State of the microserver HOWTO

Gary E. Miller gem at rellim.com
Tue Jun 7 21:52:27 UTC 2016 

Yo Frank!

Good input, net ntp.conf below.

On Tue, 7 Jun 2016 17:04:21 -0400
Frank Nicholas <frank at nicholasfamilycentral.com> wrote:

> > On Jun 7, 2016, at 4:52 PM, Gary E. Miller <gem at rellim.com> wrote:
> > 
> > peer 204.17.205.1 maxpoll 5 # catbert
> > peer 204.17.205.17 maxpoll 5 # pi2
> > #peer 204.17.205.23 maxpoll 5 # pi3
> > peer 204.17.205.27 maxpoll 5 # kong
> > peer 204.17.205.30 maxpoll 5
> > peer [2001:470:e815::8] maxpoll 5 # spider  
> 
> You are using IP addresses, instead of names resolved by DNS.

I never use DNS in the ntp.conf file.  Well, maybe in the case
I try out the pool.  Since I use DNSSEC on my DNS, there is sortof
a chicken and egg problem.

> This
> might confuse some.

Clearly, the second complaint today on this list.

I really want to include some local peers to demonstrate the ARP
issue.

>  Maybe either explain the logic or change the
> conf file to use DNS resolved names.  Most of the How To users will
> not/should not be using IP addresses - they won’t know what ones to
> use or why and won’t have other “local” sources to use.

I just added a section on the pool.

But remember, Eric asked for MY config, not what I think others should be
using.  I would hope we get a collection of slightly different ntp.conf
that are optimimized for different purposes, or levels of paranoia.

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem at rellim.com  Tel:+1 541 382 8588

# My RasPi 2/Adafruit HAT config.
# contributor: Gary E. Miller <gem at rellim.com
# date: 7 June 2016

# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for more help

# This configuration uses the shared-memory refclock (28), which is
# assumed to have gpsd on the other end.  Unit 0 is the in-band data,
# Unit 1 the PPS.

# I have a number of other GPS based chimers on my local network.  This
# configuration peers with them so I can compare their performace.

# for best performance, start ntpd last.  First start gpsd, and confirm 
# you have a good GPS # lock, Then confirm gpsd is supplying time to the 
# SHM interface.  Then you can start ntpd.

# I start gpsd this way:
#       # gpsd -n /dev/ttyAMA0
# check for GPS 3D fix this way:
#       # cgps
# check the SHM for good time:
#       # ntpshmmon
# Then start NTP
#       # ntpd -N -g

# save the clock drift when shutting down ntpd.
# this allows for faster NTP reconvergence after a restart
driftfile /var/lib/ntp/ntp.drift

# You want some logging, it will be useful later.
# 
# If you add the logging now, then you have the data when you figure
# out you want it.  If you wait until you want it then it is too late.  

statsdir /var/log/ntpstats/

statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable

logfile /var/log/ntpd.log  
logconfig =syncall +clockall +peerall +sysall

# we want some security
# do not let random people remotely modify your ntpd server
restrict default nomodify notrap nopeer noquery
restrict -6 default nomodify notrap nopeer noquery
# allow access from localhost, IPv4 and IPv6
restrict 127.0.0.1 mask 255.255.255.0
restrict -6 ::1
# replace this with your local IPv4 network
restrict 204.17.205.0 mask 255.255.255.0
# replace this with your local IPv6 network
restrict -6 [2001:470:e815::]/64

 
# The order of servers and peers in ntp.conf matters.
#
# On startup ntpd will take the first time it gets to set the system
# clock. If this first time is an imprecise clock, say derived from
# NMEA, then ntpd may takes days to restabilize.
# 
# The first time ntpd acquires will tend to be the ones higher up in
# the file with the lowest maxpoll.
# 
# So to work around this ntpd glitch put your best time sources high
# in the ntp.conf file, with your shortest maxpoll and your worst one
# at the bottom with higher maxpolls.
#
# A bug is open for this behavior:
# https://gitlab.com/NTPsec/ntpsec/issues/68


# PPS is first, it is the most precise.
# SHM for PPS and gpsd
server 127.127.28.1 prefer minpoll 4 maxpoll 4
fudge 127.127.28.1 refid PPS

# My other local chimers, just in case the GPS loses signal, and
# for comparison

# If you do not have any other chimers on your local network then you
# can skip this section on local peers.  Proceed to the section on 
# using the pool

# The default APR timeout on Cisco switch gear may be as long as
# 4 hours.  On windows and Linux it may be as short as 60 seconds.
# 
# If the polling interval for a chimer is greater than 60 seconds (maxpoll 6+)
# then when ntpd sends a time request to a remote ntpd daemon the OS may
# be adding an ARP roundtrip to the process, delaying the return
# by that much extra time.  This convinces ntpd that the remote ntpd
# is further away, and has more jitter, than it actually does.
# 
# To prevent this glitch in ntpd behavior, be sure to use 'maxpoll 4' or
# 'maxpoll 5' on servers and peers on the local network.
#
# Maybe ntpd should fix maxpoll at 4 or 5 for local peers?

# Notice that I do not use DNS names for my local chimers, only IP numbers.
# I do not want my NTP dependent on DNS.  DNS requires a network
# connection and I do not want my NTP down during network outages, or
# because of any DNS failure. 
# I also use DNSSEC which requires accurate time. If my NTP depends on
# DNS, and my DNS depends on NTP that can cause problems.

peer 204.17.205.1 maxpoll 5 # catbert
peer 204.17.205.17 maxpoll 5 # pi2
#peer 204.17.205.23 maxpoll 5 # pi3
peer 204.17.205.27 maxpoll 5 # kong
peer 204.17.205.30 maxpoll 5
peer [2001:470:e815::8] maxpoll 5 # spidey

# end of local peers

# if you have no other local chimers to help NTP perform sanity checks
# then you can use some public chimers from the NTP public pool:
# http://www.pool.ntp.org/en/

# To use the pool servers uncomment the last four lines in this section.
# The iburst option tells ntpd to query the pool serers with bursts instead
# of single requests.  This can yield better results to remote servers.
# Notice I use the 'us' country code servers, otherwise I might get one
# pool server from Ukraine and another from Singapore.  If you are
# not in the USA, then change the 'us' to your two letter country code.
#  server 0.us.pool.ntp.org iburst
#  server 1.us.pool.ntp.org iburst
#  server 2.us.pool.ntp.org iburst
#  server 3.us.pool.ntp.org iburst

# NMEA is last, it is the least precise
# SHM for gpsd
server 127.127.28.0 minpoll 4 maxpoll 4
fudge 127.127.28.0 time1 0.450  refid GPS

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.ntpsec.org/pipermail/devel/attachments/20160607/d14dcd5a/attachment.bin>

More information about the devel mailing list