Debian 12
as systemd is installed per default but not the time-sync service #wtf?
su - root apt install systemd-timesyncd timedatectl set-timezone Europe/Berlin systemctl status systemd-timesyncd timedatectl; # check if sync is on Local time: Fri 2023-12-08 16:21:41 CET Universal time: Fri 2023-12-08 15:21:41 UTC RTC time: Fri 2023-12-08 15:21:41 Time zone: Europe/Berlin (CET, +0100) System clock synchronized: yes <- it works NTP service: active RTC in local TZ: no
systemd: So WHAT NTP time server does systemd use per default?
no one knows.
https://manpages.debian.org/bullseye/systemd/systemd-system.conf.5.en.html “The default configuration is defined during compilation, so a configuration file is only needed when it is necessary to deviate from those defaults. By default, the configuration file in /etc/systemd/ contains commented out entries showing the defaults as a guide to the administrator. This file can be edited to create local overrides.”
so NTP servers of sytemd are somewhat “hardcoded” on buildtime, which is VERY strange behavior as any good service would surely write read config files per default and MAYBE use the local Fritzbox NTP server 192.168.0.1 per default but no.
According to wireshark systemd-timesyncd is sugin this server: no idea who is running those servers https://www.ntppool.org/it/scores/178.63.52.50 https://www.whois.com/whois/178.63.52.50
No. Time Source Destination Protocol Length Info 12 4.774228252 192.168.0.XX 178.63.52.50 NTP 90 NTP Version 4, client 13 4.811397099 178.63.52.50 192.168.0.XX NTP 90 NTP Version 4, server Destination Address: 178.63.52.50 User Datagram Protocol, Src Port: 52165, Dst Port: 123 Source Port: 52165 Destination Port: 123 Length: 56 Checksum: 0x92c3 [unverified] UDP payload (48 bytes) Network Time Protocol (NTP Version 4, client)
specify ntp server to use:
su - root cp -rv /etc/systemd/timesyncd.conf /etc/systemd/timesyncd.conf.backup echo ' [Time] NTP=192.168.0.1 FallbackNTP=0.debian.pool.ntp.org 1.debian.pool.ntp.org 2.debian.pool.ntp.org 3.debian.pool.ntp.org ' >> /etc/systemd/timesyncd.conf systemctl restart systemd-timesyncd
Debian 11
ntp things have changed a bit in Debian 11 (search)
ntp is not installed per default anymore
hostnamectl; # tested on Operating System: Debian GNU/Linux 10 (buster) Kernel: Linux 4.19.0-18-amd64 Architecture: x86-64 # but also on Debian 11 su - root apt update apt install ntp systemctl restart ntp ntpq -p; # check diff vim /etc/ntp.conf; # should look something like (here custom ntp servers can be specified) # /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help driftfile /var/lib/ntp/ntp.drift # Leap seconds definition provided by tzdata leapfile /usr/share/zoneinfo/leap-seconds.list # Enable this if you want statistics to be logged. #statsdir /var/log/ntpstats/ statistics loopstats peerstats clockstats filegen loopstats file loopstats type day enable filegen peerstats file peerstats type day enable filegen clockstats file clockstats type day enable # You do need to talk to an NTP server or two (or three). #server ntp.your-provider.example # pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will # pick a different set every time it starts up. Please consider joining the # pool: <http://www.pool.ntp.org/join.html> pool 0.debian.pool.ntp.org iburst pool 1.debian.pool.ntp.org iburst pool 2.debian.pool.ntp.org iburst pool 3.debian.pool.ntp.org iburst # Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for # details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions> # might also be helpful. # # Note that "restrict" applies to both servers and clients, so a configuration # that might be intended to block requests from certain clients could also end # up blocking replies from your own upstream servers. # By default, exchange time with everybody, but don't allow configuration. restrict -4 default kod notrap nomodify nopeer noquery limited restrict -6 default kod notrap nomodify nopeer noquery limited # Local users may interrogate the ntp server more closely. restrict 127.0.0.1 restrict ::1 # Needed for adding pool entries restrict source notrap nomodify noquery # Clients from this (example!) subnet have unlimited access, but only if # cryptographically authenticated. #restrict 192.168.123.0 mask 255.255.255.0 notrust # If you want to provide time to your local subnet, change the next line. # (Again, the address is an example only.) #broadcast 192.168.123.255 # If you want to listen to time broadcasts on your local subnet, de-comment the # next lines. Please do this only if you trust everybody on the network! #disable auth #broadcastclient
creditz: https://www.server-world.info/en/note?os=Debian_11&p=ntp&f=1
