State of the microserver HOWTO
Gary E. Miller
gem at rellim.com
Tue Jun 7 23:19:07 UTC 2016
Yo Eric!
On Tue, 7 Jun 2016 18:48:42 -0400
"Eric S. Raymond" <esr at thyrsus.com> wrote:
> > > My plan was to encourage you to elaborate - *and explain* - your
> > > favorite odd features for your local config, then work with you to
> > > prune it back to someting we might ship.
> >
> > Howz it look now?
>
> When asking that question, it is always a good idea to enclose a
> copy. ;-)
Same as the last one, but, see below.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com Tel:+1 541 382 8588
# My RasPi 2/Adafruit HAT config.
# contributor: Gary E. Miller <gem at rellim.com
# date: 7 June 2016
# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for more help
# This configuration uses the shared-memory refclock (28), which is
# assumed to have gpsd on the other end. Unit 0 is the in-band data,
# Unit 1 the PPS.
# I have a number of other GPS based chimers on my local network. This
# configuration peers with them so I can compare their performace.
# for best performance, start ntpd last. First start gpsd, and confirm
# you have a good GPS # lock, Then confirm gpsd is supplying time to the
# SHM interface. Then you can start ntpd.
# I start gpsd this way:
# # gpsd -n /dev/ttyAMA0
# check for GPS 3D fix this way:
# # cgps
# check the SHM for good time:
# # ntpshmmon
# Then start NTP
# # ntpd -N -g
# save the clock drift when shutting down ntpd.
# this allows for faster NTP reconvergence after a restart
driftfile /var/lib/ntp/ntp.drift
# You want some logging, it will be useful later.
#
# If you add the logging now, then you have the data when you figure
# out you want it. If you wait until you want it then it is too late.
statsdir /var/log/ntpstats/
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
logfile /var/log/ntpd.log
logconfig =syncall +clockall +peerall +sysall
# we want some security
# do not let random people remotely modify your ntpd server
restrict default nomodify notrap nopeer noquery
restrict -6 default nomodify notrap nopeer noquery
# allow access from localhost, IPv4 and IPv6
restrict 127.0.0.1 mask 255.255.255.0
restrict -6 ::1
# replace this with your local IPv4 network
restrict 204.17.205.0 mask 255.255.255.0
# replace this with your local IPv6 network
restrict -6 [2001:470:e815::]/64
# The order of servers and peers in ntp.conf matters.
#
# On startup ntpd will take the first time it gets to set the system
# clock. If this first time is an imprecise clock, say derived from
# NMEA, then ntpd may takes days to restabilize.
#
# The first time ntpd acquires will tend to be the ones higher up in
# the file with the lowest maxpoll.
#
# So to work around this ntpd glitch put your best time sources high
# in the ntp.conf file, with your shortest maxpoll and your worst one
# at the bottom with higher maxpolls.
#
# A bug is open for this behavior:
# https://gitlab.com/NTPsec/ntpsec/issues/68
# PPS is first, it is the most precise.
# SHM for PPS and gpsd
server 127.127.28.1 prefer minpoll 4 maxpoll 4
fudge 127.127.28.1 refid PPS
# My other local chimers, just in case the GPS loses signal, and
# for comparison
# if you do not have any other chimers on your local network then you can
# skip this section on local peers. Proceed to the section on
# using the pool
# The default APR timeout on Cisco switch gear may be as long as
# 4 hours. On windows and Linux it may be as short as 60 seconds.
#
# If the polling interval for a chimer is greater than 60 seconds (maxpoll 6+)
# then when ntpd sends a time request to a remote ntpd daemon the OS may
# be adding an ARP roundtrip to the process, delaying the return
# by that much extra time. This convinces ntpd that the remote ntpd
# is further away, and has more jitter, than it actually does.
#
# To prevent this glitch in ntpd behavior, be sure to use 'maxpoll 4' or
# 'maxpoll 5' on servers and peers on the local network.
#
# Maybe ntpd should fix maxpoll at 4 or 5 for local peers?
# Notice that I do not use DNS names for my local chimers, only IP numbers.
# I do not want my NTP dependent on DNS. DNS requires a network
# connection and I do nt want my NTP down during network outages.
# I also use DNSSEC which requires accurate time. If my NTP depends on
# DNS, and my DNS depends on NTP that can cause problems.
peer 204.17.205.1 maxpoll 5 # catbert
peer 204.17.205.17 maxpoll 5 # pi2
#peer 204.17.205.23 maxpoll 5 # pi3
peer 204.17.205.27 maxpoll 5 # kong
peer 204.17.205.30 maxpoll 5
peer [2001:470:e815::8] maxpoll 5 # spidey
# end of local peers
# if you have no other local chimers to help NTP perform sanity checks
# then you can use some public chimers from the NTP public pool:
# http://www.pool.ntp.org/en/
# To use the pool servers uncomment the last four lines in this section.
# The iburst option tells ntpd to query the pool serers with bursts instead
# of single requests. This can yield better results to remote servers.
# Notice I use the 'us' country code servers, otherwise I might get one
# pool server from Ukraine and another from Singapore. If you are
# not in the USA, then change the 'us' to your two letter country code.
# server 0.us.pool.ntp.org iburst
# server 1.us.pool.ntp.org iburst
# server 2.us.pool.ntp.org iburst
# server 3.us.pool.ntp.org iburst
# NMEA is last, it is the least precise
# SHM for gpsd
server 127.127.28.0 minpoll 4 maxpoll 4
fudge 127.127.28.0 time1 0.450 refid GPS
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.ntpsec.org/pipermail/devel/attachments/20160607/42a2e247/attachment.bin>
More information about the devel
mailing list