RHEL7: How to set up the NTP service.

Share this link

Note: This is an RHCSA 7 exam objective and an RHCE 7 exam objective.

Presentation

NTP (Network Time Protocol) is a protocol to keep servers time synchronized: one or several master servers provide time to client servers that can themselves provide time to other client servers (notion of stratus).

This tutorial deals with client side configuration, even though server configuration is not entirely different.

Two main packages are used in RHEL 7 to set up the client side:

  • ntp: this is the classic package, already existing in RHEL 6, RHEL 5, etc.
  • chrony: this is a new solution better suited for portable PC or servers with network connection problems (time synchronization is quicker). chrony is the default package in RHEL 7.

Prerequisites

Before anything else, you need to assign the correct time zone.
To get the current configuration, type:

# timedatectl
Local time: Sat 2015-11-07 08:17:33 EST
Universal time: Sat 2015-11-07 13:17:33 UTC
RTC time: Sat 2015-11-07 13:17:33
Timezone: America/New_York (EST, -0500)
NTP enabled: yes
NTP synchronized: yes
RTC in local TZ: no
DST active: no
Last DST change: DST ended at
Sun 2015-11-01 01:59:59 EDT
Sun 2015-11-01 01:00:00 EST
Next DST change: DST begins (the clock jumps one hour forward) at
Sun 2016-03-13 01:59:59 EST
Sun 2016-03-13 03:00:00 EDT

To get the list of all the available time zones, type:

# timedatectl list-timezones
Africa/Abidjan
Africa/Accra
Africa/Addis_Ababa
...
America/La_Paz
America/Lima
America/Los_Angeles
...
Asia/Seoul
Asia/Shanghai
Asia/Singapore
...
Pacific/Tongatapu
Pacific/Wake
Pacific/Wallis

Finally, to set a specific time zone (here America/Los_Angeles), type:

# timedatectl set-timezone America/Los_Angeles

Then, to check your new configuration, type:

# timedatectl
      Local time: Sat 2015-11-07 05:32:43 PST
  Universal time: Sat 2015-11-07 13:32:43 UTC
        RTC time: Sat 2015-11-07 13:32:43
        Timezone: America/Los_Angeles (PST, -0800)
     NTP enabled: yes
NTP synchronized: yes
 RTC in local TZ: no
      DST active: no
 Last DST change: DST ended at
                  Sun 2015-11-01 01:59:59 PDT
                  Sun 2015-11-01 01:00:00 PST
 Next DST change: DST begins (the clock jumps one hour forward) at
                  Sun 2016-03-13 01:59:59 PST
                  Sun 2016-03-13 03:00:00 PDT

The NTP Package

Install the NTP package:

# yum install -y ntp

Activate the NTP service at boot:

# systemctl enable ntpd

Start the NTP service:

# systemctl start ntpd

The NTP configuration is in the /etc/ntp.conf file:

# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).

driftfile /var/lib/ntp/drift

# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify notrap nopeer noquery

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1 
restrict ::1

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst

includefile /etc/ntp/crypto/pw

# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography. 
keys /etc/ntp/keys

Note: For basic configuration purpose, only the server directives could need a change to point at a different set of master time servers than the defaults specified.

To get some information about the time synchronization process, type:

# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*y.ns.gin.ntt.ne 192.93.2.20      2 u   47   64  377   27.136    6.958  11.322
+ns1.univ-montp3 192.93.2.20      2 u   45   64  377   34.836   -0.009  11.463
+merlin.ensma.ne 193.204.114.232  2 u   48   64  377   34.586    4.443  11.370
+obsidian.ad-not 131.188.3.220    2 u   50   64  377   22.548    4.256  12.077

Alternatively, to get a basic report, type:

# ntpstat
synchronised to NTP server (129.250.35.251) at stratum 3
time correct to within 60 ms
polling server every 64 s

To quickly synchronize a server, type:

# systemctl stop ntpd
# ntpdate pool.ntp.org
 5 Jul 10:36:58 ntpdate[2190]: adjust time server 95.81.173.74 offset -0.005354 sec
# systemctl start ntpd

The Chrony Package

Alternatively, you can install the new Chrony service that is quicker to synchronize clocks in mobile and virtual systems.

