在NTP配置中,为本地时钟指定高层值的目的是什么?
fudge 127.127.1.0 stratum 10
如果我错了,请纠正我:如果远程 NTP 服务器(层数较低,例如 2 或 3)无法访问,服务器无论如何都会依赖内部时钟。否则,它将与这些 NTP 服务器同步时间。
因此,上述配置行是否不必要,并且仅当该层值低于某些远程 NTP 服务器层时设置本地时钟层才有意义?
在NTP配置中,为本地时钟指定高层值的目的是什么?
fudge 127.127.1.0 stratum 10
如果我错了,请纠正我:如果远程 NTP 服务器(层数较低,例如 2 或 3)无法访问,服务器无论如何都会依赖内部时钟。否则,它将与这些 NTP 服务器同步时间。
因此,上述配置行是否不必要,并且仅当该层值低于某些远程 NTP 服务器层时设置本地时钟层才有意义?
这是我的 timedatectl 命令在 proxmox 虚拟机上的输出,该虚拟机在新西兰的服务器上运行,具有静态 IP:
$ timedatectl
Local time: Wed 2023-11-01 16:01:30 UTC
Universal time: Wed 2023-11-01 16:01:30 UTC
RTC time: Wed 2023-11-01 16:01:30
Time zone: Etc/UTC (UTC, +0000)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
即使时钟同步已打开并且 NTP 处于活动状态,为什么它仍显示错误的本地时间?有没有办法自动纠正这个问题,而不是通过手动设置时区?谢谢!
在我的 ARM 设备上运行 ntp-keygen(或 ntpd)时收到的错误消息是:
./ntp-keygen: relocation error: ./ntp-keygen: symbol DSA_generate_parameters_ex, version OPENSSL_1_1_0 not defined in file libcrypto.so.1.1 with link time reference
配置、构建和安装 OpenSSL 的脚本如下:
#!/bin/bash
# Build dependencies if any.
depends()
{
cd $buildDir
if [ "x${PERL}" = "x" ]; then
export PERL=`which perl`
fi
return $?
}
# Configure software package.
configure()
{
depends
cd $packageDir
# Available ciphers:
# DES, AES, CAMELLIA, MD2, MDC2, MD4, MD5, HMAC, SHA, RIPEMD, WHIRLPOOL,
# RC4, RC5, RC2, IDEA, SEED, BF(blowfish), CAST, RSA, DSA, ECDSA, ECDH
# We use:
# DES, AES, MD4, MD5, HMAC, SHA, RSA, ECDSA, ECDH
./Configure shared threads --prefix=$PWD/install-arm linux-armv4
return $?
}
# Build the software package.
compile()
{
local mmx_machine_type=`echo $MMX_MACHINE_TYPE | tr '[:upper:]' '[:lower:]'`
depends
cd $packageDir
export CFLAGS="$CFLAGS -DCONFIG_MACHINE_${MMX_MACHINE_TYPE}"
configure
if [ "$?" -ne "0" ]; then return 1; fi
make CC=$CC AR=$AR NM=$NM RANLIB=$RANLIB
if [ "$?" -ne "0" ]; then return 1; fi
make CC=$CC AR=$AR NM=$NM RANLIB=$RANLIB install
if [ "$?" -ne "0" ]; then return 1; fi
return 0
}
# Clean-up.
clean()
{
depends
cd $packageDir
rm -rf install-arm/*
rm -rf install-i386/*
make clean
}
# Install to rootfs the necessary pieces (e.g. directories, links...)
install()
{
targetPath=${buildDir}/.tmp.rootfs/rootfs
local openssl="bin/openssl"
local libssl="lib/libssl.so.1.1"
local libcrypto="lib/libcrypto.so.1.1"
cd ${packageDir}/install-arm
if [ -f ${openssl} -a -f ${libssl} -a -f ${libcrypto} ]
then
cp ${openssl} ${targetPath}/sbin/
cp ${libssl} ${targetPath}/lib/
cp ${libcrypto} ${targetPath}/lib/
else
printf " $package not built.\n"
fi
return 0
}
对于 ntp 包,对 OpenSSL 的唯一引用是在配置选项中。下面是完整的 ntp 包配置:
#!/bin/sh
# Configure software package.
configure()
{
cd $packageDir
./bootstrap
./configure --host=arm-linux --with-yielding-select=yes --with-crypto=openssl \
--with-openssl-incdir=$OPENSSL_DIR/install-arm/include/ \
--with-openssl-libdir=$OPENSSL_DIR/install-arm/lib/ \
return $?
