What's new

ntpMerlin ntpMerlin - NTP Daemon for AsusWRT Merlin

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

^^^ Should that be in the nptMerlin menu or scMerlin options as "nuclear" ntpMerlin reset? ;)
 
I would love to hear more about Chrony - how much setup would it require beyond writing a conf? I assume it just uses port 123 on the firewall but would require a lot of the plumbing ntpmerlin has?
I have been using Chrony for around 5+ months. It was an initial "pandemic lock-down" project to keep me occupied ;-)
I had read a great article authored by the Facebook engineers (https://engineering.fb.com/production-engineering/ntp-service/).
I started with chrony on a Raspberry Pi. It worked well so I downloaded the src and compiled on an RT-AX88u. Worked well as well!
So, I asked the Entware guys to add chrony to the Entware distribution. And they did!

As far as running on asuswrt-merlin... If you presently have Jack Yaz ntpMerlin installed - unfortunately it is not compatible (at this point). You will need to uninstall ntpMerlin.

To install chrony:

opkg update opkg install chrony

It will download 2 binaries, /opt/sbin/chronyd (the daemon) and /opt/bin/chronyc (the CLI control for chronyd).
It will also download the 2 man pages for the binaries.

If you are familiar with setting up /opt/etc/ntp.con, chrony (/opt/etc/chrony.conf) is very similar.

Entware also loads 3 chrony.conf examples in the directory /opt/etc/chrony. Example 1 is pretty simple - I would recommend starting with chrony.conf.example2.

For some good documentation on chrony:

To have chrony start at boot time, I have done a minor change to Jack's S77ntpd script in /opt/etc/init.d and have a chrony version - S78chrony. Credit is all to Jack!
Also, I would recommend you keep the name as S78chrony in case S77ntpd slips in and gets started. If so, S78chrony should start after ntpd and kill the process.

Code:
#!/bin/sh

# shellcheck disable=SC2034

if [ "$1" = "start" ] || [ "$1" = "restart" ]; then
        # Wait for NTP before starting
        logger -st "S78chrony" "Waiting for NTP to sync before starting..."
        ntptimer=0
        while [ "$(nvram get ntp_ready)" = "0" ] && [ "$ntptimer" -lt "300" ]; do
                ntptimer=$((ntptimer+1))
                sleep 1
        done

        if [ "$ntptimer" -ge "300" ]; then
                logger -st "S78chrony" "NTP failed to sync after 5 minutes - please check immediately!"
                exit 1
        fi
fi

#if [ -f "/opt/share/ntpmerlin.d/config" ]; then
#       SCRIPT_STORAGE_DIR="/opt/share/ntpmerlin.d"
#else
#       SCRIPT_STORAGE_DIR="/jffs/addons/ntpmerlin.d"
#fi

ENABLED=yes
#PROCS=ntpd
#ARGS="-c $SCRIPT_STORAGE_DIR/ntp.conf -g"
PROCS=/opt/sbin/chronyd
ARGS="-u admin -f /opt/etc/chrony.conf"
PREARGS=""
PRECMD="killall ntp && killall ntpd"
POSTCMD=""
DESC=$PROCS
PATH=/opt/sbin:/opt/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

. /opt/etc/init.d/rc.func

Copy the above in /opt/etc/init.d and you should be good to go.

Note the -u admin. Chrony wants to switch to root once running. We have no "root" on asuswrt-merlin. I used the default root user, admin.

After you configure /opt/etc/chrony.conf and start it, the main commands you will use with chronyc are

chronyc sources
chronyc tracking

Here is my AX88u chronyc tracking:

Reference ID : C0A801CD (RaspiServer)
Stratum : 2
Ref time (UTC) : Wed Sep 16 10:59:26 2020
System time : 0.000017713 seconds fast of NTP time
Last offset : +0.000001586 seconds
RMS offset : 0.000023350 seconds
Frequency : 1.124 ppm slow
Residual freq : +0.001 ppm
Skew : 0.172 ppm
Root delay : 0.001290882 seconds
Root dispersion : 0.000083316 seconds
Update interval : 16.1 seconds
Leap status : Normal

Yes, that an offset of 1.5 nSec and a System time 17.7 microseconds fast ;-)
Its this level of accuracy due to using RaspiServer as one of it's sources.

RaspiServer is a Raspberry Pi Zero ($10), a Neo-8M GPS module ($11) and external antenna ($10). I now have a GPS/PPS based Stratum 1 time server. It's even a member of pool.ntp.org!
The things one does to keep amused during these times ;-)

Good luck!
 
<snip... Yes, that an offset of 1.5 nSec and a System time 17.7 microseconds fast ;-) Its this level of accuracy due to using RaspiServer as one of it's sources.

