From: Paul D. D. <pde...@ix...> - 2013-07-24 19:55:32
|
When I enabled more systemd journal output for some other purpose, I noticed that I was getting occasional messages ntpd_intres[1644]: host name not found: time.server.example.com I figured, oh, that's another default config file that one is supposed to edit before the thing will actually work. It didn't take long to find /etc/ntp.conf, which contains the following: # This obtains a random server which will be close # (in IP terms) to the machine. Add other servers # as required, or change this. server time.server.example.com One would think that "time.server.example.com" is just some placeholder, but the preceding comment suggest that it is some magic name that makes the server do something fancy. So I tried changing it to the name of a real time server, by looking up a nearby one on the web and entering its name. Ten minutes later, my NTP server died: Jan 01 10:39:48 overo systemd[1]: ntpd.service: main process exited, code=exited, status=255/n/a Jan 01 10:39:48 overo systemd[1]: Unit ntpd.service entered failed state I tried a different server and restarted the service. Same result. When I first restarted the service, after editing the file, I got this: systemd[1]: Stopping Network Time Service... ntpd_intres[1644]: ntpd exiting on signal 15 ntpd[1642]: ntpd exiting on signal 15 systemd[1]: Starting Network Time Service... systemd[1]: PID 1642 read from file /run/ntpd.pid does not exist. ntpd[1790]: ntpd 4.2.6p5@1.2349 Fri Jul 19 18:43:50 UTC 2013 (2) so obviously it knew what time it was then. It continued spewing journal messages: ntpd[1791]: proto: precision = 30.517 usec ntpd[1791]: Listen and drop on 0 v4wildcard 0.0.0.0 UDP 123 ntpd[1791]: Listen and drop on 1 v6wildcard :: UDP 123 ntpd[1791]: Listen normally on 2 lo 127.0.0.1 UDP 123 ntpd[1791]: Listen normally on 3 eth0 192.168.123.139 UDP 123 ntpd[1791]: Listen normally on 4 lo ::1 UDP 123 ntpd[1791]: peers refreshed ntpd[1791]: Listening on routing socket on fd #21 for interface updates systemd[1]: Started Network Time Service. systemctl status ntpd | more ntpd.service - Network Time Service Loaded: loaded (/lib/systemd/system/ntpd.service; enabled) Active: active (running) since Sat, 2000-01-01 09:58:28 UTC; 32s ago Process: 1790 ExecStart=/usr/bin/ntpd -p /run/ntpd.pid (code=exited, status=0/SUCCESS) Main PID: 1791 (ntpd) CGroup: name=systemd:/system/ntpd.service In other words, when it finshed starting the service, it had reset the clock to the start of 2000. Why would it do that? Doesn't the Overo have an RTC that keeps reasonable time even in the absence of any NTP connection to the outside world? So is "time.server.example.com" really a code for "find me a server automagically"? I googled that string and didn't come up with anything but a copy of the /etc/ntp.conf file itself. If it is, then why is it outputting error messages every ten minutes? More to the point, am I supposed to do something with /etc/ntp.conf, or just leave it the way it is in the standard build? -- Ciao, Paul D. DeRocco Paul mailto:pde...@ix... |
From: Andy W. <an...@si...> - 2013-07-25 12:33:45
|
On Wed, 2013-07-24 at 12:55 -0700, Paul D. DeRocco wrote: > When I enabled more systemd journal output for some other purpose, I noticed > that I was getting occasional messages > > ntpd_intres[1644]: host name not found: time.server.example.com > > I figured, oh, that's another default config file that one is supposed to > edit before the thing will actually work. It didn't take long to find > /etc/ntp.conf, which contains the following: > > # This obtains a random server which will be close > # (in IP terms) to the machine. Add other servers > # as required, or change this. > server time.server.example.com > > One would think that "time.server.example.com" is just some placeholder, but > the preceding comment suggest that it is some magic name that makes the > server do something fancy. So I tried changing it to the name of a real time > server, by looking up a nearby one on the web and entering its name. Ten > minutes later, my NTP server died: > > Jan 01 10:39:48 overo systemd[1]: ntpd.service: main process exited, > code=exited, status=255/n/a > Jan 01 10:39:48 overo systemd[1]: Unit ntpd.service entered failed state > > I tried a different server and restarted the service. Same result. ntpd will panic if the time servers have a large offset (1000 seconds) from the local clock. It's