Easily Configure NTP Server on Rocky/Oracle Linux

0
2

In this guide, you will learn how to easily configure NTP Server on Rocky/Oracle Linux. In this tutorial, we will use Chrony to configure NTP server on Rocky/Oracle Linux. Chrony is currently being used in most cases in favour of the legacy NTPd. Compared to NTP implementation, chrony performs well in a wide range of conditions including:

  • intermittent network connections,
  • heavily congested networks
  • changing temperatures
  • systems that do not run continuously

Chrony can be used to synchronize the system clock with NTP servers, reference clocks. It can also operate as an NTPv4 server and peer to provide a time service to other computers in the network.

How to install Ansible in Oracle Li...
How to install Ansible in Oracle Linux 8 - Ansible install

Configure NTP Server on Rocky/Oracle Linux

Installing Chrony on Rocky/Oracle Linux

Chrony suite is installed by default on RHEL derivatives, Rocky/Oracle Linux included. You can however verify this by executing the command below;

rpm -q chrony

If the package is installed, you should get an output similar to;

chrony-4.1-3.el9.rocky.0.1.x86_64

Otherwise, you will get an output like;

package chrony is not installed

To see more information about Chrony;

rpm -qi chrony
Name        : chrony
Version     : 4.1
Release     : 3.el9.rocky.0.1
Architecture: x86_64
Install Date: Tue 15 Nov 2022 06:22:59 PM EAT
Group       : Unspecified
Size        : 608214
License     : GPLv2
Signature   : RSA/SHA256, Fri 09 Sep 2022 10:43:53 PM EAT, Key ID 702d426d350d275d
Source RPM  : chrony-4.1-3.el9.rocky.0.1.src.rpm
Build Date  : Fri 09 Sep 2022 10:38:35 PM EAT
Build Host  : pb-d952646d-29b9-479d-ac06-aee585aa8dcf-b-x86-64
Packager    : Rocky Linux Build System (Peridot) 
Vendor      : Rocky Enterprise Software Foundation
URL         : https://chrony.tuxfamily.org
Summary     : An NTP client/server
Description :
chrony is a versatile implementation of the Network Time Protocol (NTP).
It can synchronise the system clock with NTP servers, reference clocks
(e.g. GPS receiver), and manual input using wristwatch and keyboard. It
can also operate as an NTPv4 (RFC 5905) server and peer to provide a time
service to other computers in the network.

If for some reasons is not installed by default, you can always install it by running the command below;

dnf install chrony

Configure Chrony as an NTP server on Rocky/Oracle Linux

The default configuration file of Chrony is /etc/chrony.conf.

Set Time Servers

By default, Chrony has some default public Time servers from pool.ntp.org project project already defined in the configuration file.

For example on Rocky Linux;

pool 2.rhel.pool.ntp.org iburst

On Oracle;

pool 2.pool.ntp.org iburst

To ensure time accuracy, you need to define the time servers close to your NTP server host region.

You can obtain a list of NTP servers close to your NTP server host region on Internet Cluster of NTP servers page.

Just select the region accordingly. For example, if you are in Europe, below are the available NTP servers;

server 0.europe.pool.ntp.org
server 1.europe.pool.ntp.org
server 2.europe.pool.ntp.org
server 3.europe.pool.ntp.org

To use the pool of NTP servers in your region, simply replace the default time server defined in the configuration with your chosen region time servers. You can comment (Add # at the beginning) the line, pool 2.pool.ntp.org iburst replacing it as follows;

vim /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (https://www.pool.ntp.org/join.html).
#pool 2.rhel.pool.ntp.org iburst
server 0.europe.pool.ntp.org iburst
server 1.europe.pool.ntp.org iburst
server 2.europe.pool.ntp.org iburst
server 3.europe.pool.ntp.org iburst

Configure NTP Server Access Control

Next, you need to restrict or control access to the NTP server. This can be done using the allow <host/network> directive.

This directive simply is to designate particular servers from which NTP clients are allowed to query an NTP server.

For example, to allow all servers in the network subnet, 192.168.56.0/24 to access your NTP server;

# Allow NTP client access from local network.
#allow 192.168.0.0/16
allow 192.168.59.0/24

To allow multiple hosts/networks, use multiple allow directives. e.g

# Allow NTP client access from local network.
#allow 192.168.0.0/16
allow 192.168.59.0/24
allow 192.168.58.0/24
allow 192.168.100.0/24

Save and exit the configuration file.

