Suse linux enterprise ntp

The NTP (network time protocol) mechanism is a protocol for synchronizing the system time over the network. First, a machine can obtain the time from a server that is a reliable time source. Second, a machine can itself act as a time source for other computers in the network. The goal is twofold—maintaining the absolute time and synchronizing the system time of all machines within a network.

Maintaining an exact system time is important in many situations. The built-in hardware (BIOS) clock does often not meet the requirements of applications such as databases or clusters. Manual correction of the system time would lead to severe problems because, for example, a backward leap can cause malfunction of critical applications. Within a network, it is usually necessary to synchronize the system time of all machines, but manual time adjustment is a bad approach. NTP provides a mechanism to solve these problems. The NTP service continuously adjusts the system time with the help of reliable time servers in the network. It further enables the management of local reference clocks, such as radio-controlled clocks.

13.1. Configuring an NTP Client with YaST ¶

The NTP daemon ( ntpd ) coming with the ntp package is preset to use the local computer clock as a time reference. Using the (BIOS) clock, however, only serves as a fallback for cases where no time source of better precision is available. YaST facilitates the configuration of an NTP client.

13.1.1. Basic Configuration ¶

The YaST NTP client configuration ( Network Services + NTP Configuration ) consists of tabs. Set the start mode of ntpd and the server to query on the General Settings tab.

Рисунок 13.1. Advanced NTP Configuration: General Settings ¶

Select Only Manually , if you want to configure everything on your own.

Synchronize without Daemon

On laptops and other machines that suspend automatically, select Synchronize without Daemon . Using this mode, YaST does not start ntpd on the local machine for synchronizing. Instead YaST creates a crontab entry ( /etc/cron.d/novell.ntp-synchronize ) that checks the time with the time server as specified in the Interval of the Synchronization in Minutes field. For more information about cron, see Раздел 7.1.2, «The cron Package».

Now and On Boot

Select Now and On Boot to start ntpd automatically when the system is booted. Either of 0.opensuse.pool.ntp.org , 1.opensuse.pool.ntp.org , 2.opensuse.pool.ntp.org , or 3.opensuse.pool.ntp.org is pre-selected.

13.1.2. Changing Basic Configuration ¶

The servers and other time sources for the client to query are listed in the lower part of the General Settings tab. Modify this list as needed with Add , Edit , and Delete . Display Log provides the possibility to view the log files of your client.

Click Add to add a new source of time information. In the following dialog, select the type of source with which the time synchronization should be made. The following options are available:

Рисунок 13.2. YaST: NTP Server ¶

In the pull-down Select list (see Рисунок 13.2, «YaST: NTP Server», determine whether to set up time synchronization using a time server from your local network ( Local NTP Server ) or an Internet-based time server that takes care of your time zone ( Public NTP Server ). For a local time server, click Lookup to start an SLP query for available time servers in your network. Select the most suitable time server from the list of search results and exit the dialog with OK . For a public time server, select your country (time zone) and a suitable server from the list under Public NTP Server then exit the dialog with OK . In the main dialog, test the availability of the selected server with Test .

Another dialog enables you to select an NTP server. Activate Use for Initial Synchronization to trigger the synchronization of the time information between the server and the client when the system is booted. Options allows you to specify additional options for ntpd .

Using Access Control Options , you can restrict the actions that the remote computer can perform with the daemon running on your computer. This field is enabled only after checking Restrict NTP Service to Configured Servers Only on the Security Settings tab (see Рисунок 13.3, «Advanced NTP Configuration: Security Settings»). The options correspond to the restrict clauses in /etc/ntp.conf . For example, nomodify notrap noquery disallows the server to modify NTP settings of your computer and to use the trap facility (a remote event logging feature) of your NTP daemon. Using these restrictions is recommended for servers out of your control (for example, on the Internet).

Refer to /usr/share/doc/packages/ntp-doc (part of the ntp-doc package) for detailed information.

A peer is a machine to which a symmetric relationship is established: it acts both as a time server and as a client. To use a peer in the same network instead of a server, enter the address of the system. The rest of the dialog is identical to the Server dialog.

