ntpMerlin ntpMerlin - NTP Daemon for AsusWRT Merlin

[cmkelley]

This. I never wish to complain about wonderful free software, but I disagree with the decision to move ntp.conf out of /jffs/configs. It was unsettling when my hand-crafted config file was mysteriously deleted without notice. I ask @Jack Yaz to reconsider this change, and move ntp.conf back to /jffs/configs where it belongs.

If *I* was king, it would be in /opt/etc/ where it actually belongs. It's a configuration file for the ntp daemon from entware, not a config file for a script, so it belongs in /opt/etc/ But Mongo just pawn in game of life.

 

[dave14305]

If *I* was king

Spoiler

 

[Stevens243]

But Mongo just pawn in game of life.

https://media.giphy.com/media/l0K4pbsfZgDgxmTNC/giphy.gif

 

[nlurker]

If *I* was king, it would be in /opt/etc/ where it actually belongs. It's a configuration file for the ntp daemon from entware, not a config file for a script, so it belongs in /opt/etc/ But Mongo just pawn in game of life.

I do have ntp.conf in /opt/etc, but it is ignored. I admit that I don't really understand how most of this stuff works.

 

[RMerlin]

I understand, but this is a config file for a system service. Not really part of your script.

Adding anything not documented in the Wiki in /jffs/configs/ is a bad idea if you are not me. Imagine that in the future I decided to replace the busybox ntpd with the complete package, which means I would also add ntpd.conf and ntpd.conf.add support. My code would then conflict with this if you kept yours in that same location.

/jffs/configs/ usage should be restricted to firmware services, not third party scripts. Anything else done by third party scripts belong elsewhere. Now they have an official location for them - /jffs/addons/ .

 

[gattaca]

^^^^ that's great info! I was thinking EVERYTHING the router owner did like amtm and "self-configs" belongs in /jffs/(something) so it could be backed up before blowing away the firmware etc.. BUT it seemed like everything being done (file-wise) ended up in /jffs/configs, so I too thought why is ntp.conf not there?

Thanks for the clarification!

tiny rant on:

Control files all over the place is one of my biggest personal-use issues with the "anything goes linux" paradigms. All of these directories together with THESE config files are stashed here, THOSE files certificates stashed there - which can be almost anyplace --> depending on the distros, which release of the distros plus that distros "conventions" at that time.

It's all too confusing and difficult to remember for laymen who do not have they hands in the patient daily. For developers it's 2nd nature because they are in the code every day. Go no further than our discussion here for the perfect example -> /opt/etc for this /opt/var/ for that, /jffs/addons for these /jffs/configs but only for those. Yeah, these are my personal frustrations. No I do not have my hands in the router's guts everyday. I am not bitching at you guys at all! (ok maybe venting...) This very issue has been a *@(*@* mess since Linux was created. It has only slowly gotten better - depending on the distro! But then again that's part of the allure other than it's "free"... (supposedly). Oh and very rarely is any of this well documented or good luck on finding it.

This is also one of the biggest reasons, at least for me, AMTM has been a god-send - it's so helpful to people who know the router needs to do better but simply don't know things as simple as where files go... It's also another resaon I've been using merlin for years over stock.

PEACE

tiny rant off:

 

[gattaca]

Still trying to figure out why systems behind the main AC86 router has been complaining about ntp sync failures since 1/22 when I did a bunch of updates (via u). I have a couple of ASUS routers acting as WAPs and they also had the wrong time (5/1/...) so it was not just my UPSes being noisy. I also find it very strange that Diversion is showing the NTP top domains listed below when my ntp.conf has none of those listed.

Very, very odd..

I also checked and I have the NTP setting turned OFF in the Merlin GUI so I'm using Jack's NTP setup via AMTM. I also verified again that I have the setting in ntpMerlin script enabled to force all clients to use Jack's ntp server setup.

