Operations grimoire/NTP: Difference between revisions

NTP allows to sync time. That's especially important for accurate logs and TLS certificates.

There is a CC list of servers by country. France makes sense for most servers to use the country of the datacenter where the server is located.

NTP is configured in core.

We use ntpd service. Each day, drift from NTP servers is checked by periodic 480.status-ntpd.

We have enabled the automatic startup of the ntpd service on all FreeBSD servers to ensure continuous time synchronization. Additionally, the ntpd configuration has been adjusted to allow automatic connections to time sources, ensuring reliable updates without any manual intervention.

For reference, see:

• [rOPS27946aeb13d1 Start ntpd](https://devcentral.nasqueron.org/rOPS27946aeb13d18e3e54b72aabf170bd66e111ca88)
• [D3893](https://devcentral.nasqueron.org/D3893)

Chrony service is used.

Leap seconds file isn't maintained any more by NTP package (see upstream issue)

To update the file, run the hotfix:

   $ salt -G 'os:FreeBSD' state.apply hotfixes/leap-seconds.sls

Reported as T2192. The ntpq command queries a specific NTP server, here localhost:123. If the connection can't be established, it probably means ntpd service isn't started.

NTP status: ntpq: read: Connection refused

Solution: service ntpd start

NTP

• NTP servers in France
• Bug 3898 - update leap seconds file

Chrony

• Chrony