Install the Chrony service:

# yum install -y chrony

Activate the Chrony service at boot:

# systemctl enable chronyd

Start the Chrony service:

# systemctl start chronyd

The Chrony configuration is in the /etc/chrony.conf file:

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst

# Ignore stratum in source selection.
stratumweight 0

# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift

# Enable kernel RTC synchronization.
rtcsync

# In first three updates step the system clock instead of slew
# if the adjustment is larger than 10 seconds.
makestep 10 3

# Listen for commands only on localhost.
bindcmdaddress 127.0.0.1
bindcmdaddress ::1

keyfile /etc/chrony.keys

# Specify the key used as password for chronyc.
commandkey 1

# Generate command key if missing.
generatecommandkey

# Disable logging of client accesses.
noclientlog

# Send a message to syslog if a clock adjustment is larger than 0.5 seconds.
logchange 0.5

logdir /var/log/chrony

Note: For basic configuration purpose, only the server directives could need a change to point at a different set of master time servers than the defaults specified.

To get information about the main time reference, type:

# chronyc tracking
Reference ID    : 94.23.44.157 (merzhin.deuza.net)
Stratum         : 3
Ref time (UTC)  : Thu Jul  3 22:26:27 2014
System time     : 0.000265665 seconds fast of NTP time
Last offset     : 0.000599796 seconds
RMS offset      : 3619.895751953 seconds
Frequency       : 0.070 ppm slow
Residual freq   : 0.012 ppm
Skew            : 0.164 ppm
Root delay      : 0.030609 seconds
Root dispersion : 0.005556 seconds
Update interval : 1026.9 seconds
Leap status     : Normal

To get equivalent information to the ntpq command, type:

# chronyc sources -v
210 Number of sources = 4

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| /   '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||                                                /   xxxx = adjusted offset,
||         Log2(Polling interval) -.             |    yyyy = measured offset,
||                                  \            |    zzzz = estimated error.
||                                   |           |
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^+ merlin.ensma.fr               2   6    77    61   +295us[+1028us] +/-   69ms
^* lafkor.de                     2   6    77    61  -1371us[ -638us] +/-   65ms
^+ kimsuflol.iroqwa.org          3   6    77    61   -240us[ -240us] +/-   92ms
^+ merzhin.deuza.net             2   6    77    61    +52us[  +52us] +/-   48ms

# chronyc sourcestats -v
210 Number of sources = 4
                             .- Number of sample points in measurement set.
                            /    .- Number of residual runs with same sign.
                           |    /    .- Length of measurement set (time).
                           |   |    /      .- Est. clock freq error (ppm).
                           |   |   |      /           .- Est. error in freq.
                           |   |   |     |           /         .- Est. offset.
                           |   |   |     |          |          |   On the -.
                           |   |   |     |          |          |   samples. \
                           |   |   |     |          |          |             |
Name/IP Address            NP  NR  Span  Frequency  Freq Skew  Offset  Std Dev
==============================================================================
merlin.ensma.fr             7   5   200      0.106      6.541   +381us   176us
lafkor.de                   7   4   199      0.143     10.145   -916us   290us
kimsuflol.iroqwa.org        7   7   200     -0.298      6.717    +69us   184us
merzhin.deuza.net           7   5   200      0.585     11.293   +675us   314us

To quickly synchronize a server, type:

# ntpdate pool.ntp.org
 5 Jul 10:31:06 ntpdate[2135]: step time server 193.55.167.1 offset 121873.493146 sec

Note: You don’t need to stop the Chrony service to synchronize the server.

Additional Resources

Virtualization can trigger problems (see this thread).
You can also read two Red Hat articles about leap seconds management, how to resolve leap second issues or the differences between NTP and PTP.