The top 15 requested domains were:
--------------------------------------------------------
71397 www.quad9.net
18348 0.ca.pool.ntp.org
18294 pool.ntp.org
18097 1.ca.pool.ntp.org
17991 3.ca.pool.ntp.org
17890 2.ca.pool.ntp.org

From -> /jffs/addons/ntpmerlin.d/ntp.conf. (TY for the location!)
#
server 0.us.pool.ntp.org iburst
server 1.us.pool.ntp.org iburst
server 2.us.pool.ntp.org iburst
server 3.us.pool.ntp.org iburst
#
# Use a specific TRUSTED public US NTP servers...
#
server time.apple.com iburst # Stratum 1
server time.nist.gov iburst # Stratum 1 or 2
...
Any thoughts? could there be another rouge ntp.conf file hiding somewhere?

I rebooted everything earlier this AM while everyone is asleep so I'll report back if that somehow resolves the UPSes for sure b/c they check in 2x a day. Thanks!

 

[EmeraldDeer]

Are you sure ntpd is listening on your LAN interface? Below is a simple configuration which listens on interface br0 and gets time from Cloudflare.

#
logfile /opt/var/spool/ntp/ntp.log
driftfile /opt/var/spool/ntp/ntp.drift
leapfile /opt/var/spool/ntp/leap-seconds.list # https://hpiers.obspm.fr/iers/bul/bulc/ntp/leap-seconds.list
#
restrict default limited kod nomodify notrap nopeer noquery # restrictive default IPv4
restrict -6 default limited kod nomodify notrap nopeer noquery # restrictive default IPv6
restrict source nomodify notrap noquery # required for pool directive if using restrictive default permissions
restrict 127.0.0.1 # permissive localhost IPv4
restrict -6 ::1 # permissive localhost IPv6
#
interface ignore wildcard
interface listen br0
#
pool time.cloudflare.com iburst
#

 

[EmeraldDeer]

Here is a script which loops every minute and gives ntpd status

#!/bin/sh
#exec > myntp.log 2>&1
while true
do
        echo "=============================================================================="
        echo -e "\e[95m\c"
        ntpq -p
        echo -e "\e[0m\c"
        echo "=============================================================================="
        echo -e "\e[93m\c"
        ntptime | egrep "ntp_|TAI|offset"
        echo -e "\e[0m\c"
        echo "=============================================================================="
        echo -e "\e[92m\c"
        ntpq -4 -c rv | egrep "offset|jitter|rootdisp"
        echo -e "\e[0m\c"
        echo "=============================================================================="
        echo -e "\e[96m\c"
        date
        uptime
        echo -e "\e[0m\c"
        echo "=============================================================================="
        sleep 60
done

 

[EmeraldDeer]

One last thing: I have used NTP redirection before. It would work for a while until it did not, so I gave up. I don't have a guess as to what other software updates interfere. When the redirection breaks, then you would begin to see the NTP lookups from your LAN devices in the DNS logs. Perhaps turning redirection off and then back on again will fix it.

 

[cmkelley]

I do have ntp.conf in /opt/etc, but it is ignored. I admit that I don't really understand how most of this stuff works.

I symlinked them.

ln -s /jffs/addons/ntpmerlin.d/ntp.conf /opt/etc/ntp.conf

I don't _think_ it matters (i.e. you could just delete the one in /opt/etc), but this way I don't have to remember where it is if I want to edit it, it's in the same spot as most other unix-like systems.

 

[cmkelley]

^^^^ that's great info! I was thinking EVERYTHING the router owner did like amtm and "self-configs" belongs in /jffs/(something) so it could be backed up before blowing away the firmware etc.. BUT it seemed like everything being done (file-wise) ended up in /jffs/configs, so I too thought why is ntp.conf not there?

Thanks for the clarification!

tiny rant on:

Control files all over the place is one of my biggest personal-use issues with the "anything goes linux" paradigms. All of these directories together with THESE config files are stashed here, THOSE files certificates stashed there - which can be almost anyplace --> depending on the distros, which release of the distros plus that distros "conventions" at that time.

It's all too confusing and difficult to remember for laymen who do not have they hands in the patient daily. For developers it's 2nd nature because they are in the code every day. Go no further than our discussion here for the perfect example -> /opt/etc for this /opt/var/ for that, /jffs/addons for these /jffs/configs but only for those. Yeah, these are my personal frustrations. No I do not have my hands in the router's guts everyday. I am not bitching at you guys at all! (ok maybe venting...) This very issue has been a *@(*@* mess since Linux was created. It has only slowly gotten better - depending on the distro! But then again that's part of the allure other than it's "free"... (supposedly). Oh and very rarely is any of this well documented or good luck on finding it.