Debian 9 and 10 and CentOS7 default time sync services:
Debian9-10 is using systemd-timesyncd
“It is possible to use systemd’s built-in timesyncd component to replace ntpd. timesyncd is a lighter-weight alternative to ntpd that is more integrated with systemd. Note, however, that it doesn’t support running as a time server, and it is slightly less sophisticated in the techniques it uses to keep your system time in sync. If you are running complex real-time distributed systems, you may want to stick with ntpd.” (src: digitalocean.com)
if timesyncd is already running on one’s system, check this out:
# tested on: hostnamectl Static hostname: DebianLaptop Operating System: Debian GNU/Linux 9 (stretch) Kernel: Linux 4.9.0-11-amd64 Architecture: x86-64 # check if time is ntp synchronized timedatectl Local time: Tue 2019-09-10 10:45:42 CEST Universal time: Tue 2019-09-10 08:45:42 UTC RTC time: Tue 2019-09-10 08:45:42 Time zone: Europe/Berlin (CEST, +0200) Network time on: yes NTP synchronized: yes RTC in local TZ: no # looks good # who is synchronizing it? systemctl is-active systemd-timesyncd active # (in debian9 it was in /usr/bin/systemctl) # (in debian10 it is in /bin/systemctl) # or the more detailed version: systemctl status systemd-timesyncd apt-cache show systemd-cron Package: systemd-cron Version: 1.5.8-1 Installed-Size: 132 Maintainer: Debian Systemd Maintainers <pkg-systemd-maintainers@lists.alioth.debian.org> Architecture: amd64 Replaces: anacron, cron Provides: anacron, cron-daemon Depends: init-system-helpers (>= 1.18~), systemd-sysv (>= 212), python3:any, libc6 (>= 2.4) Recommends: exim4 | mail-transport-agent Conflicts: anacron, cron-daemon Description-en: systemd units to provide cron daemon & anacron functionality Provides systemd units to run cron jobs in /etc/cron.hourly cron.daily cron.weekly and cron.monthly directories, without having cron or anacron installed. It also provides a generator that dynamicaly translate /etc/crontab, /etc/cron.d/* and user cronjobs in systemd units. Please notice this package provide a different set of features than Vixie-cron; trying to remain as simple as possible. By example, to avoid to run process through a wrapper, but have instead systemd run those dirrectly, it only send mails on error, including only a small blurb from the Journal; but doesn't send the full output of processes. Description-md5: 9166fe2131f8908f5e74ff0ca4fbe742 Homepage: https://github.com/systemd-cron/systemd-cron Section: admin Priority: extra Filename: pool/main/s/systemd-cron/systemd-cron_1.5.8-1_amd64.deb Size: 33664 MD5sum: 8fe021481242711967b1f73b4519952e SHA256: ddff3d5aa771a253b5176e0a4a20d03b344f3419905380225060851e0a4009a3
CentOS7:
# so this system is using systemd-timesyncd # (default on debian10) # CentOS7 is using chonyd systemctl is-active chronyd active repoquery -i chrony.x86_64 Name : chrony Version : 3.2 Release : 2.el7 Architecture: x86_64 Size : 487489 Packager : CentOS BuildSystem <http://bugs.centos.org> Group : System Environment/Daemons URL : https://chrony.tuxfamily.org Repository : base Summary : An NTP client/server Source : chrony-3.2-2.el7.src.rpm Description : A client/server for the Network Time Protocol, this program keeps your computer's clock accurate. It was specially designed to support systems with intermittent internet connections, but it also works well in permanently connected environments. It can use also hardware reference clocks, system real-time clock or manual input as time references. # check if ntp service is active systemctl is-active ntp unknown systemctl is-active ntpd inactive
pre systemd style:
it is pretty much important to have a correct time on your system.
a lot of services might depend on it – certificates might be valid/invalid depending on your system’s time.
if cmos batteries get empty – your system will probably boot up with an incorrect date and time – which results into firefox not accepting a lot of SSL certificates.
check if your timezone is correct:
# show currently set timezone timedatectl; # list all available timezones: (works Centos7, Debian8, Suse12) timedatectl list-timezones;
if not:
# permanently change timezone (works Centos7, Debian8, Suse12)
timedatectl set-timezone America/Chicago;
more info on linux timezones and files -> https://dwaves.de/2017/06/07/linux-time-zones-change-timezone/
manual mode – no internet
if your linux system is not connected to the internet. you can still adjust your time like this:
# manually set system clock to the specified date date +%Y%m%d -s "20081128"; date +%T -s "10:13:13"; (creditz)
manual mode – with internet
ntpd is the ntp service running in the background using UDP port 123.
