I've done everything: Network Time Protocol daemon and OpenNTPD
As you can see, the Network Time Protocol page is now a redirection to the daemon page, but I should have taken care of all links and redirections, so there shouldn't be broken links anywhere.
Also note that the i18n links are still referred to "Network Time Protocol", as all other wikis still have the old name for the article (though I think soon I will update at least the Italian version).
Most people want ntp on their PC, and couldn't care less about being a server, so concentrate on that situation.
]]>brebs meant that the software itself is maintained, the wiki page...not so much apparently.
I apologize to brebs, maybe I missed a word or two while reading, I don't know...
Sure, split 'em.
Ah finally a positive answer, from litemotiv again!
The wiki is version-controlled, so it's actually not really problematic to just make the changes you have in mind. If they are considered (partially) unsuitable they can always be reverted or edited.
Yes, I know it's version-controlled, but not automatically, there must be a real person to version-control it, and if there aren't any maintainers one could add mistaken infos or code and they would remain there without anybody ever realizing it...
Other than that, good work!
Thanks, then I'm going to edit the page! (and do other refinements too)
]]>The wiki is version-controlled, so it's actually not really problematic to just make the changes you have in mind. If they are considered (partially) unsuitable they can always be reverted or edited.
brebs meant that the software itself is maintained, the wiki page...not so much apparently.
Other than that, good work!
]]>I *was* interested in this - years ago. For years, it's been "just working".
Just because something "just works" doesn't mean it can't be improved.
You have one wiki page, mixing both ntp and openntp together. That's confusing. They should have one wiki page each, with preference given to ntp
I agree, and I'm willing to do that, just let's discuss it here a very tiny little bit, I don't want to decide things by myself...
I can split the article between ntp and openntp, we should just think how those pages should be linked together and with the rest of the wiki: there are many references in the wiki that link to the NTP page, I think the best solution would be to leave ntp there, create another article for openntp and link it only in the ntp page, cited as an (unmaintained) alternative.
For those who have little time and like short answers, here are some suggestions: [ yes, split 'em | split them, but do it this way: [explain] | they're just fine together ]
which is actually written, and *maintained*, with Linux in mind.
It doesn't seem very *maintained* if I wrote in the discussion page and *nobody* has ever answered. If it's not clear, I'm trying to *maintain* the page, not to *vandalize* it...
EDIT: sorry brebs I don't know how I could misunderstand your words
Please can someone read my revision @ post #18 and tell me whether it's better than the current version or it sucks, and in the latter case, why it does? Short answers: [ it's better, edit the page | you should change this and that (define this and that) | the current version is perfect already ]
]]>You have one wiki page, mixing both ntp and openntp together. That's confusing. They should have one wiki page each, with preference given to ntp - which is actually written, and *maintained*, with Linux in mind.
]]>===/etc/ntp.conf===
The first thing you define in your ntp.conf is the servers your machine will synchronize to.
NTP servers are classified in a hierarchical system with many levels called "strata": the devices which are considered independent time sources are classified as "stratum 0" sources; the servers directly connected to stratum 0 devices are classified as "stratum 1" sources; servers connected to stratum 1 sources are then classified as "stratum 2" sources and so on. It has to be understood that a server's stratum cannot be taken as an indication of its accuracy or reliability.
Tipically, stratum 2 servers are used for general synchronization purposes: if you don't already know the servers you're going to connect to, you should use the pool.ntp.org servers (http://www.pool.ntp.org/ or http://support.ntp.org/bin/view/Servers/NTPPoolServers) and choose the server pool that is closest to your location.
The following lines are just an example:
server 0.it.pool.ntp.org iburst
server 1.it.pool.ntp.org iburst
server 2.it.pool.ntp.org iburst
server 3.it.pool.ntp.org iburst
The iburst option is recommended, and sends a burst of packets if it cannot obtain a connection with the first attempt. The "burst" option should never be used without explicit permission and will likely result in blacklisting.
If you're setting up a ntp server, you need to add localhost as a server, so that, in case it loses internet access, it won't stop serving time to the network; add localhost as a "stratum 10" server (using the "fudge" command) so that it will never be used unless internet access is lost:
server 127.127.1.0
fudge 127.127.1.0 stratum 10
The next thing you have to do is add the drift file (which keeps track of yours clocks time deviation) and optionally the log file location:
driftfile /var/lib/ntp/ntp.drift
logfile /var/log/ntp.log
Now all that's left to do is define the rules that will allow clients to connect to your service (localhost is considered a client too) using the "restrict" command; you should already have a line like this in your file:
restrict default nomodify nopeer
This restricts everyone from modifying anything and prevents everyone from querying your time server.
You can also add other options:
restrict default kod nomodify notrap nopeer noquery
In the past, "notrust" option was used too, but its function has changed to mean that authentication with a key is required.
Following this line, you need to tell ntpd what to allow through into your server; the following line is enough if you're not configuring a ntp server:
restrict 127.0.0.1
Otherwise you can add more clients like in this example:
restrict 1.2.3.4 nomodify
restrict 192.168.0.0 mask 255.255.255.0 nomodify notrap
This tells ntpd that 1.2.3.4 and all IP addresses from the 192.168.0.0 range will be allowed to synchronize on this server, but they will not be allowed to modify anything. All other IP addresses in the world will still obey the default restrictions (the first line in the ntp.conf).