}
# Build the software package.
compile()
{
cd $packageDir
# make PROJECT_NAME=$project
make
if [ "$?" -ne "0" ]; then return 1; fi
return 0
}
# Clean-up.
clean()
{
cd $packageDir
make clean
}
# Install to rootfs the necessary pieces (e.g. directories, links...)
install()
{
cd $packageDir
sourcePath=.
targetPath=$buildDir/.tmp.rootfs/rootfs
if [[ -f $sourcePath/ntpclient ]]; then
cp $sourcePath/$package $targetPath/sbin/
else
printf " $package not built.\n"
return 1
fi
return 0
}
错误与“ntp_crypto.c:2248:2: error: unknown type name 'DSA_SIG'; did you mean 'ECDSA_SIG'?”
make 失败,输出如下:
tp_crypto.c: In function 'crypto_alice':
ntp_crypto.c:2188:13: warning: implicit declaration of function 'EVP_PKEY_get0_DSA'; did you mean 'EVP_PKEY_get0_RSA'? [-Wimplicit-function-declaration]
if ((dsa = EVP_PKEY_get0_DSA(peer->ident_pkey->pkey)) == NULL) {
^~~~~~~~~~~~~~~~~
EVP_PKEY_get0_RSA
ntp_crypto.c:2188:11: warning: assignment makes pointer from integer without a cast [-Wint-conversion]
if ((dsa = EVP_PKEY_get0_DSA(peer->ident_pkey->pkey)) == NULL) {
^
ntp_crypto.c:2199:2: warning: implicit declaration of function 'DSA_get0_pqg'; did you mean 'DH_get0_pqg'? [-Wimplicit-function-declaration]
DSA_get0_pqg(dsa, NULL, &q, NULL);
^~~~~~~~~~~~
DH_get0_pqg
ntp_crypto.c: In function 'crypto_bob':
ntp_crypto.c:2248:2: error: unknown type name 'DSA_SIG'; did you mean 'ECDSA_SIG'?
DSA_SIG *sdsa; /* DSA signature context fake */
^~~~~~~
ECDSA_SIG
ntp_crypto.c:2266:6: warning: assignment makes pointer from integer without a cast [-Wint-conversion]
dsa = EVP_PKEY_get0_DSA(iffkey_info->pkey);
^
ntp_crypto.c:2268:2: warning: implicit declaration of function 'DSA_get0_key'; did you mean 'RSA_get0_key'? [-Wimplicit-function-declaration]
DSA_get0_key(dsa, NULL, &priv_key);
^~~~~~~~~~~~
RSA_get0_key
ntp_crypto.c:2287:9: warning: implicit declaration of function 'DSA_SIG_new'; did you mean 'ECDSA_SIG_new'? [-Wimplicit-function-declaration]
sdsa = DSA_SIG_new();
^~~~~~~~~~~
ECDSA_SIG_new
ntp_crypto.c:2287:7: warning: assignment makes pointer from integer without a cast [-Wint-conversion]
sdsa = DSA_SIG_new();
^
ntp_crypto.c:2294:2: warning: implicit declaration of function 'DSA_SIG_set0'; did you mean 'ECDSA_SIG_set0'? [-Wimplicit-function-declaration]
DSA_SIG_set0(sdsa, bn, bk);
^~~~~~~~~~~~
ECDSA_SIG_set0
ntp_crypto.c:2299:3: warning: implicit declaration of function 'DSA_print_fp'; did you mean 'RSA_print_fp'? [-Wimplicit-function-declaration]
DSA_print_fp(stdout, dsa, 0);
^~~~~~~~~~~~
RSA_print_fp
ntp_crypto.c:2306:8: warning: implicit declaration of function 'i2d_DSA_SIG'; did you mean 'i2d_ECDSA_SIG'? [-Wimplicit-function-declaration]
len = i2d_DSA_SIG(sdsa, NULL);
^~~~~~~~~~~
i2d_ECDSA_SIG
ntp_crypto.c:2310:3: warning: implicit declaration of function 'DSA_SIG_free'; did you mean 'ECDSA_SIG_free'? [-Wimplicit-function-declaration]
DSA_SIG_free(sdsa);
^~~~~~~~~~~~
ECDSA_SIG_free
ntp_crypto.c: In function 'crypto_iff':
ntp_crypto.c:2363:2: error: unknown type name 'DSA_SIG'; did you mean 'ECDSA_SIG'?
