RHEL7: How to set up the NTP service【转载】

Presentation

NTP (Network Time Protocol) is a protocol to keep servers time synchronized: one or several master servers provide time to client servers that can themselves provide time to other client servers (notion of stratus).

This tutorial deals with client side configuration, even though server configuration is not entirely different.

Two main packages are used in RHEL 7 to set up the client side:

• ntp: this is the classic package, already existing in RHEL 6, RHEL 5, etc.
• chrony: this is a new solution better suited for portable PC or servers with network connection problems (time synchronization is quicker). chrony is the default package in RHEL 7.

Prerequisites

Before anything else, you need to assign the correct time zone.
To get the current configuration, type:

Shell

# timedatectl Local time: Sat 2015-11-07 08:17:33 EST Universal time: Sat 2015-11-07 13:17:33 UTC RTC time: Sat 2015-11-07 13:17:33 Timezone: <strong>America/New_York (EST, -0500)</strong> NTP enabled: yes NTP synchronized: yes RTC in local TZ: no DST active: no Last DST change: DST ended at Sun 2015-11-01 01:59:59 EDT Sun 2015-11-01 01:00:00 EST Next DST change: DST begins (the clock jumps one hour forward) at Sun 2016-03-13 01:59:59 EST Sun 2016-03-13 03:00:00 EDT

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

# timedatectl Local time: Sat 2015-11-07 08:17:33 EST Universal time: Sat 2015-11-07 13:17:33 UTC RTC time: Sat 2015-11-07 13:17:33 Timezone: <strong>America/New_York (EST, -0500)</strong> NTP enabled: yes NTP synchronized: yes RTC in local TZ: no DST active: no Last DST change: DST ended at Sun 2015-11-01 01:59:59 EDT Sun 2015-11-01 01:00:00 EST Next DST change: DST begins (the clock jumps one hour forward) at Sun 2016-03-13 01:59:59 EST Sun 2016-03-13 03:00:00 EDT

To get the list of all the available time zones, type:

Shell

# timedatectl list-timezones Africa/Abidjan Africa/Accra Africa/Addis_Ababa ... America/La_Paz America/Lima America/Los_Angeles ... Asia/Seoul Asia/Shanghai Asia/Singapore ... Pacific/Tongatapu Pacific/Wake Pacific/Wallis

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

# timedatectl list-timezones Africa/Abidjan Africa/Accra Africa/Addis_Ababa ... America/La_Paz America/Lima America/Los_Angeles ... Asia/Seoul Asia/Shanghai Asia/Singapore ... Pacific/Tongatapu Pacific/Wake Pacific/Wallis

Finally, to set a specific time zone (here America/Los_Angeles), type:

Shell

# timedatectl set-timezone America/Los_Angeles

1	# timedatectl set-timezone America/Los_Angeles

Then, to check your new configuration, type:

Shell

# timedatectl Local time: Sat 2015-11-07 05:32:43 PST Universal time: Sat 2015-11-07 13:32:43 UTC RTC time: Sat 2015-11-07 13:32:43 Timezone: America/Los_Angeles (PST, -0800) NTP enabled: yes NTP synchronized: yes RTC in local TZ: no DST active: no Last DST change: DST ended at Sun 2015-11-01 01:59:59 PDT Sun 2015-11-01 01:00:00 PST Next DST change: DST begins (the clock jumps one hour forward) at Sun 2016-03-13 01:59:59 PST Sun 2016-03-13 03:00:00 PDT

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

# timedatectl       Local time: Sat 2015-11-07 05:32:43 PST   Universal time: Sat 2015-11-07 13:32:43 UTC         RTC time: Sat 2015-11-07 13:32:43         Timezone: America/Los_Angeles (PST, -0800)      NTP enabled: yes NTP synchronized: yes RTC in local TZ: no       DST active: no Last DST change: DST ended at                   Sun 2015-11-01 01:59:59 PDT                   Sun 2015-11-01 01:00:00 PST Next DST change: DST begins (the clock jumps one hour forward) at                   Sun 2016-03-13 01:59:59 PST                   Sun 2016-03-13 03:00:00 PDT

