HopfClockSerial with Suse 10.2 - NTP

This is a discussion on HopfClockSerial with Suse 10.2 - NTP ; Hello, I currently try to get a HopfClock Serial 6020 to run with NTP under Linux SuSE 10.2. This configuration already ran under Suse 9.1 and NTP version 4.2.0a successfully. Now I updated the system to Suse 10.2. and NTP ...

+ Reply to Thread
Results 1 to 14 of 14

Thread: HopfClockSerial with Suse 10.2

  1. HopfClockSerial with Suse 10.2

    Hello,
    I currently try to get a HopfClock Serial 6020 to run with NTP under Linux
    SuSE 10.2.

    This configuration already ran under Suse 9.1 and NTP version 4.2.0a
    successfully.

    Now I updated the system to Suse 10.2. and NTP version 4.2.2p4 (from scratch
    installation).

    Result:
    1) Everything works with time servers from the Internet
    2) The HopfClock writes a message into the /var/log/warn file and is not
    even listed (ntpq -p):

    Feb 8 20:45:07 earth ntpd[15469]: refclock_open /dev/hopfclock0:
    Operation not permitted
    Feb 8 20:45:07 earth ntpd[15469]: configuration of 127.127.38.0 failed

    I went through the sources, but I couldn't find any clue.

    My ntp.conf looks like that:
    ## Hopf DCF 6020
    server 127.127.38.0 prefer mode 12
    fudge 127.127.38.0 stratum 0
    fudge 127.127.38.0 time1 0.020
    fudge 127.127.38.0 refid DCF77_Hopf
    fudge 127.127.38.0 flag1 1 flag2 0 flag3 0 flag4 0
    #fudge 127.127.38.0 flag1 1 flag2 0 flag3 0 flag4 0 stratum 0 time1 0.02

    The soft link to /dev/hopfclock0 is available and I was able to capture the
    time signal of the clock with minicom terminal program.
    I tried everything with the permissions of the device - without success.

    Just for a try I changed to the Parse Clock (127.127.8.0) on /dev/refclock-0
    with basically the same warning.

    I even installed in a quick and dirty act the NTP 4.2.0a version - with the
    same results.

    Question:
    What does the message "refclock_open /dev/hopfclock0: Operation not
    permitted" exactly mean?

    Do I have to compile something into my kernel which is probably not in yet?


    I really picked my brain and I suspect it has something to do with my
    kernel.

    Any clue is appreciated.

    Cheers,
    Gerhard

    _______________________________________________
    questions mailing list
    questions@lists.ntp.isc.org
    https://lists.ntp.isc.org/mailman/listinfo/questions


  2. Re: HopfClockSerial with Suse 10.2

    Hello,

    I'll help you though I'm working for Meinberg, not for Hopf ;-)

    Gerhard Pisl wrote:
    > Hello,
    > I currently try to get a HopfClock Serial 6020 to run with NTP under Linux
    > SuSE 10.2.
    >
    > This configuration already ran under Suse 9.1 and NTP version 4.2.0a
    > successfully.
    >
    > Now I updated the system to Suse 10.2. and NTP version 4.2.2p4 (from
    > scratch installation).
    >
    > Result:
    > 1) Everything works with time servers from the Internet
    > 2) The HopfClock writes a message into the /var/log/warn file and is not
    > even listed (ntpq -p):
    >
    > Feb 8 20:45:07 earth ntpd[15469]: refclock_open /dev/hopfclock0:
    > Operation not permitted


    This is not a problem of ntpd, but a problem of AppArmor which comes with
    SUSE Linux and is enabled by default in SUSE 10.2.

    For a first test you can stop AppArmor and see whether ntpd then works
    correctly.

    If AppArmor shall be used it must be configured to allow access to the
    refclock for ntpd:

    Yast2 -> Novell AppArmor -> Edit Profile
    Select profile /usr/sbin/ntpd
    Add entry: /dev/???
    # where ??? must be the device /dev/hopfclock0 points to
    Mark allow for: Read, Write, Link

    This generates a new entry:
    /dev/??? rwl

    Please note the symbolic links (e.g. /dev/hopfclock0) are also created new
    after every reboot. If this doesn't appear to happen you must create an
    udev rule for this.


