Transcription of NTP and htpdate Notes

Notes on `ntp` and `htpdate`

Russell Bateman
22 May 2013
last update:

These are notes I set down as I was sorting out problems with time drift between a Chef server and its clients.

Installing `ntp`

Sometimes this is as simple as...

    $ sudo apt-get install ntp

...but, often, there are dependencies that haven't been set up like...

    $ sudo apt-get install ntp
    Reading package lists... Done
    Building dependency tree
    Reading state information... Done
    You might want to run 'apt-get -f install' to correct these:
    The following packages have unmet dependencies:
     linux-headers-virtual : Depends: linux-headers-3.2.0-39-virtual but it is not going to be installed
     ntp : Depends: libcap2 (>= 2.10) but it is not going to be installed
           Depends: libopts25 (>= 1:5.12) but it is not going to be installed
    E: Unmet dependencies. Try 'apt-get -f install' with no packages (or specify a solution).

...which is surprising (since apt usually just meets the dependencies. Just do...

    $ sudo apt-get install linux-headers-3.2.0-39-virtual
    $ sudo apt-get install libcap2
# or
    $ sudo apt-get install linux-headers-3.2.0-39-virtual && sudo apt-get install libcap2 && sudo apt-get install ntp

...then retry the ntp installation ensuring that your time zone is correctly configured.

Set-up

The elements of the ntp set-up appear to be:

/etc/timezone: America/Denver

Packages:

    ntp      1:4.2.6.p3+dfsg-1ubuntu3.1   Network Time Protocol daemon and utility programs
    ntpdate  1:4.2.6.p3+dfsg-1ubuntu3.1   client for setting system time from NTP servers

/etc/ntp.conf: Maintained by ntp with information about how your system drifts:

    driftfile /var/lib/ntp/ntp.drift

The most basic /etc/ntp.conf lists at least two servers:

    # Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board
    # on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for
    # more information.
    server 0.ubuntu.pool.ntp.org
    server 1.ubuntu.pool.ntp.org
    server 2.ubuntu.pool.ntp.org
    server 3.ubuntu.pool.ntp.org
    server ntp.ubuntu.com

Stay away from mucking with restrict until well set up or you lock yourself out of synchronizing and not knowing why:

    restrict -4 default kod notrap nomodify nopeer noquery
    restrict -6 default kod notrap nomodify nopeer noquery
    restrict 127.0.0.1
    restrict ::1

/etc/ntp.conf, when behind a corporate firewall where there's only one time server available? I just comment out the default ones and add the one I know about:

    #server 0.ubuntu.pool.ntp.org
    #server 1.ubuntu.pool.ntp.org
    #server 2.ubuntu.pool.ntp.org
    #server 3.ubuntu.pool.ntp.org
    server 16.110.135.123

Working assumptions:

Every VM runs ntpd.
Set time manually using ntpdate.

Notes:

ntp performs small changes to catch current time up progressively. If too far adrift, manually catch it up.

Starting, bouncing or stopping...

On modern Ubuntu (Debian), upstart works, otherwise, the old way, tried and true:

    $ sudo service ntp [start|restart|stop|status]

    $ sudo /etc/init.d/ntp [start|restart|stop|status]

    $ sudo ps -ef | grep [n]tp
    ntp       2631     1  0 15:28 ?        00:00:00 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 108:115

Choosing (adjusting, correcting) timezone

    $ sudo dpkg-reconfigure tzdata

This is in /etc/timezone. Or, just edit this file and add something like:

    America/Denver

`htpdate`

It is impossible to use ntp behind a firewall (or proxy) because ntp operates via UDP port 123. You have to open UDP port 123 for it to work. This is perhaps rare.

If behind a corporate firewall, your company may have visible NTP servers. Enquire if this is so before using what amounts here to a sort-of hack.

There is a solution using HTTP called htpdate that plucks the date and time out of an HTTP reply packet. An apt solution exists at https://launchpad.net/~landronimirc/+archive/htpdate. You need to set up https_proxy in your environment to do this:

    $ sudo add-apt-repository ppa:landronimirc/htpdate
    $ sudo add-apt-repository --remove ppa:landronimirc/htpdate --removes this

Scrape of what happens when this is set up:

    $ sudo export https_proxy=https://web-proxy.austin.hp.com:8080
    $ sudo add-apt-repository ppa:landronimirc/htpdate
    You are about to add the following PPA to your system:
     In this PPA you will find binaries for htpdate, a nice time synchronization utility via HTTP. For more info see [1][2].
    [1] http://www.vervest.org/fiki/bin/view/HTP/DownloadC
    [2] http://en.gentoo-wiki.com/wiki/Time_Synchronization#htpdate
     More info: https://launchpad.net/~landronimirc/+archive/htpdate
    Press [ENTER] to continue or ctrl-c to cancel adding it

    Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /tmp/tmp.mVGoGJGg5i --trustdb-name \
		    /etc/apt/trustdb.gpg --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyserver \
				hkp://keyserver.ubuntu.com:80/ --recv 28773E94D114BC47F55B0333A80C8DFE23A187B2
    gpg: requesting key 23A187B2 from hkp server keyserver.ubuntu.com
    gpg: key 23A187B2: public key "Launchpad PPA for Landronimirc" imported
    gpg: Total number processed: 1
    gpg:               imported: 1  (RSA: 1)
    $ sudo apt-get update
    Hit http://dl.google.com stable Release.gpg
    Get:1 http://packages.linuxmint.com maya Release.gpg [197 B]
    Hit http://archive.ubuntu.com precise Release.gpg
    Hit http://dl.google.com stable Release
    Hit http://security.ubuntu.com precise-security Release.gpg
    Hit http://archive.ubuntu.com precise-updates Release.gpg
    Hit http://ppa.launchpad.net precise Release.gpg
    Hit http://archive.canonical.com precise Release.gpg
    .
    .
    .
    Ign http://packages.medibuntu.org precise/free Translation-en_US
    Ign http://packages.medibuntu.org precise/free Translation-en
    Ign http://packages.medibuntu.org precise/non-free Translation-en_US
    Ign http://packages.medibuntu.org precise/non-free Translation-en
    Fetched 159 kB in 12s (12.3 kB/s)
    Reading package lists... Done
    $ sudo apt-get install htpdate
    Reading package lists... Done
    Building dependency tree
    Reading state information... Done
    The following NEW packages will be installed:
      htpdate
    0 upgraded, 1 newly installed, 0 to remove and 19 not upgraded.
    Need to get 16.9 kB of archives.
    After this operation, 78.8 kB of additional disk space will be used.
    Get:1 http://ppa.launchpad.net/landronimirc/htpdate/ubuntu/ precise/main htpdate amd64 1.0.5-1~precise~ppa1 [16.9 kB]
    Fetched 16.9 kB in 0s (22.4 kB/s)
    Selecting previously unselected package htpdate.
    (Reading database ... 145097 files and directories currently installed.)
    Unpacking htpdate (from .../htpdate_1.0.5-1~precise~ppa1_amd64.deb) ...
    Processing triggers for man-db ...
    Processing triggers for ureadahead ...
    Setting up htpdate (1.0.5-1~precise~ppa1) ...
    update-rc.d: warning: /etc/init.d/htpdate missing LSB information
    update-rc.d: see 
    Starting HTTP Time Protocol daemon: htpdate.

What servers does this use? You can configure them using the -D option. By default, however, htpdate starts up with installation thus:

    $ sudo ps -ef | grep [h]tp
    root  27755  1  0 17:18 ?   00:00:00 /usr/bin/htpdate -D www.linux.org www.freebsd.org

Notes on ntp and htpdate

Installing ntp