Ben's notes

Linux, Unix, network, radio...

User Tools

Site Tools


get_leap_script

This is an old revision of the document!


~~TOC~~

Script & test - Get leap second file

This script will download the latest leap second file. Run it weekly from cron.

Script

  • This script runs on RHEL7, CentOS7 (using systemd).
    #!/bin/bash
    
    # This script will download the latest leap second file,
    # update the NTP configuration and restart ntpd.
    
    
    # Leap second file location
    leapremote="ftp://time.nist.gov/pub/"
    #leapremote="ftp://tycho.usno.navy.mil/pub/ntp/"
    
    # Local file name
    leaplocaldir="/var/lib/ntp/"
    leaplocalfile="$leaplocaldir/leap-seconds"
    
    # Log file
    logfile=/var/log/getleap.log
    
    # Get latest leap second file
    /usr/bin/lftp -e 'set net:timeout 10 ; cls -1 --perms --sort=date leap-seconds* > /tmp/leap ; exit' $leapremote
    if [ $? -ne 0 ]; then
      echo "`date` - ERROR - FTP problem, exiting." | tee -a $logfile
      exit 1
    else
      # find latest file, exclude symlinks, directories with same prefix
      latestleapfile=`egrep -v "^l|^d" /tmp/leap | cut -d " " -f3 | head -1`
      echo $latestleapfile > /tmp/leap
    fi
    
    if [ -f "$leaplocaldir$(cat /tmp/leap)" ]; then
      echo "`date` - OK - File $leaplocaldir$(cat /tmp/leap) already exists. Not downloading." | tee -a $logfile
    else
      cd "$leaplocaldir"
      /usr/bin/lftp -e "set net:timeout 10 ; get $(cat /tmp/leap) ; exit" $leapremote
      ln -sfn "$leaplocaldir$(cat /tmp/leap)" "$leaplocalfile"
      if [ $? -eq 0 ]; then
        echo "`date` - OK - Leap second file downloaded." | tee -a $logfile
      else
        echo "`date` - ERROR - Leap second file download problem." | tee -a $logfile
        exit 1 
      fi
      systemctl restart ntpd
      if [ $? -eq 0 ]; then
        echo "`date` - OK - NTPd service restarted succesfully." | tee -a $logfile
      else
        echo "`date` - ERROR - NTPd service restart problem!" | tee -a $logfile
        exit 1
      fi
    fi

SELinux module

  • SELinux would not allow NTPd to read a link. You have to add a module to allow that:
    module ntpleap 1.0;
    
    require {
            type ntpd_t;
            type ntp_drift_t;
            class lnk_file read;
    }
    
    #============= ntpd_t ==============
    allow ntpd_t ntp_drift_t:lnk_file read;

Test

  • Find TAI line in the NTPd startup log /var/log/messages:
    Apr 20 13:51:14 ntp1 ntpd[19189]: 0.0.0.0 c01e 0e TAI 36 leap 201507010000 expire 201512280000
  • Test with ntpq:
    ntpq -c rv | tr " " "\n" |egrep "leap|expire|tai"
    leap_none,
    leap_armed,
    leap=00,
    tai=35,
    leapsec=201507010000,
    expire=201512280000
  • And when leap is announced (30-06-2015)
    $ ntpq -c rv | tr " " "\n" |egrep "leap|expire|tai"
    leap_add_sec,
    leap_armed,
    leap=01,
    tai=35,
    leapsec=201507010000,
    expire=201512280000
    • leap = warning indicator (0-3)
    • leapsec = NTP seconds when the next leap second is/was inserted
    • expire = NTP seconds when the NIST leapseconds file expires
    • tai = TAI-UTC offset (s)
  • Test servers:
    $ ntpq -c "lassoc" -c "mrv &1 &999 leap,srcadr,stratum"
    
    ind assid status  conf reach auth condition  last_event cnt
    ===========================================================
      1 15289  941a   yes   yes  none candidate    sys_peer  1
      2 15290  961a   yes   yes  none  sys.peer    sys_peer  1
      3 15291  9324   yes   yes  none   outlyer   reachable  2
      4 15292  9417   yes   yes  none candidate rate_exceeded  1
    srcadr=ntp0.nl.uu.net, leap=00, stratum=1
    
    srcadr=ntp1.nl.uu.net, leap=00, stratum=1
    
    srcadr=ntp.ring.nlnog.net, leap=00, stratum=1
    
    srcadr=ntp2.polaire.nl, leap=01, stratum=1
get_leap_script.1435647265.txt.gz · Last modified: 2015/06/30 06:54 by admin