[Git][NTPsec/ntpsec][master] In etc, begin the library of use snippets to be compiled into ntp.conf

Eric S. Raymond gitlab at mg.gitlab.com
Sat Jun 11 21:48:25 UTC 2016


Eric S. Raymond pushed to branch master at NTPsec / ntpsec


Commits:
48268270 by Eric S. Raymond at 2016-06-11T17:46:54-04:00
In etc, begin the library of use snippets to be compiled into ntp.conf

- - - - -


14 changed files:

- etc/README
- + etc/example.conf
- etc/baldwin.conf → etc/historical/baldwin.conf
- etc/beauregard.conf → etc/historical/beauregard.conf
- etc/grundoon.conf → etc/historical/grundoon.conf
- etc/malarky.conf → etc/historical/malarky.conf
- etc/pogo.conf → etc/historical/pogo.conf
- etc/rackety.conf → etc/historical/rackety.conf
- + etc/use-country-pool
- + etc/use-gpsd-json
- + etc/use-gpsd-shm
- + etc/use-minimal-logging
- + etc/use-no-remote-configuration
- + etc/use-performance-logging


Changes:

=====================================
etc/README
=====================================
--- a/etc/README
+++ b/etc/README
@@ -1,16 +1,21 @@
-= README file for directory conf =
+= README file for directory etc =
 
 This directory contains example run-time configuration files for the
 NTP daemon, and some example startup scripts for launching it.
 
-The *.conf files illustrate some of the more obscure configuration
-options you may run into. They are not likely to do anything good if
-run on machines other than their native spot, so don't just blindly
-copy something and put it up.  Also, they have been modified a bit to
-track changes in configuration options, notably the elimination of the
-'requestkey' option associated with mode 7 access.
+The "use-" files are modular pieces of ntp.conf files that you can string
+together in any order for effect.  The file titles are clues to what they're
+useful for.  Each has an explanstory header comment.  The file "example conf"
+shows what a file made oud of use snippets is like.
 
-The rc fules are start/stop scripts for NTP.  They are  intended as models
+The directory 'historical' contains some example scripts from NTP
+Classic.  They are quite particular to specific machines; just copying
+them won't get you anywhere. They're included as examples. They have
+been modified a bit to -track changes in configuration options,
+notably the elimination of the -'requestkey' option associated with
+mode 7 access.
+
+The rc files are start/stop scripts for NTP.  They are  intended as models
 for distribution packagers.
 
 Additional information can be found in the ./docs directory of the


=====================================
etc/example.conf
=====================================
--- /dev/null
+++ b/etc/example.conf
@@ -0,0 +1,10 @@
+# This is a complete, usable ntp.conf file assembled from use snippets.
+
+# To configure as a Statum 1 using GPSD, uncomment the first line.
+
+#includefile use-gpsd-shm		# GPSD vis SHM as a local clock source
+includefile use-country-pool		# Check servers from the US pool
+includefile use-no-remote-configuration	# Normal security
+includefile use-minimal-logging		# Declare a drift file and that's it
+
+# end


=====================================
etc/baldwin.conf → etc/historical/baldwin.conf
=====================================
--- a/etc/baldwin.conf
+++ b/etc/historical/baldwin.conf


=====================================
etc/beauregard.conf → etc/historical/beauregard.conf
=====================================
--- a/etc/beauregard.conf
+++ b/etc/historical/beauregard.conf


=====================================
etc/grundoon.conf → etc/historical/grundoon.conf
=====================================
--- a/etc/grundoon.conf
+++ b/etc/historical/grundoon.conf


=====================================
etc/malarky.conf → etc/historical/malarky.conf
=====================================
--- a/etc/malarky.conf
+++ b/etc/historical/malarky.conf


=====================================
etc/pogo.conf → etc/historical/pogo.conf
=====================================
--- a/etc/pogo.conf
+++ b/etc/historical/pogo.conf


=====================================
etc/rackety.conf → etc/historical/rackety.conf
=====================================
--- a/etc/rackety.conf
+++ b/etc/historical/rackety.conf


