Close

March 22, 2018

NTP – Setup an NTP Server on CentOS/RHEL 7

An NTP server is a server that provides time information to NTP clients. An NTP peer is a server that provides and receives time from other NTP servers. So you can have a group of NTP peers that provides time information to eachother. An NTP client is a server that only receives time information from NTP servers to keep it’s own time in sync.

Announcement

You can find all my latest posts on medium.

We can setup an NTP server, so that it’s local system clock (as provided by the date or timedatectl command). We can refer to this type of server as a ‘local time NTP server’ and it will provide time information to NTP clients. This is good solution for private network where it’s more important to have in-sync time rather than super accurate time. So let’s setup a local time NTP server. We will set this up using the ntpd deamon (an alternative to ntpd daemon is to use chrony). We have created a vagrant ntp project on github to help you follow along with this demo.

Setup a local time NTP server

First install the ntp rpm:

$ yum install ntp

In the /etc/ntp.conf comment out the existing server entries and insert the following line:

$ grep 'server' /etc/ntp.conf
# Use public servers from the pool.ntp.org project.
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
#broadcast 192.168.1.255 autokey	# broadcast server
#broadcast 224.0.1.1 autokey		# multicast server
#manycastserver 239.255.254.254		# manycast server
server 127.127.1.0

Here, the 127.127.1.0 is actually a special reserved IP address that used to instruct NTP to use it’s own system clock as a provider of accurate time.

Next we need update firewalld to allow incoming time requests from ntp clients:

$ firewall-cmd --permanent --add-service=ntp
success
$ systemctl restart firewalld.service

Now start and enable the ntpd daemon:

$ systemctl start ntpd
$ systemctl enable ntpd

You can then check if ntpd daemon is listening on it’s port:

$ ss -atun | grep 123

Note: ntp listens on a udp port, not tcp port.

Then enable time syncing:

$ timedatectl set-ntp true

Now we can check if this has worked by running:

$ ntpq -p

and to get synchronisation performance we do:

$ ntpstat

Setup an NTP Peer

Now that we have setup NTP server using it’s own system clock as it’s reference. We can now create an NTP peer to connect to it.

The steps involved is identical to setting up the NTP server. The only difference is that instead of inserting a Server line, we insert a ‘peer’ line which references our new NTP server’s ip address (which in our example is 10.2.4.10):

$ echo 'peer {local-time-server-ip-address}' >> /etc/ntp.conf

We can then test the setups by running:

$ ntpq -c lpeer
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*ntp-server.exam LOCAL(0)         6 u    5   64   17    0.558  -46.497  31.817

The ‘*’ at the start of the line indicates that syncing is in progress.

we can also test by running:

[root@ntp-peer ~]# ntpstat
unsynchronised
   polling server every 64 s

Notice it shows as unsynchronised. Also you might see:

[root@ntp-peer ~]# timedatectl
      Local time: Thu 2018-03-22 16:24:09 UTC
  Universal time: Thu 2018-03-22 16:24:09 UTC
        RTC time: Thu 2018-03-22 16:24:09
       Time zone: UTC (UTC, +0000)
     NTP enabled: yes
NTP synchronized: no
 RTC in local TZ: no
      DST active: n/a

If that is so, then you might need to wait about 30 mins before it shows:

[root@ntp-peer ~]# ntpstat
synchronised to NTP server (10.2.4.10) at stratum 7
   time correct to within 19 ms
   polling server every 64 s

and: 

[root@ntp-peer ~]# timedatectl
      Local time: Thu 2018-03-22 16:51:36 UTC
  Universal time: Thu 2018-03-22 16:51:36 UTC
        RTC time: Thu 2018-03-22 16:51:35
       Time zone: UTC (UTC, +0000)
     NTP enabled: yes
NTP synchronized: yes
 RTC in local TZ: no
      DST active: n/a

[post-content post_name=rhsca-quiz]

The following are questions about setting up an NTP server:


What is the command to install the time syncing software?

$ yum install ntp

What entry needs to be added to the configs in order for ntp server to use it's own system time?

# Ensure the following line is present in the /etc/ntp.conf:
server 127.127.1.0
# also there are no other active server directives

What firewall related commands needs to be run?

$ firewall-cmd –permanent –add-service=ntp
success
$ systemctl restart firewalld.service

what is the command to start+enable the time syncing daemon?

$ systemctl start ntpd
$ systemctl enable ntpd

Now how do you start time syncing?

$ timedatectl set-ntp true

What commands can you run to check if syncing is working?

$ ntpstat
# or
$ ntpq -p

The following are questions about setting up an NTP Peer:


What are the steps to create an NTP peer?

It’s the same as setting up an NTP server, except you don’t have any active ‘server’ lines, and instead have a ‘peer’ line specify the ip address of another NTP server/peer.

What commands can you run to check if peering based time syncing is successful?

$ ntpstat
# it can take about 30 mins for syncing to complete….so be patient!!!