ntp's way of telling you, "Fix your clock, I'm not going to guess who's right and who's wrong and what NTP epoch we're in." Also, if the offset is more than 4 hours, not even the -g or -q flags to ntpd or the 'tinker panic 0' configuration line will work to set the clock. > When I first restarted the service, after editing the file, I got this: > > systemd[1]: Stopping Network Time Service... > ntpd_intres[1644]: ntpd exiting on signal 15 > ntpd[1642]: ntpd exiting on signal 15 > systemd[1]: Starting Network Time Service... > systemd[1]: PID 1642 read from file /run/ntpd.pid does not exist. > ntpd[1790]: ntpd 4.2.6p5@1.2349 Fri Jul 19 18:43:50 UTC 2013 (2) > > so obviously it knew what time it was then. It continued spewing journal > messages: Are you sure? Or is that the date and time ntpd was built? > ntpd[1791]: proto: precision = 30.517 usec > ntpd[1791]: Listen and drop on 0 v4wildcard 0.0.0.0 UDP 123 > ntpd[1791]: Listen and drop on 1 v6wildcard :: UDP 123 > ntpd[1791]: Listen normally on 2 lo 127.0.0.1 UDP 123 > ntpd[1791]: Listen normally on 3 eth0 192.168.123.139 UDP 123 > ntpd[1791]: Listen normally on 4 lo ::1 UDP 123 > ntpd[1791]: peers refreshed > ntpd[1791]: Listening on routing socket on fd #21 for interface updates > systemd[1]: Started Network Time Service. > systemctl status ntpd | more > ntpd.service - Network Time Service > Loaded: loaded (/lib/systemd/system/ntpd.service; enabled) > Active: active (running) since Sat, 2000-01-01 09:58:28 UTC; 32s > ago > Process: 1790 ExecStart=/usr/bin/ntpd -p /run/ntpd.pid > (code=exited, status=0/SUCCESS) > Main PID: 1791 (ntpd) > CGroup: name=systemd:/system/ntpd.service > > In other words, when it finshed starting the service, it had reset the clock > to the start of 2000. Why would it do that? ntpd will never jump the clock by more than 4 hours, even if you tell it a one time large jump is OK. Comments from the Dr. Mills on the matter: http://lists.ntp.org/pipermail/bugs/2005-August/002443.html > Doesn't the Overo have an RTC > that keeps reasonable time even in the absence of any NTP connection to the > outside world? You need an initial proper clock setting. If you need it automatically set after power up then you can: 1. install a battery (the Gumstix TOBI boards have a battery holder) or 2. get the correct time from another source, like a GPS, and use 'date' or settimeofday() to set the system time. > So is "time.server.example.com" really a code for "find me a server > automagically"? No. It's probably in the default file so that millions of misconfigured embedded devices don't DoS the time servers. http://pages.cs.wisc.edu/~plonka/netgear-sntp/ > I googled that string and didn't come up with anything but a > copy of the /etc/ntp.conf file itself. If it is, then why is it outputting > error messages every ten minutes? If you are fielding a product with a non-user-configurable timeserver, take a look at: http://www.pool.ntp.org/en/vendors.html If not, then use time.nist.gov if in the US: http://tf.nist.gov/tf-cgi/servers.cgi > More to the point, am I supposed to do something with /etc/ntp.conf, or just > leave it the way it is in the standard build? It's useless, if you leave it alone. I also believe the line restrict default leaves UDP port 123 for IPv4 and IPv6 pretty wide open for external machines to connect to your ntpd daemon using (ntpdc and ntpq) and muck with it. Regards, Andy |
From: Paul D. D. <pde...@ix...> - 2013-07-25 16:26:41
|
> From: Andy Walls [mailto:an...@si...] > > ntpd will never jump the clock by more than 4 hours, even if > you tell it > a one time large jump is OK. > > Comments from the Dr. Mills on the matter: > http://lists.ntp.org/pipermail/bugs/2005-August/002443.html Your explanation seems to match the reality. I've configured in the pool.dtp.org addresses (this is a prototype at this point), and everything seems to be fine. -- Ciao, Paul D. DeRocco Paul mailto:pde...@ix... |
From: Scott E. <sc...@ju...> - 2013-07-25 14:05:56
|