RaspiServer is a Raspberry Pi Zero ($10), a Neo-8M GPS module ($11) and external antenna ($10). I now have a GPS/PPS based Stratum 1 time server. It's even a member of pool.ntp.org!
The things one does to keep amused during these times ;-)
<snip>...

Good luck!

yep - Stratum 1 with < $50 bucks worth of parts - a well disciplined 'time gearbox'... the trick (for me) was/is getting the pps integrated into the data-stream... fun with satellites...
 
Last edited:
I have been using Chrony for around 5+ months. It was an initial "pandemic lock-down" project to keep me occupied ;-)
I had read a great article authored by the Facebook engineers (https://engineering.fb.com/production-engineering/ntp-service/).
I started with chrony on a Raspberry Pi. It worked well so I downloaded the src and compiled on an RT-AX88u. Worked well as well!
So, I asked the Entware guys to add chrony to the Entware distribution. And they did!

As far as running on asuswrt-merlin... If you presently have Jack Yaz ntpMerlin installed - unfortunately it is not compatible (at this point). You will need to uninstall ntpMerlin.

To install chrony:

opkg update opkg install chrony

It will download 2 binaries, /opt/sbin/chronyd (the daemon) and /opt/bin/chronyc (the CLI control for chronyd).
It will also download the 2 man pages for the binaries.

If you are familiar with setting up /opt/etc/ntp.con, chrony (/opt/etc/chrony.conf) is very similar.

Entware also loads 3 chrony.conf examples in the directory /opt/etc/chrony. Example 1 is pretty simple - I would recommend starting with chrony.conf.example2.

For some good documentation on chrony:

To have chrony start at boot time, I have done a minor change to Jack's S77ntpd script in /opt/etc/init.d and have a chrony version - S78chrony. Credit is all to Jack!
Also, I would recommend you keep the name as S78chrony in case S77ntpd slips in and gets started. If so, S78chrony should start after ntpd and kill the process.

Code:
#!/bin/sh

# shellcheck disable=SC2034

if [ "$1" = "start" ] || [ "$1" = "restart" ]; then
        # Wait for NTP before starting
        logger -st "S78chrony" "Waiting for NTP to sync before starting..."
        ntptimer=0
        while [ "$(nvram get ntp_ready)" = "0" ] && [ "$ntptimer" -lt "300" ]; do
                ntptimer=$((ntptimer+1))
                sleep 1
        done

        if [ "$ntptimer" -ge "300" ]; then
                logger -st "S78chrony" "NTP failed to sync after 5 minutes - please check immediately!"
                exit 1
        fi
fi

#if [ -f "/opt/share/ntpmerlin.d/config" ]; then
#       SCRIPT_STORAGE_DIR="/opt/share/ntpmerlin.d"
#else
#       SCRIPT_STORAGE_DIR="/jffs/addons/ntpmerlin.d"
#fi

ENABLED=yes
#PROCS=ntpd
#ARGS="-c $SCRIPT_STORAGE_DIR/ntp.conf -g"
PROCS=/opt/sbin/chronyd
ARGS="-u admin -f /opt/etc/chrony.conf"
PREARGS=""
PRECMD="killall ntp && killall ntpd"
POSTCMD=""
DESC=$PROCS
PATH=/opt/sbin:/opt/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

. /opt/etc/init.d/rc.func

Copy the above in /opt/etc/init.d and you should be good to go.

Note the -u admin. Chrony wants to switch to root once running. We have no "root" on asuswrt-merlin. I used the default root user, admin.

After you configure /opt/etc/chrony.conf and start it, the main commands you will use with chronyc are

chronyc sources
chronyc tracking

Here is my AX88u chronyc tracking:

Reference ID : C0A801CD (RaspiServer)
Stratum : 2
Ref time (UTC) : Wed Sep 16 10:59:26 2020
System time : 0.000017713 seconds fast of NTP time
Last offset : +0.000001586 seconds
RMS offset : 0.000023350 seconds
Frequency : 1.124 ppm slow
Residual freq : +0.001 ppm
Skew : 0.172 ppm
Root delay : 0.001290882 seconds
Root dispersion : 0.000083316 seconds
Update interval : 16.1 seconds
Leap status : Normal

Yes, that an offset of 1.5 nSec and a System time 17.7 microseconds fast ;-)
Its this level of accuracy due to using RaspiServer as one of it's sources.

RaspiServer is a Raspberry Pi Zero ($10), a Neo-8M GPS module ($11) and external antenna ($10). I now have a GPS/PPS based Stratum 1 time server. It's even a member of pool.ntp.org!
The things one does to keep amused during these times ;-)

Good luck!

