What's new

ntpMerlin ntpMerlin v3.x

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I had a play with this a littler while ago and managed to get it working, but have disabled it since.

Rather than using
logdir /opt/var/log
I used
logdir /opt/var/log/chrony (permission 0755)

and

log measurements statistics tracking

You need to create the matching log files in your selected directory, e.g.

measurements.log statistics.log and tracking.log (set permissions to 0666)

and it should be fine
I've created the files above, gave them the right permissions, uncommented the appropriate sections in chrony.conf and restarted it. Now, how do I get scribe to add to info written to these three logs to be written to chrony.log in uiScribe? I already have an existing chronyd.log and would like the extra logging to the same file, assuming that's the most comprehensive approach. Any suggestions?
 
I've created the files above, gave them the right permissions, uncommented the appropriate sections in chrony.conf and restarted it. Now, how do I get scribe to add to info written to these three logs to be written to chrony.log in uiScribe? I already have an existing chronyd.log and would like the extra logging to the same file, assuming that's the most comprehensive approach. Any suggestions?
If you are going to try this I would suggest you start by looking at and adapting the ntpd file in /opt/share/syslog-ng/examples as this is designed to bring in a standalone log (i.e. not from syslog-ng or a network source).

If it was me, I would start with a dedicated report for just one of the three logs, disable the template and see what the output looks like. I would then then tweak the template until I found an output I wanted.

You will probably also want to add logbanner entries in chrony.conf (see https://chrony.tuxfamily.org/doc/3.4/chrony.conf.htm) to remove the headers.

Once you have one of the logs reporting, I would add a second until that worked, etc and finally look at adding all of them to your existing chrony.log. As each of these logs generate quite a lot of data you may also want to set a minsize of 1024 or less in the logrotate file.
 
  • Like
Reactions: MvW
Could someone explain how to choose the best timeservers for our router? I.E. which columns from which outputs do you choose?
 
Updated list:

Code:
pool time.cloudflare.com iburst nts # Anycast
server netmon2.dcs1.biz iburst nts # Singapore
server ntp1.glypnod.com iburst nts # San Fransisco
server ntp2.glypnod.com  iburst nts # London
server ntpmon.dcs1.biz iburst nts # Singapore
server nts.netnod.se iburst nts # Sweden
server nts.ntp.se iburst nts # Sweden
server nts.sth1.ntp.se iburst nts # Sweden
server nts.sth2.ntp.se iburst nts # Sweden
server nts.time.nl iburst nts # The Netherlands
server ptbnts2.ptb.de iburst nts # Germany
server ptbnts3.ptb.de iburst nts # Germany
server ptbtime1.ptb.de iburst nts  # Primary server for Europe
! server ptbtime2.ptb.de iburst nts (currently not operational) # Germany
! server ptbtime3.ptb.de iburst nts (not yet operational) # Germany
! server timemaster.evangineer.net iburst nts (The Netherlands, times out for unknown reasons)

I've added a comment with the location of the server. Not sure whether a comment behind a line could cause trouble in chronyd.conf, so if you seen any errors, please remove the comment including the hashtag.
Any idea where the Cloudflare servers might be? Given ntp2.glypnod.com is London, I know Cloudflare have a data centre near Manchester airport, wondering if it's there?

Either way, I've tried using the Stratum 1 server ptbtime1.ptb.de and results are worse than the Stratum 3 Cloudflare servers. Switched back to Cloudflare this afternoon 1pm and results are tight.

Code:
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^+ time.cloudflare.com           3   5   377    36   +666us[ +666us] +/-   14ms
^* time.cloudflare.com           3   5   377    56  -2228us[-2225us] +/-   17ms
^- nts.time.nl                   2   5   377     8   -480us[ -480us] +/-   62ms
^+ nts.ntp.se                    2   5   377    20  -1131us[-1131us] +/-   25ms
^+ nts.sth1.ntp.se               2   5   377    25  -2613us[-2613us] +/-   26ms
^+ nts.sth2.ntp.se               2   5   377     0  -1267us[-1267us] +/-   25ms
^+ ntp2.glypnod.com              2   5    10   135    +49us[  +53us] +/-   28ms
^- ntp1.glypnod.com              2   5   202    78  -1187us[-1184us] +/-   90ms
^+ ptbnts2.ptb.de                1   5   337    22  -2560us[-2560us] +/-   22ms
^+ ptbnts3.ptb.de                1   5   341    34  -3307us[-3307us] +/-   22ms
^+ ptbtime1.ptb.de               1   5    16    86   -312us[ -309us] +/-   21ms
^- ntpmon.dcs1.biz               1   5     0  222m  +6475us[+7360us] +/-  156ms
^- netmon2.dcs1.biz              2   5     0  194m    +34ms[  +35ms] +/-  142ms
Screenshot 2021-04-10 at 20.02.27.png
 
