Hello, Yesterday the NIST has updated its official leap-seconds file, available at <URL:ftp://time.nist.gov/pub/leap-seconds.3427142400>, to include the next 31 December 2008 23:59:60 UTC leap second insertion.
HOWTO make use of this file for ntpd? Following are two step-by-step procedures, one for ntp-stable, the other for ntp-dev, and then some notes at the end. First procedure is for ntp-stable releases, up to any 4.2.4 revision. On your master NTP server(s), do as root: 0) If you use autokey authentication, cd to the keysdir directory, and goto step (3). 1) Create an /etc/ntp.keysdir/ directory, cd there, and create host parameters (as if you were using the autokey feature): | # mkdir /etc/ntp.keysdir | # cd /etc/ntp.keysdir/ | # ntp-keygen -H -p password 2) Add to /etc/ntp.conf those two lines: | keysdir /etc/ntp.keysdir/ | crypto pw password 3) Download the NIST leapseconds file leap-seconds.3427142400 (or the latest) from ftp://time.nist.gov/pub/ by passive ftp. Then make a symlink from the generic name ntpkey_leap to the file: | # wget --passive-ftp ftp://time.nist.gov/pub/leap-seconds.3427142400 | # ln -s leap-seconds.3427142400 ntpkey_leap 4) Restart the NTP daemon. After it is synced, you can verify all worked well using the ntpq readvar command, by looking at the date of last modification of the data, and checking the current TAI offset: | $ ntpq -c "rv 0 leap,leapsec,tai" | assID=0 status=4234 leap_none, sync_lf_clock, 3 events, event_peer/strat_chg, | leap=00, leapsec=200808080000, tai=33 ------------------------------------------------------------------------ Now the procedure for ntp-dev snapshots, soon to be 4.2.6 stable release. ------------------------------------------------------------------------ 1) Download to /etc the NIST leapseconds file leap-seconds.3427142400 (or the latest) from ftp://time.nist.gov/pub/ by passive ftp. Then make a symlink from the generic name ntp.leap to the file: | # cd /etc/ | # wget --passive-ftp ftp://time.nist.gov/pub/leap-seconds.3427142400 | # ln -s leap-seconds.3427142400 ntp.leap 2) Add to /etc/ntp.conf this line: | leapfile /etc/ntp.leap 3) Restart the NTP daemon. After it is synced, you can verify all worked well using the ntpq readvar command, by checking the current TAI offset, looking at the date of the (future) leap event, and at the validity limit of the leapfile: | $ ntpq -c "rv 0 leap,tai,leapsec,expire" | associd=0 status=0259 leap_none, sync_lf_radio, 5 events, leap_armed, | leap=00, tai=33, leapsec=200901010000, expire=200906280000 ------------------------------------------------------------------------ Notes: ------------------------------------------------------------------------ - On 22 July I posted here on cptn a non-official preliminary leap-seconds.3424118400 file. It's essentially the same as the now released official one, so there is no need to update it. But you can, if you prefer official things. - You can apply this procedure on all hosts running ntpd, only on servers, or even only on your clique of lowest stratum master servers. In any case the leap bits will flow down on clients. And additionally, if you use autokey, the data in the file (not the file itself) will be sent to the authenticating clients, with the implied TAI offset. - NIST leap-seconds file has an expiration date, currently 28 June 2009 which is 2 days before the following possibility of a leap second event. Make sure to refresh the file before this limit, at anytime between February and May 2009. Refresh every 6 monthes. - Usage of a leapfile and of the new orphan mode together is dangerous: Under some circumstances, it can lead an orphan parent to miss the leap. While all its orphan children and simple clients do leap. During the following minutes, those children and clients will step forward, intoxicated by the now wrong time of their parent server. There is no known solution to avoid for sure this potential risk, other than: Use leapfile, or use orphan mode, but not both. ------------------------------------------------------------------------ Hoping this can help, Serge. -- Serge point Bets arobase laposte point net _______________________________________________ questions mailing list [email protected] https://lists.ntp.org/mailman/listinfo/questions
