From 95fa107a55a90b48418cb07ff2362ee069552004 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20Mass=C3=A9?= Date: Fri, 29 Mar 2019 11:00:44 +0100 Subject: [PATCH] 2019-03-29 update --- content/blog/is-my-ntp-daemon-working.md | 118 +++++++++++++++++++++++ 1 file changed, 118 insertions(+) create mode 100644 content/blog/is-my-ntp-daemon-working.md diff --git a/content/blog/is-my-ntp-daemon-working.md b/content/blog/is-my-ntp-daemon-working.md new file mode 100644 index 0000000..fcc0447 --- /dev/null +++ b/content/blog/is-my-ntp-daemon-working.md @@ -0,0 +1,118 @@ +--- +title: "Is my NTP daemon working?" +date: 2019-03-29T00:00:00+02:00 +opensource: +- Fedora +--- + +If the time on your workstation or server is not stable, strange errors might +appear, such as: + +```raw +$ tar zxvf /tmp/archive.tgz +tar: my-file: time stamp 2019-03-28 14:04:45 is 0.042713488 s in the future +``` + +This can happen when your [NTP](https://en.wikipedia.org/wiki/Network_Time_Protocol) +daemon is not synchronized. This means it cannot reliably determine the current +time. + +First, make sure your NTP daemon is started: + +```sh +$ sudo systemctl status ntpd +● ntpd.service - Network Time Service + Loaded: loaded (/usr/lib/systemd/system/ntpd.service; enabled; vendor preset: disabled) + Active: active (running) since Thu 2019-03-28 17:13:10 CET; 16h ago + Process: 33844 ExecStart=/usr/sbin/ntpd -u ntp:ntp $OPTIONS (code=exited, status=0/SUCCESS) + Main PID: 33845 (ntpd) + Tasks: 1 + Memory: 924.0K + CGroup: /system.slice/ntpd.service + └─33845 /usr/sbin/ntpd -u ntp:ntp -g +``` + +For your NTP daemon to be started, the state must be `active (running)`. + +Then, you can query its status with the `ntpdc` command: + +```raw +$ sudo ntpdc -c sysinfo +system peer: www.almaprovence.fr +system peer mode: client +leap indicator: 00 +stratum: 3 +precision: -25 +root distance: 0.00130 s +root dispersion: 0.02950 s +reference ID: [212.83.145.32] +reference time: e0485cce.58fb4baf Fri, Mar 29 2019 9:58:54.347 +system flags: auth ntp kernel stats +jitter: 0.000259 s +stability: 0.000 ppm +broadcastdelay: 0.000000 s +authdelay: 0.000000 s +``` + +In this output, you need to check the **stratum**. + +The stratum tells you how far you are from the reference clock (the world +[atomic clock](https://en.wikipedia.org/wiki/Atomic_clock)). The closer you are, +the lower is the `stratum` and the more stable your clock will be. + +Usually, your stratum will be between 3 and 5. By convention, 16 means +"unsynchronized". + +You can query the list of peers your NTP daemon is synchronized to with the +`ntpq` command: + +```raw +$ sudo ntpq -c peers + remote refid st t when poll reach delay offset jitter +============================================================================== +-stardust.ploup. 195.13.23.5 3 u 782 1024 377 4.272 -1.984 2.479 ++server.bertold. 193.190.230.66 2 u 679 1024 377 4.235 -0.152 0.629 +*www.almaprovenc 145.238.203.14 2 u 854 1024 377 0.321 -0.225 0.502 ++ns.rail.eu.org 138.96.64.10 2 u 563 1024 377 0.455 0.413 0.630 +``` + +Again, check the `st` column (abbreviation for `stratum`) and make sure your +peers have a correct stratum. As above, 16 means "unsynchronized". + +The `offset` and `jitter` column are also useful: + +- the `offset` tells you how far away in time your peers are. +- the `jitter` tells you how stable your peers are. + +Last but not least, you can troubleshoot network issues with the `ntpdate` +command. + +For the test to be meaningful, you need to shut down temporarily the NTP +daemon: + +```sh +sudo systemctl stop ntpd +``` + +Then, run the ntpdate command: + +```sh +$ sudo ntpdate -q 0.rhel.pool.ntp.org +server 91.121.88.161, stratum 2, offset -0.000393, delay 0.02974 +server 129.250.35.251, stratum 2, offset 0.004071, delay 0.02733 +server 5.196.192.58, stratum 2, offset -0.005378, delay 0.03003 +server 51.15.182.163, stratum 2, offset 0.000207, delay 0.02658 +29 Mar 10:45:09 ntpdate[121271]: adjust time server 51.15.182.163 offset 0.000207 sec +``` + +It is important to shut down the NTP daemon and run the `ntpdate` command +with `sudo` in order for ntpdate to successfully bind to the NTP port, `123`. + +If the `ntpdate` command fails, it is a strong indication that there is a network +issue between your host and the NTP peers. + +After this step, do not forget to restart your NTP daemon: + +```sh +sudo systemctl start ntpd +```