Seemingly working NTP config doesn't reflect in timedatectl

monokai · October 13, 2022, 11:28am

I’m trying to get NTP time syncing to work on an Ubuntu system and it seems to work, but I’m not sure.

I’m adding this to trellis/galaxy.yml:

- name: ntp
  src: geerlingguy.ntp
  version: 2.3.1

And this to trellis/group_vars/all/main.yml:

ntp_timezone: Europe/Amsterdam
ntp_manage_config: true
ntp_servers:
  - "0.nl.pool.ntp.org iburst"
  - "1.nl.pool.ntp.org iburst"
  - "2.nl.pool.ntp.org iburst"
  - "3.nl.pool.ntp.org iburst"

After reprovision and server reboot, my output of ntpq -p is:

     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 0.nl.pool.ntp.o .POOL.          16 p    -   64    0    0.000    0.000   0.000
 1.nl.pool.ntp.o .POOL.          16 p    -   64    0    0.000    0.000   0.000
 2.nl.pool.ntp.o .POOL.          16 p    -   64    0    0.000    0.000   0.000
 3.nl.pool.ntp.o .POOL.          16 p    -   64    0    0.000    0.000   0.000
+154.51.12.215   129.134.28.123   2 u  359 1024  377    3.296    0.074   0.141
-ntppool1.time.n .TMNL.           1 u  509 1024  377    5.317    0.005   4.280
*ntppool1.time.n .TMNL.           1 u  537 1024  377    5.734    0.093   0.166
+beetjevreemd.nl .PPS0.           1 u  206 1024  377    4.823    0.199   0.116
-nts1.time.nl    .TMNL.           1 u  608 1024  377    5.840   -0.214   0.736
-ntp4.bit.nl     .PPS.            1 u  420 1024  377    3.446   -0.049   0.116

Which tells me ntp is synced with a server as indicated by the asterisk.

However, the output of timedatectl says:

               Local time: Thu 2022-10-13 13:23:36 CEST  
           Universal time: Thu 2022-10-13 11:23:36 UTC   
                 RTC time: Thu 2022-10-13 11:23:37       
                Time zone: Europe/Amsterdam (CEST, +0200)
System clock synchronized: yes                           
              NTP service: n/a                           
          RTC in local TZ: no

Almost all looks well (including my defined timezone), except for the fact that it says there’s no ntp service available (NTP service: n/a).

Can someone shine some light on why this is and point me in a direction to try and fix it?

swalkinshaw · October 13, 2022, 2:22pm

This might be the answer?

Looks like the galaxy role disables that service and uses ntpd: ansible-role-ntp/main.yml at e8b785736b60303121289eb73bcae9290ce7d96d · geerlingguy/ansible-role-ntp · GitHub

So I’m guessing it’s all working and that n/a can be ignored since timedatectl just doesn’t know about the other ntpd service.

monokai · October 13, 2022, 2:58pm

Thank you. That sounds like it might be it.

Still strange though, timedatectl correctly tells me the clock is synced, but doesn’t know about the ntp service that’s responsible.

If timedatectl isn’t aware of this, how can I be 100% sure it’s working correctly?

swalkinshaw · October 13, 2022, 5:03pm

Because it says System clock synchronized: yes?

monokai · October 14, 2022, 8:26am

I guess

Reason I’m asking is because of security auditors that expect our servers to be ntp synchronized. They’re quite strict, so I try to be overly careful here. I have to have an answer if they’re asking why it says “n/a” and I’m not sure it’s sufficient to say timedatectl just can’t find the ntp service and it’s working only because clock synchronized says yes. I think it does, but I cannot find anywhere if that’s actually true.