Any idea where the Cloudflare servers might be?
When searching for an geolocation I found San Francisco for both. Both as they're also mentioned as anycast servers, I'm not sure whether that's accurate.
 
v3.3.0 is now available
Changelog

  • NEW: Support for NTS. If your router supports the NTS version of chrony it will be installed automatically. To use an NTS server, you can uncomment (delete the ! at the start of the line) the below lines in chrony.conf (menu option 3 on the command line):
    Code:
    pool time.cloudflare.com iburst nts
    
    ntsdumpdir /opt/var/lib/chrony
I don't know if my config file is old or what, but I don't have those lines in it to uncomment.
Anyone else?
 
Could someone explain how to choose the best timeservers for our router? I.E. which columns from which outputs do you choose?
Choose the timeservers with the lowest standard deviation from the output of chronyc sourcestats
 
Could someone explain how to choose the best timeservers for our router? I.E. which columns from which outputs do you choose?
It's honestly not worth finessing your configuration to that level.

Point your router to up to a dozen of the pool server addresses and don't work so much :).

That ensures that you will have a random selection of servers at any one time, it spreads the overall traffic load around evenly.

If there are any dud servers selected, the chrony demon is smart enough to ignore those and only sync time to the best options in the sixth you have configured.

Only manually specify your servers if you specifically want to use ones supporting nts. Although I am struggling to think of a reason to use nts unless you actually have a reason to trust those particular nts supporting servers.
 
I don't know if my config file is old or what, but I don't have those lines in it to uncomment.
Anyone else?
Both lines were in mine
Code:
### SPECIFY YOUR NTP SERVERS
# Most computers using chrony will send measurement requests to one or
# more 'NTP servers'.  You will probably find that your Internet Service
# Provider or company have one or more NTP servers that you can specify.
# Failing that, there are a lot of public NTP servers.  There is a list
# you can access at http://support.ntp.org/bin/view/Servers/WebHome or
# you can use servers from the pool.ntp.org project.

pool time.cloudflare.com iburst nts
Code:
# NTS dir for keys and cookies

ntsdumpdir /opt/var/lib/chrony
 
Both lines were in mine
Code:
### SPECIFY YOUR NTP SERVERS
# Most computers using chrony will send measurement requests to one or
# more 'NTP servers'.  You will probably find that your Internet Service
# Provider or company have one or more NTP servers that you can specify.
# Failing that, there are a lot of public NTP servers.  There is a list
# you can access at http://support.ntp.org/bin/view/Servers/WebHome or
# you can use servers from the pool.ntp.org project.

pool time.cloudflare.com iburst nts
Code:
# NTS dir for keys and cookies

ntsdumpdir /opt/var/lib/chrony
I did a search in the editor and didn't find it after scrolling through.
I guess I'll just put them in there and try that.

EDIT
It looks like it's starting to use cloudfare after that just now:

jtstrickland@RT-AC86U-8F38:/tmp/home/root# chronyc -N authdata
Name/IP address Mode KeyID Type KLen Last Atmp NAK Cook CLen
=========================================================================
0.us.pool.ntp.org - 0 0 0 - 0 0 0 0
0.us.pool.ntp.org - 0 0 0 - 0 0 0 0
0.us.pool.ntp.org - 0 0 0 - 0 0 0 0
0.us.pool.ntp.org - 0 0 0 - 0 0 0 0
time.cloudfare.com NTS 0 0 0 - 1 0 0 0
time.cloudfare.com NTS 0 0 0 - 1 0 0 0
1.us.pool.ntp.org - 0 0 0 - 0 0 0 0
1.us.pool.ntp.org - 0 0 0 - 0 0 0 0
1.us.pool.ntp.org - 0 0 0 - 0 0 0 0
1.us.pool.ntp.org - 0 0 0 - 0 0 0 0
time1.facebook.com - 0 0 0 - 0 0 0 0
0.amazon.pool.ntp.org - 0 0 0 - 0 0 0 0
0.amazon.pool.ntp.org - 0 0 0 - 0 0 0 0
0.amazon.pool.ntp.org - 0 0 0 - 0 0 0 0
0.amazon.pool.ntp.org - 0 0 0 - 0 0 0 0

Something is definitely wrong with mine. I still ain't got nuthin but zeros pretty much.

jtstrickland@RT-AC86U-8F38:/tmp/home/root#
 
Last edited:
I did a search in the editor and didn't find it after scrolling through.
I guess I'll just put them in there and try that.