Read more on, man chrony.conf.

Open NTP UDP Port 123 on Firewall

To be able to allow NTP clients access to your NTP server, you need to open port 123/UDP on firewall.

firewall-cmd --add-port=123/udp --permanent
firewall-cmd --reload

Running Chrony on Rocky/Oracle Linux

Chronyd daemon controls the NTP implementation. Thus, start and enable it to run on system boot by running the command below;

systemctl enable --now chronyd

If it was already running, restart it;

systemctl restart chronyd

Check the status;

systemctl status chronyd
● chronyd.service - NTP client/server
     Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2022-11-15 18:43:49 EAT; 1s ago
       Docs: man:chronyd(8)
             man:chrony.conf(5)
    Process: 1757 ExecStart=/usr/sbin/chronyd $OPTIONS (code=exited, status=0/SUCCESS)
   Main PID: 1759 (chronyd)
      Tasks: 1 (limit: 5891)
     Memory: 796.0K
        CPU: 11ms
     CGroup: /system.slice/chronyd.service
             └─1759 /usr/sbin/chronyd -F 2

Nov 15 18:43:49 localhost.localdomain systemd[1]: Starting NTP client/server...
Nov 15 18:43:49 localhost.localdomain chronyd[1759]: chronyd version 4.1 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +NTS +SECHASH +IPV6 +DE>
Nov 15 18:43:49 localhost.localdomain chronyd[1759]: Frequency -5.990 +/- 10.038 ppm read from /var/lib/chrony/drift
Nov 15 18:43:49 localhost.localdomain chronyd[1759]: Using right/UTC timezone to obtain leap second data
Nov 15 18:43:49 localhost.localdomain chronyd[1759]: Loaded seccomp filter (level 2)
Nov 15 18:43:49 localhost.localdomain systemd[1]: Started NTP client/server.
...

Verify Chrony Time Synchronization

chronyc commands is be used to verify Chrony time synchronization.

You can use chronyc command with the other options such as sources, tracking, sourcestats.

To display information about the current time sources that chronyd is accessing, run the command;

chronyc sources
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^+ 79-209.butt.spdwpl.net        2   6    17    60    +34ms[  +35ms] +/-  145ms
^- srv01.spectre-net.de          2   6    35    57    +25ms[  +25ms] +/-  123ms
^* ns.aksinet.net                2   6    17    58   -944us[ +571us] +/-  166ms
^? ntp1.karneval.cz              0   6     0     -     +0ns[   +0ns] +/-    0ns

The column indicates the mode of the source;

  • ^ means a server
  • = means a peer
  • # indicates a locally connected reference clock

The S column indicates the state of the sources;

  • “*” indicates the source to which chronyd is currently synchronized.
  • “+” indicates acceptable sources which are combined with the selected source.
  • “-” indicates acceptable sources which are excluded by the combining algorithm.
  • “?” indicates sources to which connectivity has been lost or whose packets do not pass all tests. This condition is also shown at start-up, until at least 3 samples have been gathered from it.
  • “x” indicates a clock which chronyd thinks is a falseticker (its time is inconsistent with a majority of other sources).
  • “~” indicates a source whose time appears to have too much variability

To display parameters about the system’s clock performance;

chronyc tracking
Reference ID    : C303FE02 (ns.aksinet.net)
Stratum         : 3
Ref time (UTC)  : Tue Nov 15 15:49:55 2022
System time     : 0.009086476 seconds fast of NTP time
Last offset     : +0.001899395 seconds
RMS offset      : 0.012369673 seconds
Frequency       : 0.425 ppm slow
Residual freq   : +15.764 ppm
Skew            : 46.456 ppm
Root delay      : 0.241274297 seconds
Root dispersion : 0.056591570 seconds
Update interval : 64.6 seconds
Leap status     : Normal

And that is it on how to easily configure NTP Server on Rocky/Oracle Linux.

For more command options, refer to;

man chronyc

Other Tutorials;

Install and Setup NTP Server on Ubuntu 22.04/Debian 11

How to Configure NTP Server on pfSense

LEAVE A REPLY

Please enter your comment!
Please enter your name here