ACC SHELL
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 25. Time Synchronization with NTP</title><link rel="stylesheet" href="susebooks.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Documentation"><link rel="up" href="part.reference.services.html" title="Part V. Services"><link rel="prev" href="cha.dhcp.html" title="Chapter 24. DHCP"><link rel="next" href="cha.nfs.html" title="Chapter 26. Sharing File Systems with NFS"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header" border="0" class="bctable"><tr><td width="80%"><div class="breadcrumbs"><p><a href="index.html"> Documentation</a><span class="breadcrumbs-sep"> > </span><a href="book.opensuse.reference.html">Reference</a><span class="breadcrumbs-sep"> > </span><a href="part.reference.services.html">Services</a><span class="breadcrumbs-sep"> > </span><strong><a accesskey="p" title="Chapter 24. DHCP" href="cha.dhcp.html"><span>◀</span></a> <a accesskey="n" title="Chapter 26. Sharing File Systems with NFS" href="cha.nfs.html"><span>▶</span></a></strong></p></div></td></tr></table></div><div class="chapter" title="Chapter 25. Time Synchronization with NTP"><div class="titlepage"><div><div><h2 class="title"><a name="cha.netz.xntp"></a>Chapter 25. Time Synchronization with NTP<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#cha.netz.xntp">¶</a></span></h2></div></div></div><div class="toc"><p><b>Contents</b></p><dl><dt><span class="sect1"><a href="cha.netz.xntp.html#sec.netz.xntp.yast">25.1. Configuring an NTP Client with YaST</a></span></dt><dt><span class="sect1"><a href="cha.netz.xntp.html#sec.netz.xntp.netconf">25.2. Manually Configuring ntp in the Network</a></span></dt><dt><span class="sect1"><a href="cha.netz.xntp.html#sec.netz.xntp.dynamic">25.3. Dynamic Time Synchronization at Runtime</a></span></dt><dt><span class="sect1"><a href="cha.netz.xntp.html#sec.netz.xntp.normal">25.4. Setting Up a Local Reference Clock</a></span></dt></dl></div><div class="abstract" title="Abstract"><p class="title"><b>Abstract</b></p><p>
The NTP (network time protocol) mechanism is a protocol for synchronizing
the system time over the network. First, a machine can obtain the time
from a server that is a reliable time source. Second, a machine can
itself act as a time source for other computers in the network. The goal
is twofold—maintaining the absolute time and synchronizing the
system time of all machines within a network.
</p></div><p>
Maintaining an exact system time is important in many situations. The
built-in hardware (BIOS) clock does often not meet the requirements of
applications such as databases or clusters. Manual correction of the
system time would lead to severe problems because, for example, a backward
leap can cause malfunction of critical applications. Within a network, it
is usually necessary to synchronize the system time of all machines, but
manual time adjustment is a bad approach. NTP provides a mechanism to
solve these problems. The NTP service continuously adjusts the system time
with the help of reliable time servers in the network. It further enables
the management of local reference clocks, such as radio-controlled clocks.
</p><div class="sect1" title="25.1. Configuring an NTP Client with YaST"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sec.netz.xntp.yast"></a>25.1. Configuring an NTP Client with YaST<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#sec.netz.xntp.yast">¶</a></span></h2></div></div></div><p>
The NTP daemon (<span class="command"><strong>ntpd</strong></span>) coming with the
<code class="systemitem">ntp</code> package is preset to use the local computer
clock as a time reference. Using the (BIOS) clock, however, only serves
as a fallback for cases where no time source of better precision is
available. YaST facilitates the configuration of an NTP client.
</p><div class="sect2" title="25.1.1. Basic Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="sec.net.ntp.yast.basic"></a>25.1.1. Basic Configuration<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#sec.net.ntp.yast.basic">¶</a></span></h3></div></div></div><p>
The YaST NTP client configuration (<span class="guimenu">Network
Services</span>+<span class="guimenu">NTP Configuration</span>)
consists of tabs. Set the start mode of <span class="command"><strong>ntpd</strong></span> and the
server to query on the <span class="guimenu">General Settings</span> tab.
</p><div class="figure"><a name="fig.yast.ntp.adv.gen"></a><p class="title"><b>Figure 25.1. Advanced NTP Configuration: General Settings</b><span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#fig.yast.ntp.adv.gen">¶</a></span></p><div class="figure-contents"><div class="mediaobject"><table border="0" summary="manufactured viewport for HTML img" cellspacing="0" cellpadding="0" width="75%"><tr><td><img src="images/yast_ntp_adv_gen.png" width="100%" alt="Advanced NTP Configuration: General Settings"></td></tr></table></div></div></div><br class="figure-break"><div class="variablelist"><dl><dt><span class="term"><span class="guimenu">Only Manually</span>
</span></dt><dd><p>
Select <span class="guimenu">Only Manually</span>, if you want to configure
everything on your own.
</p></dd><dt><span class="term"><span class="guimenu">Synchronize without Daemon</span>
</span></dt><dd><p>
On laptops and other machines that suspend automatically, select
<span class="guimenu">Synchronize without Daemon</span>. Using this mode,
YaST does not start <span class="command"><strong>ntpd</strong></span> on the local machine
for synchronizing. Instead YaST creates a crontab entry
(<code class="filename">/etc/cron.d/novell.ntp-synchronize</code>) that checks
the time with the time server as specified in the <span class="guimenu">Interval
of the Synchronization in Minutes</span> field. For more
information about cron, see
<a class="xref" href="cha.suse.html#sec.suse.packages.cron" title="18.1.2. The cron Package">Section 18.1.2, “The cron Package”</a>.
</p></dd><dt><span class="term"><span class="guimenu">Now and On Boot</span>
</span></dt><dd><p>
Select <span class="guimenu">Now and On Boot</span> to start
<span class="command"><strong>ntpd</strong></span> automatically when the system is booted.
<span>Either of
<code class="systemitem">0.opensuse.pool.ntp.org</code>,
<code class="systemitem">1.opensuse.pool.ntp.org</code>,
<code class="systemitem">2.opensuse.pool.ntp.org</code>, or
<code class="systemitem">3.opensuse.pool.ntp.org</code> is
pre-selected.</span>
</p></dd></dl></div></div><div class="sect2" title="25.1.2. Changing Basic Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="sec.net.ntp.yast.new_sync"></a>25.1.2. Changing Basic Configuration<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#sec.net.ntp.yast.new_sync">¶</a></span></h3></div></div></div><p>
The servers and other time sources for the client to query are listed in
the lower part of the <span class="guimenu">General Settings</span> tab. Modify
this list as needed with <span class="guimenu">Add</span>,
<span class="guimenu">Edit</span>, and <span class="guimenu">Delete</span>. <span class="guimenu">Display
Log</span> provides the possibility to view the log files of your
client.
</p><p>
Click <span class="guimenu">Add</span> to add a new source of time information. In
the following dialog, select the type of source with which the time
synchronization should be made. The following options are available:
</p><div class="figure"><a name="fig.yast.ntp.selserv"></a><p class="title"><b>Figure 25.2. YaST: NTP Server</b><span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#fig.yast.ntp.selserv">¶</a></span></p><div class="figure-contents"><div class="mediaobject"><table border="0" summary="manufactured viewport for HTML img" cellspacing="0" cellpadding="0" width="75%"><tr><td><img src="images/yast_ntp_selserv.png" width="100%" alt="YaST: NTP Server"></td></tr></table></div></div></div><br class="figure-break"><div class="variablelist"><dl><dt><span class="term">Server</span></dt><dd><p>
In the pull-down <span class="guimenu">Select</span> list (see
<a class="xref" href="cha.netz.xntp.html#fig.yast.ntp.selserv" title="Figure 25.2. YaST: NTP Server">Figure 25.2, “YaST: NTP Server”</a>, determine whether to
set up time synchronization using a time server from your local
network (<span class="guimenu">Local NTP Server</span>) or an Internet-based
time server that takes care of your time zone (<span class="guimenu">Public NTP
Server</span>). For a local time server, click
<span class="guimenu">Lookup</span> to start an SLP query for available time
servers in your network. Select the most suitable time server from
the list of search results and exit the dialog with
<span class="guimenu">OK</span>. For a public time server, select your country
(time zone) and a suitable server from the list under <span class="guimenu">Public
NTP Server</span> then exit the dialog with <span class="guimenu">OK</span>.
In the main dialog, test the availability of the selected server with
<span class="guimenu">Test</span>.
</p><p>
Another dialog enables you to select an NTP server. Activate
<span class="guimenu">Use for Initial Synchronization</span> to trigger the
synchronization of the time information between the server and the
client when the system is booted. <span class="guimenu">Options</span> allows
you to specify additional options for <span class="command"><strong>ntpd</strong></span>.
</p><p>
Using <span class="guimenu">Access Control Options</span>, you can restrict the
actions that the remote computer can perform with the daemon running
on your computer. This field is enabled only after checking
<span class="guimenu">Restrict NTP Service to Configured Servers Only</span> on
the <span class="guimenu">Security Settings</span> tab (see
<a class="xref" href="cha.netz.xntp.html#fig.yast.ntp.adv.sec" title="Figure 25.3. Advanced NTP Configuration: Security Settings">Figure 25.3, “Advanced NTP Configuration: Security Settings”</a>). The options correspond to
the <code class="literal">restrict</code> clauses in
<code class="filename">/etc/ntp.conf</code>.
For example, <code class="literal">nomodify notrap noquery</code> disallows the
server to modify NTP settings of your computer and to use the trap
facility (a remote event logging feature) of your NTP daemon. Using
these restrictions is recommended for servers out of your control
(for example, on the Internet).
</p><p>
Refer to <code class="filename">/usr/share/doc/packages/ntp-doc</code> (part
of the <code class="systemitem">ntp-doc</code> package) for detailed
information.
</p></dd><dt><span class="term">Peer</span></dt><dd><p>
A peer is a machine to which a symmetric relationship is established:
it acts both as a time server and as a client. To use a peer in the
same network instead of a server, enter the address of the system.
The rest of the dialog is identical to the <span class="guimenu">Server</span>
dialog.
</p></dd><dt><span class="term">Radio Clock</span></dt><dd><p>
To use a radio clock in your system for the time synchronization,
enter the clock type, unit number, device name, and other options in
this dialog. Click <span class="guimenu">Driver Calibration</span> to fine-tune
the driver. Detailed information about the operation of a local radio
clock is available in
<code class="filename">/usr/share/doc/packages/ntp-doc/refclock.html</code>.
</p></dd><dt><span class="term">Outgoing Broadcast</span></dt><dd><p>
Time information and queries can also be transmitted by broadcast in
the network. In this dialog, enter the address to which such
broadcasts should be sent. Do not activate broadcasting unless you
have a reliable time source like a radio controlled clock.
</p></dd><dt><span class="term">Incoming Broadcast</span></dt><dd><p>
If you want your client to receive its information via broadcast,
enter the address from which the respective packets should be
accepted in this fields.
</p></dd></dl></div><div class="figure"><a name="fig.yast.ntp.adv.sec"></a><p class="title"><b>Figure 25.3. Advanced NTP Configuration: Security Settings</b><span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#fig.yast.ntp.adv.sec">¶</a></span></p><div class="figure-contents"><div class="mediaobject"><table border="0" summary="manufactured viewport for HTML img" cellspacing="0" cellpadding="0" width="75%"><tr><td><img src="images/yast_ntp_adv_sec.png" width="100%" alt="Advanced NTP Configuration: Security Settings"></td></tr></table></div></div></div><br class="figure-break"><p>
In the <span class="guimenu">Security Settings</span> tab (see
<a class="xref" href="cha.netz.xntp.html#fig.yast.ntp.adv.sec" title="Figure 25.3. Advanced NTP Configuration: Security Settings">Figure 25.3, “Advanced NTP Configuration: Security Settings”</a>), determine whether
<span class="command"><strong>ntpd</strong></span> should be started in a chroot jail. By default,
<span class="guimenu">Run NTP Daemon in Chroot Jail</span> is activated. This
increases the security in the event of an attack over ntpd, as it
prevents the attacker from compromising the entire system.
</p><p>
<span class="guimenu">Restrict NTP Service to Configured Servers Only</span>
increases the security of your system by disallowing remote computers to
view and modify NTP settings of your computer and to use the trap
facility for remote event logging. Once enabled, these restrictions
apply to all remote computers, unless you override the access control
options for individual computers in the list of time sources in the
<span class="guimenu">General Settings</span> tab. For all other remote computers,
only querying for local time is allowed.
</p><p>
Enable <span class="guimenu">Open Port in Firewall</span> if SuSEfirewall2 is
active (which it is by default). If you leave the port closed, it is not
possible to establish a connection to the time server.
</p></div></div><div class="sect1" title="25.2. Manually Configuring ntp in the Network"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sec.netz.xntp.netconf"></a>25.2. Manually Configuring ntp in the Network<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#sec.netz.xntp.netconf">¶</a></span></h2></div></div></div><p>
The easiest way to use a time server in the network is to set server
parameters. For example, if a time server called
<code class="systemitem">ntp.example.com</code> is reachable from the network, add its
name to the file <code class="filename">/etc/ntp.conf</code> by adding the
following line:
</p><pre class="screen">server ntp.example.com</pre><p>
To add more time servers, insert additional lines with the keyword
<code class="literal">server</code>. After initializing ntpd with the command
<span class="command"><strong>rcntp <code class="option">start</code></strong></span>, it takes about one hour
until the time is stabilized and the drift file for correcting the local
computer clock is created. With the drift file, the systematic error of
the hardware clock can be computed as soon as the computer is powered on.
The correction is used immediately, resulting in a higher stability of
the system time.
</p><p>
There are two possible ways to use the NTP mechanism as a client: First,
the client can query the time from a known server in regular intervals.
With many clients, this approach can cause a high load on the server.
Second, the client can wait for NTP broadcasts sent out by broadcast time
servers in the network. This approach has the disadvantage that the
quality of the server is unknown and a server sending out wrong
information can cause severe problems.
</p><p>
If the time is obtained via broadcast, you do not need the server name.
In this case, enter the line <code class="literal">broadcastclient</code> in the
configuration file <code class="filename">/etc/ntp.conf</code>. To use one or more
known time servers exclusively, enter their names in the line starting
with <code class="literal">servers</code>.
</p></div><div class="sect1" title="25.3. Dynamic Time Synchronization at Runtime"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sec.netz.xntp.dynamic"></a>25.3. Dynamic Time Synchronization at Runtime<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#sec.netz.xntp.dynamic">¶</a></span></h2></div></div></div><p>
If the system boots without network connection, ntpd starts up, but it
cannot resolve DNS names of the time servers set in the configuration
file. This can happen if you use Network Manager with an encrypted WLAN.
</p><p>
If you want ntpd to resolve DNS names at runtime, you must set the
<code class="systemitem">dynamic</code> option. Then, when the network is
establish some time after booting, ntpd looks up the names again and can
reach the time servers to get the time.