This is excellent, thank you so much!! :D

I made some alterations on my end to the S78chrony script - I needed to change the admin name to the one I have personalised and directing the config file to /opt/etc/chrony/chrony.conf instead so as to keep it in the chrony folder :) Gonna have a play around with the config file - atm I'd like to get it stop listening on ipv6 addresses like I got ntpmerlin's config so I'll see how compatible the syntaxes are. Do you know what it uses port 323 for btw? managing it? Chronyd is the daemon and chronyc is the...configuration daemon?

Will absorb some reading tonight!


Addendum: You can set chrony to only listen and use ipv4 by putting -4 on the arguments to run it e.g. when running it manually with
Code:
killall chronyd && chronyd -4 -u admin -f /opt/etc/chrony.conf
and editing the /opt/etc/init.d/S78chrony script:
Code:
ARGS="-4 -u admin -f /opt/etc/chrony.conf"

I've added bindaddress ip_of_router so LAN clients can still direct their queries (ntpmerlin adds firewall rules to catch these queries if enabled) and allow 192.168.0.0/16

I think unbound can drop root privileges by using the user 'nobody'. It wouldn't let me use that username for starting chronyd however I've also added 'user nobody' in the config to see if it does switch and drop privileges once ports are open etc.

I quite like this too:
# chronyd can save the measurement history for the servers to files when
# it it exits. This is useful in 2 situations:
#
# 1. On Linux, if you stop chronyd and restart it with '-r' (e.g. after
# an upgrade), the old measurements will still be relevant when chronyd
# is restarted. This will reduce the time needed to get accurate
# gain/loss measurements, especially with a dial-up link.
#
# 2. Again on Linux, if you use the RTC support and start chronyd with
# '-r -s' on bootup, measurements from the last boot will still be
# useful (the real time clock is used to 'flywheel' chronyd between
# boots).
#
# Enable these two options to use this.
dumponexit
dumpdir /var/lib/chrony

My last remaining issue is getting the system to use GMT+1 (BST) instead of UTC, but that's really minor so long as it can set a sensible time and unbound can hence have the correct time for dnssec authentication stuff and work properly.
 
Last edited by a moderator:
I have been using Chrony for around 5+ months. It was an initial "pandemic lock-down" project to keep me occupied ;-)
I had read a great article authored by the Facebook engineers (https://engineering.fb.com/production-engineering/ntp-service/).
I started with chrony on a Raspberry Pi. It worked well so I downloaded the src and compiled on an RT-AX88u. Worked well as well!
So, I asked the Entware guys to add chrony to the Entware distribution. And they did!

As far as running on asuswrt-merlin... If you presently have Jack Yaz ntpMerlin installed - unfortunately it is not compatible (at this point). You will need to uninstall ntpMerlin.

To install chrony:

opkg update opkg install chrony

It will download 2 binaries, /opt/sbin/chronyd (the daemon) and /opt/bin/chronyc (the CLI control for chronyd).
It will also download the 2 man pages for the binaries.

If you are familiar with setting up /opt/etc/ntp.con, chrony (/opt/etc/chrony.conf) is very similar.

Entware also loads 3 chrony.conf examples in the directory /opt/etc/chrony. Example 1 is pretty simple - I would recommend starting with chrony.conf.example2.

For some good documentation on chrony:

To have chrony start at boot time, I have done a minor change to Jack's S77ntpd script in /opt/etc/init.d and have a chrony version - S78chrony. Credit is all to Jack!
Also, I would recommend you keep the name as S78chrony in case S77ntpd slips in and gets started. If so, S78chrony should start after ntpd and kill the process.

Code:
#!/bin/sh

# shellcheck disable=SC2034

if [ "$1" = "start" ] || [ "$1" = "restart" ]; then
        # Wait for NTP before starting
        logger -st "S78chrony" "Waiting for NTP to sync before starting..."
        ntptimer=0
        while [ "$(nvram get ntp_ready)" = "0" ] && [ "$ntptimer" -lt "300" ]; do
                ntptimer=$((ntptimer+1))
                sleep 1
        done

        if [ "$ntptimer" -ge "300" ]; then
                logger -st "S78chrony" "NTP failed to sync after 5 minutes - please check immediately!"
                exit 1
        fi
fi

#if [ -f "/opt/share/ntpmerlin.d/config" ]; then
#       SCRIPT_STORAGE_DIR="/opt/share/ntpmerlin.d"
#else
#       SCRIPT_STORAGE_DIR="/jffs/addons/ntpmerlin.d"
#fi

ENABLED=yes
#PROCS=ntpd
#ARGS="-c $SCRIPT_STORAGE_DIR/ntp.conf -g"
PROCS=/opt/sbin/chronyd
ARGS="-u admin -f /opt/etc/chrony.conf"
PREARGS=""
PRECMD="killall ntp && killall ntpd"
POSTCMD=""
DESC=$PROCS
PATH=/opt/sbin:/opt/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

. /opt/etc/init.d/rc.func

Copy the above in /opt/etc/init.d and you should be good to go.

