Add support for automatic leap-second file updates.
The working copy of leapfile resides in /var/dbntpd.leap-seconds.list. /etc/ntp/leap-seconds (periodically updated from ftp://time.nist.gov/pub/ or ftp://tycho.usno.navy.mil/pub/ntp/) contains the master copy should automatic leapfile updates be disabled (default). Automatic leapfile updates are fetched from $ntp_leapfile_sources, defaulting to https://www.ietf.org/timezones/data/leap-seconds.list, within $ntp_leapfile_expiry_days (default 30 days) from leap-seconds file expiry. Automatic updates can be enabled by setting $daily_ntpd_leapfile_enable="YES" in periodic.conf. To avoid congesting the ntp leapfile source the automatic update randomized by default but can be disabled through daily_ntpd_avoid_congestion="NO" in periodic.conf. Suggested by: des Reviewed by: des, roberto, dwmalone, ian, cperciva, glebius, gjb MFC after: 1 week X-MFC with: r289421, r293037
This commit is contained in:
parent
f151bb5ce7
commit
39f2b6289d
@ -134,6 +134,11 @@ daily_status_mail_rejects_enable="YES" # Check mail rejects
|
||||
daily_status_mail_rejects_logs=3 # How many logs to check
|
||||
daily_status_mail_rejects_shorten="NO" # Shorten output
|
||||
|
||||
# 480.leapfile-ntpd
|
||||
daily_ntpd_leapfile_enable="NO" # Fetch NTP leapfile
|
||||
daily_ntpd_avoid_congestion="YES" # Avoid congesting
|
||||
# leapfile sources
|
||||
|
||||
# 480.status-ntpd
|
||||
daily_status_ntpd_enable="NO" # Check NTP status
|
||||
|
||||
|
@ -362,6 +362,15 @@ ntpd_config="/etc/ntp.conf" # ntpd(8) configuration file
|
||||
ntpd_sync_on_start="NO" # Sync time on ntpd startup, even if offset is high
|
||||
ntpd_flags="-p /var/run/ntpd.pid -f /var/db/ntpd.drift"
|
||||
# Flags to ntpd (if enabled).
|
||||
ntp_src_leapfile="/etc/ntp/leap-seconds"
|
||||
# Initial source for ntpd leapfile
|
||||
ntp_db_leapfile="/var/db/ntpd.leap-seconds.list"
|
||||
# Working copy (updated weekly) leapfile
|
||||
ntp_leapfile_sources="https://www.ietf.org/timezones/data/leap-seconds.list"
|
||||
# Source from which to fetch leapfile
|
||||
ntp_leapfile_expiry_days=30 # Check for new leapfile 30 days prior to
|
||||
# expiry.
|
||||
ntp_leapfile_fetch_verbose="NO" # Be verbose during NTP leapfile fetch
|
||||
|
||||
# Network Information Services (NIS) options: All need rpcbind_enable="YES" ###
|
||||
nis_client_enable="NO" # We're an NIS client (or NO).
|
||||
|
@ -81,4 +81,6 @@ restrict 127.127.1.0
|
||||
# See http://support.ntp.org/bin/view/Support/ConfiguringNTP#Section_6.14.
|
||||
# for documentation regarding leapfile. Updates to the file can be obtained
|
||||
# from ftp://time.nist.gov/pub/ or ftp://tycho.usno.navy.mil/pub/ntp/.
|
||||
leapfile "/etc/ntp/leap-seconds"
|
||||
# Use either leapfile in /etc/ntp or weekly updated leapfile in /var/db.
|
||||
#leapfile "/etc/ntp/leap-seconds"
|
||||
leapfile "/var/db/ntpd.leap-seconds.list"
|
||||
|
28
etc/periodic/daily/480.leapfile-ntpd
Executable file
28
etc/periodic/daily/480.leapfile-ntpd
Executable file
@ -0,0 +1,28 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# $FreeBSD$
|
||||
#
|
||||
|
||||
# If there is a global system configuration file, suck it in.
|
||||
#
|
||||
if [ -r /etc/defaults/periodic.conf ]
|
||||
then
|
||||
. /etc/defaults/periodic.conf
|
||||
source_periodic_confs
|
||||
fi
|
||||
|
||||
case "$daily_ntpd_leapfile_enable" in
|
||||
[Yy][Ee][Ss])
|
||||
case "$daily_ntpd_avoid_congestion" in
|
||||
[Yy][Ee][Ss])
|
||||
# Avoid dogpiling
|
||||
(sleep $(jot -r 1 0 86400); service ntpd fetch) &
|
||||
;;
|
||||
*)
|
||||
service ntpd fetch
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
esac
|
||||
|
||||
exit $rc
|
@ -35,7 +35,8 @@ FILES+= 130.clean-msgs
|
||||
.endif
|
||||
|
||||
.if ${MK_NTP} != "no"
|
||||
FILES+= 480.status-ntpd
|
||||
FILES+= 480.status-ntpd \
|
||||
480.leapfile-ntpd
|
||||
.endif
|
||||
|
||||
.if ${MK_RCMDS} != "no"
|
||||
|
@ -14,6 +14,8 @@ name="ntpd"
|
||||
rcvar="ntpd_enable"
|
||||
command="/usr/sbin/${name}"
|
||||
pidfile="/var/run/${name}.pid"
|
||||
extra_commands="fetch"
|
||||
fetch_cmd="ntpd_fetch_leapfile"
|
||||
start_precmd="ntpd_precmd"
|
||||
|
||||
load_rc_config $name
|
||||
@ -30,6 +32,10 @@ ntpd_precmd()
|
||||
return 0;