manually syncing with given time-server:
# debian8 install the software needed apt-get install ntpdate; # centos7 yum install ntpdate; # suse12 has it preinstalled # debian8 stop ntp service if installed service ntp stop; # centos7, suse12 stop ntp service if installed service ntpd stop; # manually synchronise with the given timeserver ntpdate uk.pool.ntp.org; 12 Jun 15:12:20 ntpdate[5510]: adjust time server 188.39.213.7 offset -0.003300 sec # or ntpdate ptbtime1.ptb.de
(you could also use 1.pool.ntp.org or see this list of european timeservers)
update cmos-clock to internet time:
# on old debian # get time from servers and update hardware clock ntpdate && hwclock -w; # on new debian (very confusing for me as well) # update time from server ntpd -q -g;
# sync system-time to cmos-hardware-realtime-clock (BIOS)
hwclock --systohc;
you know should have an accurate clock set.
how to check if “time is right”:
you can fiddle around with aliases and refresh output time on your terminal every second… then compare it to:
https://www.uhrzeit.org/atomuhr.php
# set an bash-alias, you can put it at the end of /etc/bash.bashrc alias datum="date '+DATE: %Y-%m-%d TIME: %H:%M:%S'"; # should give you: datum; DATE: 2015-06-19 TIME: 10:36:06; # IF THIS TIME IS STILL NOT CORRECT! YOU HAVE SET THE WRONG TIME-ZONE ;) # display the current date and time every second, run this to compare time between two systems" alias loopdatum="while true ; do datum ; sleep 1 ; clear; done" # clock on the terminal, will show current date and time and update every second loopdatum;
ntp internet time sync service
to automate this process – install and config :
# debian8, update software package list apt-get update; # debian8, install tools to update the time from timeservers apt-get install ntp; # centos7 redhat yum install ntp; # suse12 has it preinstalled but not started per default? # edit network time protocol config vim /etc/ntp.conf # add those if you are in Germany (de) # if you are in China use (cn) # check out: http://www.pool.ntp.org/en/ for more servers
server 0.de.pool.ntp.org server 1.de.pool.ntp.org server 2.de.pool.ntp.org server 3.de.pool.ntp.org ESC :wq # vim save and quit # debian8 service ntp restart; # centos7, suse12 service ntpd restart; # query the service ntpdc -c sysinfo; system peer: stratum2-4.ntp.techfak.net system peer mode: client leap indicator: 00 stratum: 3 precision: -21 root distance: 0.03188 s root dispersion: 0.02847 s reference ID: [129.70.132.37] reference time: dce92737.5c99f8b6 Mon, Jun 12 2017 16:44:07.361 system flags: auth monitor ntp kernel stats jitter: 0.001678 s stability: 0.000 ppm broadcastdelay: 0.000000 s authdelay: 0.000000 s
drift
The units for the drift file are “PPM”, or “parts per million”. Your clock will drift due to fluctuations in the frequency oscillating the quartz crystal on your motherboard. A fluctuation of just 0.001% (0.00001, or 10 PPM) means losing or gaining about 1 second per day. NTP has finer grained control than that, so we look at errors of margin using 0.0001% (0.000001, or 1 PPM). Thus:
- 1 PPM = 1 part per million = 1 microsecond per second = 3.6ms per hour = 86.4ms per day
Thus, my drift file shows the value of “2.643” which means my clock is off by 2.643 parts per million, which means it’s currently off at 228.3552ms per day.
(creditz)
root@Debian8:~# find / -name *drift* /var/lib/ntp/ntp.drift (raspberry pi, raspian does not have this file) # contains one number 12.249 suse12:~ # find / -name *drift* # is actually an empty directory /var/lib/ntp/drift/ [root@CentOS7 ~]# find / -name *drift* /var/lib/chrony/drift # contains two numbers -6.192941 0.864764
raspberry pi / raspian
read time directly from rtc module
hwclock -r
update rtc module time from system time (system time should be regularly updated by ntp from the internet if your pi is networked):
hwclock -w
update system time from the rtc module (this should happen on startup):
hwclock -s
and the most fun of all – monitor the “drift” between your system clock and the rtc module:
hwclock -c
src: https://www.raspberrypi.org/forums/viewtopic.php?t=161133
ntpdc
“ntpdc is used to query the ntpd daemon about its current state and to request changes in that state.”