In the end, the complete file will look like this (almost all original comments have been stripped out for clarity):
# Name of the servers ntpd should sync with (these are for Italy as an example)
server 0.it.pool.ntp.org iburst
server 1.it.pool.ntp.org iburst
server 2.it.pool.ntp.org iburst
server 3.it.pool.ntp.org iburst
driftfile /var/lib/ntp/ntp.drift
logfile /var/log/ntp.log
restrict default nomodify nopeer
restrict 127.0.0.1
For a more in-depth explanation of the file, especially if you want to configure your machine as a ntp server, the Gentoo Wiki has a more detailed description.
Lastly, never forget man pages:
$ man ntp.conf
is likely to answer most of your remaining doubts.
]]>Adding dev/null to the update command shouldn't be necessary, it's good that the command outputs it's status to the screen for feedback. People who want to suppress the message probably already know how to achieve that.
]]>The part "Now you can delete ntpd from the daemons list in /etc/rc.conf, or just disable it:" is not really needed since you already explain that it is "without running ntpd as a daemon".
Uhm yes, but in that case I think the best solution would be do change the sections tree this way:
======( Contents menu )======
# 1 ntpd
* 1.1 Installation
* 1.2 /etc/ntp.conf
* 1.3 Running as a daemon
o 1.3.1 Starting the daemon
- 1.3.1.1 /etc/rc.conf
- 1.3.1.2 NetworkManager
o 1.3.2 Running as non-root user
* 1.4 Syncing the clock without the daemon running
o 1.4.1 /etc/rc.local
o 1.4.2 Notes
=======================
Just to stress that this is a complete alternative to the daemon method, not just an option/extension to that.
Of course, if OpenNTPD is discarded, the tree could change like this:
======( Contents menu )======
# 1 Installation
# 2 /etc/ntp.conf
# 3 Running as a daemon
* 1.3.1 Starting the daemon
o 1.3.1.1 /etc/rc.conf
o 1.3.1.2 NetworkManager
* 1.3.2 Running as non-root user
# 4 Syncing the clock without the daemon running
* 1.4.1 /etc/rc.local
* 1.4.2 Notes
=======================
Mentioning to "not background the network daemon" is not necessary i believe, it is probably more appropriate to only mention that "a network connection needs to be present".
Good, I'll change that.
Please don't use exclamation marks.
Oops sorry
The new version revised:
======( Subsection 1.4 )======
Syncing the clock without the daemon running
If what you want is just synchronize your system clock at boot time without running ntpd as a daemon, you can add to your /etc/rc.local this line:
ntpd -qg &
If you also want to update the hardware clock, use this line instead:
ntpd -qg && hwclock -w &
Note 1: in order for this method to work you have to make sure that, when rc.local is executed, the network connection has already been initialized (for example you shouldn't background essential network-related daemons in /etc/rc.conf)
Note 2: using this method is highly discouraged on servers and in general on machines that need to run continuously for more than 2 or 3 days, as the system clock will be updated only once at boot time.
Note 3: running "ntpd -qg" as a cron event is to be completely avoided, unless you are perfectly aware of how your running applications would react to instantaneous system time changes.
======================
One thing: I'm not expert at all about standard input/output stuff, I don't know if this line in /etc/rc.local would be more correct:
ntpd -qg && hwclock -w &> dev/null
- The part "Now you can delete ntpd from the daemons list in /etc/rc.conf, or just disable it:" is not really needed since you already explain that it is "without running ntpd as a daemon".
- Mentioning to "not background the network daemon" is not necessary i believe, it is probably more appropriate to only mention that "a network connection needs to be present".
- Please don't use exclamation marks.
]]>In my opinion, openntpd should be removed from the wiki article completely (or otherwise only be mentioned in a footnote). ntpd is just as easily installed and it does the job right.
Hi litemotiv, I think so too, but what do you think of my proposal?
]]># 1 ntpd
* 1.5 Syncing the clock without the daemon running
======( Subsection 1.5 )======
Syncing the clock without the daemon running
If what you want is just synchronizing your system clock at boot time without running ntpd as a daemon, you can add to your /etc/rc.local this line:
ntpd -qg &
If you also want to update the hardware clock, use this line instead:
ntpd -qg && hwclock -w &
Now you can delete ntpd from the daemons list in /etc/rc.conf, or just disable it:
DAEMONS=(syslog-ng network !ntpd ...)
Note 1: you'd better not background the network daemon, to make sure that when rc.local is executed, the network connection is already initialized.
Note 2: using this method is highly discouraged on servers and in general on machines that need to run continuously for more than 2 or 3 days, as the system clock will be updated only once at boot time!
Note 3: running "ntpd -qg" as a cron event is to be completely avoided, unless you are perfectly aware of how your running applications would react to instantaneous system time changes!
======================
Please help me correct any coding and English mistakes (I'm not a native speaker).
EDIT: I'm also working on adapting section 1.2 (/etc/ntp.conf) to the most recent version of ntp package, I'll post that when I'm done.
]]>