EDIT
It looks like it's starting to use cloudfare after that just now:

jtstrickland@RT-AC86U-8F38:/tmp/home/root# chronyc -N authdata
Name/IP address Mode KeyID Type KLen Last Atmp NAK Cook CLen
=========================================================================
0.us.pool.ntp.org - 0 0 0 - 0 0 0 0
0.us.pool.ntp.org - 0 0 0 - 0 0 0 0
0.us.pool.ntp.org - 0 0 0 - 0 0 0 0
0.us.pool.ntp.org - 0 0 0 - 0 0 0 0
time.cloudfare.com NTS 0 0 0 - 1 0 0 0
time.cloudfare.com NTS 0 0 0 - 1 0 0 0
1.us.pool.ntp.org - 0 0 0 - 0 0 0 0
1.us.pool.ntp.org - 0 0 0 - 0 0 0 0
1.us.pool.ntp.org - 0 0 0 - 0 0 0 0
1.us.pool.ntp.org - 0 0 0 - 0 0 0 0
time1.facebook.com - 0 0 0 - 0 0 0 0
0.amazon.pool.ntp.org - 0 0 0 - 0 0 0 0
0.amazon.pool.ntp.org - 0 0 0 - 0 0 0 0
0.amazon.pool.ntp.org - 0 0 0 - 0 0 0 0
0.amazon.pool.ntp.org - 0 0 0 - 0 0 0 0

Something is definitely wrong with mine. I still ain't got nuthin but zeros pretty much.

jtstrickland@RT-AC86U-8F38:/tmp/home/root#
Perhaps you should start over
Rename your current chrony.conf
Copy chrony.conf.default to chrony.conf
Comment out pool pool.ntp.org iburst
Add the two pool entries below
Uncomment the ntsdumpdir line
Code:
pool time.apple.com iburst
pool time.cloudflare.com nts
ntsdumpdir /opt/var/lib/chrony
 
Choose the timeservers with the lowest standard deviation from the output of chronyc sourcestats

Thanks, here are my servers and output of chronyc sourcestats ..... should I leave it alone or adjust?


Code:
pool time.cloudflare.com iburst nts
server ntp1.glypnod.com iburst nts
server ntp2.glypnod.com  iburst nts
server nts.ntp.se iburst nts
server nts.sth1.ntp.se iburst nts
server nts.sth2.ntp.se iburst nts
server nts.time.nl iburst nts
pool time.apple.com iburst
pool time.facebook.com iburst
pool time.google.com iburst
pool time.nist.gov iburst


Name/IP Address            NP  NR  Span  Frequency  Freq Skew  Offset  Std Dev
==============================================================================
time.cloudflare.com        54  26  434m     +0.042      0.026   +907us   451us
time.cloudflare.com        57  33  431m     +0.029      0.024   +891us   433us
time.cloudflare.com        28  13  413m     +0.036      0.040   +591us   450us
time.cloudflare.com        28  17  422m     +0.011      0.042   -247us   505us
ntp1.glypnod.com            6   3   86m     -0.159      0.562  -1074us   244us
ntp2.glypnod.com           53  29  427m     -0.037      0.072   -212us  1168us
sth-ts.nts.netnod.se        9   3  241m     +0.008      0.052   -665us   126us
sth1-ts.nts.netnod.se      16   7  361m     +0.011      0.027   -690us   193us
sth2-ts.nts.netnod.se       7   5  103m     +0.206      0.764  -1150us   565us
nts1.time.nl               14   9  223m     -0.032      0.162  +5110us   646us
usnyc3-ntp-001.aaplimg.c>   9   3   77m     -0.022      0.178   -573us   151us
usqas2-ntp-001.aaplimg.c>  12   7  207m     +0.048      0.093   +985us   254us
usqas2-ntp-002.aaplimg.c>  24  13  379m     +0.001      0.046   -361us   437us
usnyc3-ntp-002.aaplimg.c>   8   4  129m     -0.042      0.028   -913us    37us
time1.facebook.com         50  29  417m     +0.022      0.034   -773us   504us
time5.facebook.com         50  27  417m     +0.035      0.024   +720us   376us
time5.facebook.com         42  23  417m     +0.037      0.025   +899us   336us
time1.facebook.com          7   4  120m     -0.047      0.015   -650us    16us
time2.google.com           16   7  258m     +0.020      0.120   -363us   568us
time2.google.com           49  20  417m     +0.030      0.021   +621us   340us
time4.google.com           51  29  416m     +0.026      0.039   -262us   606us
time1.google.com           48  21  403m     +0.034      0.028   +767us   385us
time-d-b.nist.gov          50  25  415m     +0.027      0.036   -215us   537us
time-e-g.nist.gov          10   8  190m     -0.013      0.060   +149us   131us
time-a-wwv.nist.gov        24  12  370m     +0.008      0.049    -28us   486us
time-b-b.nist.gov          48  22  415m     +0.029      0.029   +843us   378us
 