Hi Andy, > ntpd will never jump the clock by more than 4 hours, even if you tell it > a one time large jump is OK. I'm not doubting that is what the manual says, but on my Gumstix/Beaglebone systems, none with battery backup and often left unpowered for days, when they start up I always get a good system time set from ntpd (I'm assuming). ntpd is started with the -g flag. Example root@duo1:/var/volatile/log# grep ntp messages Dec 31 19:00:00 duo1 daemon.notice ntpd[601]: proto: precision = 30.517 usec Dec 31 19:00:00 duo1 daemon.debug ntpd[601]: ntp_io: estimated max descriptors: 1024, initial socket boundary: 16 Dec 31 19:00:00 duo1 daemon.info ntpd[601]: Listen and drop on 0 v4wildcard 0.0.0.0 UDP 123 Dec 31 19:00:00 duo1 daemon.info ntpd[601]: Listen and drop on 1 v6wildcard :: UDP 123 Dec 31 19:00:00 duo1 daemon.info ntpd[601]: Listen normally on 2 lo 127.0.0.1 UDP 123 Dec 31 19:00:00 duo1 daemon.info ntpd[601]: Listen normally on 3 eth0 192.168.10.110 UDP 123 Dec 31 19:00:00 duo1 daemon.info ntpd[601]: Listen normally on 4 lo ::1 UDP 123 Dec 31 19:00:00 duo1 daemon.info ntpd[601]: peers refreshed Dec 31 19:00:00 duo1 daemon.info ntpd[601]: Listening on routing socket on fd #21 for interface updates Dec 31 19:00:03 duo1 daemon.info ntpd[601]: Listen normally on 5 eth0 fe80::215:c9ff:fe28:fed5 UDP 123 Dec 31 19:00:03 duo1 daemon.info ntpd[601]: peers refreshed Dec 31 19:00:03 duo1 daemon.debug ntpd[601]: new interface(s) found: waking up resolver root@duo1:/var/volatile/log# tail -5 messages Dec 31 19:00:02 duo1 daemon.info avahi-daemon[617]: Service "duo1" (/services/sftp-ssh.service) successfully established. Dec 31 19:00:03 duo1 daemon.info ntpd[601]: Listen normally on 5 eth0 fe80::215:c9ff:fe28:fed5 UDP 123 Dec 31 19:00:03 duo1 daemon.info ntpd[601]: peers refreshed Dec 31 19:00:03 duo1 daemon.debug ntpd[601]: new interface(s) found: waking up resolver Jul 25 09:58:18 duo1 authpriv.notice login[642]: ROOT LOGIN on '/dev/ttyO2' root@duo1:/var/volatile/log# date Thu Jul 25 10:00:06 EDT 2013 root@duo1:/var/volatile/log# ps -w | grep ntpd 601 root 3400 S /usr/bin/ntpd -p /var/run/ntp.pid -g 654 root 2184 S grep ntpd root@duo1:/var/volatile/log# cat /etc/timestamp 200001010002 It could be the ntpd daemon is built from the meta-openembedded repo has the sanity limit is set to zero. The code is monstrous and I didn't feel like wading through it. -- View this message in context: http://gumstix.8.x6.nabble.com/NTP-time-server-tp4967590p4967596.html Sent from the Gumstix mailing list archive at Nabble.com. |
From: Miner, J. W (US SSA) <jon...@ba...> - 2013-07-25 14:48:11
|
-----Original Message----- From: Scott Ellis [mailto:sc...@ju...] Sent: Thursday, July 25, 2013 10:05 AM To: gum...@li... Subject: Re: [Gumstix-users] NTP time server Hi Andy, > ntpd will never jump the clock by more than 4 hours, even if you tell > it a one time large jump is OK. I'm not doubting that is what the manual says, but on my Gumstix/Beaglebone systems, none with battery backup and often left unpowered for days, when they start up I always get a good system time set from ntpd (I'm assuming). ntpd is started with the -g flag. ----------------------------------- According to the man page that is the expected behavior for -g "This option allows the time to be set to any value without restriction; however, this can happen only once." This is similar to the practice of running ntpdate to set the clock against an known stable time source, then running ntpd to keep the clocks in sync. - Jon |
From: Andy W. <an...@si...> - 2013-07-25 16:42:05
|
Hi Scott, On Thu, 2013-07-25 at 07:05 -0700, Scott Ellis wrote: > Hi Andy, > > > ntpd will never jump the clock by more than 4 hours, even if you tell it > > a one time large jump is OK. > > I'm not doubting that is what the manual says, but on my Gumstix/Beaglebone > systems, none with battery backup and often left unpowered for days, when > they start up I always get a good system time set from ntpd (I'm assuming). > > ntpd is started with the -g flag. Argh. Then I need to go back and take a harder look when using a sane reference clock peer. My problem was that I'm running gpsd locally as my preferred (and only non-PPS) reference clock peer, and my unit starts up with system time at 1 Jan 2000. So when gpsd starts reporting time to ntpd, the reports from gpsd via the shared memory clock driver have this: reftime = UTC from GPS (which is the correct time) recvdtime = system clock (which is 13 years in the past) ntpd looks at that mess and rejects the gpsd reference clock peer. I tracked it down to the clocktime() function in ntpd and its 4 hour window restriction. My fix was to write a small gpsd client that runs at start up that monitors for when gpsd has its first stable fix. It then set the system clock using settimeofday(), upon which gpsd will make sane reports to ntpd. (I still need to test it.) Regards, Andy |
