This outlines how to set up a Linux server as a test time server. The following describes the steps to install and configure NTPd on a Linux server that can then be used to provide a "simulated" time to other test servers as well as testing leap second changes.

Set up a Test Time Server 

  1. Make sure NTPd is installed:

    $ sudo yum install ntp
  2. Configure the server to use its own time by making sure the configuration only has the server "server 127.127.1.1" configured in /etc/ntp.conf.

    $ sudo vi /etc/ntp.conf

    For details on the driver, refer to Undisciplined Local Clock.


  3. As this time server has no connection with upstream timeservers or a GPS source, you need to manually configure the information about leap seconds:

    1. Download the NIST leap seconds file from ftp.boulder.nist.gov/pub/time (use FileZilla for download).

    2. Copy the downloaded NIST leap seconds file to the server:

      $ sudo cp leap-seconds.list /var/lib/ntp/leap-seconds.list
  4. Configure NTPd to use the leap seconds file by editing /etc/ntp.conf and specifying the path to this file:

    $ sudo vi /etc/ntp.conf 
    leapfile "/etc/leap-seconds.list"

    For more information on NTPd and the NIST leap second file, refer to Network Time Foundation's NTP Support Wiki>Configuring NTP.


  5. Set the time you want to simulate, and then restart NTPd:

    $ sudo date --utc --set "2015-06-30 23:30"
    $ sudo service ntpd restart
  6. Verify that the local clock was configured correctly and that the NIST leap seconds file was picked up by querying all configured peers (time sources) and then checking the leap second variables. Then print the current time just to be sure it is correct:

    $ ntpq -p && ntpq -c "rv 0 leap,leapsec,tai" && date --utc
    remote refid st t when poll reach delay offset jitter
    ==============================================================================
    *LOCAL(1) .LOCL. 5 l 3 64 1 0.000 0.000 0.001
    leap=01, tai=35, leapsec=201507010000
    Tue Jun 30 23:30:11 UTC 2015
    1. Note that the asterisk before LOCAL means it is synchronized with this source.
    2. The refid .LOCL. means the local clock is used.
    3. The tai and leapsec values are available which means the leap seconds file was read.
    4. The leap value ("leap indicator") starts with 01 means a positive leap second will be introduced at the end of the month.


You can now point test servers to use this time server as its server by specifying the server address in the tests servers configuration under /etc/ntp.conf.

Remember to also point the SignServer TimeMonitor to this test time server, see TimeMonitor Configuration.

After changing the NTP configuration of the client, its NTPd needs to be restarted and you will need to wait until the time synchronizes. Inspect the output from ntpq -p until the IP address of the time server gets an asterisk in front of it, usually at reach 17 or at the latest 377.

Troubleshooting

  • If the tai and leapsec variables are not printed, the issue could be that the leap seconds file was not found or the system did not allow NTPd to read it. To resolve, check for any error in the Syslog.
  • If you get an error from Apparmor in Debian/Ubuntu similar to the following:

    kernel: [ 6327.597127] type=1400 audit(1432630950.384:12): apparmor="DENIED" operation="open"
     parent=1 profile="/usr/sbin/ntpd" name="/etc/leap-seconds.list" pid=2224 comm="ntpd"
     requested_mask="r" denied_mask="r" fsuid=0 ouid=0 

    Resolve by modifying Apparmor to allow NTPd to read this location, or place the file in a location that is already allowed. For more information, refer to Leapseconds file: Permission denied.