1 Star2 Stars3 Stars4 Stars5 Stars (5 votes, average: 5.00 out of 5)
Loading...

Leave a Reply

33 Comments on "RHEL7: How to set up the NTP service."

Notify of
Sort by:   newest | oldest
jerky_rs
Member
jerky_rs

For Peer configurations.

on master you must add the following into /etc/chrony.conf

# Allow NTP client access from local network.
allow 192.168.0.0/24

– copy the key file to the clients
– open up ntp service port firewall-cmd

On clients you must specify the following and disable “server” in /etc/chrony.conf

# Use Peer
peer 192.168.0.33

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sect-Setting_up_chrony_for_different_environments.html

salvador
Member
salvador
Nice info. Thank you. On centos 7.1 I did not need to copy the key. To synchronize 192.168.122.7 with an external server as usual, while synchronizing 192.168.122.2 with 192.168.122.7, we can do as follows: ____________________________________________________ on 192.168.122.7: vi /etc/chrony.conf ### add the following line: allow 192.168.122.2 ### or, to allow the whole subnet: ### allow 192.168.122.0/24 systemctl restart chronyd firewall-cmd –permanent –add-service=ntp firewall-cmd –reload ____________________________________________________ on 192.168.122.2: vi /etc/chrony.conf ### comment out all “server … ” lines; ### add the following line: peer 192.168.122.7 systemctl restart chronyd after 3 minutes and 18 seconds my kvm guest 192.168.122.2 synchronizes with 192.168.122.7;… Read more »
beshooo
Member
beshooo

Hello Salvador,

Did you mean that client is 192.168.122.7 and NTP server is 192.168.122.2?
If yes, am I required to change on NTP server? I think no so can we solve this problem?

Also can I stop chrony and choose ntp instead or it is not recommended?

Thanks

pharlan
Member
pharlan

Do we really need to install ntpd? Why can`t we just use “timedatectl set-ntp true”?

ak340
Member
ak340
Hi Certdepot, as per verification, think the ntpd and chronyd daemon should not co exist together. Upon powering on my server the ntpd daemon is dead but enabled while the chronyd is running and enabled, have tried to start the ntpd daemon and the chronyd daemon become dead, see output below, looking forward for you advise # systemctl status ntpd ntpd.service – Network Time Service Loaded: loaded (/usr/lib/systemd/system/ntpd.service; enabled) Active: inactive (dead) # systemctl status chronyd chronyd.service – NTP client/server Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled) Active: active (running) since Sun 2015-06-28 05:24:18 PHT; 5min ago Process: 761 ExecStartPost=/usr/libexec/chrony-helper add-dhclient-servers (code=exited, status=0/SUCCESS)… Read more »
ak340
Member
ak340

Thanks CertDepot does this means that I can already remove the ntpd package? and stick with chronyd?

usmanshahzad
Member
usmanshahzad

From where can i find the solution to the task of the day questions?

redhat0329
Member
redhat0329

chrony: this is a new solution better suited for portable PC or servers with chrony is the default package in RHEL 7.

Hi CertDepot,

You mentioned that chrony is the default package in rhel 7. but base on your tutorials why we need to install the package? 🙂 Thanks!

phil_guy412
Member
phil_guy412

If I have a virtual machine on a physical machine and I want the virtual machine to point to the physical host machine for its NTP service, when I edit the /etc/chrony.conf file, do I just append the physical host computers IP address into the “server pool” section?

I would append, “server 192.x.x.x iburst” ?

Noli
Member
Noli

If the exam question says set up ntp client and a FQDN/IP is provided, does this mean either ntpd or chrony can be used? Also provide steps to add the new ntp source. thanks

Taliez
Member
Taliez

hi certdepot,

just wanna ask if can i do

yum install system-config-date

check BOX = synchronize date and time over the network?

is this a valid approach for the objective?

Ahmad
Member
Ahmad

Hi

Should I use this command “timedatectl set-ntp true”, when configuring my server as a client for ntp server using chrony package.

Ahmad
Member
Ahmad

Hi,

Should I uncomment the below lines on the exam, and add the new one for the exam if I asked to configure time service with chronyd:

server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst

wpDiscuz

RHCSA7: Task of the day

Allowed time: 5 minutes.
Set up time services pointing to default time servers.

RHCE7: Task of the day

Allowed time: 10 minutes.
Configure a system to forward all email to a central mail server at 192.168.1.1 (change the IP address accordingly).

Poll for favorite RHEL 7 book

What is your favorite RHEL 7 book to prepare RHCSA & RHCE exams?

View Results

Loading ... Loading ...

Poll for most difficult RHCSA 7 topic

What do you think is the most difficult RHCSA 7 topic?

View Results

Loading ... Loading ...

Poll for most difficult RHCE 7 topic

What do you think is the most difficult RHCE 7 topic?

View Results

Loading ... Loading ...