To use a radio clock in your system for the time synchronization, enter the clock type, unit number, device name, and other options in this dialog. Click Driver Calibration to fine-tune the driver. Detailed information about the operation of a local radio clock is available in /usr/share/doc/packages/ntp-doc/refclock.html .

Time information and queries can also be transmitted by broadcast in the network. In this dialog, enter the address to which such broadcasts should be sent. Do not activate broadcasting unless you have a reliable time source like a radio controlled clock.

If you want your client to receive its information via broadcast, enter the address from which the respective packets should be accepted in this fields.

Рисунок 13.3. Advanced NTP Configuration: Security Settings ¶

In the Security Settings tab (see Рисунок 13.3, «Advanced NTP Configuration: Security Settings»), determine whether ntpd should be started in a chroot jail. By default, Run NTP Daemon in Chroot Jail is activated. This increases the security in the event of an attack over ntpd, as it prevents the attacker from compromising the entire system.

Restrict NTP Service to Configured Servers Only increases the security of your system by disallowing remote computers to view and modify NTP settings of your computer and to use the trap facility for remote event logging. Once enabled, these restrictions apply to all remote computers, unless you override the access control options for individual computers in the list of time sources in the General Settings tab. For all other remote computers, only querying for local time is allowed.

Enable Open Port in Firewall if SuSEfirewall2 is active (which it is by default). If you leave the port closed, it is not possible to establish a connection to the time server.

13.2. Manually Configuring ntp in the Network ¶

The easiest way to use a time server in the network is to set server parameters. For example, if a time server called ntp.example.com is reachable from the network, add its name to the file /etc/ntp.conf by adding the following line:

To add more time servers, insert additional lines with the keyword server . After initializing ntpd with the command rcntp start , it takes about one hour until the time is stabilized and the drift file for correcting the local computer clock is created. With the drift file, the systematic error of the hardware clock can be computed as soon as the computer is powered on. The correction is used immediately, resulting in a higher stability of the system time.

There are two possible ways to use the NTP mechanism as a client: First, the client can query the time from a known server in regular intervals. With many clients, this approach can cause a high load on the server. Second, the client can wait for NTP broadcasts sent out by broadcast time servers in the network. This approach has the disadvantage that the quality of the server is unknown and a server sending out wrong information can cause severe problems.

If the time is obtained via broadcast, you do not need the server name. In this case, enter the line broadcastclient in the configuration file /etc/ntp.conf . To use one or more known time servers exclusively, enter their names in the line starting with servers .

13.3. Dynamic Time Synchronization at Runtime ¶

If the system boots without network connection, ntpd starts up, but it cannot resolve DNS names of the time servers set in the configuration file. This can happen if you use Network Manager with an encrypted WLAN.

If you want ntpd to resolve DNS names at runtime, you must set the dynamic option. Then, when the network is establish some time after booting, ntpd looks up the names again and can reach the time servers to get the time.

Manually edit /etc/ntp.conf and add dynamic to one or more server entries:

Or use YaST and proceed as follows:

In YaST click Network Services + NTP Configuration .

Select the server you want to configure. Then click Edit .

Activate the Options field and add dynamic . Separate it with a space, if there are already other options entered.

Click Ok to close the edit dialog. Repeat the previous step to change all servers as wanted.

Finally click Ok to save the settings.

13.4. Setting Up a Local Reference Clock ¶

The software package ntp contains drivers for connecting local reference clocks. A list of supported clocks is available in the ntp-doc package in the file /usr/share/doc/packages/ntp-doc/refclock.html . Every driver is associated with a number. In ntp, the actual configuration takes place by means of pseudo IP addresses. The clocks are entered in the file /etc/ntp.conf as though they existed in the network. For this purpose, they are assigned special IP addresses in the form 127.127. t . u . Here, t stands for the type of the clock and determines which driver is used and u for the unit, which determines the interface used.

