An NTP server is a server that provides time information to NTP clients. An NTP peer is a server that provides and receives time from other NTP servers. So you can have a group of NTP peers that provides time information to eachother. An NTP client is a server that only receives time information from NTP servers to keep it’s own time in sync.
We can setup an NTP server, so that it’s local system clock (as provided by the date or timedatectl command). We can refer to this type of server as a ‘local time NTP server’ and it will provide time information to NTP clients. This is good solution for private network where it’s more important to have in-sync time rather than super accurate time. So let’s setup a local time NTP server. We will set this up using the ntpd deamon (an alternative to ntpd daemon is to use chrony). We have created a vagrant ntp project on github to help you follow along with this demo.
Setup a local time NTP server
First install the ntp rpm:
$ yum install ntp
In the /etc/ntp.conf comment out the existing server entries and insert the following line:
$ grep 'server' /etc/ntp.conf # Use public servers from the pool.ntp.org project. #server 0.centos.pool.ntp.org iburst #server 1.centos.pool.ntp.org iburst #server 2.centos.pool.ntp.org iburst #server 3.centos.pool.ntp.org iburst #broadcast 192.168.1.255 autokey # broadcast server #broadcast 224.0.1.1 autokey # multicast server #manycastserver 239.255.254.254 # manycast server server 127.127.1.0
Here, the 127.127.1.0 is actually a special reserved IP address that used to instruct NTP to use it’s own system clock as a provider of accurate time.
Next we need update firewalld to allow incoming time requests from ntp clients:
$ firewall-cmd --permanent --add-service=ntp success $ systemctl restart firewalld.service
Now start and enable the ntpd daemon:
$ systemctl start ntpd $ systemctl enable ntpd
You can then check if ntpd daemon is listening on it’s port:
$ ss -atun | grep 123
Note: ntp listens on a udp port, not tcp port.
Then enable time syncing:
$ timedatectl set-ntp true
Now we can check if this has worked by running:
$ ntpq -p
and to get synchronisation performance we do:
$ ntpstat
Setup an NTP Peer
Now that we have setup NTP server using it’s own system clock as it’s reference. We can now create an NTP peer to connect to it.
The steps involved is identical to setting up the NTP server. The only difference is that instead of inserting a Server line, we insert a ‘peer’ line which references our new NTP server’s ip address (which in our example is 10.2.4.10):
$ echo 'peer {local-time-server-ip-address}' >> /etc/ntp.conf
We can then test the setups by running:
$ ntpq -c lpeer
remote refid st t when poll reach delay offset jitter
==============================================================================
*ntp-server.exam LOCAL(0) 6 u 5 64 17 0.558 -46.497 31.817
The ‘*’ at the start of the line indicates that syncing is in progress.
we can also test by running:
[root@ntp-peer ~]# ntpstat unsynchronised polling server every 64 s
Notice it shows as unsynchronised. Also you might see:
[root@ntp-peer ~]# timedatectl
Local time: Thu 2018-03-22 16:24:09 UTC
Universal time: Thu 2018-03-22 16:24:09 UTC
RTC time: Thu 2018-03-22 16:24:09
Time zone: UTC (UTC, +0000)
NTP enabled: yes
NTP synchronized: no
RTC in local TZ: no
DST active: n/a
If that is so, then you might need to wait about 30 mins before it shows:
[root@ntp-peer ~]# ntpstat synchronised to NTP server (10.2.4.10) at stratum 7 time correct to within 19 ms polling server every 64 s
and:
[root@ntp-peer ~]# timedatectl
Local time: Thu 2018-03-22 16:51:36 UTC
Universal time: Thu 2018-03-22 16:51:36 UTC
RTC time: Thu 2018-03-22 16:51:35
Time zone: UTC (UTC, +0000)
NTP enabled: yes
NTP synchronized: yes
RTC in local TZ: no
DST active: n/a
[post-content post_name=rhsca-quiz]
The following are questions about setting up an NTP server:
$ yum install ntp
# Ensure the following line is present in the /etc/ntp.conf:
server 127.127.1.0
# also there are no other active server directives
$ firewall-cmd –permanent –add-service=ntp
success
$ systemctl restart firewalld.service
$ systemctl start ntpd
$ systemctl enable ntpd
$ timedatectl set-ntp true
$ ntpstat
# or
$ ntpq -p
The following are questions about setting up an NTP Peer:
It’s the same as setting up an NTP server, except you don’t have any active ‘server’ lines, and instead have a ‘peer’ line specify the ip address of another NTP server/peer.
$ ntpstat
# it can take about 30 mins for syncing to complete….so be patient!!!