Note: This is an RHCSA 7 exam objective and an RHCE 7 exam objective.
Presentation
NTP (Network Time Protocol) is a protocol to keep servers time synchronized: one or several master servers provide time to client servers that can themselves provide time to other client servers (notion of stratus).
This tutorial deals with client side configuration, even though server configuration is not entirely different.
Two main packages are used in RHEL 7 to set up the client side:
- ntp: this is the classic package, already existing in RHEL 6, RHEL 5, etc. It can be used both as a NTP client or server.
- chrony: this is a new solution better suited for portable PC or machines with network connection problems (time synchronization is quicker). It can only be used as a NTPclient. chrony is the default package in RHEL 7.
Caution: ntpd and chronyd shouldn’t run at the same time. Choose one and only one of them! There are reports from RHCE candidates noting that one of them is purposely already running at the beginning of the exam.
Prerequisites
Before anything else, you need to assign the correct time zone.
To get the current configuration, type:
# timedatectl Local time: Sat 2015-11-07 08:17:33 EST Universal time: Sat 2015-11-07 13:17:33 UTC RTC time: Sat 2015-11-07 13:17:33 Timezone: America/New_York (EST, -0500) NTP enabled: yes NTP synchronized: yes RTC in local TZ: no DST active: no Last DST change: DST ended at Sun 2015-11-01 01:59:59 EDT Sun 2015-11-01 01:00:00 EST Next DST change: DST begins (the clock jumps one hour forward) at Sun 2016-03-13 01:59:59 EST Sun 2016-03-13 03:00:00 EDT
To get the list of all the available time zones, type:
# timedatectl list-timezones Africa/Abidjan Africa/Accra Africa/Addis_Ababa ... America/La_Paz America/Lima America/Los_Angeles ... Asia/Seoul Asia/Shanghai Asia/Singapore ... Pacific/Tongatapu Pacific/Wake Pacific/Wallis
Finally, to set a specific time zone (here America/Los_Angeles), type:
# timedatectl set-timezone America/Los_Angeles
Then, to check your new configuration, type:
# timedatectl Local time: Sat 2015-11-07 05:32:43 PST Universal time: Sat 2015-11-07 13:32:43 UTC RTC time: Sat 2015-11-07 13:32:43 Timezone: America/Los_Angeles (PST, -0800) NTP enabled: yes NTP synchronized: yes RTC in local TZ: no DST active: no Last DST change: DST ended at Sun 2015-11-01 01:59:59 PDT Sun 2015-11-01 01:00:00 PST Next DST change: DST begins (the clock jumps one hour forward) at Sun 2016-03-13 01:59:59 PST Sun 2016-03-13 03:00:00 PDT
The NTP Package
Install the NTP package:
# yum install -y ntp
Activate the NTP service at boot:
# systemctl enable ntpd
Start the NTP service:
# systemctl start ntpd
The NTP configuration is in the /etc/ntp.conf file:
# For more information about this file, see the man pages # ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5). driftfile /var/lib/ntp/drift # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. restrict default nomodify notrap nopeer noquery # Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1 restrict ::1 # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). server 0.centos.pool.ntp.org iburst server 1.centos.pool.ntp.org iburst server 2.centos.pool.ntp.org iburst server 3.centos.pool.ntp.org iburst includefile /etc/ntp/crypto/pw # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys
Note: For basic configuration purpose, only the server directives could need a change to point at a different set of master time servers than the defaults specified.
To get some information about the time synchronization process, type:
# ntpq -p remote refid st t when poll reach delay offset jitter ============================================================================== *y.ns.gin.ntt.ne 192.93.2.20 2 u 47 64 377 27.136 6.958 11.322 +ns1.univ-montp3 192.93.2.20 2 u 45 64 377 34.836 -0.009 11.463 +merlin.ensma.ne 193.204.114.232 2 u 48 64 377 34.586 4.443 11.370 +obsidian.ad-not 131.188.3.220 2 u 50 64 377 22.548 4.256 12.077
Alternatively, to get a basic report, type:
# ntpstat synchronised to NTP server (129.250.35.251) at stratum 3 time correct to within 60 ms polling server every 64 s
To quickly synchronize a server, type:
# systemctl stop ntpd # ntpdate pool.ntp.org 5 Jul 10:36:58 ntpdate[2190]: adjust time server 95.81.173.74 offset -0.005354 sec # systemctl start ntpd
The Chrony Package
Alternatively, you can install the new Chrony service that is quicker to synchronize clocks in mobile and virtual systems.
Install the Chrony service:
# yum install -y chrony
Activate the Chrony service at boot:
# systemctl enable chronyd
Start the Chrony service:
# systemctl start chronyd
The Chrony configuration is in the /etc/chrony.conf file:
# Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). server 0.centos.pool.ntp.org iburst server 1.centos.pool.ntp.org iburst server 2.centos.pool.ntp.org iburst server 3.centos.pool.ntp.org iburst # Ignore stratum in source selection. stratumweight 0 # Record the rate at which the system clock gains/losses time. driftfile /var/lib/chrony/drift # Enable kernel RTC synchronization. rtcsync # In first three updates step the system clock instead of slew # if the adjustment is larger than 10 seconds. makestep 10 3 # Listen for commands only on localhost. bindcmdaddress 127.0.0.1 bindcmdaddress ::1 keyfile /etc/chrony.keys # Specify the key used as password for chronyc. commandkey 1 # Generate command key if missing. generatecommandkey # Disable logging of client accesses. noclientlog # Send a message to syslog if a clock adjustment is larger than 0.5 seconds. logchange 0.5 logdir /var/log/chrony
Note: For basic configuration purpose, only the server directives could need a change to point at a different set of master time servers than the defaults specified.
To get information about the main time reference, type:
# chronyc tracking Reference ID : 94.23.44.157 (merzhin.deuza.net) Stratum : 3 Ref time (UTC) : Thu Jul 3 22:26:27 2014 System time : 0.000265665 seconds fast of NTP time Last offset : 0.000599796 seconds RMS offset : 3619.895751953 seconds Frequency : 0.070 ppm slow Residual freq : 0.012 ppm Skew : 0.164 ppm Root delay : 0.030609 seconds Root dispersion : 0.005556 seconds Update interval : 1026.9 seconds Leap status : Normal
To get equivalent information to the ntpq command, type:
# chronyc sources -v 210 Number of sources = 4 .-- Source mode '^' = server, '=' = peer, '#' = local clock. / .- Source state '*' = current synced, '+' = combined , '-' = not combined, | / '?' = unreachable, 'x' = time may be in error, '~' = time too variable. || .- xxxx [ yyyy ] +/- zzzz || / xxxx = adjusted offset, || Log2(Polling interval) -. | yyyy = measured offset, || \ | zzzz = estimated error. || | | MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^+ merlin.ensma.fr 2 6 77 61 +295us[+1028us] +/- 69ms ^* lafkor.de 2 6 77 61 -1371us[ -638us] +/- 65ms ^+ kimsuflol.iroqwa.org 3 6 77 61 -240us[ -240us] +/- 92ms ^+ merzhin.deuza.net 2 6 77 61 +52us[ +52us] +/- 48ms # chronyc sourcestats -v 210 Number of sources = 4 .- Number of sample points in measurement set. / .- Number of residual runs with same sign. | / .- Length of measurement set (time). | | / .- Est. clock freq error (ppm). | | | / .- Est. error in freq. | | | | / .- Est. offset. | | | | | | On the -. | | | | | | samples. \ | | | | | | | Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev ============================================================================== merlin.ensma.fr 7 5 200 0.106 6.541 +381us 176us lafkor.de 7 4 199 0.143 10.145 -916us 290us kimsuflol.iroqwa.org 7 7 200 -0.298 6.717 +69us 184us merzhin.deuza.net 7 5 200 0.585 11.293 +675us 314us
To quickly synchronize a server, type:
# ntpdate pool.ntp.org 5 Jul 10:31:06 ntpdate[2135]: step time server 193.55.167.1 offset 121873.493146 sec
Note: You don’t need to stop the Chrony service to synchronize the server.
Additional Resources
You can read these Red Hat articles about leap seconds management, how to resolve leap second issues or the differences between NTP and PTP.
The xmodulo website provides a tutorial on How to set up NTP server in CentOS.
Documentation about NTP is available at the NTP Documentation Archive website and at the Tuxfamily website for Chrony.
Beyond the exam objectives, virtualization can trigger problems (see this thread) and it is useful to know How to avoid VM clock drift.
You can also be interested in converting a Raspberry PI into a stratum 1 NTP server.
Some specific services can need to wait until the clock is synchronized: read this thread to know how to configure them.