From: Ash C. <ash...@gm...> - 2013-07-25 15:37:51
|
Thanks Andy. That was rather interesting reading---I now have a far better appreciation for ntp. So, should the gumstix repositories be setting a different default value for the NTP server? --Ash On Thu, Jul 25, 2013 at 5:33 AM, Andy Walls <an...@si...> wrote: > > > On Wed, 2013-07-24 at 12:55 -0700, Paul D. DeRocco wrote: >> When I enabled more systemd journal output for some other purpose, I noticed >> that I was getting occasional messages >> >> ntpd_intres[1644]: host name not found: time.server.example.com >> >> I figured, oh, that's another default config file that one is supposed to >> edit before the thing will actually work. It didn't take long to find >> /etc/ntp.conf, which contains the following: >> >> # This obtains a random server which will be close >> # (in IP terms) to the machine. Add other servers >> # as required, or change this. >> server time.server.example.com >> >> One would think that "time.server.example.com" is just some placeholder, but >> the preceding comment suggest that it is some magic name that makes the >> server do something fancy. So I tried changing it to the name of a real time >> server, by looking up a nearby one on the web and entering its name. Ten >> minutes later, my NTP server died: >> >> Jan 01 10:39:48 overo systemd[1]: ntpd.service: main process exited, >> code=exited, status=255/n/a >> Jan 01 10:39:48 overo systemd[1]: Unit ntpd.service entered failed state >> >> I tried a different server and restarted the service. Same result. > > ntpd will panic if the time servers have a large offset (1000 seconds) > from the local clock. It's ntp's way of telling you, "Fix your clock, > I'm not going to guess who's right and who's wrong and what NTP epoch > we're in." > > Also, if the offset is more than 4 hours, not even the -g or -q flags to > ntpd or the 'tinker panic 0' configuration line will work to set the > clock. > >> When I first restarted the service, after editing the file, I got this: >> >> systemd[1]: Stopping Network Time Service... >> ntpd_intres[1644]: ntpd exiting on signal 15 >> ntpd[1642]: ntpd exiting on signal 15 >> systemd[1]: Starting Network Time Service... >> systemd[1]: PID 1642 read from file /run/ntpd.pid does not exist. >> ntpd[1790]: ntpd 4.2.6p5@1.2349 Fri Jul 19 18:43:50 UTC 2013 (2) >> >> so obviously it knew what time it was then. It continued spewing journal >> messages: > > Are you sure? Or is that the date and time ntpd was built? > >> ntpd[1791]: proto: precision = 30.517 usec >> ntpd[1791]: Listen and drop on 0 v4wildcard 0.0.0.0 UDP 123 >> ntpd[1791]: Listen and drop on 1 v6wildcard :: UDP 123 >> ntpd[1791]: Listen normally on 2 lo 127.0.0.1 UDP 123 >> ntpd[1791]: Listen normally on 3 eth0 192.168.123.139 UDP 123 >> ntpd[1791]: Listen normally on 4 lo ::1 UDP 123 >> ntpd[1791]: peers refreshed >> ntpd[1791]: Listening on routing socket on fd #21 for interface updates >> systemd[1]: Started Network Time Service. >> systemctl status ntpd | more >> ntpd.service - Network Time Service >> Loaded: loaded (/lib/systemd/system/ntpd.service; enabled) >> Active: active (running) since Sat, 2000-01-01 09:58:28 UTC; 32s >> ago >> Process: 1790 ExecStart=/usr/bin/ntpd -p /run/ntpd.pid >> (code=exited, status=0/SUCCESS) >> Main PID: 1791 (ntpd) >> CGroup: name=systemd:/system/ntpd.service >> >> In other words, when it finshed starting the service, it had reset the clock >> to the start of 2000. Why would it do that? > > ntpd will never jump the clock by more than 4 hours, even if you tell it > a one time large jump is OK. > > Comments from the Dr. Mills on the matter: > http://lists.ntp.org/pipermail/bugs/2005-August/002443.html > > >> Doesn't the Overo have an RTC >> that keeps reasonable time even in the absence of any NTP connection to the >> outside world? > > You need an initial proper clock setting. > > If you need it automatically set after power up then you can: > 1. install a battery (the Gumstix TOBI boards have a battery holder) or > 2. get the correct time from another source, like a GPS, and use 'date' > or settimeofday() to set the system time. > > >> So is "time.server.example.com" really a code for "find me a server >> automagically"? > > No. It's probably in the default file so that millions of misconfigured > embedded devices don't DoS the time servers. > > http://pages.cs.wisc.edu/~plonka/netgear-sntp/ > > >> I googled that string and didn't come