Normally, the individual drivers have special parameters that describe configuration details. The file /usr/share/doc/packages/ntp-doc/drivers/driver NN .html (where NN is the number of the driver) provides information about the particular type of clock. For example, the « type 8 » clock (radio clock over serial interface) requires an additional mode that specifies the clock more precisely. The Conrad DCF77 receiver module, for example, has mode 5. To use this clock as a preferred reference, specify the keyword prefer . The complete server line for a Conrad DCF77 receiver module would be:

Источник

Suse linux enterprise ntp

The NTP (network time protocol) mechanism is a protocol for synchronizing the system time over the network. First, a machine can obtain the time from a server that is a reliable time source. Second, a machine can itself act as a time source for other computers in the network. The goal is twofoldвЂ”maintaining the absolute time and synchronizing the system time of all machines within a network.

Maintaining an exact system time is important in many situations. The built-in hardware clock does often not meet the requirements of applications such as databases or clusters. Manual correction of the system time would lead to severe problems because, for example, a backward leap can cause malfunction of critical applications. Within a network, it is usually necessary to synchronize the system time of all machines, but manual time adjustment is a bad approach. NTP provides a mechanism to solve these problems. The NTP service continuously adjusts the system time with reliable time servers in the network. It further enables the management of local reference clocks, such as radio-controlled clocks.

Since SUSE Linux Enterprise Server 15, chrony is the default implementation of NTP. chrony includes two parts; chronyd is a daemon that can be started at boot time and chronyc is a command line interface program to monitor the performance of chronyd , and to change various operating parameters at runtime.

31.1 Configuring an NTP Client with YaST #Edit source

The NTP daemon ( chronyd ) coming with the chrony package is preset to use the local computer hardware clock as a time reference. The precision of a hardware clock heavily depends on its time source. For example, an atomic clock or GPS receiver is a very precise time source, while a common RTC chip is not a reliable time source. YaST simplifies the configuration of an NTP client.

In the YaST NTP client configuration ( Network Services В вЂєВ NTP Configuration ) window, you can specify when to start the NTP daemon, the type of the configuration source, and add custom time servers.

Источник

Suse linux enterprise ntp

The NTP (network time protocol) mechanism is a protocol for synchronizing the system time over the network. First, a machine can obtain the time from a server that is a reliable time source. Second, a machine can itself act as a time source for other computers in the network. The goal is twofoldвЂ”maintaining the absolute time and synchronizing the system time of all machines within a network.

25.1 Configuring an NTP Client with YaST #Edit source

The NTP daemon ( ntpd ) coming with the ntp package is preset to use the local computer clock as a time reference. Using the hardware clock, however, only serves as a fallback for cases where no time source of better precision is available. YaST simplifies the configuration of an NTP client.

25.1.1 Basic Configuration #Edit source

The YaST NTP client configuration ( Network Services В вЂєВ NTP Configuration ) consists of tabs. Set the start mode of ntpd and the server to query on the General Settings tab.

Select Only Manually , if you want to manually start the ntpd daemon.

Synchronize without Daemon

Select Synchronize without Daemon to set the system time periodically without a permanently running ntpd . You can set the Interval of the Synchronization in Minutes .

Now and On Boot

Select Now and On Boot to start ntpd automatically when the system is booted. This setting is recommended.

25.1.2 Changing Basic Configuration #Edit source

Click Add to add a new source of time information. In the following dialog, select the type of source with which the time synchronization should be made. The following options are available:

FigureВ 25.1: YaST: NTP Server #

In the drop-down Select list (see FigureВ 25.1, вЂњYaST: NTP ServerвЂќ), determine whether to set up time synchronization using a time server from your local network ( Local NTP Server ) or an Internet-based time server that takes care of your time zone ( Public NTP Server ). For a local time server, click Lookup to start an SLP query for available time servers in your network. Select the most suitable time server from the list of search results and exit the dialog with OK . For a public time server, select your country (time zone) and a suitable server from the list under Public NTP Server then exit the dialog with OK . In the main dialog, test the availability of the selected server with Test . Options allows you to specify additional options for ntpd .

