Skip to content

NTPSec Transition for IE Device Kit NTP Service

Overview

NTP-Sec is a secure version of NTP. To be able to support Debian 12 and further releasees the transition is necessary, since the NTP package was replaced by NTPsec with Debian 12.

A migration to NTP-Sec has been performed while installing 1.7.0-2 version of dm-ntp in the 1.16.0 version of IEDK zip package. The migration from NTP-Classic to NTP-Sec performed automatically when installing the dm-ntp package although in order to customize migration, the relevant ntpMigrationCommands list can be updated after reviewing the following informations.

NOTICE

  • dm-ntp service utilizes Ntp-Classic is excluded from IE Device Kit zip starting with the version 1.17.0 hence only the service utilizes NTP-Sec is available in the zip
  • Starting with version 1.7.0-2 of dm-ntp service, it no longer works with ntp-classic, rather it uses ntpsec. To create an ntp-classic compatible NTP service please fork the following tag: v1.6.2-1. However it is recommended to switch to the version of dm-ntp service which uses NTP-sec
  • Please remind that this migration is only available for NTP-Sec version 1.2.x. And there is no rollback support from NTP-Sec to NTP-Classic.

Migration of Configuration files

The configuration commands for NTP-classic were stored in the default directory /etc/ntp.conf, whereas the configuration commands for NTP-Sec were stored in the default directory /etc/ntpsec/ntp.conf. To provide backward compatibility during IEDK upgrade, specific NTP-Classic commands tos, server, pool are copied to NTP-Sec configuration. While using version 1.16.0-1 or greater IEDK zip version, NTP-Sec migration is done with NTP-Sec version of 1.2.x with 1.7.0-1 or greater dm-ntp service version.

Procedure

  1. Specific default configuration commands tos, server, pool are commented out in NTP-Sec configuration under /etc/ntpsec/ntp.conf. Also, #iedk-migration suffix was added to the end of affected command lines.

    NOTICE

    • If migration is required for any specific configuration other than pool, tools, and server, it should be implemented to the list in the code.
    var ntpMigrationCommands = []string {"server", "tos", "pool", "addNewCommandHere"}

    Migration1

  2. During migration; tos, server, pool commands will be copied from the legacy configuration file ( /etc/ntp.conf ) to new NTPSec configuration file ( /etc/ntpsec/ntp.conf ) with #iedk-migration suffix.

    Migration2

  3. NTP-Sec version which is currently v1.2.x is written into a newly created file etc/iedk/ntp/migration/ntpsec.migration.

    When the migration is successful, we will see the following log.

    Migration3

Customize Migration

  • The old ntp.conf path defined as const in the code. If you have a particular directory for ntp.conf rather than /etc/ntp.conf, this directory should be provided for migration.

    const oldNTPConfPath = "/another/directory/ntp.conf"

  • If migration is required for any specific configuration other than pool, tools, and server, it should be implemented to the list in the code. Also, commands must be compatible with ntpv4.

    var ntpMigrationCommands = []string {"server", "tos", "pool", "addNewCommandHere"}