DSA_SIG *sdsa; /* DSA parameters */
^~~~~~~
ECDSA_SIG
ntp_crypto.c:2385:11: warning: assignment makes pointer from integer without a cast [-Wint-conversion]
if ((dsa = EVP_PKEY_get0_DSA(peer->ident_pkey->pkey)) == NULL) {
^
ntp_crypto.c:2400:14: warning: implicit declaration of function 'd2i_DSA_SIG'; did you mean 'd2i_ECDSA_SIG'? [-Wimplicit-function-declaration]
if ((sdsa = d2i_DSA_SIG(NULL, &ptr, len)) == NULL) {
^~~~~~~~~~~
d2i_ECDSA_SIG
ntp_crypto.c:2400:12: warning: assignment makes pointer from integer without a cast [-Wint-conversion]
if ((sdsa = d2i_DSA_SIG(NULL, &ptr, len)) == NULL) {
^
ntp_crypto.c:2412:2: warning: implicit declaration of function 'DSA_SIG_get0'; did you mean 'ECDSA_SIG_get0'? [-Wimplicit-function-declaration]
DSA_SIG_get0(sdsa, &r, &s);
^~~~~~~~~~~~
ECDSA_SIG_get0
ntp_crypto.c: In function 'crypto_bob2':
ntp_crypto.c:2578:2: error: unknown type name 'DSA_SIG'; did you mean 'ECDSA_SIG'?
DSA_SIG *sdsa; /* DSA parameters */
^~~~~~~
ECDSA_SIG
ntp_crypto.c:2616:7: warning: assignment makes pointer from integer without a cast [-Wint-conversion]
sdsa = DSA_SIG_new();
^
ntp_crypto.c: In function 'crypto_gq':
ntp_crypto.c:2686:2: error: unknown type name 'DSA_SIG'; did you mean 'ECDSA_SIG'?
DSA_SIG *sdsa; /* RSA signature context fake */
^~~~~~~
ECDSA_SIG
ntp_crypto.c:2726:12: warning: assignment makes pointer from integer without a cast [-Wint-conversion]
if ((sdsa = d2i_DSA_SIG(NULL, &ptr, len)) == NULL) {
^
ntp_crypto.c: In function 'crypto_alice3':
ntp_crypto.c:2862:11: warning: assignment makes pointer from integer without a cast [-Wint-conversion]
if ((dsa = EVP_PKEY_get0_DSA(peer->ident_pkey->pkey)) == NULL) {
^
ntp_crypto.c: In function 'crypto_bob3':
ntp_crypto.c:2940:6: warning: assignment makes pointer from integer without a cast [-Wint-conversion]
dsa = EVP_PKEY_get0_DSA(mvkey_info->pkey);
^
ntp_crypto.c:2962:9: warning: implicit declaration of function 'DSA_new'; did you mean 'RSA_new'? [-Wimplicit-function-declaration]
sdsa = DSA_new();
^~~~~~~
RSA_new
ntp_crypto.c:2962:7: warning: assignment makes pointer from integer without a cast [-Wint-conversion]
sdsa = DSA_new();
^
ntp_crypto.c:2975:2: warning: implicit declaration of function 'DSA_set0_key'; did you mean 'RSA_set0_key'? [-Wimplicit-function-declaration]
DSA_set0_key(sdsa, BN_dup(pub_key), NULL);
^~~~~~~~~~~~
RSA_set0_key
ntp_crypto.c:2976:2: warning: implicit declaration of function 'DSA_set0_pqg'; did you mean 'DH_set0_pqg'? [-Wimplicit-function-declaration]
DSA_set0_pqg(sdsa, sp, sq, sg);
^~~~~~~~~~~~
DH_set0_pqg