The NTP Package

Install the NTP package:

Shell

# yum install -y ntp

1	# yum install -y ntp

Activate the NTP service at boot:

Shell

# systemctl enable ntpd

1	# systemctl enable ntpd

Start the NTP service:

Shell

# systemctl start ntpd

1	# systemctl start ntpd

The NTP configuration is in the /etc/ntp.conf file:

Shell

# For more information about this file, see the man pages # ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5). driftfile /var/lib/ntp/drift # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. restrict default nomodify notrap nopeer noquery # Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1 restrict ::1 # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). server 0.centos.pool.ntp.org iburst server 1.centos.pool.ntp.org iburst server 2.centos.pool.ntp.org iburst server 3.centos.pool.ntp.org iburst includefile /etc/ntp/crypto/pw # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27

# For more information about this file, see the man pages # ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).   driftfile /var/lib/ntp/drift   # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. restrict default nomodify notrap nopeer noquery   # Permit all access over the loopback interface.  This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1 restrict ::1   # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). server 0.centos.pool.ntp.org iburst server 1.centos.pool.ntp.org iburst server 2.centos.pool.ntp.org iburst server 3.centos.pool.ntp.org iburst   includefile /etc/ntp/crypto/pw   # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys

Note: For basic configuration purpose, only the server directives could need a change to point at a different set of master time servers than the defaults specified.

To get some information about the time synchronization process, type:

Shell

# ntpq -p remote refid st t when poll reach delay offset jitter ============================================================================== *y.ns.gin.ntt.ne 192.93.2.20 2 u 47 64 377 27.136 6.958 11.322 +ns1.univ-montp3 192.93.2.20 2 u 45 64 377 34.836 -0.009 11.463 +merlin.ensma.ne 193.204.114.232 2 u 48 64 377 34.586 4.443 11.370 +obsidian.ad-not 131.188.3.220 2 u 50 64 377 22.548 4.256 12.077

1 2 3 4 5 6 7

# ntpq -p      remote           refid      st t when poll reach   delay   offset  jitter ============================================================================== *y.ns.gin.ntt.ne 192.93.2.20      2 u   47   64  377   27.136    6.958  11.322 +ns1.univ-montp3 192.93.2.20      2 u   45   64  377   34.836   -0.009  11.463 +merlin.ensma.ne 193.204.114.232  2 u   48   64  377   34.586    4.443  11.370 +obsidian.ad-not 131.188.3.220    2 u   50   64  377   22.548    4.256  12.077

Alternatively, to get a basic report, type:

Shell

# ntpstat synchronised to NTP server (129.250.35.251) at stratum 3 time correct to within 60 ms polling server every 64 s

1 2 3 4

# ntpstat synchronised to NTP server (129.250.35.251) at stratum 3 time correct to within 60 ms polling server every 64 s

To quickly synchronize a server, type:

Shell

# systemctl stop ntpd # ntpdate pool.ntp.org 5 Jul 10:36:58 ntpdate[2190]: adjust time server 95.81.173.74 offset -0.005354 sec # systemctl start ntpd

1 2 3 4

# systemctl stop ntpd # ntpdate pool.ntp.org 5 Jul 10:36:58 ntpdate[2190]: adjust time server 95.81.173.74 offset -0.005354 sec # systemctl start ntpd

The Chrony Package

Alternatively, you can install the new Chrony service that is quicker to synchronize clocks in mobile and virtual systems.

