OpenNTPD
OpenNTPD (part of the OpenBSD project) is a daemon that can be used to synchronize the system clock to internet time servers using the Network Time Protocol, and can also act as a time server itself if needed. It implements the Simple Network Time Protocol version 4, as described in RFC:5905, and the Network Time Protocol version 3, as described in RFC:1305.
Installation
Install the openntpd package. The default configuration is actually usable if all you want is to sync the time of the local computer.
Configuration
To configure OpenNTPD, you need to edit /etc/ntpd.conf
. See ntpd.conf(5) for all available options.
$ ntpd -n
Client
To sync to a single particular server, uncomment and edit the "server" directive.
/etc/ntpd.conf
server ntp.example.org
The "servers" directive works the same as the "server" directive, however, if the DNS name resolves to multiple IP address, ALL of them will be synced to. The default, "pool.ntp.org" is working and should be acceptable in most cases. You can find the server's URL in your area at www.pool.ntp.org/zone/@.
/etc/ntpd.conf
servers pool.ntp.org
Any number of "server" or "servers" directives may be used.
Server
If you want the computer you run OpenNTPD on to also be a time server, simply uncomment and edit the "listen" directive.
For example:
/etc/ntpd.conf
listen on *
will listen on all interfaces, and
will only listen on the loopback interface.
Your time server will only begin to serve time after it has synchronized itself to a high resolution. This may take hours, or days, depending on the accuracy of your system.
Usage
Start OpenNTPD at boot
Enable .
Making openntpd dependent upon network access
If you have intermittent network access (you roam around on a laptop, you use dial-up, etc), it does not make sense to have running as a system daemon on start up. Here are a few ways you can control based on the presence of a network connection.
Using NetworkManager dispatcher
OpenNTPD can be brought up/down along with a network connection through the use of NetworkManager's dispatcher scripts.
Install .
Using wicd
Create these two scripts and mark them executable.
/etc/wicd/scripts/postconnect/openntpd-start.sh
#!/bin/sh systemctl start openntpd.service
Using dhclient hooks
Another possibility is to use dhclient hooks to start and stop openntpd. When dhclient detects a change in state it will run the following scripts:
See
Using dhcpcd hooks
See
Troubleshooting
Error adjusting time
If you find your time set incorrectly and in log you see:
openntpd adjtime failed: Invalid argument
Try:
# ntpd -d
This is also how you would manually sync your system.
constraint: failed to load constraint ca
OpenNTPD will fail to start on a system with AppArmor if HTTPS constraints are configured in /etc/ntpd.conf
. Journal will show .
This is because AppArmor's profile does not have read access to LibreSSL's CA certificate file /etc/libressl/cert.pem
.
The solution is to grant access with a local override:
/etc/apparmor.d/local/usr.sbin.ntpd
... /etc/libressl/{,cert.pem} r,
After editing, reload the AppArmor profile:
# apparmor_parser -r /etc/apparmor.d/usr.sbin.ntpd