    Martin
    --
    Martin Burnicki

    Meinberg Funkuhren
    Bad Pyrmont
    Germany

  3. Re: HopfClockSerial with Suse 10.2

    >>> In article , gerhard@pisl.de (Gerhard Pisl) writes:

    Gerhard> Feb 8 20:45:07 earth ntpd[15469]: refclock_open /dev/hopfclock0:
    Gerhard> Operation not permitted Feb 8 20:45:07 earth ntpd[15469]:
    Gerhard> configuration of 127.127.38.0 failed

    What are the permissions on /dev/hopfclock0 (and the file it points to)?

    What options are you using to start ntpd?

    Gerhard> My ntp.conf looks like:
    # Hopf DCF 6020
    server 127.127.38.0 prefer mode 12
    I don't understand the "mode 12" in the line above.
    fudge 127.127.38.0 stratum 0
    Why are you fudging the stratum to 0?

    Gerhard> Question: What does the message "refclock_open /dev/hopfclock0:
    Gerhard> Operation not permitted" exactly mean?

    "man 2 open" and look for EPERM.

    Gerhard> Do I have to compile something into my kernel which is probably not
    Gerhard> in yet?

    I doubt it.

    H

  4. Re: HopfClockSerial with Suse 10.2

    Gerhard Pisl wrote:
    > Hello,
    > I currently try to get a HopfClock Serial 6020 to run with NTP under Linux
    > SuSE 10.2.
    >
    > This configuration already ran under Suse 9.1 and NTP version 4.2.0a
    > successfully.
    >
    > Now I updated the system to Suse 10.2. and NTP version 4.2.2p4 (from scratch
    > installation).
    >
    > Result:
    > 1) Everything works with time servers from the Internet
    > 2) The HopfClock writes a message into the /var/log/warn file and is not
    > even listed (ntpq -p):
    >
    > Feb 8 20:45:07 earth ntpd[15469]: refclock_open /dev/hopfclock0:
    > Operation not permitted
    > Feb 8 20:45:07 earth ntpd[15469]: configuration of 127.127.38.0 failed
    >
    > I went through the sources, but I couldn't find any clue.
    >
    > My ntp.conf looks like that:
    > ## Hopf DCF 6020
    > server 127.127.38.0 prefer mode 12
    > fudge 127.127.38.0 stratum 0
    > fudge 127.127.38.0 time1 0.020
    > fudge 127.127.38.0 refid DCF77_Hopf
    > fudge 127.127.38.0 flag1 1 flag2 0 flag3 0 flag4 0
    > #fudge 127.127.38.0 flag1 1 flag2 0 flag3 0 flag4 0 stratum 0 time1 0.02
    >
    > The soft link to /dev/hopfclock0 is available and I was able to capture the
    > time signal of the clock with minicom terminal program.
    > I tried everything with the permissions of the device - without success.
    >
    > Just for a try I changed to the Parse Clock (127.127.8.0) on /dev/refclock-0
    > with basically the same warning.
    >
    > I even installed in a quick and dirty act the NTP 4.2.0a version - with the
    > same results.
    >
    > Question:
    > What does the message "refclock_open /dev/hopfclock0: Operation not
    > permitted" exactly mean?
    >


    It probably means that the account that is running ntpd does not have
    permission to access that file. Run ntpd as root or change the
    permissions to allow access to the account you are using!


  5. Re: HopfClockSerial with Suse 10.2

    Hello Martin,
    Thanks for your reply it was exactly what you suspected.

    Perhaps one remark for the community:
    I got the HopfClock Serial 6020, which actually doesn't work with the
    HopfClockSerial Driver (127.127.38.0), but with the Generic DCF77 Driver
    (127.127.8.0) because this clock can not be switched to GMT-format.
    Reason being: The hopf driver covers all clocks starting with 6021 upwards.
    Strange but that's life.

    cheers,
    Gehrard

    -----Ursprüngliche Nachricht-----
    Von: questions-bounces+gerhard=pisl.de@lists.ntp.isc.org
    [mailto:questions-bounces+gerhard=pisl.de@lists.ntp.isc.org]Im Auftrag
    von Martin Burnicki
    Gesendet: Dienstag, 20. Februar 2007 09:51
    An: questions@lists.ntp.isc.org
    Betreff: Re: [ntp:questions] HopfClockSerial with Suse 10.2


    Hello,

    I'll help you though I'm working for Meinberg, not for Hopf ;-)