Install the Chrony service:

Shell

# yum install -y chrony

1	# yum install -y chrony

Activate the Chrony service at boot:

Shell

# systemctl enable chronyd

1	# systemctl enable chronyd

Start the Chrony service:

Shell

# systemctl start chronyd

1	# systemctl start chronyd

The Chrony configuration is in the /etc/chrony.conf file:

Shell

# Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). server 0.centos.pool.ntp.org iburst server 1.centos.pool.ntp.org iburst server 2.centos.pool.ntp.org iburst server 3.centos.pool.ntp.org iburst # Ignore stratum in source selection. stratumweight 0 # Record the rate at which the system clock gains/losses time. driftfile /var/lib/chrony/drift # Enable kernel RTC synchronization. rtcsync # In first three updates step the system clock instead of slew # if the adjustment is larger than 10 seconds. makestep 10 3 # Listen for commands only on localhost. bindcmdaddress 127.0.0.1 bindcmdaddress ::1 keyfile /etc/chrony.keys # Specify the key used as password for chronyc. commandkey 1 # Generate command key if missing. generatecommandkey # Disable logging of client accesses. noclientlog # Send a message to syslog if a clock adjustment is larger than 0.5 seconds. logchange 0.5 logdir /var/log/chrony

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39

# Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). server 0.centos.pool.ntp.org iburst server 1.centos.pool.ntp.org iburst server 2.centos.pool.ntp.org iburst server 3.centos.pool.ntp.org iburst   # Ignore stratum in source selection. stratumweight 0   # Record the rate at which the system clock gains/losses time. driftfile /var/lib/chrony/drift   # Enable kernel RTC synchronization. rtcsync   # In first three updates step the system clock instead of slew # if the adjustment is larger than 10 seconds. makestep 10 3   # Listen for commands only on localhost. bindcmdaddress 127.0.0.1 bindcmdaddress ::1   keyfile /etc/chrony.keys   # Specify the key used as password for chronyc. commandkey 1   # Generate command key if missing. generatecommandkey   # Disable logging of client accesses. noclientlog   # Send a message to syslog if a clock adjustment is larger than 0.5 seconds. logchange 0.5   logdir /var/log/chrony

Note: For basic configuration purpose, only the server directives could need a change to point at a different set of master time servers than the defaults specified.

To get information about the main time reference, type:

Shell

# chronyc tracking Reference ID : 94.23.44.157 (merzhin.deuza.net) Stratum : 3 Ref time (UTC) : Thu Jul 3 22:26:27 2014 System time : 0.000265665 seconds fast of NTP time Last offset : 0.000599796 seconds RMS offset : 3619.895751953 seconds Frequency : 0.070 ppm slow Residual freq : 0.012 ppm Skew : 0.164 ppm Root delay : 0.030609 seconds Root dispersion : 0.005556 seconds Update interval : 1026.9 seconds Leap status : Normal

1 2 3 4 5 6 7 8 9 10 11 12 13 14

# chronyc tracking Reference ID    : 94.23.44.157 (merzhin.deuza.net) Stratum         : 3 Ref time (UTC)  : Thu Jul  3 22:26:27 2014 System time     : 0.000265665 seconds fast of NTP time Last offset     : 0.000599796 seconds RMS offset      : 3619.895751953 seconds Frequency       : 0.070 ppm slow Residual freq   : 0.012 ppm Skew            : 0.164 ppm Root delay      : 0.030609 seconds Root dispersion : 0.005556 seconds Update interval : 1026.9 seconds Leap status     : Normal

To get equivalent information to the ntpq command, type:

Shell

# chronyc sources -v 210 Number of sources = 4 .-- Source mode '^' = server, '=' = peer, '#' = local clock. / .- Source state '*' = current synced, '+' = combined , '-' = not combined, | / '?' = unreachable, 'x' = time may be in error, '~' = time too variable. || .- xxxx [ yyyy ] +/- zzzz || / xxxx = adjusted offset, || Log2(Polling interval) -. | yyyy = measured offset, || \ | zzzz = estimated error. || | | MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^+ merlin.ensma.fr 2 6 77 61 +295us[+1028us] +/- 69ms ^* lafkor.de 2 6 77 61 -1371us[ -638us] +/- 65ms ^+ kimsuflol.iroqwa.org 3 6 77 61 -240us[ -240us] +/- 92ms ^+ merzhin.deuza.net 2 6 77 61 +52us[ +52us] +/- 48ms # chronyc sourcestats -v 210 Number of sources = 4 .- Number of sample points in measurement set. / .- Number of residual runs with same sign. | / .- Length of measurement set (time). | | / .- Est. clock freq error (ppm). | | | / .- Est. error in freq. | | | | / .- Est. offset. | | | | | | On the -. | | | | | | samples. \ | | | | | | | Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev ============================================================================== merlin.ensma.fr 7 5 200 0.106 6.541 +381us 176us lafkor.de 7 4 199 0.143 10.145 -916us 290us kimsuflol.iroqwa.org 7 7 200 -0.298 6.717 +69us 184us merzhin.deuza.net 7 5 200 0.585 11.293 +675us 314us

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35

# chronyc sources -v 210 Number of sources = 4     .-- Source mode  '^' = server, '=' = peer, '#' = local clock. / .- Source state '*' = current synced, '+' = combined , '-' = not combined, | /   '?' = unreachable, 'x' = time may be in error, '~' = time too variable. ||                                                 .- xxxx [ yyyy ] +/- zzzz ||                                                /   xxxx = adjusted offset, ||         Log2(Polling interval) -.             |    yyyy = measured offset, ||                                  \            |    zzzz = estimated error. ||                                   |           | MS Name/IP address         Stratum Poll Reach LastRx Last sample =============================================================================== ^+ merlin.ensma.fr               2   6    77    61   +295us[+1028us] +/-   69ms ^* lafkor.de                     2   6    77    61  -1371us[ -638us] +/-   65ms ^+ kimsuflol.iroqwa.org          3   6    77    61   -240us[ -240us] +/-   92ms ^+ merzhin.deuza.net             2   6    77    61    +52us[  +52us] +/-   48ms   # chronyc sourcestats -v 210 Number of sources = 4                              .- Number of sample points in measurement set.                             /    .- Number of residual runs with same sign.                            |    /    .- Length of measurement set (time).                            |   |    /      .- Est. clock freq error (ppm).                            |   |   |      /           .- Est. error in freq.                            |   |   |     |           /         .- Est. offset.                            |   |   |     |          |          |   On the -.                            |   |   |     |          |          |   samples. \                            |   |   |     |          |          |             | Name/IP Address            NP  NR  Span  Frequency  Freq Skew  Offset  Std Dev ============================================================================== merlin.ensma.fr             7   5   200      0.106      6.541   +381us   176us lafkor.de                   7   4   199      0.143     10.145   -916us   290us kimsuflol.iroqwa.org        7   7   200     -0.298      6.717    +69us   184us merzhin.deuza.net           7   5   200      0.585     11.293   +675us   314us

To quickly synchronize a server, type:

Shell

# ntpdate pool.ntp.org 5 Jul 10:31:06 ntpdate[2135]: step time server 193.55.167.1 offset 121873.493146 sec

1 2	# ntpdate pool.ntp.org 5 Jul 10:31:06 ntpdate[2135]: step time server 193.55.167.1 offset 121873.493146 sec

Note: You don’t need to stop the Chrony service to synchronize the server.

Additional Resources

You can read these Red Hat articles about leap seconds management, how to resolve leap second issues or the differences between NTP and PTP.
The xmodulo website provides a tutorial on How to set up NTP server in CentOS.
Documentation about NTP is available at the NTP Documentation Archive website.

Beyond the exam objectives, virtualization can trigger problems (see this thread) and it is useful to know How to avoid VM clock drift.

You can also be interested in converting a Raspberry PI into a stratum 1 NTP server.

来源： RHEL7: How to set up the NTP service. – CertDepot