I recently ran into problems with generating TOTP 2-factor codes on my laptop. The fact that some of the codes would work and some wouldn't suggested a problem with time keeping on my laptop.
This was surprising since I've been running NTP for a
many years and have therefore never had to think about time synchronization.
After realizing that ntpd had stopped working on my machine for some reason,
I found that systemd
provides an easier way to keep time synchronized.
The new systemd time synchronization daemon
On a machine running systemd, there is no need to run the full-fledged
ntpd daemon anymore. The built-in systemd-timesyncd can do the basic
time synchronization job just fine.
However, I noticed that the daemon wasn't actually running:
$ systemctl status systemd-timesyncd.service
● systemd-timesyncd.service - Network Time Synchronization
Loaded: loaded (/lib/systemd/system/systemd-timesyncd.service; enabled; vendor preset: enabled)
Drop-In: /lib/systemd/system/systemd-timesyncd.service.d
└─disable-with-time-daemon.conf
Active: inactive (dead)
Condition: start condition failed at Thu 2017-08-03 21:48:13 PDT; 1 day 20h ago
Docs: man:systemd-timesyncd.service(8)
referring instead to a mysterious "failed condition". Attempting to restart the service did provide more details though:
$ systemctl restart systemd-timesyncd.service
$ systemctl status systemd-timesyncd.service
● systemd-timesyncd.service - Network Time Synchronization
Loaded: loaded (/lib/systemd/system/systemd-timesyncd.service; enabled; vendor preset: enabled)
Drop-In: /lib/systemd/system/systemd-timesyncd.service.d
└─disable-with-time-daemon.conf
Active: inactive (dead)
Condition: start condition failed at Sat 2017-08-05 18:19:12 PDT; 1s ago
└─ ConditionFileIsExecutable=!/usr/sbin/ntpd was not met
Docs: man:systemd-timesyncd.service(8)
The above check for the presence of /usr/sbin/ntpd points to a conflict
between ntpd and systemd-timesyncd. The solution of course is to remove
the former before enabling the latter:
apt purge ntp
Enabling time synchronization with NTP
Once the ntp package has been removed, it is time to enable NTP support in
timesyncd.
Start by choosing the NTP server pool nearest
you and put it in /etc/systemd/timesyncd.conf.d/local.conf. For example, mine reads
like this:
[Time]
NTP=time.cloudflare.com
before restarting the daemon:
systemctl restart systemd-timesyncd.service
That may not be enough on your machine though. To check whether or not the time has been synchronized with NTP servers, run the following:
$ timedatectl
...
System clock synchronized: yes
NTP service: inactive
RTC in local TZ: no
If NTP is not enabled, then you can enable it by running this command:
timedatectl set-ntp true
Once that's done, everything should be in place and time should be kept correctly:
$ timedatectl
...
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
In Jessie, systemd-timesyncd put out some logging information to syslog, everytime that it pinged the time server that gave you a time stamp, time correction and frequency correction information. With Stretch, these log reports have been suppressed. Does anyone know how to get them back? I can't find anything in the documentation. Thanks, --- Graham
==
systemd-timesyncd seems to have some nice features - it touches
/var/lib/systemd/clock(or perhaps/var/lib/systemd/timesync/clockon Debian) after each successful sync, so it will at least move forward after reboot even before the network is up.On the other hand there are situations where I would like a whole set of services to have a hard dependency on a successful time synchronisation before they will even try and start up, and this does not seem to be well-supported by systemd (see https://github.com/systemd/systemd/issues/5097 for more detail).
You say you had to
timedatectl set-ntp trueafter you got timesyncd running, but that's not working for me and I'm curious about how long I should spend watching it before I see a "Yes" in the NTP sync status, and I wonder what I might be missing if I'm not seeing this even though timesyncd appears to be running without errors.Hello,
I'm interested cause my NTP synchronized is always :no I done exactly the same commands on the blog and no change appears.
Thank you for advice.
NOTE: This commit changed the output:
https://github.com/systemd/systemd/commit/3ec530a1890925efe347f739917dd4078c1b1942
"NTP synchronized" => "systemd-timesyncd.service active"
Hey François, many thanks for your effort to share this tutorial. Had the same problems as you described. Woks also for RaspberryPi 4 with Raspbian GNU/Linux 10 (buster). Best regards, Uwe