OpenNTPD

OpenNTPD (part of the OpenBSD project) is a daemon that can be used to synchronize the system clock to internet time servers using the Network Time Protocol, and can also act as a time server itself if needed. It implements the Simple Network Time Protocol version 4, as described in RFC:5905, and the Network Time Protocol version 3, as described in RFC:1305.

Installation

Install the openntpd package. The default configuration is actually usable if all you want is to sync the time of the local computer.

Configuration

To configure OpenNTPD, you need to edit /etc/ntpd.conf. See ntpd.conf(5) for all available options.

Tip: After configuring, check the configuration file for validity by executing:
$ ntpd -n

Client

To sync to a single particular server, uncomment and edit the "server" directive.

/etc/ntpd.conf
server ntp.example.org

The "servers" directive works the same as the "server" directive, however, if the DNS name resolves to multiple IP address, ALL of them will be synced to. The default, "pool.ntp.org" is working and should be acceptable in most cases. You can find the server's URL in your area at www.pool.ntp.org/zone/@.

/etc/ntpd.conf
servers pool.ntp.org

Any number of "server" or "servers" directives may be used.

Server

If you want the computer you run OpenNTPD on to also be a time server, simply uncomment and edit the "listen" directive.

For example:

/etc/ntpd.conf
listen on *

will listen on all interfaces, and

will only listen on the loopback interface.

Your time server will only begin to serve time after it has synchronized itself to a high resolution. This may take hours, or days, depending on the accuracy of your system.

Usage

Start OpenNTPD at boot

Enable .

Making openntpd dependent upon network access

If you have intermittent network access (you roam around on a laptop, you use dial-up, etc), it does not make sense to have running as a system daemon on start up. Here are a few ways you can control based on the presence of a network connection.

Using NetworkManager dispatcher

OpenNTPD can be brought up/down along with a network connection through the use of NetworkManager's dispatcher scripts.

Install .

Using wicd

Create these two scripts and mark them executable.

/etc/wicd/scripts/postconnect/openntpd-start.sh
#!/bin/sh
systemctl start openntpd.service

Using dhclient hooks

Another possibility is to use dhclient hooks to start and stop openntpd. When dhclient detects a change in state it will run the following scripts:

See

Using dhcpcd hooks

See

Troubleshooting

Error adjusting time

If you find your time set incorrectly and in log you see:

openntpd adjtime failed: Invalid argument

Try:

# ntpd -d

This is also how you would manually sync your system.

constraint: failed to load constraint ca

OpenNTPD will fail to start on a system with AppArmor if HTTPS constraints are configured in /etc/ntpd.conf. Journal will show .

This is because AppArmor's profile does not have read access to LibreSSL's CA certificate file /etc/libressl/cert.pem.

The solution is to grant access with a local override:

/etc/apparmor.d/local/usr.sbin.ntpd
...
/etc/libressl/{,cert.pem} r,

After editing, reload the AppArmor profile:

# apparmor_parser -r /etc/apparmor.d/usr.sbin.ntpd
gollark: I just noticed that I have both `is` and `if` codes right now.
gollark: Making up ridiculous justifications for random junk: Fun!
gollark: It could be on a ringworld or some other ridiculous megastructure.
gollark: Let us all ignore TJ09's opinions on dragon size. Mints are better tiny.
gollark: Not my favourites, but they have a nice greenness about them.

See also

This article is issued from Archlinux. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.