It's honestly not worth finessing your configuration to that level.

Point your router to up to a dozen of the pool server addresses and don't work so much :).

That ensures that you will have a random selection of servers at any one time, it spreads the overall traffic load around evenly.

If there are any dud servers selected, the chrony demon is smart enough to ignore those and only sync time to the best options in the sixth you have configured.

Only manually specify your servers if you specifically want to use ones supporting nts. Although I am struggling to think of a reason to use nts unless you actually have a reason to trust those particular nts supporting servers.

Thanks
I'm not sure what nts is, but I figured Jack added it for a reason..so I added some of the nts servers that were mentioned by MvW. Not really sure how to tell if it is good or bad, or if nts and non-nts should be mixed.
 
Thanks
I'm not sure what nts is, but I figured Jack added it for a reason..so I added some of the nts servers that were mentioned by MvW. Not really sure how to tell if it is good or bad, or if nts and non-nts should be mixed.
nts is just a secure and encrypted version of regular ntp.

It means that you can verify the validity of the server you are connecting to using an encryption certificate, and ensures that packets can't be modified in transit.

The reason I question the need to worry about this is that if you had concerns about bad time information being supplied, you would have to be connecting on several compromised servers at once for chrony to have selected those ones as the valid source of time.
Connecting to a good number of public pool servers should ensure that any bad servers are automatically identified and ignored.

nts is handy in at an enterprise level where you need to absolutely ensure that your time is coming from a reliable source, but for a home user, there is really not much urgency at the moment.

When nts capability becomes more widespread, then secure connections will simply become par-for-the-course much as they have done for https.

What would be better is if there was a known set of random public pools that all guaranteed nts support. Then you could just specify a selection of pool addresses and be done with it.

There is nothing fundamentally wrong with finessing your ntp server list, and manually specifying specific nts severs per-se, but its extra effort for no significant benefit.
 
Perhaps you should start over
Rename your current chrony.conf
Copy chrony.conf.default to chrony.conf
Comment out pool pool.ntp.org iburst
Add the two pool entries below
Uncomment the ntsdumpdir line
Code:
pool time.apple.com iburst
pool time.cloudflare.com nts
ntsdumpdir /opt/var/lib/chrony
That's what it needed, mine was definitely different. I don't know where it came from honestly, I thought from the router, but it may have been a hand-me-down from someone else. It's acting better now. Should I add some more pools or servers?
Now I get:

jtstrickland@RT-AC86U-8F38:/tmp/home/root# chronyc -N authdata
Name/IP address Mode KeyID Type KLen Last Atmp NAK Cook CLen
=========================================================================
time.apple.com - 0 0 0 - 0 0 0 0
time.apple.com - 0 0 0 - 0 0 0 0
time.apple.com - 0 0 0 - 0 0 0 0
time.apple.com - 0 0 0 - 0 0 0 0
time.cloudflare.com NTS 1 15 256 236 0 0 8 100
time.cloudflare.com NTS 1 15 256 235 0 0 8 100
 
Thanks, here are my servers and output of chronyc sourcestats ..... should I leave it alone or adjust?


