Operations grimoire/NTP: Difference between revisions
| (7 intermediate revisions by 2 users not shown) | |||
| Line 9: | Line 9: | ||
=== FreeBSD === | === FreeBSD === | ||
We use ntpd service. Each day, drift from NTP servers is checked by periodic <code>480.status-ntpd</code>. | We use ntpd service. Each day, drift from NTP servers is checked by periodic <code>480.status-ntpd</code>. | ||
We have enabled the automatic startup of the '''ntpd''' service on all FreeBSD servers to ensure continuous time synchronization. Additionally, the '''ntpd''' configuration has been adjusted to allow automatic connections to time sources, ensuring reliable updates without any manual intervention. | |||
For reference, see:<br> | |||
*[https://devcentral.nasqueron.org/T2192 Default NTP configuration leads to connection refused][Default NTP configuration leads to connection refused | |||
] | |||
* [D3893](https://devcentral.nasqueron.org/D3893) | |||
=== Linux === | === Linux === | ||
| Line 16: | Line 24: | ||
=== Update leap seconds === | === Update leap seconds === | ||
Leap seconds file isn't maintained any more by NTP package (see [https://bugs.ntp.org/show_bug.cgi?id=3898 upstream issue]) | Leap seconds file isn't maintained any more by NTP package (see [https://bugs.ntp.org/show_bug.cgi?id=3898 upstream issue]) | ||
To update the file, run the hotfix: | |||
$ salt -G 'os:FreeBSD' state.apply hotfixes/leap-seconds.sls | |||
=== ntpq: read: Connection refused === | === ntpq: read: Connection refused === | ||
| Line 28: | Line 40: | ||
;NTP | ;NTP | ||
* [https://www.ntppool.org/zone/fr NTP servers in France] | * [https://www.ntppool.org/zone/fr NTP servers in France] | ||
* | * [https://bugs.ntp.org/show_bug.cgi?id=3898 Bug 3898] - update leap seconds file | ||
;Chrony | ;Chrony | ||
* [https://chrony-project.org/] | * [https://chrony-project.org/ Chrony] | ||
Latest revision as of 08:48, 28 November 2025
NTP allows to sync time. That's especially important for accurate logs and TLS certificates.
Recommended NTP servers
There is a CC list of servers by country. France makes sense for most servers to use the country of the datacenter where the server is located.
By OS
NTP is configured in core.
FreeBSD
We use ntpd service. Each day, drift from NTP servers is checked by periodic 480.status-ntpd.
We have enabled the automatic startup of the ntpd service on all FreeBSD servers to ensure continuous time synchronization. Additionally, the ntpd configuration has been adjusted to allow automatic connections to time sources, ensuring reliable updates without any manual intervention.
For reference, see:
- Default NTP configuration leads to connection refused[Default NTP configuration leads to connection refused
]
Linux
Chrony service is used.
Troubleshoot
Update leap seconds
Leap seconds file isn't maintained any more by NTP package (see upstream issue)
To update the file, run the hotfix:
$ salt -G 'os:FreeBSD' state.apply hotfixes/leap-seconds.sls
ntpq: read: Connection refused
Reported as T2192. The ntpq command queries a specific NTP server, here localhost:123. If the connection can't be established, it probably means ntpd service isn't started.
NTP status: ntpq: read: Connection refused
Solution: service ntpd start
References
- NTP
- NTP servers in France
- Bug 3898 - update leap seconds file
- Chrony