Note the -u admin. Chrony wants to switch to root once running. We have no "root" on asuswrt-merlin. I used the default root user, admin.

After you configure /opt/etc/chrony.conf and start it, the main commands you will use with chronyc are

chronyc sources
chronyc tracking

Here is my AX88u chronyc tracking:

Reference ID : C0A801CD (RaspiServer)
Stratum : 2
Ref time (UTC) : Wed Sep 16 10:59:26 2020
System time : 0.000017713 seconds fast of NTP time
Last offset : +0.000001586 seconds
RMS offset : 0.000023350 seconds
Frequency : 1.124 ppm slow
Residual freq : +0.001 ppm
Skew : 0.172 ppm
Root delay : 0.001290882 seconds
Root dispersion : 0.000083316 seconds
Update interval : 16.1 seconds
Leap status : Normal

Yes, that an offset of 1.5 nSec and a System time 17.7 microseconds fast ;-)
Its this level of accuracy due to using RaspiServer as one of it's sources.

RaspiServer is a Raspberry Pi Zero ($10), a Neo-8M GPS module ($11) and external antenna ($10). I now have a GPS/PPS based Stratum 1 time server. It's even a member of pool.ntp.org!
The things one does to keep amused during these times ;-)

Good luck!
So does that mean jack could switch out NTPD with crony in the script easily since it's a part of entware, in wondering if Asus could do it at a firmware level.
 
So does that mean jack could switch out NTPD with crony in the script easily since it's a part of entware, in wondering if Asus could do it at a firmware level.
I can't speak for Jack, but it shouldn't be too difficult. As you said, both are in the Entware repository and both are similar in setup.
The one area of difference is in statistics. Both support reporting "offset" but after that they are different. Not major, but different.
I will ping Jack and get his opinion.
 
I've put an updated version on the develop branch which adds an option to use chrony instead of ntpd. Any brave testers welcome!

I would also appreciate the input of any ntp experts that can confirm if the correct fields from ntpq are being matched with chronyc (lines 777-799 in ntpmerlin.sh)
 
I've put an updated version on the develop branch which adds an option to use chrony instead of ntpd. Any brave testers welcome!

I would also appreciate the input of any ntp experts that can confirm if the correct fields from ntpq are being matched with chronyc (lines 777-799 in ntpmerlin.sh)
You, sir, deserve a medal.

You can clearly see the after and before
 

Attachments

  • Screenshot_20200920-032803255.png
    Screenshot_20200920-032803255.png
    141.6 KB · Views: 234
Following on from an idea @JGrana had, I may split chrony stats into their own table. Which metrics should be plotted, if i do?
After reading the chronyc man page, I would vote for these three:

Last offset
Skew
Root dispersion

If I could add a fourth, it would be System time.
Actually, I could be convinced to remove Last offset and put System time in it's place.
 
After reading the chronyc man page, I would vote for these three:

Last offset
Skew
Root dispersion

If I could add a fourth, it would be System time.
Actually, I could be convinced to remove Last offset and put System time in it's place.
i think what I currently plot from chrony is:

offset = last offset
jitter = system time
drift = frequency

but I'm not convinced they are accurate translations. I'll see how difficult it will be to make the webui code dynamic for chrony
 
Good heavens jack you are a miracle worker, with chrony it seem that my VPN is working first time now where as before with ntpd it was having a fit on connection, thank you and thank you JGrana for bringing it up.
 
Using chrony here now and so far it looks as though the highs and lows in the graph are much more even.
 
the resolving and discipline of ntpd or chronyd has always been about access to a stratum 1 source... either works very well... been a long time since I regularly compiled/config'd ntp, bind/dns, sendmail and the other meat and potatoes on big sgi hardware - but back in the day, stratum 1 servers were much more accessible - until people started exploiting/screwing around with public ntp servers - and the big stratum 1 providers constrained public access... not a fan of the ntp pool(s)- but that's me...
 
Last edited:
The entware team have released an updated chrony (already!) that allows for dropping of privilege to run as "nobody". I've pushed an updated ntpmerlin which takes advantage of this - you'll need to update Entware packages and then ntpmerlin (may need option uf since we're still in a develop cycle)
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top