Updating NTP Servers

As always when you’re running own services you should update them regularly to have all known bugs fixed and security issues thwarted. Same for NTP servers based on Linux, as in my case running on Raspberry Pis. Especially when you’re actively joining the NTP pool project with your NTP servers you have to update them to the latest version of ntp since you might be misused for well-known DDoS attacks or other security related bugs.

So, what’s this all about? You can simply do an “apt-get upgrade”, don’t you? Well, unluckily the ntp packages within the Linux distributions are not always updated to the latest versions. Hence you need to compile the ntp software by yourself to have the latest release running. Still not that hard, though it requires a bit more attention.

This article is one of many blogposts within this NTP series. Please have a look!

In this post I am showing how to update a Raspberry Pi with ntp, while I am *not* using the ntp package from the Raspbian distribution, but compiling it by myself. If you’re operating an NTP appliance such as the ones from Meinberg, you must not use these procedures but their official firmware updates.

Before updating you should write down the current versions to compare them with the newer ones later on. In this case the Linux kernel as well as the ntp version:

Backups!

This is very important: Make a backup of everything you have done so far to an external location! Especially configuration files. As I am using ntp with static IP addresses, NTP authentication as well as SNMP for monitoring them (have a look at my other NTP blogposts), I have to save at least the following config files:

For example you can create a folder, copy those files, changing some ownerships and saving them via SCP to your remote location:

 

Updating Linux/Raspbian

You should update the overall operating system as well. However, please verify before updating it that your ntp package is “on hold”. That means: It is NOT updated by the operating system (since those ntp packages tend to be old and outdated). If you have read my two tutorials about using a Raspi with GPS/DCF77, you already know what I’m talking about. Note the “h” in the very first column:

Now, in case of Debian based Linux derivatives you can do the upgrade with these two well-known commands:

 

Updating NTP

Since you want to update ntp to its latest release, you need to download it from its homepage. At the time of writing I updated my instance to version 4.2.8p10. Of course there are newer versions out there in the meantime.

In the second step you need to build the ntp package. Dependent of your stratum 0 source such as DCF77 or GPS, the configure command slightly differs:

Followed by the actual build, installation and reboot. This might take some time, e.g. more than 1 hour on an old Raspberry Pi 1 B:

After your system is up again you can check the new versions of the kernel and ntp:

And, of course, you should also verify that your ntp server is up and running, for example with ntpq -p.

Pitfalls

What I don’t like about remotely updating Linux servers is this:

Hence: If your NTP server is crucial to your network, don’t update all your instances simultaneously but wait until the first one is updated successfully and running again.

Furthermore, if you have the chance to use serial TTY consoles to access your devices in case of a network/generic failure, do so. ;) I know, this might not be necessary for your hobby Raspberry Pi projects, but maybe for your NTP appliances such as the ones from Meinberg which offer an RJ45 serial connection port.

Featured image “20120721-DSC08744” by Clemens v. Vogelsang is licensed under CC BY 2.0.

Leave a Reply

Your email address will not be published. Required fields are marked *