[root@CentOS7 ~]# ntpdc ntpdc> ? ntpdc commands: addpeer controlkey fudge keytype quit timeout addrefclock ctlstats help listpeers readkeys timerstats addserver debug host loopinfo requestkey traps addtrap delay hostnames memstats reset trustedkey authinfo delrestrict ifreload monlist reslist unconfig broadcast disable ifstats passwd restrict unrestrict clkbug dmpeers iostats peers showpeer untrustedkey clockstat enable kerninfo preset sysinfo version clrtrap exit keyid pstats sysstats ntpdc> sysinfo system peer: fry.celeborn.de system peer mode: client leap indicator: 00 stratum: 3 precision: -22 root distance: 0.02762 s root dispersion: 0.02179 s reference ID: [5.9.39.18] reference time: dce927b8.1ff64375 Mon, Jun 12 2017 16:46:16.124 system flags: auth ntp kernel stats jitter: 0.000916 s stability: 0.000 ppm broadcastdelay: 0.000000 s authdelay: 0.000000 s ntpdc> peers remote local st poll reach delay offset disp ======================================================================= =a.fraho.eu 172.20.0.28 2 128 377 0.01935 -0.002890 0.05922 =panel1.web2.clu 172.20.0.28 3 128 263 0.02681 -0.002592 0.26141 *fry.celeborn.de 172.20.0.28 2 128 377 0.01898 -0.001185 0.06007 =schubhart.de 172.20.0.28 2 128 377 0.01965 -0.000614 0.05923 ntpdc> monlist ***Server reports data not found ntpdc> root@Debian8:~# ntpdc ntpdc> ? ntpdc commands: addpeer controlkey fudge keytype quit timeout addrefclock ctlstats help listpeers readkeys timerstats addserver debug host loopinfo requestkey traps addtrap delay hostnames memstats reset trustedkey authinfo delrestrict ifreload monlist reslist unconfig broadcast disable ifstats passwd restrict unrestrict clkbug dmpeers iostats peers showpeer untrustedkey clockstat enable kerninfo preset sysinfo version clrtrap exit keyid pstats sysstats ntpdc> sysinfo system peer: stratum2-4.ntp.techfak.net system peer mode: client leap indicator: 00 stratum: 3 precision: -21 root distance: 0.03188 s root dispersion: 0.03285 s reference ID: [129.70.132.37] reference time: dce92737.5c99f8b6 Mon, Jun 12 2017 16:44:07.361 system flags: auth monitor ntp kernel stats jitter: 0.000397 s stability: 0.000 ppm broadcastdelay: 0.000000 s authdelay: 0.000000 s ntpdc> peers remote local st poll reach delay offset disp ======================================================================= =www.kashra.com 172.20.0.12 2 64 377 0.03763 -0.010891 0.04443 *stratum2-4.ntp. 172.20.0.12 2 64 377 0.03146 -0.004789 0.06937 =beatrix.stbuehl 172.20.0.12 2 64 377 0.02075 -0.004044 0.04964 =vel.itat.io 172.20.0.12 2 64 377 0.01944 -0.004490 0.05391 ntpdc> monlist remote address port local address count m ver rstr avgint lstint =============================================================================== www.kashra.com 123 172.20.0.12 13 4 4 1d0 40 50 vel.itat.io 123 172.20.0.12 12 4 4 1d0 43 51 beatrix.stbuehler.de 123 172.20.0.12 13 4 4 1d0 40 55 stratum2-4.ntp.techfak 123 172.20.0.12 13 4 4 1d0 40 56 ntpdc>
manpages:
ntpdate sets the local date and time by polling the Network Time Protocol (NTP) server(s) given as the server arguments to determine the correct time.
The ntpd program is an operating system daemon which sets and maintains the system time of day in synchronism with Internet standard time servers.
The ntpq utility program is used to monitor NTP daemon ntpd operations and determine performance
ntptrace.man.txt (debian8 and suse12, not available under centos7)
ntptrace determines where a given Network Time Protocol (NTP) server gets its time from, and follows the chain of NTP servers back to their master time source.
under centos7, redhat it needs to be installed first
yum install ntp-perl; # example output: suse12:~ # ntptrace localhost: stratum 16, offset 0.000000, synch distance 0.004860 root@Debian8:# ntptrace localhost: stratum 3, offset -0.002552, synch distance 0.022178 ntp.uni-oldenburg.de: stratum 2, offset 0.002457, synch distance 0.004666 192.53.103.108: timed out, nothing received ***Request timed out
errors:
ntptrace ntpq: read: Connection refused
this is because ntp service is not running
service ntp start; # debian8 service ntpd start; # centos7, suse12
findings:
debian8 and centos7 pretty much got the same time… but suse12 was lagging 10 seconds behind? 😀
ntpdate also reports this but does not update the hardware clock?
suse12:/# ntpdate 0.pool.ntp.org
12 Jun 15:55:45 ntpdate[6539]: 5.45.108.27 rate limit response from server.
12 Jun 15:56:00 ntpdate[6539]: step time server 82.100.248.10 offset 10.733941 sec
Links:
https://dwaves.de/2017/06/07/linux-time-zones-change-timezone/
http://wiki.hetzner.de/index.php/Uhrzeit_synchronisieren_mit_NTP/en
http://www.pool.ntp.org/en/use.html
http://www.pool.ntp.org/zone/europe
liked this article?
- only together we can create a truly free world
- plz support dwaves to keep it up & running!
- (yes the info on the internet is (mostly) free but beer is still not free (still have to work on that))
- really really hate advertisement
- contribute: whenever a solution was found, blog about it for others to find!
- talk about, recommend & link to this blog and articles
- thanks to all who contribute!