|
||||
fi
|
||||
|
||||
if [ ! -f $ntp_db_leapfile ]; then
|
||||
ntpd_fetch_leapfile
|
||||
fi
|
||||
|
||||
# If running in a chroot cage, ensure that the appropriate files
|
||||
# exist inside the cage, as well as helper symlinks into the cage
|
||||
# from outside.
|
||||
@ -44,10 +50,71 @@ ntpd_precmd()
|
||||
( cd /dev ; /bin/pax -rw -pe clockctl "${ntpd_chrootdir}/dev" )
|
||||
fi
|
||||
ln -fs "${ntpd_chrootdir}/var/db/ntp.drift" /var/db/ntp.drift
|
||||
ln -fs "${ntpd_chrootdir}${ntp_tmp_leapfile}" ${ntp_tmp_leapfile}
|
||||
|
||||
# Change run_rc_commands()'s internal copy of $ntpd_flags
|
||||
#
|
||||
rc_flags="-u ntpd:ntpd -i ${ntpd_chrootdir} $rc_flags"
|
||||
}
|
||||
|
||||
current_ntp_ts() {
|
||||
# Seconds between 1900-01-01 and 1970-01-01
|
||||
# echo $(((70*365+17)*86400))
|
||||
ntp_to_unix=2208988800
|
||||
|
||||
echo $(($(date -u +%s)+$ntp_to_unix))
|
||||
}
|
||||
|
||||
get_ntp_leapfile_ver() {
|
||||
expr "$(awk '$1 == "#$" { print $2 }' "$1" 2>/dev/null)" : \
|
||||
'^\([1-9][0-9]*\)$' \| 0
|
||||
}
|
||||
|
||||
get_ntp_leapfile_expiry() {
|
||||
expr "$(awk '$1 == "#@" { print $2 }' "$1" 2>/dev/null)" : \
|
||||
'^\([1-9][0-9]*\)$' \| 0
|
||||
}
|
||||
|
||||
ntpd_fetch_leapfile() {
|
||||
local ntp_tmp_leapfile rc verbose
|
||||
|
||||
if checkyesno ntp_leapfile_fetch_verbose; then
|
||||
verbose=echo
|
||||
else
|
||||
verbose=:
|
||||
fi
|
||||
|
||||
ntp_tmp_leapfile="/var/run/ntpd.leap-seconds.list"
|
||||
|
||||
ntp_ver_no_src=$(get_ntp_leapfile_ver $ntp_src_leapfile)
|
||||
ntp_ver_no_db=$(get_ntp_leapfile_ver $ntp_db_leapfile)
|
||||
$verbose ntp_src_leapfile version is $ntp_ver_no_src
|
||||
$verbose ntp_db_leapfile version is $ntp_ver_no_db
|
||||
|
||||
if [ "$ntp_ver_no_src" -gt "$ntp_ver_no_db" ]; then
|
||||
$verbose replacing $ntp_db_leapfile with $ntp_src_leapfile
|
||||
cp -p $ntp_src_leapfile $ntp_db_leapfile
|
||||
ntp_ver_no_db=$ntp_ver_no_src
|
||||
else
|
||||
$verbose not replacing $ntp_db_leapfile with $ntp_src_leapfile
|
||||
fi
|
||||
ntp_leap_expiry=$(get_ntp_leapfile_expiry $ntp_db_leapfile)
|
||||
ntp_leapfile_expiry_seconds=$((ntp_leapfile_expiry_days*86400))
|
||||
ntp_leap_fetch_date=$((ntp_leap_expiry-ntp_leapfile_expiry_seconds))
|
||||
if [ $(current_ntp_ts) -ge $ntp_leap_fetch_date ]; then
|
||||
$verbose Within ntp leapfile expiry limit, initiating fetch
|
||||
for url in $ntp_leapfile_sources ; do
|
||||
$verbose fetching $url
|
||||
fetch -mqo $ntp_tmp_leapfile $url && break
|
||||
done
|
||||
ntp_ver_no_tmp=$(get_ntp_leapfile_ver $ntp_tmp_leapfile)
|
||||
if [ "$ntp_ver_no_tmp" -gt "$ntp_ver_no_db" ]; then
|
||||
$verbose using $url as $ntp_db_leapfile
|
||||
mv $ntp_tmp_leapfile $ntp_db_leapfile
|
||||
else
|
||||
$verbose using existing $ntp_db_leapfile
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
run_rc_command "$1"
|
||||
|
Loading…
x
Reference in New Issue
Block a user