ntp" and that shows this message, too... Daniel -- Daniel Bauer photographer Basel Switzerland professional photography: http://www.daniel-bauer.com Madagascar special: http://www.sanic.ch
On Monday 02 October 2006 11:37, Daniel Bauer wrote: <snip>
The page http://www.novell.com/coolsolutions/feature/15345.html lists a "healthy /var/log/ntp" and that shows this message, too...
Great minds must think alike, Daniel. ;-) I was just about to refer the OP to the same page! Have you straightened out your configuration? Carl
On Monday 02 October 2006 10:37, Daniel Bauer wrote:
The page http://www.novell.com/coolsolutions/feature/15345.html lists a "healthy /var/log/ntp" and that shows this message, too...
Daniel --
Daniel, thanks for the link. My system is configured and working fine now.
Stevens wrote:
Would one of you please post the text of your /etc/ntpd.conf and /etc/ntp.conf file so I can see what I erased? I lost my localhost entry.
Thanks, Fred "Oops" Fumblefingers
Interesting thread. Although I think Daniel was worrying about something that was never a problem, it sure made for an educational / informative thread. :-) Fred, here's my ntp.conf as example for you. Hope that helps. restrict default noquery notrust nomodify restrict 127.0.0.1 restrict 192.168.1.0 mask 255.255.255.0 server 127.127.1.0 fudge 127.127.1.0 stratum 3 driftfile /var/lib/ntp/drift/ntp.drift logfile /var/log/ntp broadcastclient north-america.pool.ntp.org
On Monday 02 October 2006 04:11, Daniel Bauer wrote:
Output of xntpdc is:
ntpdc> peer remote local st poll reach delay offset disp ======================================================================= =LOCAL(0) 127.0.0.1 10 64 377 0.00000 0.000000 0.03087 *swisstime.ee.et 192.168.2.2 2 1024 377 0.02505 0.009517 0.11856 ntpdc>
(I must confess that I have not the slightest idea what these messages want to tell me, and I havn't found out in xntp_doc...)
Its telling you that you are synced with swisstime.ee.et. That's what the asterisk means. The IP id YOUR interface (nic) through which it accesses swisstime.ee.et. So, All is well. http://www.ntp.org/ http://ntp.isc.org/bin/view/Support/WebHome A ver good FAQ: http://www.ntp.org/ntpfaq/NTP-a-faq.htm Configuring: http://www.ntp.org/ntpfaq/NTP-s-config.htm#AEN2565 Whyshould you have more than one clock http://www.ntp.org/ntpfaq/NTP-s-algo-real.htm#Q-NTP-ALGO -- _____________________________________ John Andersen
participants (13)
-
Carl Hartung
-
Carlos E. R.
-
Daniel Bauer
-
John
-
John Andersen
-
M Harris
-
Patrick Shanahan
-
Per Jessen
-
PerfectReign
-
Peter Van Lone
-
Stan Glasoe
-
Stevens
-
William Gallafent