ntp_crypto.c:2991:8: warning: implicit declaration of function 'i2d_DSAparams'; did you mean 'i2d_DHxparams'? [-Wimplicit-function-declaration]
len = i2d_DSAparams(sdsa, NULL);
^~~~~~~~~~~~~
i2d_DHxparams
ntp_crypto.c:2995:3: warning: implicit declaration of function 'DSA_free'; did you mean 'RSA_free'? [-Wimplicit-function-declaration]
DSA_free(sdsa);
^~~~~~~~
RSA_free
ntp_crypto.c: In function 'crypto_mv':
ntp_crypto.c:3060:11: warning: assignment makes pointer from integer without a cast [-Wint-conversion]
if ((dsa = EVP_PKEY_get0_DSA(peer->ident_pkey->pkey)) == NULL) {
^
ntp_crypto.c:3077:14: warning: implicit declaration of function 'd2i_DSAparams'; did you mean 'd2i_DHxparams'? [-Wimplicit-function-declaration]
if ((sdsa = d2i_DSAparams(NULL, &ptr, len)) == NULL) {
^~~~~~~~~~~~~
d2i_DHxparams
ntp_crypto.c:3077:12: warning: assignment makes pointer from integer without a cast [-Wint-conversion]
if ((sdsa = d2i_DSAparams(NULL, &ptr, len)) == NULL) {
这些是 ntp_crypto.c 的标头:
/*
* ntp_crypto.c - NTP version 4 public key routines
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#ifdef AUTOKEY
#include <stdio.h>
#include <stdlib.h> /* strtoul */
#include <sys/types.h>
#include <sys/param.h>
#include <unistd.h>
#include <fcntl.h>
#include "ntpd.h"
#include "ntp_stdlib.h"
#include "ntp_unixtime.h"
#include "ntp_string.h"
#include "ntp_random.h"
#include "ntp_assert.h"
#include "ntp_calendar.h"
#include "ntp_leapsec.h"
#include <openssl/dsa.h>
#include "openssl/asn1.h"
#include "openssl/bn.h"
#include "openssl/crypto.h"
#include "openssl/err.h"
#include "openssl/evp.h"
#include "openssl/opensslv.h"
#include "openssl/pem.h"
#include "openssl/rand.h"
#include "openssl/x509.h"
#include "openssl/x509v3.h"
#include "libssl_compat.h"
#ifdef KERNEL_PLL
#include "ntp_syscall.h"
#endif /* KERNEL_PLL */
我正在使用 OpenSSL v1.1.1
这是 ./configure 选项:
#!/bin/sh
# Configure software package.
configure()
{
cd $packageDir
./bootstrap
./configure --host=arm-linux --with-yielding-select=yes --with-crypto=openssl --enable-linuxcaps \
--with-openssl-incdir=$OPENSSL_DIR/install-arm/include/ \
--with-openssl-libdir=$OPENSSL_DIR/install-arm/lib/ \
return $?
}
我正在通过zeus yocto 发行版开发基于 yocto 的 Linux 发行版。我需要在分发中添加一个 NTP 客户端,但我不需要在映像中安装 NTP 服务器。
我找到了秘诀:
meta-openembedded/meta-networking/recipes-support /ntp/ntp_4.2.8p15.bb
这与网络时间协议 (NTP) 相关。
该配方包含以下有关它的信息:
摘要 = “网络时间协议守护程序和实用程序”
描述 = “网络时间协议 (NTP) 用于将计算机客户端或服务器的时间同步到另一个服务器或参考时间源,例如无线电或卫星接收器或调制解调器。 "
前面的信息没有解释配方是否安装了 NTP 服务器或 NTP 客户端或两者。
我需要的是一个 NTP 客户端应用程序,它能够连接到可配置的 NTP 服务器并获取当前日期和时间。
以下指令:
IMAGE_INSTALL += "ntp"
不适合,因为将调用的 NTP 服务器添加到 yocto 映像中ntpd
。
我必须添加到图像中以包含客户端 NTP 的包是什么?是包含在以前的食谱中还是我必须找到不同的食谱?
