How to install and setting NTP (Network Time Protocol) on Linux Centos
Presentation
NTP (Network Time Protocol) is a protocol to keep servers time synchronized: one or several master servers provide time to client servers that can themselves provide time to other client servers (notion of stratus).
This tutorial deals with client side configuration, even though server configuration is not entirely different.
Two main packages are used in RHEL 7 to set up the client side:
- ntp: this is the classic package, already existing in RHEL 6, RHEL 5, etc. It can be used both as a NTP client or server.
- chrony: this is a new solution better suited for portable PC or machines with network connection problems (time synchronization is quicker). It is mainly used as a NTP client. chrony is the default package in RHEL 7 (a recent security audit has showed that chrony is pretty well written and secure).
Caution: ntpd and chronyd shouldn’t run at the same time. Choose one and only one of them! There are reports from RHCE candidates noting that one of them is purposely already running at the beginning of the exam.
Prerequisites
Before anything else, you need to assign the correct time zone.
To get the current configuration, type:
To get the current configuration, type:
# timedatectl Local time: Sat 2015-11-07 08:17:33 EST Universal time: Sat 2015-11-07 13:17:33 UTC RTC time: Sat 2015-11-07 13:17:33 Timezone: America/New_York (EST, -0500) NTP enabled: yes NTP synchronized: yes RTC in local TZ: no DST active: no Last DST change: DST ended at Sun 2015-11-01 01:59:59 EDT Sun 2015-11-01 01:00:00 EST Next DST change: DST begins (the clock jumps one hour forward) at Sun 2016-03-13 01:59:59 EST Sun 2016-03-13 03:00:00 EDT
To get the list of all the available time zones, type:
# timedatectl list-timezones
Africa/Abidjan
Africa/Accra
Africa/Addis_Ababa
...
America/La_Paz
America/Lima
America/Los_Angeles
...
Asia/Seoul
Asia/Shanghai
Asia/Singapore
...
Pacific/Tongatapu
Pacific/Wake
Pacific/Wallis
Finally, to set a specific time zone (here America/Los_Angeles), type:
# timedatectl set-timezone America/Los_Angeles
Then, to check your new configuration, type:
# timedatectl Local time: Sat 2015-11-07 05:32:43 PST Universal time: Sat 2015-11-07 13:32:43 UTC RTC time: Sat 2015-11-07 13:32:43 Timezone: America/Los_Angeles (PST, -0800) NTP enabled: yes NTP synchronized: yes RTC in local TZ: no DST active: no Last DST change: DST ended at Sun 2015-11-01 01:59:59 PDT Sun 2015-11-01 01:00:00 PST Next DST change: DST begins (the clock jumps one hour forward) at Sun 2016-03-13 01:59:59 PST Sun 2016-03-13 03:00:00 PDT
The NTP Package
Install the NTP package:
# yum install -y ntp
Activate the NTP service at boot:
# systemctl enable ntpd
Start the NTP service:
# systemctl start ntpd
The NTP configuration is in the /etc/ntp.conf file:
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile /var/lib/ntp/drift
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict ::1
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
includefile /etc/ntp/crypto/pw
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys
Note: For basic configuration purpose, only the server directives could need a change to point at a different set of master time servers than the defaults specified.
To get some information about the time synchronization process, type:
# ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
*y.ns.gin.ntt.ne 192.93.2.20 2 u 47 64 377 27.136 6.958 11.322
+ns1.univ-montp3 192.93.2.20 2 u 45 64 377 34.836 -0.009 11.463
+merlin.ensma.ne 193.204.114.232 2 u 48 64 377 34.586 4.443 11.370
+obsidian.ad-not 131.188.3.220 2 u 50 64 377 22.548 4.256 12.077
Alternatively, to get a basic report, type:
# ntpstat
synchronised to NTP server (129.250.35.251) at stratum 3
time correct to within 60 ms
polling server every 64 s
To quickly synchronize a server, type:
# systemctl stop ntpd # ntpdate pool.ntp.org 5 Jul 10:36:58 ntpdate[2190]: adjust time server 95.81.173.74 offset -0.005354 sec # systemctl start ntpd
The Chrony Package
Alternatively, you can install the new Chrony service that is quicker to synchronize clocks in mobile and virtual systems.
