1. Context 7.5 7.6 7.7 7.8 8 NTP configuration files . Sample ntp.conf . . . NTP servers in Australia ntpq — Testing NTP . . . . . . . . . . . . . 1.111.6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 8 8 8 9 9 1.111.6 Maintain system time Weight 4 Linux Professional Institute Certification — 102 License of this Document 1 Context Topic 111 Administrative Tasks [21] 1.111.1 Manage users and group accounts and related system files [4] 1.111.2 Tune the user environment and system environment variables [3] 1.111.3 Configure and use system log files to meet administrative and security needs [3] 1.111.4 Automate system administration tasks by scheduling jobs to run in the future [4] Andrew Eager andrew.eager@aes-pl.com.au Geoffrey Robertson ge@ffrey.com Nick Urbanik nicku@nicku.org This document Licensed under GPL—see section 8 2005 September Outline 1.111.5 Maintain an effective data backup strategy [3] 1.111.6 Maintain system time [4] 2 Objective Contents 1 2 3 4 5 Context Objective Resources date Hardware Clock and System Clock 2 2 3 3 Description of Objective Candidate should be able to properly maintain the system time and synchronize the clock over NTP. Tasks include: • setting the system date and time, • setting the BIOS clock to the correct time in UTC, • configuring the correct timezone for the system and • configuring the system to correct clock drift to match NTP clock. 4 5 5 6 6 7 7 Key files, terms, and utilities include: /usr/share/zoneinfo — a directory containing time zone information for many different regions /etc/timezone — On Debian systems, holds the timezone /etc/localtime — a symbolic link to the correct file in /path/usr/share/zoneinfo/ 6 hwclock 7 NTP — Network Time Protocol 7.1 NTP Tools . . . . . . . . . . 7.2 NTP — Overview of setup . 7.3 ntpdate . . . . . . . . . . 7.4 ntpd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3. Resources 1.111.6 3 5. Hardware Clock and System Clock 1.111.6 4 /etc/ntp.conf — configuration file for NTP /etc/ntp.drift — where NTP stores correction for local clock being fast/slow date — command for showing/setting system time hwclock — command for setting hardware clock, or setting system time from hardware clock ntpd — NTP server ntpdate — used to set system time from a remote NTP server -r Display the last modification time of file $ date -r ~/ivr/va/src/va.c ← Mon May 20 12:55:48 EST 2002 date -d Display date described by string instead of now $ date -d "last Monday 4 years ago" ← Mon May 18 00:00:00 EST 1998 -u Display UTC time & date instead of localtime $ date ← Tue May 21 10:55:34 EST 2002 $ date -u ← Tue May 21 00:55:34 UTC 2002 date -s Set the system time (must be superuser) # date -s "Tue May 21 10:03:06 EST 2002" ← Tue May 21 10:03:06 EST 2002 +FORMAT Display date in user defined format $ date +"Today is %A, %d %B, %Y" ← Today is Tuesday, 21 May, 2002 3 Resources Maintain system time [4] web http://www.ntp.org Debian ntp-doc /usr/share/doc/ntp-doc/index.html on sarg. LPI Linux Certification in a Nutshell: by Jeffrey Dean O’Reilly LPIC 1 Certification Bible: Angie Nash and Jason Nash Hungry Minds 4 date date The date command without any options will print the current date and time. The date will be relative to any timezone set for the machine. $ date ← Tue May 21 09:57:51 EST 2002 date -I Output an ISO-8601 compliant date (YYYY-MM-DD) $ date -I ← 2002-05-21 -R Output an RFC-822 compliant date (Local time + GMT 0ffset) $ date -R ← Tue, 21 May 2002 10:14:09 +1000 5 Hardware Clock and System Clock • The Hardware, or Real Time Clock (RTC) – hardware clock is located on the motherboard – Sometimes (for hysterical reasons) called the Real Time Clock (RTC) – keeps track of the time when the system is not powered up. • The system clock – maintained in the Linux kernel and – is used while the system is running. Hardware (“RTC”) vs. System Clock 6. hwclock 1.111.6 5 7.1 NTP Tools • Uses the UDP protocol 1.111.6 6 6 hwclock hwclock Hwclock is used to do the following: • Set the system clock from the Hardware clock • Set the hardware clock from the system clock • Show the time/date held by the RTC • Adjust the RTC to account for clock drift hwclock • To set the system time from the RTC, use the following option to hwclock: hwclock -s (or hwclock -hctosys) • Uses Port 123 plus one other unpriveledged port (1024:65535) • Can operate in both client & server modes • There are 3 versions of the protocol (ntp1, ntp2 & ntp3) • Available for Unix & Windows machines. 