Debian 12

as systemd is installed per default but not the time-sync service #wtf?

su - root
apt install systemd-timesyncd
timedatectl set-timezone Europe/Berlin
systemctl status systemd-timesyncd
timedatectl; # check if sync is on
               Local time: Fri 2023-12-08 16:21:41 CET
           Universal time: Fri 2023-12-08 15:21:41 UTC
                 RTC time: Fri 2023-12-08 15:21:41
                Time zone: Europe/Berlin (CET, +0100)
System clock synchronized: yes <- it works
              NTP service: active
          RTC in local TZ: no

systemd: So WHAT NTP time server does systemd use per default?

no one knows.

https://manpages.debian.org/bullseye/systemd/systemd-system.conf.5.en.html “The default configuration is defined during compilation, so a configuration file is only needed when it is necessary to deviate from those defaults. By default, the configuration file in /etc/systemd/ contains commented out entries showing the defaults as a guide to the administrator. This file can be edited to create local overrides.”

so NTP servers of sytemd are somewhat “hardcoded” on buildtime, which is VERY strange behavior as any good service would surely write read config files per default and MAYBE use the local Fritzbox NTP server 192.168.0.1 per default but no.

According to wireshark systemd-timesyncd is sugin this server: no idea who is running those servers https://www.ntppool.org/it/scores/178.63.52.50 https://www.whois.com/whois/178.63.52.50

No.	Time	Source	Destination	Protocol	Length	Info
12	4.774228252	192.168.0.XX	178.63.52.50	NTP	90	NTP Version 4, client
13	4.811397099	178.63.52.50	192.168.0.XX	NTP	90	NTP Version 4, server

    Destination Address: 178.63.52.50
User Datagram Protocol, Src Port: 52165, Dst Port: 123
    Source Port: 52165
    Destination Port: 123
    Length: 56
    Checksum: 0x92c3 [unverified]
    UDP payload (48 bytes)
Network Time Protocol (NTP Version 4, client)

specify ntp server to use:

su - root
cp -rv /etc/systemd/timesyncd.conf /etc/systemd/timesyncd.conf.backup

echo '                        
[Time]
NTP=192.168.0.1
FallbackNTP=0.debian.pool.ntp.org 1.debian.pool.ntp.org 2.debian.pool.ntp.org 3.debian.pool.ntp.org
' >> /etc/systemd/timesyncd.conf

systemctl restart  systemd-timesyncd

confirm it works:

Debian 11

ntp things have changed a bit in Debian 11 (search)

ntp is not installed per default anymore

hostnamectl; # tested on
Operating System: Debian GNU/Linux 10 (buster)
Kernel: Linux 4.19.0-18-amd64
Architecture: x86-64

# but also on Debian 11
su - root
apt update
apt install ntp
systemctl restart ntp
ntpq -p; # check diff

vim /etc/ntp.conf; # should look something like (here custom ntp servers can be specified)
# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help

driftfile /var/lib/ntp/ntp.drift

# Leap seconds definition provided by tzdata
leapfile /usr/share/zoneinfo/leap-seconds.list

# Enable this if you want statistics to be logged.
#statsdir /var/log/ntpstats/

statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable


# You do need to talk to an NTP server or two (or three).
#server ntp.your-provider.example

# pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server will
# pick a different set every time it starts up.  Please consider joining the
# pool: <http://www.pool.ntp.org/join.html>
pool 0.debian.pool.ntp.org iburst
pool 1.debian.pool.ntp.org iburst
pool 2.debian.pool.ntp.org iburst
pool 3.debian.pool.ntp.org iburst


# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
# details.  The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
# might also be helpful.
#
# Note that "restrict" applies to both servers and clients, so a configuration
# that might be intended to block requests from certain clients could also end
# up blocking replies from your own upstream servers.

# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery limited
restrict -6 default kod notrap nomodify nopeer noquery limited

# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1

# Needed for adding pool entries
restrict source notrap nomodify noquery

# Clients from this (example!) subnet have unlimited access, but only if
# cryptographically authenticated.
#restrict 192.168.123.0 mask 255.255.255.0 notrust


# If you want to provide time to your local subnet, change the next line.
# (Again, the address is an example only.)
#broadcast 192.168.123.255

# If you want to listen to time broadcasts on your local subnet, de-comment the
# next lines.  Please do this only if you trust everybody on the network!
#disable auth
#broadcastclient

creditz: https://www.server-world.info/en/note?os=Debian_11&p=ntp&f=1

Debian 9 and 10 and CentOS7 default time sync services:

Debian9-10 is using systemd-timesyncd

“It is possible to use systemd’s built-in timesyncd component to replace ntpd. timesyncd is a lighter-weight alternative to ntpd that is more integrated with systemd. Note, however, that it doesn’t support running as a time server, and it is slightly less sophisticated in the techniques it uses to keep your system time in sync. If you are running complex real-time distributed systems, you may want to stick with ntpd.” (src: digitalocean.com)

if timesyncd is already running on one’s system, check this out:

# tested on:
hostnamectl 
   Static hostname: DebianLaptop
   Operating System: Debian GNU/Linux 9 (stretch)
            Kernel: Linux 4.9.0-11-amd64
      Architecture: x86-64

# check if time is ntp synchronized
timedatectl 
      Local time: Tue 2019-09-10 10:45:42 CEST
  Universal time: Tue 2019-09-10 08:45:42 UTC
        RTC time: Tue 2019-09-10 08:45:42
       Time zone: Europe/Berlin (CEST, +0200)
 Network time on: yes
NTP synchronized: yes
 RTC in local TZ: no

# looks good
# who is synchronizing it?
systemctl is-active systemd-timesyncd
active
# (in debian9 it was in /usr/bin/systemctl)
# (in debian10 it is in /bin/systemctl)
# or the more detailed version:
systemctl status systemd-timesyncd

apt-cache show systemd-cron
Package: systemd-cron
Version: 1.5.8-1
Installed-Size: 132
Maintainer: Debian Systemd Maintainers <pkg-systemd-maintainers@lists.alioth.debian.org>
Architecture: amd64
Replaces: anacron, cron
Provides: anacron, cron-daemon
Depends: init-system-helpers (>= 1.18~), systemd-sysv (>= 212), python3:any, libc6 (>= 2.4)
Recommends: exim4 | mail-transport-agent
Conflicts: anacron, cron-daemon
Description-en: systemd units to provide cron daemon & anacron functionality
 Provides systemd units to run cron jobs in /etc/cron.hourly cron.daily
 cron.weekly and cron.monthly directories, without having cron
 or anacron installed.
 It also provides a generator that dynamicaly translate /etc/crontab,
 /etc/cron.d/* and user cronjobs in systemd units.
 Please notice this package provide a different set of features
 than Vixie-cron; trying to remain as simple as possible.
 By example, to avoid to run process through a wrapper,
 but have instead systemd run those dirrectly,
 it only send mails on error, including only a small blurb
 from the Journal; but doesn't send the full output of processes.
Description-md5: 9166fe2131f8908f5e74ff0ca4fbe742
Homepage: https://github.com/systemd-cron/systemd-cron
Section: admin
Priority: extra
Filename: pool/main/s/systemd-cron/systemd-cron_1.5.8-1_amd64.deb
Size: 33664
MD5sum: 8fe021481242711967b1f73b4519952e
SHA256: ddff3d5aa771a253b5176e0a4a20d03b344f3419905380225060851e0a4009a3

CentOS7:

# so this system is using systemd-timesyncd
# (default on debian10)
# CentOS7 is using chonyd
systemctl is-active chronyd
active
repoquery -i chrony.x86_64 

Name        : chrony
Version     : 3.2
Release     : 2.el7
Architecture: x86_64
Size        : 487489
Packager    : CentOS BuildSystem <http://bugs.centos.org>
Group       : System Environment/Daemons
URL         : https://chrony.tuxfamily.org
Repository  : base
Summary     : An NTP client/server
Source      : chrony-3.2-2.el7.src.rpm
Description :
A client/server for the Network Time Protocol, this program keeps your
computer's clock accurate. It was specially designed to support
systems with intermittent internet connections, but it also works well
in permanently connected environments. It can use also hardware reference
clocks, system real-time clock or manual input as time references.