    Gerhard Pisl wrote:
    > Hello,
    > I currently try to get a HopfClock Serial 6020 to run with NTP under Linux
    > SuSE 10.2.
    >
    > This configuration already ran under Suse 9.1 and NTP version 4.2.0a
    > successfully.
    >
    > Now I updated the system to Suse 10.2. and NTP version 4.2.2p4 (from
    > scratch installation).
    >
    > Result:
    > 1) Everything works with time servers from the Internet
    > 2) The HopfClock writes a message into the /var/log/warn file and is not
    > even listed (ntpq -p):
    >
    > Feb 8 20:45:07 earth ntpd[15469]: refclock_open /dev/hopfclock0:
    > Operation not permitted


    This is not a problem of ntpd, but a problem of AppArmor which comes with
    SUSE Linux and is enabled by default in SUSE 10.2.

    For a first test you can stop AppArmor and see whether ntpd then works
    correctly.

    If AppArmor shall be used it must be configured to allow access to the
    refclock for ntpd:

    Yast2 -> Novell AppArmor -> Edit Profile
    Select profile /usr/sbin/ntpd
    Add entry: /dev/???
    # where ??? must be the device /dev/hopfclock0 points to
    Mark allow for: Read, Write, Link

    This generates a new entry:
    /dev/??? rwl

    Please note the symbolic links (e.g. /dev/hopfclock0) are also created new
    after every reboot. If this doesn't appear to happen you must create an
    udev rule for this.


    Martin
    --
    Martin Burnicki

    Meinberg Funkuhren
    Bad Pyrmont
    Germany

    _______________________________________________
    questions mailing list
    questions@lists.ntp.isc.org
    https://lists.ntp.isc.org/mailman/listinfo/questions

    _______________________________________________
    questions mailing list
    questions@lists.ntp.isc.org
    https://lists.ntp.isc.org/mailman/listinfo/questions


  6. Re: HopfClockSerial with Suse 10.2

    Gerhard (et al),

    Please consider visiting:

    http://ntp.isc.org/Support/ConfiguringHopfRefclocks

    http://ntp.isc.org/Support/HopfRefclockUsers

    and adding any content you feel would be useful.

    H

  7. Re: HopfClockSerial with Suse 10.2

    Richard,

    Richard B. gilbert wrote:
    > Gerhard Pisl wrote:
    >> Question:
    >> What does the message "refclock_open /dev/hopfclock0: Operation not
    >> permitted" exactly mean?

    >
    > It probably means that the account that is running ntpd does not have
    > permission to access that file. Run ntpd as root or change the
    > permissions to allow access to the account you are using!


    As acknowledged by Gerhard in the meantime, it's just AppArmor which is a
    security tool which has been developed by Novell and has made its way into
    the Suse Linux distribution which is now called OPENSUSE. See:
    http://en.opensuse.org/AppArmor_Detail

    AFAIK Opensuse 10.2 is the first version where AppArmor is enabled by
    default. AppArmor is shipped with some default profiles which work with the
    default installation, but if you modify your system to use some special
    configuration (e.g. a refclock device with ntpd) then the AppArmor profile
    has to be modified accordingly. This does not only affect ntpd but also
    other application which are modified to use a non-standard configuration.

    If you just stop AppArmor then everything works as usual under Linux,
    regarding file and device permissions.

    Regards,

    Martin
    --
    Martin Burnicki

    Meinberg Funkuhren
    Bad Pyrmont
    Germany

  8. Re: HopfClockSerial with Suse 10.2


    >As acknowledged by Gerhard in the meantime, it's just AppArmor which is a
    >security tool which has been developed by Novell and has made its way into
    >the Suse Linux distribution which is now called OPENSUSE. See:
    >http://en.opensuse.org/AppArmor_Detail


    Should that get added to the wiki?

    Is anybody in contact with the NTP folks a Suse? Maybe
    a comment should be added to their ntp.conf to remind
    people who add refclocks.

    --
    These are my opinions, not necessarily my employer's. I hate spam.


  9. Re: HopfClockSerial with Suse 10.2

    >>> In article , hal-usenet@ip-64-139-1-69.sjc.megapath.net (Hal Murray) writes:

    >> As acknowledged by Gerhard in the meantime, it's just AppArmor which is a
    >> security tool which has been developed by Novell and has made its way
    >> into the Suse Linux distribution which is now called OPENSUSE. See:
    >> http://en.opensuse.org/AppArmor_Detail


    Hal> Should that get added to the wiki?

