Finding Time on Vacation We May Be Happy Just to Check the Position of the Sun, but Com- Puters Need a More Accurate Measure of Time

Charly’s column SYSADMIN

The Sysadmins Daily Grind: OpenNTPD Finding Time On vacation we may be happy just to check the position of the sun, but com- puters need a more accurate measure of time. Luckily, there are atomic clocks that can receive time signals by radio and off the Internet.

BY CHARLY KÜHNAST www.sxc.hu

’m a practical person, and also a big (This used to be called XNTP.) [1] But I believer in being punctual. Of course, would like to introduce you to the II expect my servers to keep perfect smaller footprint OpenNTPD time server time. Half a minute can make all the dif- [2]. The daemon comes courtesy of the ference between a happy admin and a OpenBSD project, but it is also available chaotic network. Just as an example, for Linux. The tar archive with the latest Of course, it would not be much use if imagine someone sends me an email version 3.6 is only 113 Kbytes. After my server kept the time signal to itself; message. The first thing that happens is unpacking the archive like this: instead I want the server to provide a ref- that the spam filter gets to check the erence signal to other servers on my message, which it then hands over to the tar xvzpf openntpd-3.6p1.tar.gz network. This is what the third line does. anti-virus server. If the AV server is The server at IP 10.0.0.42 issues a time happy with the message, the next step just follow the normal steps: signal for other machines on the LAN. along the way is the mail hub, which This concludes the configuration phase. locates the correct mail server and for- ./configure Time to launch OpenNTPD: wards the message to that location, make where the mail server finally dumps the make install /usr/local/sbin/ntpd -s message in my inbox. In other words, email messages on my to build the program. The daemon OpenNTPD immediately compares its network are handled by no less than four should then be located in /usr/local/ own system time with the time signal servers. If there is a problem, I check the sbin. Before anything else happens, I from the reference server. If the local logfiles to see where things are going first need to tell OpenNTPD which clock is inaccurate, the daemon will wrong. And this is where precise time- source will be supplying the reference correct it – gradually and cautiously. keeping becomes imperative. time signal. I selected the time server at OpenNTPD only sets the clock in a single The timestamps allow admins to fol- the Physikalisch-Technischen Bundes- step if the system clock is within 180 sec- low the progress of a message across the anstalt in Braunschweig (PTB), Ger- onds of the reference time; this was the various systems – assuming the system many. The atomic clock run by PTB value I specified by setting the -s flag clocks in these servers are accurate. This delivers an NTP-based time signal. when I launched the program. is exactly what the Network Time Proto- col (NTP) supports. Three Lines for Two Servers INFO A time server acts as a reference sys- OpenNTPd normally parses a configura- [1] NTP: http://www.ntp.org tem, and the other systems on the tion file called /etc/ntpd.conf. This file is [2] OpenNTPD: http://openntpd.com/ network use NTP to synchronize with quite simple in my case, and contains that server. NTP is quite well known. only three lines: Charly Kühnast is a SYSADMIN server ptbtime1.ptb.de Unix System Manager server ptbtime2.ptb.de at the data-center in ...... 58 Red Hat Custom Install listen on 10.0.0.42 Moers,near Learn the tricks for customizing Red Hat Germany’s famous installation. The first two lines identify the server River Rhine. His tasks 62 where OpenNTPd will pick up its time include ensuring fire- Admin Workshop ...... wall security and availability and signal. If the first server fails to answer, THE AUTHOR This month we look at tools and techniques taking care of the DMZ (demilitarized the daemon defaults to the second for finding lost files. zone). server.