# check if ntp service is active
systemctl is-active ntp
unknown
systemctl is-active ntpd
inactive

pre systemd style:

it is pretty much important to have a correct time on your system.

a lot of services might depend on it – certificates might be valid/invalid depending on your system’s time.

if cmos batteries get empty – your system will probably boot up with an incorrect date and time – which results into firefox not accepting a lot of SSL certificates.

check if your timezone is correct:

# show currently set timezone
timedatectl;
# list all available timezones: (works Centos7, Debian8, Suse12)
timedatectl list-timezones;

if not:

# permanently change timezone (works Centos7, Debian8, Suse12)
timedatectl set-timezone America/Chicago;

more info on linux timezones and files -> https://dwaves.de/2017/06/07/linux-time-zones-change-timezone/

manual mode – no internet

if your linux system is not connected to the internet. you can still adjust your time like this:

# manually set system clock to the specified date
date +%Y%m%d -s "20081128";
date +%T -s "10:13:13";
(creditz)

manual mode – with internet

ntpd is the ntp service running in the background using UDP port 123.

manually syncing with given time-server:

# debian8 install the software needed
apt-get install ntpdate;
# centos7
yum install ntpdate;
# suse12 has it preinstalled
# debian8 stop ntp service if installed
service ntp stop;
# centos7, suse12 stop ntp service if installed
service ntpd stop;
# manually synchronise with the given timeserver
ntpdate uk.pool.ntp.org;
12 Jun 15:12:20 ntpdate[5510]: adjust time server 188.39.213.7 offset -0.003300 sec
# or
ntpdate ptbtime1.ptb.de

(you could also use 1.pool.ntp.org or see this list of european timeservers)

update cmos-clock to internet time:

# on old debian
# get time from servers and update hardware clock
ntpdate && hwclock -w;

# on new debian (very confusing for me as well)
# update time from server
ntpd -q -g;
# sync system-time to cmos-hardware-realtime-clock (BIOS)
hwclock --systohc;

you know should have an accurate clock set.

how to check if “time is right”:

you can fiddle around with aliases and refresh output time on your terminal every second… then compare it to:

https://www.uhrzeit.org/atomuhr.php

# set an bash-alias, you can put it at the end of /etc/bash.bashrc
alias datum="date '+DATE: %Y-%m-%d TIME: %H:%M:%S'";
# should give you:
datum;
DATE: 2015-06-19 TIME: 10:36:06; # IF THIS TIME IS STILL NOT CORRECT! YOU HAVE SET THE WRONG TIME-ZONE ;)

# display the current date and time every second, run this to compare time between two systems"
alias loopdatum="while true ; do datum ; sleep 1 ; clear; done"

# clock on the terminal, will show current date and time and update every second
loopdatum;

ntp internet time sync service

to automate this process – install and config :

# debian8, update software package list
apt-get update;
# debian8, install tools to update the time from timeservers
apt-get install ntp;

# centos7 redhat
yum install ntp;
# suse12 has it preinstalled but not started per default?

# edit network time protocol config
vim /etc/ntp.conf

# add those if you are in Germany (de)
# if you are in China use (cn)
# check out: http://www.pool.ntp.org/en/ for more servers
server 0.de.pool.ntp.org
server 1.de.pool.ntp.org
server 2.de.pool.ntp.org
server 3.de.pool.ntp.org