谢谢
我们有一些嵌入式设备使用 ntpd(4.2.8p10) 来同步时间。我们的一位客户在内部网络中使用自己的 ntp 服务器。从 ntpd -dgq 调试模式,我们发现服务器是可达的,我们可以得到偏移量、延迟和抖动信息。但是,ntpd 只会以“ ntpd: no servers found ”退出,并且永远不会选择和设置本地时间。
2 Nov 11:57:05 ntpd[20218]: ntpd [email protected] Thu Jul 26 19:52:20 UTC 2018 (2): Starting
2 Nov 11:57:05 ntpd[20218]: Command line: ntpd -dgq
2 Nov 11:57:05 ntpd[20218]: proto: precision = 2.000 usec (-19)
Finished Parsing!!
restrict: op 1 addr 0.0.0.0 mask 0.0.0.0 mflags 00000000 flags 000005f0
restrict: op 1 addr 127.0.0.1 mask 255.255.255.255 mflags 00000000 flags 00000000
restrict source template mflags 4000 flags 1c0
restrict: op 1 addr (null) mask (null) mflags 00004000 flags 000001c0
move_fd: estimated max descriptors: 1024, initial socket boundary: 16
2 Nov 11:57:05 ntpd[20218]: Listen and drop on 0 v4wildcard 0.0.0.0:123
2 Nov 11:57:05 ntpd[20218]: Listen normally on 1 lo 127.0.0.1:123
restrict: op 1 addr 127.0.0.1 mask 255.255.255.255 mflags 00003000 flags 00000001
2 Nov 11:57:05 ntpd[20218]: Listen normally on 2 eth1 192.168.168.109:123
restrict: op 1 addr 192.168.168.109 mask 255.255.255.255 mflags 00003000 flags 00000001
2 Nov 11:57:05 ntpd[20218]: Listen normally on 3 wlan0 192.168.100.1:123
restrict: op 1 addr 192.168.100.1 mask 255.255.255.255 mflags 00003000 flags 00000001
2 Nov 11:57:05 ntpd[20218]: Listening on routing socket on fd #27 for interface updates
key_expire: at 0 associd 60163
peer_clear: at 0 next 1 associd 60163 refid INIT
restrict: op 1 addr 10.160.129.161 mask 255.255.255.255 mflags 00004000 flags 000001c0
restrict_source: 10.160.129.161 host restriction added
event at 0 10.160.129.161 8011 81 mobilize assoc 60163
newpeer: 192.168.168.109->10.160.129.161 mode 3 vers 4 poll 6 10 flags 0x101 0x1 ttl 0 key 00000000
event at 0 0.0.0.0 c016 06 restart
peer_xmit: at 1 192.168.168.109->10.160.129.161 mode 3 len 48 xmt 0xe52bde52.ddf3c87c
auth_agekeys: at 1 keys 0 expired 0
event at 1 10.160.129.161 8014 84 reachable
clock_filter: n 1 off 30.082946 del 0.048598 dsp 7.945314 jit 0.000002
peer_xmit: at 3 192.168.168.109->10.160.129.161 mode 3 len 48 xmt 0xe52bde54.ddf0a416
clock_filter: n 2 off 30.083616 del 0.047583 dsp 3.949228 jit 0.000670
peer_xmit: at 5 192.168.168.109->10.160.129.161 mode 3 len 48 xmt 0xe52bde56.dde968ab
clock_filter: n 3 off 30.078398 del 0.054469 dsp 1.951189 jit 0.004895
peer_xmit: at 7 192.168.168.109->10.160.129.161 mode 3 len 48 xmt 0xe52bde58.dde80026
clock_filter: n 4 off 30.079499 del 0.074539 dsp 0.952172 jit 0.003164
peer_xmit: at 9 192.168.168.109->10.160.129.161 mode 3 len 48 xmt 0xe52bde5a.ddea03c8
clock_filter: n 5 off 30.083616 del 0.044472 dsp 0.452664 jit 0.003340
2 Nov 11:57:16 ntpd[20218]: ntpd: no servers found
END OF FILE
此外,在后台运行 ntpd 并使用ntpq -p查询 ntpd 状态时。我们得到以下结果,st、delay、offset 和reach 看起来都很好。
root@S8P20092901:~# ntpq -c as
ind assid status conf reach auth condition last_event cnt
===========================================================
1 59609 9014 yes yes none reject reachable 1
root@S8P20092901:~# ntpq -np
remote refid st t when poll reach delay offset jitter
==============================================================================
10.160.129.161 162.159.200.123 4 u 24 64 377 40.404 -180.122 20.122
我查看了源代码。当使用 ntpdate(-q) 模式时,当没有选择/设置时钟时,ntpd 将在为每个服务器执行所有突发后退出
} else {
peer->burst--;
if (peer->burst == 0) {
/*
* If ntpdate mode and the clock has not been
* set and all peers have completed the burst,
* we declare a successful failure.
