get_leap_script
Table of Contents
Script & test - Get leap second file
This script will download the latest leap second file. Run it weekly from cron.
Script
- This script runs on RHEL7, CentOS7 (using systemd).
#!/bin/bash # This script will download the latest leap second file, # update the NTP configuration and restart ntpd. # Leap second file location leapremote="ftp://time.nist.gov/pub/" #leapremote="ftp://tycho.usno.navy.mil/pub/ntp/" # Local file name leaplocaldir="/var/lib/ntp/" leaplocalfile="$leaplocaldir/leap-seconds" # Log file logfile=/var/log/getleap.log # Get latest leap second file /usr/bin/lftp -e 'set net:timeout 10 ; cls -1 --perms --sort=date leap-seconds* > /tmp/leap ; exit' $leapremote if [ $? -ne 0 ]; then echo "`date` - ERROR - FTP problem, exiting." | tee -a $logfile exit 1 else # find latest file, exclude symlinks, directories with same prefix latestleapfile=`egrep -v "^l|^d" /tmp/leap | cut -d " " -f3 | head -1` echo $latestleapfile > /tmp/leap fi if [ -f "$leaplocaldir$(cat /tmp/leap)" ]; then echo "`date` - OK - File $leaplocaldir$(cat /tmp/leap) already exists. Not downloading." | tee -a $logfile else cd "$leaplocaldir" /usr/bin/lftp -e "set net:timeout 10 ; get $(cat /tmp/leap) ; exit" $leapremote ln -sfn "$leaplocaldir$(cat /tmp/leap)" "$leaplocalfile" if [ $? -eq 0 ]; then echo "`date` - OK - Leap second file downloaded." | tee -a $logfile else echo "`date` - ERROR - Leap second file download problem." | tee -a $logfile exit 1 fi systemctl restart ntpd if [ $? -eq 0 ]; then echo "`date` - OK - NTPd service restarted succesfully." | tee -a $logfile else echo "`date` - ERROR - NTPd service restart problem!" | tee -a $logfile exit 1 fi fi
SELinux module
- SELinux would not allow NTPd to read a link. You have to add a module to allow that:
module ntpleap 1.0; require { type ntpd_t; type ntp_drift_t; class lnk_file read; } #============= ntpd_t ============== allow ntpd_t ntp_drift_t:lnk_file read;
Test
- Find TAI line in the NTPd startup log /var/log/messages:
Apr 20 13:51:14 ntp1 ntpd[19189]: 0.0.0.0 c01e 0e TAI 36 leap 201507010000 expire 201512280000
- Test with ntpq:
ntpq -c rv | tr " " "\n" |egrep "leap|expire|tai" leap_none, leap_armed, leap=00, tai=35, leapsec=201507010000, expire=201512280000
- And when leap is announced (30-06-2015)
$ ntpq -c rv | tr " " "\n" |egrep "leap|expire|tai" leap_add_sec, leap_armed, leap=01, tai=35, leapsec=201507010000, expire=201512280000
- leap = warning indicator (0-3)
LI Value Meaning ------------------------------------------------------- 00 0 no warning 01 1 last minute has 61 seconds 10 2 last minute has 59 seconds) 11 3 alarm condition (clock not synchronized)
- leapsec = NTP seconds when the next leap second is/was inserted
- expire = NTP seconds when the NIST leapseconds file expires
- tai = TAI-UTC offset (s)
- Test servers:
$ ntpq -c "lassoc" -c "mrv &1 &999 leap,srcadr,stratum" ind assid status conf reach auth condition last_event cnt =========================================================== 1 15289 941a yes yes none candidate sys_peer 1 2 15290 961a yes yes none sys.peer sys_peer 1 3 15291 9324 yes yes none outlyer reachable 2 4 15292 9417 yes yes none candidate rate_exceeded 1 srcadr=ntp0.nl.uu.net, leap=00, stratum=1 srcadr=ntp1.nl.uu.net, leap=00, stratum=1 srcadr=ntp.ring.nlnog.net, leap=00, stratum=1 srcadr=ntp2.polaire.nl, leap=01, stratum=1
get_leap_script.txt · Last modified: 2021/10/09 15:14 by 127.0.0.1