ESC :wq # vim save and quit

# debian8
service ntp restart;
# centos7, suse12
service ntpd restart;
# query the service
ntpdc -c sysinfo;
system peer: stratum2-4.ntp.techfak.net
system peer mode: client
leap indicator: 00
stratum: 3
precision: -21
root distance: 0.03188 s
root dispersion: 0.02847 s
reference ID: [129.70.132.37]
reference time: dce92737.5c99f8b6 Mon, Jun 12 2017 16:44:07.361
system flags: auth monitor ntp kernel stats
jitter: 0.001678 s
stability: 0.000 ppm
broadcastdelay: 0.000000 s
authdelay: 0.000000 s

drift

The units for the drift file are “PPM”, or “parts per million”. Your clock will drift due to fluctuations in the frequency oscillating the quartz crystal on your motherboard. A fluctuation of just 0.001% (0.00001, or 10 PPM) means losing or gaining about 1 second per day. NTP has finer grained control than that, so we look at errors of margin using 0.0001% (0.000001, or 1 PPM). Thus:

  • 1 PPM = 1 part per million = 1 microsecond per second = 3.6ms per hour = 86.4ms per day

Thus, my drift file shows the value of “2.643” which means my clock is off by 2.643 parts per million, which means it’s currently off at 228.3552ms per day.

(creditz)

root@Debian8:~# find / -name *drift*
/var/lib/ntp/ntp.drift
(raspberry pi, raspian does not have this file)
# contains one number

12.249

suse12:~ # find / -name *drift*

# is actually an empty directory
/var/lib/ntp/drift/

[root@CentOS7 ~]# find / -name *drift*
/var/lib/chrony/drift

# contains two numbers
-6.192941 0.864764

raspberry pi / raspian

read time directly from rtc module

hwclock -r

update rtc module time from system time (system time should be regularly updated by ntp from the internet if your pi is networked):

hwclock -w

update system time from the rtc module (this should happen on startup):

hwclock -s

and the most fun of all – monitor the “drift” between your system clock and the rtc module:

hwclock -c

src: https://www.raspberrypi.org/forums/viewtopic.php?t=161133

ntpdc

“ntpdc is used to query the ntpd daemon about its current state and to request changes in that state.”

ntpdc.man.txt

[root@CentOS7 ~]# ntpdc
ntpdc> ?
ntpdc commands:
addpeer controlkey fudge keytype quit timeout
addrefclock ctlstats help listpeers readkeys timerstats
addserver debug host loopinfo requestkey traps
addtrap delay hostnames memstats reset trustedkey
authinfo delrestrict ifreload monlist reslist unconfig
broadcast disable ifstats passwd restrict unrestrict
clkbug dmpeers iostats peers showpeer untrustedkey
clockstat enable kerninfo preset sysinfo version
clrtrap exit keyid pstats sysstats

ntpdc> sysinfo
system peer: fry.celeborn.de
system peer mode: client
leap indicator: 00
stratum: 3
precision: -22
root distance: 0.02762 s
root dispersion: 0.02179 s
reference ID: [5.9.39.18]
reference time: dce927b8.1ff64375 Mon, Jun 12 2017 16:46:16.124
system flags: auth ntp kernel stats
jitter: 0.000916 s
stability: 0.000 ppm
broadcastdelay: 0.000000 s
authdelay: 0.000000 s

ntpdc> peers
remote local st poll reach delay offset disp
=======================================================================
=a.fraho.eu 172.20.0.28 2 128 377 0.01935 -0.002890 0.05922
=panel1.web2.clu 172.20.0.28 3 128 263 0.02681 -0.002592 0.26141
*fry.celeborn.de 172.20.0.28 2 128 377 0.01898 -0.001185 0.06007
=schubhart.de 172.20.0.28 2 128 377 0.01965 -0.000614 0.05923

ntpdc> monlist
***Server reports data not found
ntpdc>

root@Debian8:~# ntpdc
ntpdc> ?
ntpdc commands:
addpeer controlkey fudge keytype quit timeout
addrefclock ctlstats help listpeers readkeys timerstats
addserver debug host loopinfo requestkey traps
addtrap delay hostnames memstats reset trustedkey
authinfo delrestrict ifreload monlist reslist unconfig
broadcast disable ifstats passwd restrict unrestrict
clkbug dmpeers iostats peers showpeer untrustedkey
clockstat enable kerninfo preset sysinfo version
clrtrap exit keyid pstats sysstats