Using Access Control Options , you can restrict the actions that the remote computer can perform with the daemon running on your computer. This field is enabled only after checking Restrict NTP Service to Configured Servers Only on the Security Settings tab (see FigureВ 25.2, вЂњAdvanced NTP Configuration: Security SettingsвЂќ). The options correspond to the restrict clauses in /etc/ntp.conf . For example, nomodify notrap noquery disallows the server to modify NTP settings of your computer and to use the trap facility (a remote event logging feature) of your NTP daemon. Using these restrictions is recommended for servers out of your control (for example, on the Internet).

Refer to /usr/share/doc/packages/ntp-doc (part of the ntp-doc package) for detailed information.

If you want your client to receive its information via broadcast, enter the address from which the respective packets should be accepted in this fields.

FigureВ 25.2: Advanced NTP Configuration: Security Settings #

In the Security Settings tab (see FigureВ 25.2, вЂњAdvanced NTP Configuration: Security SettingsвЂќ), determine whether ntpd should be started in a chroot jail. By default, Run NTP Daemon in Chroot Jail is not activated. The chroot jail option increases the security in the event of an attack over ntpd , as it prevents the attacker from compromising the entire system.

Restrict NTP Service to Configured Servers Only increases the security of your system by disallowing remote computers to view and modify NTP settings of your computer and to use the trap facility for remote event logging. After being enabled, these restrictions apply to all remote computers, unless you override the access control options for individual computers in the list of time sources in the General Settings tab. For all other remote computers, only querying for local time is allowed.

Enable Open Port in Firewall if SuSEFirewall2 is active (which it is by default). If you leave the port closed, it is not possible to establish a connection to the time server.

25.2 Manually Configuring NTP in the Network #Edit source

To add more time servers, insert additional lines with the keyword server . After initializing ntpd with the command systemctl start ntp , it takes about one hour until the time is stabilized and the drift file for correcting the local computer clock is created. With the drift file, the systematic error of the hardware clock can be computed when the computer is powered on. The correction is used immediately, resulting in a higher stability of the system time.

25.3 Setting Up a Local Reference Clock #Edit source

The software package ntpd contains drivers for connecting local reference clocks. A list of supported clocks is available in the ntp-doc package in the file /usr/share/doc/packages/ntp-doc/refclock.html . Every driver is associated with a number. In NTP, the actual configuration takes place by means of pseudo IP addresses. The clocks are entered in the file /etc/ntp.conf as though they existed in the network. For this purpose, they are assigned special IP addresses in the form 127.127. T. U . Here, T stands for the type of the clock and determines which driver is used and U for the unit, which determines the interface used.

Normally, the individual drivers have special parameters that describe configuration details. The file /usr/share/doc/packages/ntp-doc/drivers/driver NN.html (where NN is the number of the driver) provides information about the particular type of clock. For example, the вЂњ typeВ 8 вЂќ clock (radio clock over serial interface) requires an additional mode that specifies the clock more precisely. The Conrad DCF77 receiver module, for example, has modeВ 5. To use this clock as a preferred reference, specify the keyword prefer . The complete server line for a Conrad DCF77 receiver module would be:

Other clocks follow the same pattern. Following the installation of the ntp-doc package, the documentation for NTP is available in the directory /usr/share/doc/packages/ntp-doc . The file /usr/share/doc/packages/ntp-doc/refclock.html provides links to the driver pages describing the driver parameters.

25.4 Clock Synchronization to an External Time Reference (ETR) #Edit source

Support for clock synchronization to an external time reference (ETR) is available. The external time reference sends an oscillator signal and a synchronization signal every 2**20 (2 to the power of 20) microseconds to keep TOD clocks of all connected servers synchronized.

For availability two ETR units can be connected to a machine. If the clock deviates for more than the sync-check tolerance all CPUs get a machine check that indicates that the clock is out of sync. If this happens, all DASD I/O to XRC enabled devices is stopped until the clock is synchronized again.

The ETR support is activated via two sysfs attributes; run the following commands as root :

Источник