tutorial on configuring an NTP server on a CentOS server

Source: Internet
Author: User
Tags centos centos server iptables

Network Time Protocol (NTP) is used to synchronize the system time of different hosts on the network. All hosts you manage can synchronize their time with a specified time server called an NTP server. On the other hand, an NTP server synchronizes its time with any public NTP server, or the server you select. All system clocks managed by NTP will be synchronized to the millisecond level.

In a corporate environment, if they do not want to open firewalls for NTP transmissions, it is necessary to set up an internal NTP server and then have employees use internal servers instead of public NTP servers. In this guide, we will describe how to configure a CentOS system as an NTP server. Before we introduce the details, let's take a brief look at the concept of NTP.

Why do we need NTP?

Because of the variety of manufacturing processes, all (non-atomic) clocks do not walk at exactly the same speed. Some clocks go faster and some go slower. So after a long time, a clock time slowly and other offset, which is often said "clock drift" or "time drift." To minimize the impact of clock drift, hosts using NTP should interact periodically with the specified NTP server to keep their clocks synchronized.

Time synchronization between different hosts is important for scheduling backups, intrusion detection records, distributed task scheduling, or transactional order management. It should even be part of a day-to-day task.

The hierarchical structure of NTP

The NTP clock is organized in a hierarchical model. Each layer in the hierarchy is called a stratum (class). Stratum's concept illustrates how many NTP jumps a machine can have to an authorized time source.

Stratum 0 consists of clocks that have no time drift, such as atomic clocks. This clock cannot be used directly on the network. Stratum n (n > 1) Tier Servers synchronize time from stratum N-1 tier servers. Stratum N clocks can interconnect with each other through the network.

NTP supports up to 15 levels of stratum. Stratum 16 is considered to be unsynchronized and cannot be used.

Prepare CentOS Server

Now let's start by setting up an NTP server on the CentOS.

First, we need to ensure that the server's time zone is set correctly. In CentOS 7, we can use the TIMEDATECTL command to view and change the server's time zone (for example, "Australia/adelaide", LCTT: China can be set to Asia/shanghai)

The code is as follows:

# Timedatectl List-timezones | grep Australia

# Timedatectl Set-timezone Australia/adelaide

# Timedatectl

Continue and use Yum to install the required software

The code is as follows:

# yum Install NTP

Then we will add the global NTP server for synchronization time.

The code is as follows:

# vim/etc/ntp.conf

Server 0.oceania.pool.ntp.org

Server 1.oceania.pool.ntp.org

Server 2.oceania.pool.ntp.org

Server 3.oceania.pool.ntp.org

By default, the log for the NTP server is saved in/var/log/messages. If you want to use a custom log file, you can also specify it.

Copy Code

The code is as follows:

Logfile/var/log/ntpd.log

If you choose to customize the log file, make sure that it changes its owner and SELinux environment.

Copy Code

The code is as follows:

# chown Ntp:ntp/var/log/ntpd.log

# chcon-t Ntpd_log_t/var/log/ntpd.log

Now initialize the NTP service and make sure to add it to the boot boot.

The code is as follows:

# Systemctl Restart NTP

# Systemctl Enable NTP

Verifying the NTP Server clock

We can use the NTPQ command to check how the local server clock synchronizes through NTP.

The following table explains the output columns.

Remote sources are defined in ntp.conf. ' * ' means the current use, is also the best source; + ' indicates that these sources can be used as NTP sources; ' -' The source of the token is not available.

refID the IP address of the remote server used to synchronize with the local clock.

St Stratum (Class)

T type. ' U ' means unicast (unicast). Other values include local, multicast (multicast), broadcast (broadcast).

When the elapsed time (in seconds) since the last interaction with the server.

The polling interval for the poll and the server, measured in seconds.

Reach indicates whether there are any errors in the octal number of the server interaction. A value of 337 indicates 100% success (that is, decimal 255).

Delay the time between the server and the remote server.

Offset the time difference between our server and the remote server, in milliseconds.

Jitter The average time difference between two samples, in milliseconds.

Controlling access to an NTP server

By default, the NTP server allows queries from all hosts. If you want to filter in the NTP sync connection, you can add the rule filter traffic to your firewall.

# iptables-a input-s 192.168.1.0/24-p UDP--dport 123-j ACCEPT

# iptables-a input-p UDP--dport 123-j DROP

This rule allows NTP traffic from 192.168.1.0/24 (port udp/123), and any other network traffic is discarded. You can change the rules according to your needs.

Configuring the NTP Client

1. Linux

The NTP client host requires the Ntpupdate software package and server synchronization time. You can easily install this package using Yum or Apt-get. After installing the package, run the following command with the server's IP address.

The code is as follows:

# ntpdate

System commands based on RHEL and Debian are the same.

2. Windows

If you are using Windows, look for network time (Internet times) under Date and time settings.

3. Cisco Equipment

If you want to sync the Cisco device's time, you can use the following command in global configuration mode.

The code is as follows:

# NTP server

The NTP-enabled device from other manufacturers has its own parameters for network time. If you want to sync the device with the NTP server, check the device's documentation.

Conclusion

In short, NTP is a protocol that synchronizes clocks on all your hosts. We have described how to set up an NTP server and synchronize time with devices and servers that support NTP.

I hope I can be of some help to you.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.