up with anything but a >> copy of the /etc/ntp.conf file itself. If it is, then why is it outputting >> error messages every ten minutes? > > If you are fielding a product with a non-user-configurable timeserver, > take a look at: > http://www.pool.ntp.org/en/vendors.html > > If not, then use time.nist.gov if in the US: > http://tf.nist.gov/tf-cgi/servers.cgi > > >> More to the point, am I supposed to do something with /etc/ntp.conf, or just >> leave it the way it is in the standard build? > > It's useless, if you leave it alone. I also believe the line > > restrict default > > leaves UDP port 123 for IPv4 and IPv6 pretty wide open for external > machines to connect to your ntpd daemon using (ntpdc and ntpq) and muck > with it. > > Regards, > Andy > > > ------------------------------------------------------------------------------ > See everything from the browser to the database with AppDynamics > Get end-to-end visibility with application monitoring from AppDynamics > Isolate bottlenecks and diagnose root cause in seconds. > Start your free trial of AppDynamics Pro today! > http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk > _______________________________________________ > gumstix-users mailing list > gum...@li... > https://lists.sourceforge.net/lists/listinfo/gumstix-users |
From: Scott E. <sc...@ju...> - 2013-07-25 16:00:24
|
I've been using this ntp.conf taken from the Raspbian distro --- ntp.conf --- # /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help driftfile /var/lib/ntp/ntp.drift # Enable this if you want statistics to be logged. #statsdir /var/log/ntpstats/ statistics loopstats peerstats clockstats filegen loopstats file loopstats type day enable filegen peerstats file peerstats type day enable filegen clockstats file clockstats type day enable # pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will # pick a different set every time it starts up. Please consider joining the # pool: <http://www.pool.ntp.org/join.html> server 0.debian.pool.ntp.org iburst server 1.debian.pool.ntp.org iburst server 2.debian.pool.ntp.org iburst server 3.debian.pool.ntp.org iburst # Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for # details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions> # might also be helpful. # # Note that "restrict" applies to both servers and clients, so a configuration # that might be intended to block requests from certain clients could also end # up blocking replies from your own upstream servers. # By default, exchange time with everybody, but don't allow configuration. restrict -4 default kod notrap nomodify nopeer noquery restrict -6 default kod notrap nomodify nopeer noquery # Local users may interrogate the ntp server more closely. restrict 127.0.0.1 restrict ::1 # Clients from this (example!) subnet have unlimited access, but only if # cryptographically authenticated. #restrict 192.168.123.0 mask 255.255.255.0 notrust # If you want to provide time to your local subnet, change the next line. # (Again, the address is an example only.) #broadcast 192.168.123.255 # If you want to listen to time broadcasts on your local subnet, de-comment the # next lines. Please do this only if you trust everybody on the network! #disable auth #broadcastclient --- end ntp.conf --- But I run sysvinit systems. It may need tweaking for systemd systems. -- View this message in context: http://gumstix.8.x6.nabble.com/NTP-time-server-tp4967590p4967599.html Sent from the Gumstix mailing list archive at Nabble.com. |
From: Andy W. <an...@si...> - 2013-07-25 16:49:42
|
Hi Ash: On Thu, 2013-07-25 at 08:37 -0700, Ash Charles wrote: > Thanks Andy. > > That was rather interesting reading---I now have a far better > appreciation for ntp. > > So, should the gumstix repositories be setting a different default > value for the NTP server? > --Ash Not necessarily. You just want to make the system integrator think about it, before ntpd tries to connect to real servers. Having it broken out of the box, fits the bill. :) Regards, Andy |
From: Ash C. <ash...@gm...> - 2013-07-28 22:20:18
|
On Thu, Jul 25, 2013 at 9:49 AM, Andy Walls <an...@si...> wrote: > Not necessarily. You just want to make the system integrator think > about it, before ntpd tries to connect to real servers. > > Having it broken out of the box, fits the bill. :) I guess that is a point. Does anyone know what other projects are doing on this front? Perhaps a yocto or gumstix vendor zone? --ash |