Code:
pool time.cloudflare.com iburst nts
server ntp1.glypnod.com iburst nts
server ntp2.glypnod.com  iburst nts
server nts.ntp.se iburst nts
server nts.sth1.ntp.se iburst nts
server nts.sth2.ntp.se iburst nts
server nts.time.nl iburst nts
pool time.apple.com iburst
pool time.facebook.com iburst
pool time.google.com iburst
pool time.nist.gov iburst


Name/IP Address            NP  NR  Span  Frequency  Freq Skew  Offset  Std Dev
==============================================================================
time.cloudflare.com        54  26  434m     +0.042      0.026   +907us   451us
time.cloudflare.com        57  33  431m     +0.029      0.024   +891us   433us
time.cloudflare.com        28  13  413m     +0.036      0.040   +591us   450us
time.cloudflare.com        28  17  422m     +0.011      0.042   -247us   505us
ntp1.glypnod.com            6   3   86m     -0.159      0.562  -1074us   244us
ntp2.glypnod.com           53  29  427m     -0.037      0.072   -212us  1168us
sth-ts.nts.netnod.se        9   3  241m     +0.008      0.052   -665us   126us
sth1-ts.nts.netnod.se      16   7  361m     +0.011      0.027   -690us   193us
sth2-ts.nts.netnod.se       7   5  103m     +0.206      0.764  -1150us   565us
nts1.time.nl               14   9  223m     -0.032      0.162  +5110us   646us
usnyc3-ntp-001.aaplimg.c>   9   3   77m     -0.022      0.178   -573us   151us
usqas2-ntp-001.aaplimg.c>  12   7  207m     +0.048      0.093   +985us   254us
usqas2-ntp-002.aaplimg.c>  24  13  379m     +0.001      0.046   -361us   437us
usnyc3-ntp-002.aaplimg.c>   8   4  129m     -0.042      0.028   -913us    37us
time1.facebook.com         50  29  417m     +0.022      0.034   -773us   504us
time5.facebook.com         50  27  417m     +0.035      0.024   +720us   376us
time5.facebook.com         42  23  417m     +0.037      0.025   +899us   336us
time1.facebook.com          7   4  120m     -0.047      0.015   -650us    16us
time2.google.com           16   7  258m     +0.020      0.120   -363us   568us
time2.google.com           49  20  417m     +0.030      0.021   +621us   340us
time4.google.com           51  29  416m     +0.026      0.039   -262us   606us
time1.google.com           48  21  403m     +0.034      0.028   +767us   385us
time-d-b.nist.gov          50  25  415m     +0.027      0.036   -215us   537us
time-e-g.nist.gov          10   8  190m     -0.013      0.060   +149us   131us
time-a-wwv.nist.gov        24  12  370m     +0.008      0.049    -28us   486us
time-b-b.nist.gov          48  22  415m     +0.029      0.029   +843us   378us
As @Wade Coxon said, not much is to be gained from fretting over this, but I have some opinions:
  • Do not use time servers on another continent
  • By default, chrony does not do leap second smearing. Facebook and Google do leap second smearing, so don't use them. Use them and only them if you reconfigure chrony for leap second smearing. Admittedly, this is an esoteric topic.
  • Eight to twelve NTP servers should be enough
  • Although down servers will eventually be removed, it is nice when a pool handles this instead
  • I am not inclined to use iburst on more than one or two entries. It is intended to get the clock close quickly. I am not sure what is gained from a cacophany of responses.
 
That's what it needed, mine was definitely different. I don't know where it came from honestly, I thought from the router, but it may have been a hand-me-down from someone else. It's acting better now. Should I add some more pools or servers?
Now I get:

jtstrickland@RT-AC86U-8F38:/tmp/home/root# chronyc -N authdata
Name/IP address Mode KeyID Type KLen Last Atmp NAK Cook CLen
=========================================================================
time.apple.com - 0 0 0 - 0 0 0 0
time.apple.com - 0 0 0 - 0 0 0 0
time.apple.com - 0 0 0 - 0 0 0 0
time.apple.com - 0 0 0 - 0 0 0 0
time.cloudflare.com NTS 1 15 256 236 0 0 8 100
time.cloudflare.com NTS 1 15 256 235 0 0 8 100
If you are only getting six, then add another pool, either time.nist.gov or pool.ntp.org
 
While you may want to add more servers, my experience has been that only 3/4 are used, so even after you have added some extras run chronyc selectdata -v to see which ones are in use. Once chrony has selected a set, it is unlikely to swap these around unless one or more of these become unreliable. If you want to play fine tune, then you can tweak chrony.conf (see using addtional settings in https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html at also look at the FAQ), but at a practical level this is unlikely to make any perceptible changes for a home / small office environment.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top