Ntp 4.2.x on Debian (Wheezy)

From HostmasterWiki
Jump to: navigation, search


Prepare[edit]

$ sudo apt-get install make gcc g++ libedit-dev libopts25-dev libcap-dev
$ wget \
http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.8p1.tar.gz \
http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.1.4.tar.gz
$ tar xvfz ntp-4.2.8p1.tar.gz && tar xvfz libressl-2.1.4.tar.gz

Compile[edit]

LibreSSL[edit]

$ cd libressl-2.1.4
$ ./configure --prefix=/opt/libressl
$ make 
$ sudo make install

NTP[edit]

$ cd ntp-4.2.8p1
$ ./configure \
--prefix=/usr \
--sysconfdir=/var/lib/ntp \
--localstatedir=/var \
--with-lineeditlibs=edit \
--disable-local-libopts \
--disable-debugging \
--disable-all-clocks \
--without-sntp \
--disable-ipv6 \
--enable-linuxcaps \
--disable-dependency-tracking \
--with-crypto=openssl \
--enable-openssl-random \
--with-openssl-libdir=/opt/libressl/lib \
--with-openssl-incdir=/opt/libressl/include

$ make 
$ sudo make install

Install[edit]

$ sudo mkdir /var/lib/ntp /var/log/ntpstats
$ sudo adduser --system --quiet --group --no-create-home ntp
$ sudo chown -R ntp:ntp /var/lib/ntp /var/log/ntpstats


init.d[edit]

$ sudo nano /etc/init.d/ntp


#!/bin/sh

### BEGIN INIT INFO
# Provides:        ntp
# Required-Start:  $network $remote_fs $syslog
# Required-Stop:   $network $remote_fs $syslog
# Default-Start:   2 3 4 5
# Default-Stop: 
# Short-Description: Start NTP daemon
### END INIT INFO

PATH=/sbin:/bin:/usr/sbin:/usr/bin

. /lib/lsb/init-functions

DAEMON=/usr/sbin/ntpd
PIDFILE=/var/run/ntpd.pid

test -x $DAEMON || exit 5

if [ -r /etc/default/ntp ]; then
    . /etc/default/ntp
fi

if [ -e /var/lib/ntp/ntp.conf.dhcp ]; then
    NTPD_OPTS="$NTPD_OPTS -c /var/lib/ntp/ntp.conf.dhcp" 
fi

LOCKFILE=/var/lock/ntpdate

lock_ntpdate() {
    if [ -x /usr/bin/lockfile-create ]; then
        lockfile-create $LOCKFILE
        lockfile-touch $LOCKFILE &
        LOCKTOUCHPID="$!" 
    fi
}

unlock_ntpdate() {
    if [ -x /usr/bin/lockfile-create ] ; then
        kill $LOCKTOUCHPID
        lockfile-remove $LOCKFILE
    fi
}

RUNASUSER=ntp
UGID=$(getent passwd $RUNASUSER | cut -f 3,4 -d:) || true
if test "$(uname -s)" = "Linux"; then
        NTPD_OPTS="$NTPD_OPTS -u $UGID" 
fi

case $1 in
    start)
        log_daemon_msg "Starting NTP server" "ntpd" 
        if [ -z "$UGID" ]; then
            log_failure_msg "user \"$RUNASUSER\" does not exist" 
            exit 1
        fi
        lock_ntpdate
          start-stop-daemon --start --quiet --oknodo --pidfile $PIDFILE --startas $DAEMON -- -p $PIDFILE $NTPD_OPTS
        status=$?
        unlock_ntpdate
        log_end_msg $status
          ;;
    stop)
        log_daemon_msg "Stopping NTP server" "ntpd" 
          start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE
        log_end_msg $?
        rm -f $PIDFILE
          ;;
    restart|force-reload)
        $0 stop && sleep 2 && $0 start
          ;;
    try-restart)
        if $0 status >/dev/null; then
            $0 restart
        else
            exit 0
        fi
        ;;
    reload)
        exit 3
        ;;
    status)
        status_of_proc $DAEMON "NTP server" 
        ;;
    *)
        echo "Usage: $0 {start|stop|restart|try-restart|force-reload|status}" 
        exit 2
        ;;
esac


$ sudo chmod +x /etc/init.d/ntp
$ sudo update-rc.d ntp start 23 2 3 4 5 .


cron[edit]

$ sudo nano /etc/cron.daily/ntp


#!/bin/sh

# The default Debian ntp.conf enables logging of various statistics to
# the /var/log/ntpstats directory.  The daemon automatically changes
# to a new datestamped set of files at midnight, so all we need to do
# is delete old ones, and compress the ones we're keeping so disk
# usage is controlled.

statsdir=$(cat /etc/ntp.conf | grep -v '^#' | sed -n 's/statsdir \([^ ][^ ]*\)/\1/p')

if [ -n "$statsdir" ] && [ -d "$statsdir" ]; then
    # only keep a week's depth of these
    find "$statsdir" -type f -mtime +7 -exec rm {} \;

    # compress whatever is left to save space
    cd "$statsdir" 
    ls loopstats.???????? peerstats.???????? > /dev/null 2>&1
    if [ $? -eq 0 ]; then
        # Note that gzip won't compress the file names that
        # are hard links to the live/current files, so this
        # compresses yesterday and previous, leaving the live
        # log alone.  We supress the warnings gzip issues
        # about not compressing the linked file.
        gzip --best --quiet loopstats.???????? peerstats.???????? 
        return=$?
        case $return in
            2)
            exit 0            # squash all warnings
            ;;
            *)
            exit $return         # but let real errors through
            ;;
        esac
    fi
fi


$ sudo chmod +x /etc/cron.daily/ntp


default[edit]

$ sudo nano /etc/default/ntp


NTPD_OPTS='-g'


Config (Sample)[edit]

# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help

# bind only to localhost and one public ip
interface ignore wildcard
interface listen 192.168.1.1

driftfile /var/lib/ntp/ntp.drift

# Enable this if you want statistics to be logged.
#statsdir /var/log/ntpstats/

statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable

# pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server will
# pick a different set every time it starts up.  Please consider joining the
# pool: <http://www.pool.ntp.org/join.html>
server 0.debian.pool.ntp.org iburst
server 1.debian.pool.ntp.org iburst
server 2.debian.pool.ntp.org iburst
server 3.debian.pool.ntp.org iburst

# http://support.ntp.org/bin/view/Support/AccessRestrictions#Section_6.5.1.1.3.
restrict default limited kod nomodify notrap nopeer noquery
#restrict -6 default ignore

# give local full access
restrict 127.0.0.1
#restrict ::1

Munin Plugin[edit]

ln -s /usr/share/munin/plugins/ntp_offset /etc/munin/plugins/ntp_offset