This is also one of the biggest reasons, at least for me, AMTM has been a god-send - it's so helpful to people who know the router needs to do better but simply don't know things as simple as where files go... It's also another resaon I've been using merlin for years over stock.

PEACE

tiny rant off:

OT: I totally hear you. Hence why when I first started experimenting with "alternate" operating systems, I gave up on Linux after a few months and went to FreeBSD (this was FreeBSD 4.10 IIRC). I got tired of books and online tutorials telling me how to do something, then add "your distribution may do this differently" and, yep, it did. After a few years of learning it wasn't that hard to go to any given Linux distribution because I now understood what it was trying to do, so figuring how "this distribution did it differently" was much easier.

 

[Makaveli]

I just noticed an issue i'm no longer able to click on expand after updating anyone else seeing this issue?

 

[joe68000]

I just noticed an issue i'm no longer able to click on expand after updating anyone else seeing this issue?

I had this problem (back a page or so)... the symlinks in /www/ext/shared-jy/ are stale. They need to point to /jffs/addons/ where those js scripts now live.

 

[nlurker]

/jffs/configs/ usage should be restricted to firmware services, not third party scripts. Anything else done by third party scripts belong elsewhere. Now they have an official location for them - /jffs/addons/ .

Thank you!! With this explanation you have changed my mind, and I withdraw my request.

 

[gattaca]

Are you sure ntpd is listening on your LAN interface? Below is a simple configuration which listens on interface br0 and gets time from Cloudflare.

Yes sir. I preserved all the lines from the original file before modifying them. I had not altered the file since May 2019 when I think ntpMerlin became available.
#
# Lines below from original ntpMerlin source packages
#
interface ignore wildcard
interface listen br0
#
logfile /opt/var/spool/ntp/ntp.log
driftfile /opt/var/spool/ntp/ntp.drift

from the log..
1 Feb 10:11:48 ntpd[3081]: Listen normally on 0 lo 127.0.0.1:123
1 Feb 10:11:48 ntpd[3081]: Listen normally on 1 lo:0 127.0.1.1:123
1 Feb 10:11:48 ntpd[3081]: Listen normally on 2 br0 192.168.011.7:123
1 Feb 10:11:48 ntpd[3081]: Listening on routing socket on fd #19 for interface updates

 

[EmeraldDeer]

I just upgraded entware via amtm. When I looked at NTP, it was not my configuration. However, I invoked ntpmerlin from the command line and it put everything back.

 

[gattaca]

@EmeraldDeer I used your script for 20+ hours and it has been clocking in with no issues whatsoever. Nice, TY.

WRT my earlier posting with NTP failures ~ 1/22, after doing a full restart on the AC86 from the GUI + the 2 ASUS WAPs yesterday, the UPS have not whined about NTP failures and both WAPs actually show the correct time. I'm at a loss to explain why b/c I had also restarted NTP in ntpMerlin several times to PD. I guess the router just needed a full restart.

Also, per earlier, none of these "IDK where they came from..." *.ca..... ntp entries are showing in Diversion..

The top 15 requested domains were:
--------------------------------------------------------
71397 www.quad9.net
18348 0.ca.pool.ntp.org
18294 pool.ntp.org
18097 1.ca.pool.ntp.org
17991 3.ca.pool.ntp.org
17890 2.ca.pool.ntp.org

Thanks also for your comments re: my (and others) frustrations with linux's a file here, a file there approach. I see I'm not the only "layman" in this situation. Cheers!

 

[Vexira]

I just upgraded entware via amtm. When I looked at NTP, it was not my configuration. However, I invoked ntpmerlin from the command line and it put everything back.

Do you have re direction working for you, because I've experienced the same issue with it?

 

[EmeraldDeer]

Do you have re direction working for you, because I've experienced the same issue with it?

I have not used redirection in a long time. At one point I had noticed that it was not working and did not feel comfortable enough with how it works in order to pursue it.