Install the Chrony service:
# yum install -y chrony
Activate the Chrony service at boot:
# systemctl enable chronyd
Start the Chrony service:
# systemctl start chronyd
The Chrony configuration is in the /etc/chrony.conf file:
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
# Ignore stratum in source selection.
stratumweight 0
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Enable kernel RTC synchronization.
rtcsync
# In first three updates step the system clock instead of slew
# if the adjustment is larger than 10 seconds.
makestep 10 3
# Listen for commands only on localhost.
bindcmdaddress 127.0.0.1
bindcmdaddress ::1
keyfile /etc/chrony.keys
# Specify the key used as password for chronyc.
commandkey 1
# Generate command key if missing.
generatecommandkey
# Disable logging of client accesses.
noclientlog
# Send a message to syslog if a clock adjustment is larger than 0.5 seconds.
logchange 0.5
logdir /var/log/chrony
Note: For basic configuration purpose, only the server directives could need a change to point at a different set of master time servers than the defaults specified.
To get information about the main time reference, type:
# chronyc tracking
Reference ID : 94.23.44.157 (merzhin.deuza.net)
Stratum : 3
Ref time (UTC) : Thu Jul 3 22:26:27 2014
System time : 0.000265665 seconds fast of NTP time
Last offset : 0.000599796 seconds
RMS offset : 3619.895751953 seconds
Frequency : 0.070 ppm slow
Residual freq : 0.012 ppm
Skew : 0.164 ppm
Root delay : 0.030609 seconds
Root dispersion : 0.005556 seconds
Update interval : 1026.9 seconds
Leap status : Normal
To get equivalent information to the ntpq command, type:
# chronyc sources -v 210 Number of sources = 4 .-- Source mode '^' = server, '=' = peer, '#' = local clock. / .- Source state '*' = current synced, '+' = combined , '-' = not combined, | / '?' = unreachable, 'x' = time may be in error, '~' = time too variable. || .- xxxx [ yyyy ] +/- zzzz || / xxxx = adjusted offset, || Log2(Polling interval) -. | yyyy = measured offset, || \ | zzzz = estimated error. || | | MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^+ merlin.ensma.fr 2 6 77 61 +295us[+1028us] +/- 69ms ^* lafkor.de 2 6 77 61 -1371us[ -638us] +/- 65ms ^+ kimsuflol.iroqwa.org 3 6 77 61 -240us[ -240us] +/- 92ms ^+ merzhin.deuza.net 2 6 77 61 +52us[ +52us] +/- 48ms # chronyc sourcestats -v 210 Number of sources = 4 .- Number of sample points in measurement set. / .- Number of residual runs with same sign. | / .- Length of measurement set (time). | | / .- Est. clock freq error (ppm). | | | / .- Est. error in freq. | | | | / .- Est. offset. | | | | | | On the -. | | | | | | samples. \ | | | | | | | Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev ============================================================================== merlin.ensma.fr 7 5 200 0.106 6.541 +381us 176us lafkor.de 7 4 199 0.143 10.145 -916us 290us kimsuflol.iroqwa.org 7 7 200 -0.298 6.717 +69us 184us merzhin.deuza.net 7 5 200 0.585 11.293 +675us 314us
To quickly synchronize a server, type:
# ntpdate pool.ntp.org
5 Jul 10:31:06 ntpdate[2135]: step time server 193.55.167.1 offset 121873.493146 sec
Note: You don’t need to stop the Chrony service to synchronize the server.
Tidak ada komentar :
Posting Komentar