*/
if (mode_ntpdate) {
peer_ntpdate--;
if (peer_ntpdate == 0) {
msyslog(LOG_NOTICE,
"ntpd: no servers found");
if (!msyslog_term)
printf(
"ntpd: no servers found\n");
exit (0);
}
}
}
}
我被一个 Centos 5.3 VM(在 Proxmox 上运行)卡住了,它表现出巨大的时钟漂移。它被配置为每 5 分钟运行一次 ntpdate,但在两次执行之间时钟仍然不同步长达 20 秒。我已经尝试运行 ntpd (并停止 cron 作业),但它没有报告任何错误/我看不到任何地方创建了 ntp.drift 文件并且时钟继续漂移。
我在集群上运行了大约 30 个虚拟机和相同数量的容器——没有其他任何东西出现同样的问题。/etc/ntp.conf中除了服务器地址没有其他配置
我很难理解为什么 ntp(服务)不会在我的树莓派上正确设置时间。
我已将文件系统配置为只读,以保存我的 SD 卡,但它曾经可以工作,我似乎无法弄清楚为什么 ntp 现在不能工作。
在日志中,我收到了许多多行该消息:
ntpd[415]: kernel reports TIME_ERROR: 0x41: Clock Unsynchronized
ntpd[415]: kernel reports TIME_ERROR: 0x41: Clock Unsynchronized
ntpd[415]: error resolving pool 0.debian.pool.ntp.org: Temporary failure in name resolution (-3)
ntpd[415]: error resolving pool 1.debian.pool.ntp.org: Temporary failure in name resolution (-3)
ntpd[415]: error resolving pool 2.debian.pool.ntp.org: Temporary failure in name resolution (-3)
ntpd[415]: error resolving pool 3.debian.pool.ntp.org: Temporary failure in name resolution (-3)
ntpd[415]: error resolving pool 3.debian.pool.ntp.org: Temporary failure in name resolution (-3)
ntpd[415]: error resolving pool 2.debian.pool.ntp.org: Temporary failure in name resolution (-3)
ntpd[415]: error resolving pool 1.debian.pool.ntp.org: Temporary failure in name resolution (-3)
ntpd[415]: error resolving pool 0.debian.pool.ntp.org: Temporary failure in name resolution (-3)
我的 /etc/resolv.conf 看起来像这样:
# Generated by resolvconf
nameserver 8.8.8.8
nameserver 192.168.1.22
我可以在那个 RPi 上访问互联网,我可以 ping 池地址,我可以 ping google,我可以进行更新(在 rw 中重新安装后)...
我也可以手动发出 ntpdate 命令并且它可以工作!
$ sudo ntpdate -u 0.fr.pool.ntp.org 1.fr.pool.ntp.org
24 Nov 23:04:34 ntpdate[578]: step time server 129.250.35.250 offset 2418.621037 sec
所以,是的,我在这里拉头发。我不明白为什么 ntp 服务不起作用。我在互联网上大肆搜索,似乎没有人有这个特殊问题(都有一个故障的 dns,但我的工作正常)
我的只读设置如下:https ://hallard.me/raspberry-pi-read-only/
你们有什么想法吗?