=====================================
etc/use-country-pool
=====================================
--- /dev/null
+++ b/etc/use-country-pool
@@ -0,0 +1,37 @@
+# If you have no other local chimers to help NTP perform sanity checks
+# then you can use some public chimers from the NTP public pool:
+# http://www.pool.ntp.org/en/
+#
+# iburst tells it to send the first few requests at 2 second intervals rather
+# than wait for the poll interval which defaults to 64 seconds.  That greatly
+# speeds up the time for ntpd to set the system time and start responding to
+# requests.
+#
+# Notice we use the 'us' country code servers, otherwise we might get
+# pool servers from opposite sides of the planet accuracy would likely
+# be poor.  If you are not in the USA, then it will probably wrk to
+# change the 'us' to your two letter country code.
+#
+# Major Internet-using countries with pools include:
+# us gb de fr ru au at ca cn jp de fi it be br cz hk
+#
+# If you don't know your country code, find it at
+#
+# https://en.wikipedia.org/wiki/ISO_3166-1
+#
+# and then try pinging prepending it to ".pool.ntp.org" and pinging that.
+# hostname. If you get a response, you can use it.
+#
+# Note: in theory we could use the "pool" keyboard here. There is some
+# controvery over whether it is implemented correctly.  One known problem
+# (a bug in ntpd) is that it can't be used with restrict nopeer.
+#
+server 0.us.pool.ntp.org iburst
+server 1.us.pool.ntp.org iburst
+server 2.us.pool.ntp.org iburst
+server 3.us.pool.ntp.org iburst
+
+# The following sets edit modes for GNU EMACS
+# Local Variables:
+# mode:conf
+# End:


=====================================
etc/use-gpsd-json
=====================================
--- /dev/null
+++ b/etc/use-gpsd-json
@@ -0,0 +1,16 @@
+# Use gpsd with the JSON refclock.
+#
+# Not recommended for production use: the JSON driver is buggy and
+# needs fixing.  This snippet is intended to give us a reproducible
+# configuration for testing.
+
+server 127.127.46.128 minpoll 4 maxpoll 4
+fudge 127.127.46.128
+
+server 127.127.46.0 minpoll 4 maxpoll 4
+fudge 127.127.46.0 flag1 1
+
+# The following sets edit modes for GNU EMACS
+# Local Variables:
+# mode:conf
+# End:


=====================================
etc/use-gpsd-shm
=====================================
--- /dev/null
+++ b/etc/use-gpsd-shm
@@ -0,0 +1,18 @@
+# Simplest possible refclock configuration for sites with a GPS primary source.
+#
+# Delivers in-band GPS time (not very good, likely to have jitter in the 100s of
+# miliseconds) on one unit, and PPS time (probaly good to 1 ms or less( on
+# another.  Prefers the latter.
+
+# GPS Serial data reference (NTP0)
+server 127.127.28.0
+fudge 127.127.28.0 refid GPS
+
+# GPS PPS reference (NTP1)
+server 127.127.28.1 prefer
+fudge 127.127.28.1 refid PPS
+
+# The following sets edit modes for GNU EMACS
+# Local Variables:
+# mode:conf
+# End:


=====================================
etc/use-minimal-logging
=====================================
--- /dev/null
+++ b/etc/use-minimal-logging
@@ -0,0 +1,8 @@
+# Minimal logging - we declare a drift file and that's it.
+
+driftfile /var/lib/ntp/ntp.drift
+
+# The following sets edit modes for GNU EMACS
+# Local Variables:
+# mode:conf
+# End:


=====================================
etc/use-no-remote-configuration
=====================================
--- /dev/null
+++ b/etc/use-no-remote-configuration
@@ -0,0 +1,15 @@
+# Exchange time with everybody, but don't allow configuration.
+# This is the right security setup for 99% of deployments.
+
+# Note: due to a bug, restrict nopeer can't be used with the pool keyword.
+restrict default kod limited nomodify notrap nopeer noquery  
+restrict -6 default kod limited nomodify notrap nopeer noquery
+
+# Local users may interrogate the NTP server more closely.
+restrict 127.0.0.1  
+restrict -6 ::1
+
+# The following sets edit modes for GNU EMACS
+# Local Variables:
+# mode:conf
+# End:


=====================================
etc/use-performance-logging
=====================================
--- /dev/null
+++ b/etc/use-performance-logging
@@ -0,0 +1,18 @@
+# Collect NTP performance statistics for analysis
+
+driftfile /var/lib/ntp/ntp.drift
+
+statsdir /var/log/ntpstats/
+
+statistics loopstats peerstats clockstats
+filegen loopstats file loopstats type day enable
+filegen peerstats file peerstats type day enable
+filegen clockstats file clockstats type day enable
+
+logfile /var/log/ntpd.log  
+logconfig =syncall +clockall +peerall +sysall
+
+# The following sets edit modes for GNU EMACS
+# Local Variables:
+# mode:conf
+# End:



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/482682705f555c26b727a2d6a6aec1bad511417a
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ntpsec.org/pipermail/vc/attachments/20160611/4b8f4f54/attachment.html>


More information about the vc mailing list