Ntpd Centos7 mouseCLOCK USB II
This HOWTO was generated by a user trying to use the generic [Ntpd Installation|ntpd Howto] when using [Centos7]
install NTP
sudo apt-get install ntp
or
sudo yum install ntp
generate persistent symlink
If your system is using udevd, it is recommended to configure udevd to create the right symlink once a device appears. Try to insert one the following rules to /etc/udev/rules.d/ :
KERNEL=="ttyUSB*", ATTRS{idProduct}=="e88a", SYMLINK+="refclock-%m"
integrate in NTP
To tell ntpd which hardware is connected to which serial interface, add the following to /etc/ntp.conf and uncomment (remove preceeding #-sign).
################################# # local clock as fallback server 127.127.1.0 fudge 127.127.1.0 stratum 10 ################################# # Expert mouseCLOCK USB II server 127.127.8.0 mode 19 # logging logfile /var/log/ntp logconfig =all
- Note: Lines beginning with # are remarks, so un-remark the # server line to match your hardware.
- Extra info : Server 127.127.8.0 mode 14 means :
- 127.127 : use hardware parse driver
- .8 : use parse driver 8
- .0 : use reflock-0 to poll this device
- mode 14 : use driver 8's clock type 14
Now reboot your machine, wait for at least 3 minutes and check /var/log/ntp for errors. If the last line says SYNCHRONIZED, your device is up and running.
common errors
INCOMPLETE DATA
Make sure you waited at least 3 minutes and your device is well aligned to receive it's signal.
no such file
When systemd is used, it is likely that ntpd is started before symlink is created. In this case, simply restart ntpd after symlink is created. Open crontab
sudo crontab -e
add
@reboot sleep 60; systemctl restart ntpd
and save changes.
permission denied
If your system is running AppArmor or SELinux, it is likely that ntpd is not allowed to access your clock.
AppArmor
known NTP issues with AppArmor
You can use Yast2.
- Open Yast2 -> Novell AppArmor -> Edit Profile
- Select profile /usr/sbin/ntpd
- Add entry: /dev/ttyS0 (or /dev/ttyUSB0 depending on your device)
- Mark allow for: Read, Write, Link
This generates a new entry in the AppArmor profile file.
SELinux
By default SELinux runs in "enforced" mode which inhibits access to resources which have not explicitely been configured. In order to find out which kind of access shall be granted to a process SELinux can be temporarily switched to "permissive" mode which does not inhibit access but logs all accesses which would be inhibited in "enforced" mode:
setenforce Permissive
Now start or restart the NTP daemon so it tries to access the required resources:
service ntpd restart
Wait some time until the NTP daemon has opened all devices, created all log files, etc. The relevant log messages can then be found at the end of the SELinux logfile, and can be extracted using grep:
grep ntpd /var/log/audit/audit.log > ntpd-audit.log
Finally set SELinux back to enforcing mode:
setenforce Enforcing
The relevant log entries are now in our file ntpd-audit.log, and you may edit this file to see whether there are old/duplicate entries which can be removed.
The following three commands are required to parse the log entries and create a .pp file which can be supplied to SELinux. In the example below we assume the basename of the generated files is ntpd, so the final target file is ntpd.pp:
audit2allow -m ntpd <ntpd-audit.log >ntpd.te checkmodule -M -m -o ntpd.mod ntpd.te semodule_package -o ntpd.pp -m ntpd.mod
If all the commands above have been finished without error the new profile can be installed and loaded:
semodule -i ntpd.pp
After this has been done once ntpd should run fine.