September 13, 2004

CLI Magic: It's about time

Author: Mike Chirico

Setting your computer to the correct time is essential because so many things depend on it: log files, email servers, cron jobs, and timed alerts among them. This article explains how to set and maintain accurate time on your system from the command line interface.When your computer is turned off, the hardware clock -- a.k.a. the
CMOS clock -- keeps the time. In contrast, when Linux is running the system time -- the
time kept by the kernel -- is the definitive time source. System time is more accurate than CMOS time. It's the time provided by the date command, and it is measured as the number of seconds since 00:00:00 January 1, 1970 UTC. The only way to keep correct UTC time on your computer is to synchronize with an external time source.

Installing and Configuring NTP

The Network Time Protocol (NTP) daemon keeps your system time accurate.
If NTP is not included as a standard part of your distribution, the
software can be downloaded from
ntp.org
.

The Linux ntpd program makes continuous adjustments to your computer's system time by sampling the time from one or more (preferably three) NTP servers. The correct time is calculated by figuring out the network delay
from a series of queries to the servers, then factoring in this delay to calculate the correct time. The NTP program will deliver accuracy to within 1-50ms, depending on the network path to the server and the server itself. For a workstation, you should use stratum 2 NTP servers. Stratum 1 NTP servers are available only to stratum 2 servers in the same time zone, or by previous arrangement.

NOTE: If your computer clock differs by more than 1,000 seconds -- something that would happen if the computer was powered off and the battery was removed -- then the ntpd daemon will not start, but instead will enter panic mode and exit. Therefore, your computer should query an NTP server during boot-up for the time, using the ntpdate command or ntpd with the -g option.

Red Hat and Fedora will run ntpdate against any server listed in the /etc/ntp/step_tickers file. Server entries that are queried when ntpd is running must be listed /etc/ntp.config, but on startup, at least one server must be list in /etc/ntp/step_tickers, for time initialization.

All NTP servers give UTC time. In other words, you never have to worry
about what timezone the server is in, but you want to pick a server that is nearby on the network.

NTP on Red Hat and Fedora

If you are running Red Hat or Red Hat's Fedora you should use Red Hat's version of NTP, since it has been modified to switch from the root account to the user NTP after startup. When your startup script runs it will automatically read entries in /etc/ntp/step-tickers
to initialize the hardware clock.

STEP 1:

Find three or four public stratum 2 NTP servers near you.

STEP 2:

Specify the NTP servers and restrict the access of these servers. Your computer can query the time from these servers and set the time
correctly based on the best server. However, since you restrict access, the time servers cannot initiate a time change on your computer. For
a workstation, configure your /etc/ntp.conf file as follows:

     # A very simple client-only NTP configuration.      
     server ntp-1.cede.psu.edu                          
     restrict 146.186.218.60                            
     server timeserver1.upenn.edu                        
     restrict 128.91.2.13                                
     server clock.psu.edu                                
     restrict 128.118.25.3                              
     driftfile /etc/ntp/drift                            
     authenticate no                                    

STEP 3:

Create entries in the /etc/ntp/step-tickers file as shown below. Pick a server that is close to you for the initial time set on boot-up.

     timeserver1.upenn.edu
     clock.psu.edu

STEP 4:

Start or restart the ntpd program as root.

     # /etc/init.d/ntpd restart
     Shutting down ntpd:                                        [  OK  ]
     ntpd: Synchronizing with time server:                      [  OK  ]
     Starting ntpd:                                             [  OK  ]

Note that NTP uses UDP port 123. The ntpd script that comes with Red Hat opens both source port 123 and destination port 123 using the following command:


iptables -D RH-Lokkit-0-50-INPUT -m udp -p udp -s $server/32 --sport 123 -d 0/0 --dport 123 -j ACCEPT

STEP 5:

Check that ntpd is operating correctly with the ntpq command, as follows:

  $ ntpq -np

       remote           refid      st t when poll reach   delay   offset  jitter
  ==============================================================================
  *146.186.218.60  204.123.2.5      2 u  613 1024  377   23.953   -5.935   2.263
  +128.91.2.13     128.4.40.12      3 u  180 1024  377   11.191   -4.330   1.377
  -128.182.58.100  192.5.41.41      2 u  540 1024  377   20.872   15.298   1.507
  +128.118.25.3    128.118.25.12    2 u  137 1024  377   26.207   -5.419   0.561

You should be getting values for all fields. If several of the columns
are zero, and jitter is very high, say 4000, then NTP is not working
correctly. But give it a few minutes. You need a few minutes on a DSL or cable modem connection
for enough times stamps to be sent and received.

The following shows a problem.

    $ ntpq -pn                                                                              
                                                                                                  
           remote refid st t when poll reach delay offset jitter                                  
           ===================================================                                    
           tock.usno.navy 0.0.0.0 16 u - 64 0 0.000 0.000 4000.00

Setting Up and using NTP from source

STEP 1:

Download, compile, and install the program.

   $ wget http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2.0.tar.gz    
   $ tar -xzvf ntp-4.2.0.tar.gz                                            
   $ cd ntp-4.2.0                                                          
   $ ./configure                                                            
   $ make                                                                  
   $ su -                                                                  
   $ make install                                                          

STEP 2:

Add entries to /etc/ntp.conf using three or four of the closest stratum 2
servers near you, as shown above.

STEP 3:

Since NTP uses UDP port 123 for both destination and source, firewall
adjustments may be necessary. Here is an example of opening the 123
port for source and destination on each server above.

 $ iptables -A INPUT -m udp -p udp -s 146.186.218.60/32  --sport 123 -d 0/0 --dport 123 -j ACCEPT
 $ iptables -A INPUT -m udp -p udp -s 128.92.2.13/32  --sport 123 -d 0/0 --dport 123 -j ACCEPT
 $ iptables -A INPUT -m udp -p udp -s 128.182.58.100/32  --sport 123 -d 0/0 --dport 123 -j ACCEPT
 $ iptables -A INPUT -m udp -p udp -s 128.118.25.3/32  --sport 123 -d 0/0 --dport 123 -j ACCEPT

STEP 4:

Unlike the Red Hat installation, the source install does not use
/etc/ntp/step-tickers for the initial time set, so you will need to
initialize the time.

To manually set the time, enter the following command,as root, with your
chosen Time Server:

    $ su -
    # ntpdate -s -b -p 8 timeserver1.upenn.edu                        

Next, start the ntp daemon:

    # /usr/local/bin/ntpdate

Everything OK?

Run the following command under any
account:

     $  /usr/sbin/ntpq -crv        
       status=0654 leap_none, sync_ntp, 5 events, event_peer/strat_chg,    
       version="ntpd 4.1.1c-rc1@1.836 Thu Feb 13 12:17:19 EST 2003 (1)",    
       processor="i686", system="Linux2.6.7-ch0", leap=00, stratum=3,      
       precision=-17, rootdelay=24.973, rootdispersion=62.575, peer=36276,  
       refid=b50.cede.psu.edu,                                              
       reftime=c4df5922.cae1deac  Tue, Aug 31 2004 16:08:02.792, poll=10,  
       clock=c4df5ca7.738194c0  Tue, Aug 31 2004 16:23:03.451, state=4,    
       offset=-76.829, frequency=-70.770, jitter=18.474, stability=0.293    

Look at the value for stability, which here is equal to 0.293, and
frequency, which is -70.770. These values tend to vary if the computer gets
too hot -- the fan stops working -- or if you are starting to get hardware
problems.

I like to keep a record of these values throughout the day by putting them into a SQLite database, from which the values
can be compared over time. A sample script to do this, ntplog, can be found in the example
download.

Click Here!