ntpdc> sysinfo
system peer: stratum2-4.ntp.techfak.net
system peer mode: client
leap indicator: 00
stratum: 3
precision: -21
root distance: 0.03188 s
root dispersion: 0.03285 s
reference ID: [129.70.132.37]
reference time: dce92737.5c99f8b6 Mon, Jun 12 2017 16:44:07.361
system flags: auth monitor ntp kernel stats
jitter: 0.000397 s
stability: 0.000 ppm
broadcastdelay: 0.000000 s
authdelay: 0.000000 s

ntpdc> peers
remote local st poll reach delay offset disp
=======================================================================
=www.kashra.com 172.20.0.12 2 64 377 0.03763 -0.010891 0.04443
*stratum2-4.ntp. 172.20.0.12 2 64 377 0.03146 -0.004789 0.06937
=beatrix.stbuehl 172.20.0.12 2 64 377 0.02075 -0.004044 0.04964
=vel.itat.io 172.20.0.12 2 64 377 0.01944 -0.004490 0.05391

ntpdc> monlist
remote address port local address count m ver rstr avgint lstint
===============================================================================
www.kashra.com 123 172.20.0.12 13 4 4 1d0 40 50
vel.itat.io 123 172.20.0.12 12 4 4 1d0 43 51
beatrix.stbuehler.de 123 172.20.0.12 13 4 4 1d0 40 55
stratum2-4.ntp.techfak 123 172.20.0.12 13 4 4 1d0 40 56
ntpdc>

 

manpages:

ntpdate.man.txt

ntpdate sets the local date and time by polling the Network Time Protocol (NTP) server(s) given as the server arguments to determine the correct time.

ntpd.man.txt

The ntpd program is an operating system daemon which sets and maintains the system time of day in synchronism with Internet standard time servers.

ntpq.man.txt

The ntpq utility program is used to monitor NTP daemon ntpd operations and determine performance

ntptrace.man.txt (debian8 and suse12, not available under centos7)

ntptrace determines where a given Network Time Protocol (NTP) server gets its time from, and follows the chain of NTP servers back to their master time source.

under centos7, redhat it needs to be installed first

yum install ntp-perl; #

example output:

suse12:~ # ntptrace
localhost: stratum 16, offset 0.000000, synch distance 0.004860

root@Debian8:# ntptrace
localhost: stratum 3, offset -0.002552, synch distance 0.022178
ntp.uni-oldenburg.de: stratum 2, offset 0.002457, synch distance 0.004666
192.53.103.108: timed out, nothing received
***Request timed out

errors:

ntptrace
ntpq: read: Connection refused

this is because ntp service is not running

service ntp start; # debian8

service ntpd start; # centos7, suse12

findings:

debian8 and centos7 pretty much got the same time… but suse12 was lagging 10 seconds behind? 😀

ntpdate also reports this but does not update the hardware clock?

suse12:/# ntpdate 0.pool.ntp.org
12 Jun 15:55:45 ntpdate[6539]: 5.45.108.27 rate limit response from server.
12 Jun 15:56:00 ntpdate[6539]: step time server 82.100.248.10 offset 10.733941 sec

Links:

https://dwaves.de/2017/06/07/linux-time-zones-change-timezone/

https://dwaves.de/2017/06/12/iconv-allows-file-conversion-between-charsets-encodings-utf-8-t-iso-8859-1/

http://wiki.hetzner.de/index.php/Uhrzeit_synchronisieren_mit_NTP/en

http://www.pool.ntp.org/en/use.html

http://www.pool.ntp.org/zone/europe

 

liked this article?

  • only together we can create a truly free world
  • plz support dwaves to keep it up & running!
  • (yes the info on the internet is (mostly) free but beer is still not free (still have to work on that))
  • really really hate advertisement
  • contribute: whenever a solution was found, blog about it for others to find!
  • talk about, recommend & link to this blog and articles
  • thanks to all who contribute!
admin