The Sysadmins Daily Grind: OpenNTPD

Finding Time

Charly Kühnast
On vacation we may be happy just to check the position of the sun, but computers need a more accurate measure of time. Luckily, there are atomic clocks that can receive time signals by radio and off the Internet.

I'm a practical person, and also a big believer in being punctual. Of course, I expect my servers to keep perfect time. Half a minute can make all the difference between a happy admin and a chaotic network. Just as an example, imagine someone sends me an email message. The first thing that happens is that the spam filter gets to check the message, which it then hands over to the anti-virus server. If the AV server is happy with the message, the next step along the way is the mail hub, which locates the correct mail server and forwards the message to that location, where the mail server finally dumps the message in my inbox.

In other words, email messages on my network are handled by no less than four servers. If there is a problem, I check the logfiles to see where things are going wrong. And this is where precise timekeeping becomes imperative.

The timestamps allow admins to follow the progress of a message across the various systems - assuming the system clocks in these servers are accurate. This is exactly what the Network Time Protocol (NTP) supports.

Sysadmin

Red Hat Custom Install 58

Learn the tricks for customizing Red Hat installation.

Admin Workshop 62

This month we look at tools and techniques for finding lost files.

A time server acts as a reference system, and the other systems on the network use NTP to synchronize with that server. NTP is quite well known. (This used to be called XNTP.) [1] But I would like to introduce you to the smaller footprint OpenNTPD time server [2]. The daemon comes courtesy of the OpenBSD project, but it is also available for Linux. The tar archive with the latest version 3.6 is only 113 Kbytes. After unpacking the archive like this: 

tar xvzpf openntpd-3.6p1.tar.gz

just follow the normal steps: 

./configure
make
make install

to build the program. The daemon should then be located in /usr/local/sbin. Before anything else happens, I first need to tell OpenNTPD which source will be supplying the reference time signal. I selected the time server at the Physikalisch-Technischen Bundesanstalt in Braunschweig (PTB), Ger- many. The atomic clock run by PTB delivers an NTP-based time signal.

Three Lines for Two Servers

OpenNTPd normally parses a configuration file called /etc/ntpd.conf. This file is quite simple in my case, and contains only three lines: 

server ptbtime1.ptb.de
server ptbtime2.ptb.de
listen on 10.0.0.42

The first two lines identify the server where OpenNTPd will pick up its time signal. If the first server fails to answer, the daemon defaults to the second server.

Of course, it would not be much use if my server kept the time signal to itself; instead I want the server to provide a reference signal to other servers on my network. This is what the third line does. The server at IP 10.0.0.42 issues a time signal for other machines on the LAN. This concludes the configuration phase. Time to launch OpenNTPD: 

/usr/local/sbin/ntpd -s

OpenNTPD immediately compares its own system time with the time signal from the reference server. If the local clock is inaccurate, the daemon will correct it - gradually and cautiously. OpenNTPD only sets the clock in a single step if the system clock is within 180 seconds of the reference time; this was the value I specified by setting the -s<$> flag when I launched the program.

Info

[1] NTP: http://www.ntp.org

[2] OpenNTPD: http://openntpd.com/

The Author

Charly Kühnast is a Unix System Manager at the data-center in Moers, near Germany's famous River Rhine. His tasks include ensuring firewall security and availability and taking care of the DMZ (demilitarized zone).