7.1 NTP Tools NTP — Network Time Protocol NTP normally comes in a package and contains the following binaries: • ntpd — Network Time Protocol (NTP) daemon • ntpq — standard NTP query program • ntpdc — special NTP query program • To set the RTC from the system time, use this option: hwclock -w (or hwclock -systohc) • ntpdate — set the date and time via NTP • ntptrace — trace a chain of NTP servers to the primary source • tickadj — set time-related kernel variables • ntptime — read kernel time variables • ntp-genkeys — generate public and private keys • To display the contents of the RTC, use this option: hwclock -r (or hwclock -show) • To adjust the RTC for clock drift, use this option: hwclock -a (or hwclock -adjust) 7.2 NTP — Overview of setup NTP — Network Time Protocol A quick guide to installing & setting up NTP: • Install NTP package (yum install ntp) or apt-get install ntp Note that the file /etc/adjtime is used to hold information about the extent to which (and direction) your RTC drifts 7 NTP — Network Time Protocol • Modify /etc/ntp.conf to reflect time servers • Start the service: service ntpd start • Ensure service starts at boot with chkconfig ntp on • Confirm operation using ntpq -p That’s all there is to it! The hardest part is deciding which public time servers to use. NTP — Network Time Protocol NTP is a time protocol used to synchronise a systems clock to master time source. For example, the CSIRO maintains a nationwide time source with atomic clock accuracy. As a user I can synchronise my system to that time source by sending a request to the CSIRO’s ntp server. Features and properties of NTP include: • NTP takes into account the time taken to send/receive NTP packets 7.3 ntpdate 1.111.6 7 7.5 NTP configuration files 1.111.6 8 7.3 ntpdate NTP — Network Time Protocol • ntpdate is a command line utility that will set the local machines time & date from the indicated remote time server(s). • More than one server can be specified in order for ntp to get a better idea of the transit time and overall server accuracy. • Running as a cron job is a simple way to maintain system time Usage: ntpdate [options] server ... # ntpdate ntp.nml.csiro.au 21 May 14:01:13 ntpdate[4002]: adjust time server 10.27.1.10 offset -0.000804 sec This will set the local machines system time using server ntp.nml.csiro.au 7.5 NTP configuration files ntpd usage & configuration Usage: ntpd [options] & (normally done in the /etc/init.d scripts) NTPD is configured using these files: • /etc/ntp.conf — Configuration file • /etc/ntp.drift — RTC drift file • /etc/ntp.keys — Key file (for authentication mode) The only file of concern to the user is ntp.conf. The other files are all written to and read by the ntp applications. 7.6 Sample ntp.conf NTP — Network Time Protocol # Disable authentication mode disable auth restrict default ignore # ignore all requests by default server ntp.cs.mu.OZ.AU # 128.250.36.2 server apphys16.mst.csiro.au # 138.194.21.154 server ntp.nml.csiro.au # 130.155.98.1 server 127.0.0.1 # localhost # Lift restrictions on time servers restrict 128.250.36.2 nomodify # time service only, no rt mods restrict 138.194.21.154 nomodify restrict 130.155.98.1 nomodify # All local addresses are unrestricted restrict 127.0.0.1 restrict 10.27.1.0 mask 255.255.255.0 # Set the default drift file driftfile /etc/ntp/drift 7.4 ntpd ntpd — The NTP daemon • ntpd is a better way to maintain the system time on a permanent basis. • ntpd acts as both a client & server (Linux only). • In server mode, other machines on the local network can use the server to set their own system clocks • For Windows machines, automachron is available. • ntpd also keeps track of drift in the hardware clock. The NTP daemon is normally started up by the system initialisation scripts: Debian or Red Hat : $ /etc/init.d/ntp start ← Red Hat : $ service ntp start ← 7.7 NTP servers in Australia Public Time Servers A (partial) list of public time servers is shown below. When using these servers, it is considered polite to advise the administrator of the service that you intend to use it. • Primary NTP Time Servers – ntp.cs.mu.OZ.AU (128.250.36.2) 7.8 ntpq — Testing NTP 1.111.6 9 – apphys16.mst.csiro.au (138.194.21.154) – ntp.nml.csiro.au (130.155.98.1) • Secondary NTP Time Servers – ntp.saard.net (203.21.37.18) – ntp.iprolink.co.nz (36.50.59.6) 7.8 ntpq — Testing NTP NTP — Network Time Protocol Once you have the NTP daemon up & running, the easiest way of testing it is to use the ntpq utility. $ ntpq ntpq> pe remote refid ... delay offset jitter =========================================================== localhost.local 0.0.0.0 ... 0.000 0.000 4000.00 xmurgon.cs.mu.OZ .GPS. ... 526.202 -206.43 208.270 +apphys16.mst.cs .ATOM. ... 169.956 -5.576 87.828 ... 149.988 -24.328 6.761 *tictoc.tip.CSIR .ATOM. ntpq> q $ Or more simply: $ ntpq -p remote refid ... delay offset jitter =========================================================== localhost.local 0.0.0.0 ... 0.000 0.000 4000.00 xmurgon.cs.mu.OZ .GPS. ... 526.202 -206.43 208.270 ... 169.956 -5.576 87.828 +apphys16.mst.cs .ATOM. ... 149.988 -24.328 6.761 *tictoc.tip.CSIR .ATOM. $ 8 License of this Document License Of This Document Copyright c 2005 2002 Andrew Eager , Geoffrey Robertson and Nick Urbanik . Permission is granted to make and distribute verbatim copies or modified versions of this document provided that this copyright notice and this permission notice are preserved on all copies under the terms of the GNU General Public License as published by the Free Software Foundation—either version 2 of the License or (at your option) any later version.