How to build an NTP server in CentOS

How to build an NTP server in CentOS

The Network Time Protocol (NTP) is used to synchronize the system time of different hosts on the network. All Hosts you manage can synchronize their time with a specified time server called NTP server. On the other hand, an NTP server synchronizes its time with any public NTP server or the selected server. All system clocks managed by NTP are synchronized to milliseconds.

In the company environment, if they do not want to enable the firewall for NTP transmission, it is necessary to set up an internal NTP server and then allow employees to use internal servers instead of public NTP servers. This Guide describes how to configure a CentOS system as an NTP server. Before introducing the details, let's take a brief look at the concept of NTP.

 

Why do we need NTP?

Due to the diversity of manufacturing processes, all (non-atomic) clocks do not walk at exactly the same speed. Some of the clock goes faster while others go slower. Therefore, after a long period of time, the time of a clock is slowly shifted from other ones, which is often referred to as "clock drift" or "Time drift ". To minimize the impact of clock drift, NTP-enabled hosts should periodically interact with specified NTP servers to keep their clock synchronized.

Time synchronization between different hosts is very important for Scheduled backup, intrusion detection records, distributed task scheduling, and transaction order management. It should even be part of a daily task.

 

NTP hierarchy

NTP clocks are organized in a hierarchical model. Each layer in a hierarchy is calledStratum (class). The stratum concept illustrates how many NTP hops a machine has from the authorized time source.

Stratum 0 is composed of clocks without time drift, such as atomic clock. This type of clock cannot be used directly on the network. Stratum N (N> 1) Layer servers synchronize time from Stratum N-1 Layer servers. The Stratum N clock can communicate with each other through the network.

NTP supports up to 15 stratum levels. Stratum 16 is considered to be not synchronized and cannot be used.

 

Prepare the CentOS Server

Now let's start setting up the NTP server on CentOS.

First, we need to ensure that the server's time zone is correctly set. In CentOS 7, we can use the timedatectl command to view and change the server's time zone (for example, "Australia/adelide", LCTT: China can be set to Asia/Shanghai)

1. # timedatectl list-timezones | grep Australia
2. # timedatectl set-timezone Australia/Adelaide
3. # timedatectl

Continue and use yum to install the required software

1. # yum install ntp

Then we will add the global NTP server for synchronization time.

1. # vim /etc/ntp.conf

1. server 0.oceania.pool.ntp.org
2. server 1.oceania.pool.ntp.org
3. server 2.oceania.pool.ntp.org
4. server 3.oceania.pool.ntp.org

By default, NTP server logs are stored in/var/log/messages. If you want to use a custom log file, you can also specify it.

1. logfile /var/log/ntpd.log

If you select a custom log file, make sure that its owner and SELinux environment are changed.

1. # chown ntp:ntp /var/log/ntpd.log
2. # chcon -t ntpd_log_t /var/log/ntpd.log

Now initialize the NTP service and make sure that it is added to start upon startup.

1. # systemctl restart ntp
2. # systemctl enable ntp

 

Verify NTP Server clock

We can use the ntpq command to check how the clock of the local server is synchronized through NTP.

The following table explains the output columns.

Remote	The source is defined in ntp. conf. '*' Indicates the currently used and the best source; '+' indicates that these sources can be used as NTP sources; '-' indicates that the source is unavailable.
Refid	The IP address of the remote server used to synchronize with the local clock.
St	Stratum (class)
T	Type. 'U' indicates unicast (unicast ). Other values include local, multicasting, and broadcast ).
When	The time (in seconds) that has elapsed since the last interaction with the server ).
Poll	The polling interval with the server, measured in seconds.
Reach	Indicates whether there are any error Octal numbers in interaction with the server. The value 337 indicates that 100% is successful (that is, 255 in decimal format ).
Delay	The time when the server and remote server go back and forth.
Offset	The time difference between our servers and remote servers is measured in milliseconds.
Jitter	Average time difference between two samples, in milliseconds.

 

Control access to the NTP server

By default, the NTP server allows queries from all hosts. If you want to filter in the NTP synchronous connection, you can add rules in your firewall to filter traffic.

1. # iptables -A INPUT -s 192.168.1.0/24 -p udp --dport 123 -j ACCEPT
2. # iptables -A INPUT -p udp --dport 123 -j DROP

This rule allows NTP traffic from 192.168.1.0/24 (Port UDP/123). Traffic from any other network will be discarded. You can change the rules as needed.

 

Configure the NTP client

 

1. Linux

The NTP client host requires the ntpupdate package to synchronize time with the server. You can easily install the software package using yum or apt-get. After installing the software package, run the following command with the IP address of the server.

1. # ntpdate <server-IP-address>

System commands Based on RHEL and Debian are the same.

 

2. Windows

If you are using Windows, search for Internet Time in Date and Time settings ).

 

3. Cisco devices

If you want to synchronize the Time of the Cisco device, you can use the following command in global configuration mode.

1. # ntp server <server-IP-address>

NTP-supported devices from other manufacturers have their own network time parameters. If you want to synchronize the time between the device and the NTP server, see the device instructions.

 

Conclusion

All in all, NTP is a protocol for synchronizing clock on all your hosts. We have introduced how to set the NTP server and synchronize time between devices that Support NTP and servers.

Hope to help you.

CentOS NTP server installation and configuration

NTP servers in Linux

NTP client configurations for multiple operating systems

Build an enterprise-level NTP Time Server

Set up an ntp time synchronization server in Linux

Enable NTP time server in CentOS 6.3

L

Author: Sarmed Rahman Translator: ictlyh Proofreader: wxy

This article was originally translated by LCTT and launched with the Linux honor in China

This article permanently updates the link address: