Synchronize the local time with a time server

Installing ntpd
On a bigger network, having machines with a big difference in time (time offset) could result in problems or weird behaviour. In order to prevent this, you could/should use time synchronization to keep the time drift within reason. This is a small tutorial to show you how to do this.

Installation

On each machine you want to have your time synced to an NTP (time) server, install the ntp package:

apt-get install ntp

There is an overview of the available ntp servers Find the ntp servers near you and change the ntp.conf accordingly. In this case, the timeserver is a local server:

vi /etc/ntp.conf

driftfile /var/lib/ntp/ntp.drift
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
server 192.168.0.2
#pool 0.ubuntu.pool.ntp.org iburst
#pool 1.ubuntu.pool.ntp.org iburst
#pool 2.ubuntu.pool.ntp.org iburst
#pool 3.ubuntu.pool.ntp.org iburst
#pool ntp.ubuntu.com
interface drop all
interface listen enp0s25
restrict -4 default kod notrap nomodify nopeer noquery limited
restrict -6 default kod notrap nomodify nopeer noquery limited
restrict 127.0.0.1
restrict ::1
restrict source notrap nomodify noquery

Check ntp servers

To check if the ntp servers we chose in the previous paragraph are working, we use ntpq. According to the man page The ntpq utility program is used to monitor NTP daemon ntpd operations and determine performance.

ntpq -p

-p means print a list of the known peers, time servers and their status

Following is an example of the output if the servers aren't reachable.:

     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 ntp.ubuntu.com  .POOL.          16 p    -   64    0    0.000    0.000   0.000
 94.143.184.140  .INIT.          16 u    -   64    0    0.000    0.000   0.000
 213.251.52.185  .INIT.          16 u    -   64    0    0.000    0.000   0.000
 vodka.sublink.o .INIT.          16 u    -   64    0    0.000    0.000   0.000

An example of a succesful check:

     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 timeserver.    195.13.23.5       3 u   17   64    3    0.750    0.421   3.075

First time sync

After installation and the initial check we want to do a quick sync. To force a ntpd sync we'll use ntpd as ntpdate is deprecated. We need to stop the ntp service as otherwise the ntpd utility is not able to bind to the correct port.

Warning

ntpd[18339]: ntpd 4.2.8p4@1.3265-o Wed Feb 14 14:56:29 UTC 2018 (1): Starting ntpd[18339]: Command line: ntpd -gq ntpd[18339]: proto: precision = 0.055 usec (-24) ntpd[18339]: unable to bind to wildcard address :: - another process may be running - EXITING

To work around this, stop the process prior to executing the command and start it again afterwards:

systemctl stop ntp
ntpd -gq
systemctl start ntp

-gq means correct the time no matter the offset and exit after setting the time.

The output of a successful sync:

ntpd[29129]: ntpd 4.2.8p4@1.3265-o Wed Feb 14 14:56:29 UTC 2018 (1): Starting
ntpd[29129]: Command line: ntpd -gq
ntpd[29129]: proto: precision = 0.059 usec (-24)
ntpd[29129]: Listen and drop on 0 v6wildcard [::]:123
ntpd[29129]: Listen and drop on 1 v4wildcard 0.0.0.0:123
ntpd[29129]: Listen normally on 2 lo 127.0.0.1:123
ntpd[29129]: Listen normally on 3 enp0s25 192.168.0.3:123
ntpd[29129]: Listen normally on 4 lo [::1]:123
ntpd[29129]: Listen normally on 5 enp0s25 [a::b:c:d:e]:123
ntpd[29129]: Listening on routing socket on fd #22 for interface updates
ntpd[29129]: ntpd: time slew -0.049111 s

Logging

Chances are a lot of output from ntp is logged. An excerpt configured with several pool servers

ntpd[3145]: Listen and drop on 0 v6wildcard [::]:123
ntpd[3145]: Listen and drop on 1 v4wildcard 0.0.0.0:123
ntpd[3145]: Listen normally on 2 lo 127.0.0.1:123
ntpd[3145]: Listen normally on 3 enp0s25 192.168.0.3:123
ntpd[3145]: Listen normally on 4 lo [::1]:123
ntpd[3145]: Listen normally on 5 enp0s25 [a::b:c:d:e]:123
ntpd[3145]: Listening on routing socket on fd #22 for interface updates

ntpd[3145]: Soliciting pool server 193.190.253.212
ntpd[3145]: Soliciting pool server 51.255.138.215
...

To that end we will log ntp messages in a seperate file. We do this by specifying the -l parameter. Change this via the /etc/default/ntp file:

cat /etc/default/ntp
NTPD_OPTS='-g -l /var/log/ntp.log'

Restart ntp:

systemctl restart ntp
systemctl status ntp
- ntp.service - LSB: Start NTP daemon
   Loaded: loaded (/etc/init.d/ntp; bad; vendor preset: enabled)
   Active: active (running) since di 2018-04-10 13:36:03 CEST; 1s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 7668 ExecStop=/etc/init.d/ntp stop (code=exited, status=0/SUCCESS)
  Process: 7680 ExecStart=/etc/init.d/ntp start (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/ntp.service
           \u2514\u25007692 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -l /var/log/ntp.log -u 126:133

Next we need to restrict the size of the logfiles. Create a logrotate stanza:

vi /etc/logrotate.d/ntp

/var/log/ntp.log {
    size 500k
    rotate 5
    create
    notifempty
    missingok
    compress
    delaycompress
    sharedscripts
    postrotate
       systemctl restart ntp
    endscript
}

To test if the logrotate defined is working:

logrotate -d /etc/logrotate.conf