</p><p>
Manually edit <code class="filename">/etc/ntp.conf</code> and add
<code class="systemitem">dynamic</code> to one or more
<code class="systemitem">server</code> entries:
</p><pre class="screen">server ntp.example.com dynamic</pre><p>
Or use YaST and proceed as follows:
</p><div class="procedure"><ol class="procedure" type="1"><li><p>
In YaST click <span class="guimenu">Network Services</span>+<span class="guimenu">NTP Configuration</span>.
</p></li><li><p>
Select the server you want to configure. Then click
<span class="guimenu">Edit</span>.
</p></li><li><p>
Activate the <span class="guimenu">Options</span> field and add
<code class="literal">dynamic</code>. Separate it with a space, if there are
already other options entered.
</p></li><li><p>
Click <span class="guimenu">Ok</span> to close the edit dialog. Repeat the
previous step to change all servers as wanted.
</p></li><li><p>
Finally click <span class="guimenu">Ok</span> to save the settings.
</p></li></ol></div></div><div class="sect1" title="25.4. Setting Up a Local Reference Clock"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sec.netz.xntp.normal"></a>25.4. Setting Up a Local Reference Clock<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#sec.netz.xntp.normal">¶</a></span></h2></div></div></div><p>
The software package ntp contains drivers for connecting local reference
clocks. A list of supported clocks is available in the
<code class="systemitem">ntp-doc</code> package in the file
<code class="filename">/usr/share/doc/packages/ntp-doc/refclock.html</code>. Every
driver is associated with a number. In ntp, the actual configuration
takes place by means of pseudo IP addresses. The clocks are entered in
the file <code class="filename">/etc/ntp.conf</code> as though they existed in the
network. For this purpose, they are assigned special IP addresses in the
form
<code class="literal">127.127.<em class="replaceable"><code>t</code></em>.<em class="replaceable"><code>u</code></em></code>.
Here, <em class="replaceable"><code>t</code></em> stands for the type of the clock and
determines which driver is used and <em class="replaceable"><code>u</code></em> for the
unit, which determines the interface used.
</p><p>
Normally, the individual drivers have special parameters that describe
configuration details. The file
<code class="filename">/usr/share/doc/packages/ntp-doc/drivers/driver<em class="replaceable"><code>NN</code></em>.html</code>
(where <em class="replaceable"><code>NN</code></em> is the number of the driver)
provides information about the particular type of clock. For example, the
<span class="quote">“<span class="quote">type 8</span>”</span> clock (radio clock over serial interface)
requires an additional mode that specifies the clock more precisely. The
Conrad DCF77 receiver module, for example, has mode 5. To use this
clock as a preferred reference, specify the keyword
<code class="literal">prefer</code>. The complete <code class="literal">server</code> line
for a Conrad DCF77 receiver module would be:
</p><pre class="screen">server 127.127.8.0 mode 5 prefer</pre><p>
Other clocks follow the same pattern. Following the installation of the
<code class="systemitem">ntp-doc</code> package, the
documentation for ntp is available in the directory
<code class="filename">/usr/share/doc/packages/ntp-doc</code>. The file
<code class="filename">/usr/share/doc/packages/ntp-doc/refclock.html</code>
provides links to the driver pages describing the driver parameters.
</p></div></div><div class="navfooter"><table width="100%" summary="Navigation footer" border="0" class="bctable"><tr><td width="80%"><div class="breadcrumbs"><p><a href="index.html"> Documentation</a><span class="breadcrumbs-sep"> > </span><a href="book.opensuse.reference.html">Reference</a><span class="breadcrumbs-sep"> > </span><a href="part.reference.services.html">Services</a><span class="breadcrumbs-sep"> > </span><strong><a accesskey="p" title="Chapter 24. DHCP" href="cha.dhcp.html"><span>◀</span></a> <a accesskey="n" title="Chapter 26. Sharing File Systems with NFS" href="cha.nfs.html"><span>▶</span></a></strong></p></div></td></tr></table></div></body></html>
ACC SHELL 2018