    I would hope so. If whoever is familiar with AppArmor and "what to do" with
    ntp and wants help with the entry, I'm happy to help.

    H

  10. Re: HopfClockSerial with Suse 10.2

    Harlan,

    Harlan Stenn wrote:

    >>>> In article ,
    >>>> hal-usenet@ip-64-139-1-69.sjc.megapath.net (Hal Murray) writes:

    >
    >>> As acknowledged by Gerhard in the meantime, it's just AppArmor which is
    >>> a security tool which has been developed by Novell and has made its way
    >>> into the Suse Linux distribution which is now called OPENSUSE. See:
    >>> http://en.opensuse.org/AppArmor_Detail

    >
    > Hal> Should that get added to the wiki?
    >
    > I would hope so. If whoever is familiar with AppArmor and "what to do"
    > with ntp and wants help with the entry, I'm happy to help.


    I'll add this to the wiki.

    Martin
    --
    Martin Burnicki

    Meinberg Funkuhren
    Bad Pyrmont
    Germany

  11. Re: HopfClockSerial with Suse 10.2

    Hal,

    Hal Murray wrote:
    > Is anybody in contact with the NTP folks a Suse? Maybe
    > a comment should be added to their ntp.conf to remind
    > people who add refclocks.


    I think I've seen some mails/news from NTP folk at SUSE and I'll try to
    contact them to see what can be done.

    Martin
    --
    Martin Burnicki

    Meinberg Funkuhren
    Bad Pyrmont
    Germany

  12. Re: HopfClockSerial with Suse 10.2

    Martin Burnicki wrote:
    > Hal,
    >
    > Hal Murray wrote:
    >
    >>Is anybody in contact with the NTP folks a Suse? Maybe
    >>a comment should be added to their ntp.conf to remind
    >>people who add refclocks.

    >
    >
    > I think I've seen some mails/news from NTP folk at SUSE and I'll try to
    > contact them to see what can be done.

    With Yast ( the SuSE config/admin tool ) you usually do not touch the conf file.
    You select some servers, add options and select a server for initial clock setting.
    If you have an active firewall holes for ntp are "hacked" to measure.

    uwe

    from the yast ntp client doc:
    YaST2 NTP client component specification

    Author: Jiri Srain

    Features
    ========

    - Set the servers to synchronize time from
    - Set the servers for initial system time setting before xntp is started
    - Set broadcast client to configure time via listening to network broadcasts
    - Set peers to synchronize multiple hosts one to each other
    - Set broadcasting addresses to broadcast time informatio to other hosts
    - Set local serial port radio clock


    Dialogs:
    ========

    1. Main dialog
    --------------

    Must provide possibility to set if start/not start NTP daemon after
    system starts. Wnen possible (in future), then possibility to start
    "spec.txt" 159L, 4037C 1,1 Anfang

  13. Re: HopfClockSerial with Suse 10.2

    Uwe,

    Uwe Klein wrote:
    > With Yast ( the SuSE config/admin tool ) you usually do not touch the conf
    > file. You select some servers, add options and select a server for initial
    > clock setting. If you have an active firewall holes for ntp are "hacked"
    > to measure.


    OK, so then maybe the Yast configurator for NTP should care about the
    AppArmor settings too, or at least display some hints in the extended
    configuration.

    Martin
    --
    Martin Burnicki

    Meinberg Funkuhren
    Bad Pyrmont
    Germany

  14. Re: HopfClockSerial with Suse 10.2

    Martin Burnicki wrote:
    > Uwe,
    >
    > Uwe Klein wrote:
    >
    >>With Yast ( the SuSE config/admin tool ) you usually do not touch the conf
    >>file. You select some servers, add options and select a server for initial
    >>clock setting. If you have an active firewall holes for ntp are "hacked"
    >>to measure.

    >
    >
    > OK, so then maybe the Yast configurator for NTP should care about the
    > AppArmor settings too, or at least display some hints in the extended
    > configuration.

    I have written the guy mentioned in the Suse Doc.
    waiting.

    perhaps the OP could enter a bug at openSuse?
    >
    > Martin

    uwe


+ Reply to Thread