Ntpd still broke… really!

jcyr

I tried to explain previously, but seems no one stopped to understand what I was saying… so I'll spell it out one more time.

After a fresh update to the latest snapshop, login via ssh and list the contents of /var/run:

ls /var/run
.snap                           dnsmasq.pid                     ping_hosts.pid
apinger.pid                     expire_accounts.pid             powerd.pid
check_reload_status             filter_reload_status            sshd.pid
cron.pid                        inetd.pid                       syslog.pid
devd.pid                        ld-elf.so.hints                 update_alias_url_data.pid
devd.pipe                       lighty-webConfigurator.pid      updaterrd.sh.pid
dhclient.em0.pid                log                             utmp
dhcpleases.pid                  logpriv

You'll notice that there is no ntpd.pid there, yet ntpd is running with the current servers:

**ps -ax|grep ntpd
56972  ??  Ss     0:00.09 /usr/local/bin/ntpd -g -c /var/etc/ntpd.conf
81497   0  S+     0:00.02 grep ntpd

ntpq
ntpq> peers
    remote           refid      st t when poll reach   delay   offset  jitter

ipcop.tbcg.org  132.239.1.6      2 u   49   64   17   34.437  151.054 117.640
+ntp1.ResComp.Be 128.32.206.55    3 u   45   64   37   93.775  149.905 118.737*

You'll also notice from the ps command that the -p parameter is missing from the ntpd run command, which explains why the ntpd.pid file was not created in /var/run.

Now, go to the System->General Setup page in your browser, delete one of the time servers, and hit save.

What is supposed to happen is that /etc/inc/system.inc updates the /var/etc/ntpd.conf file, kills the current ntpd, and starts a new one to reload the new configuration file.

It does update the configuration file:

**cat /var/etc/ntpd.conf

pfSense ntp configuration file

tinker panic 0

Upstream Servers

server 0.freebsd.pool.ntp.org iburst maxpoll 9
enable monitor
enable stats
statistics clockstats
statsdir /var/log/ntp
logconfig =syncall +clockall
driftfile /var/db/ntpd.drift
restrict default kod nomodify notrap nopeer
restrict -6 default kod nomodify notrap nopeer
interface ignore all
interface listen em1**

It updates the config file fine. Only one upstream server instead of the original two. But it fails to kill the currently running ntpd daemon! Why? Because of this code in /etc/inc/system.inc:

**       /* if ntpd is running, kill it /
       while (isvalidpid("{$g['varrun_path']}/ntpd.pid")) {
               killbypid("{$g['varrun_path']}/ntpd.pid");
       }
       @unlink("{$g['varrun_path']}/ntpd.pid");*

This code requires that a ntpd.pid file exist in /var/run to properly kill ntpd, but there is no such file as we saw earlier.

system.inc then launches ntpd again, with:

/ start opentpd, set time now and use /var/etc/ntpd.conf /
       mwexec("/usr/local/bin/ntpd -g -c {$g['varetc_path']}/ntpd.conf -p {$g['varrun_path']}/ntpd.pid", false, true);

That works fine, but the new ntpd daemon sees that its port is already bound by the still running initial ntpd, and exits:

tail /var/log/ntpd.log
Feb 11 18:57:02 srvrrouter ntpd[64645]: ntpd 4.2.6p5@1.2349-o Sun Jan 27 18:44:51 UTC 2013 (1)
Feb 11 18:57:02 srvrrouter ntpd[64881]: proto: precision = 2.652 usec
Feb 11 18:57:02 srvrrouter ntpd[64881]: ntp_io: estimated max descriptors: 11095, initial socket boundary: 20
Feb 11 18:57:02 srvrrouter ntpd[64881]: unable to bind to wildcard address 0.0.0.0 - another process may be running - EXITING

And the original ntpd (the one started at boot) keeps running with the two upstream servers, instead of just one:

**ntpq
ntpq> peers
    remote           refid      st t when poll reach   delay   offset  jitter

ipcop.tbcg.org  132.239.1.6      2 u   39   64    7   33.162  -194.81 136.974
+ntp1.ResComp.Be 128.32.206.55    3 u   34   64   17   92.870  -199.06 137.368
ntpq>*

The root cause is that the script that starts ntpd at boot time does not specify the -p parater telling ntpd to create a pid file in /var/run.

This can easilly fixed with a one line change in the script that starts ntpd at boot time:

Change the following line in /usr/local/sbin/ntpdate_sync_once.sh

/usr/local/bin/ntpd -g -c /var/etc/ntpd.conf

to:

/usr/local/bin/ntpd -g -c /var/etc/ntpd.conf -p /var/run/ntpd.pid

Simple enough fix which will cause the initial run of ntpd to create the expected pid file and allow timeserver updates at the web gui to take effect immediatly instead of requiring a reboot.

dhatz

Your suggestion seems correct, apparently ntpd has no default .pid file setting.

So ntpd either needs the -p command line argument or a pidfile cfg file setting:
pidfile /var/run/ntpd.pid

Thanks for noticing.

jcyr

@dhatz:

or a pidfile cfg file setting:
pidfile /var/run/ntpd.pid

Yes, that would equally work.

eri--

A fix has been merged to pass the correct pid file on ntp.
So try newer coming snapshots later today.