NTP-oracle7

 

Configuring Network Time

This chapter describes how to configure a system to use the chrony, Network Time Protocol (NTP), or Precision Time Protocol (PTP) daemons for setting the system time.

About the chronyd Daemon

The chrony package provides a chronyd service daemon and chronyc utility that enable mobile systems and virtual machines to update their system clock after a period of suspension or disconnection from a network.

The chronyd service is primarily designed to allow mobile systems and virtual machines to update their system clock after a period of suspension or disconnection from a network. However, you can also use it to implement a simple NTP client or a NTP server. When used as an NTP server, chronyd can synchronise with higher stratum NTP servers or it can act as a stratum 1 server using time signals received from the Global Positioning System (GPS) or radio broadcasts such as DCF77, MSF, or WWVB.

You can use the chronyc command to manage the chronyd service.

Note:

chronyd uses NTP version 3 (RFC 1305), whose features are compatible with NTP version 4 (RFC 5905). However, chronyd does not support several important features of NTP version 4 nor does it support the use of PTP.

Configuring the chronyd Service

To configure the chronyd service on a system:

1. Install the chrony package.

   sudo yum install chrony
   

2. Edit /etc/chrony.conf to set up the configuration for chronyd.

   Note:

   The default configuration assumes that the system has network access to public NTP servers with which it can synchronise. The firewall rules for your internal networks might well prevent access to these servers but instead allow access to local NTP servers.

   The following example shows a sample configuration for a system that can access three NTP servers:

   server NTP_server_1
   server NTP_server_2
   server NTP_server_3
   driftfile /var/lib/chrony/drift
   keyfile /etc/chrony.keys
   commandkey 1
   generatecommandkey
   

   The commandkey directive specifies the keyfile entry that chronyd uses to authenticate both chronyc commands and NTP packets. The generatecommandkey directive causes chronyd to generate an SHA1-based password automatically when the service starts.

   To configure chronyd to act as an NTP server for a specified client or subnet, use the allow directive, for example:

   server NTP_server_1
   server NTP_server_2
   server NTP_server_3
   allow 192.168.2/24
   driftfile /var/lib/chrony/drift
   keyfile /etc/chrony.keys
   commandkey 1
   generatecommandkey
   

   If a system has only intermittent access to NTP servers, the following configuration might be appropriate:

   server NTP_server_1 offline
   server NTP_server_2 offline
   server NTP_server_3 offline
   driftfile /var/lib/chrony/drift
   keyfile /etc/chrony.keys
   commandkey 1
   generatecommandkey
   

   If you specify the offline keyword, chronyd does not poll the NTP servers until it is told that network access is available. You can use the chronyc -a online and chronyc -a offline command to inform chronyd of the state of network access.

3. If remote access to the local NTP service is required, configure the system firewall to allow access to the NTP service in the appropriate zones, for example:

   sudo firewall-cmd --zone=zone --add-service=ntp
   

   success

   sudo firewall-cmd --zone=zone --permanent --add-service=ntp
   

   success

4. Start the chronyd service and configure it to start following a system reboot.

   sudo systemctl start chronyd
   sudo systemctl enable chronyd
   

You can use the chronyc command to display information about the operation of chronyd or to change its configuration, for example:

sudo chronyc -a

chrony version version
...
200 OK

chronyc> sources

210 Number of sources = 4
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^+ service1-eth3.debrecen.hp     2   6    37    21  -2117us[-2302us] +/-   50ms
^* ns2.telecom.lt                2   6    37    21   -811us[ -997us] +/-   40ms
^+ strato-ssd.vpn0.de            2   6    37    21   +408us[ +223us] +/-   78ms
^+ kvm1.websters-computers.c     2   6    37    22  +2139us[+1956us] +/-   54ms

chronyc> sourcestats

210 Number of sources = 4
Name/IP Address            NP  NR  Span  Frequency  Freq Skew  Offset  Std Dev
==============================================================================
service1-eth3.debrecen.hp   5   4   259     -0.394     41.803  -2706us   502us
ns2.telecom.lt              5   4   260     -3.948     61.422   +822us   813us
strato-ssd.vpn0.de          5   3   259      1.609     68.932   -581us   801us
kvm1.websters-computers.c   5   5   258     -0.263      9.586  +2008us   118us

Reference ID    : 212.59.0.2 (ns2.telecom.lt)
Stratum         : 3
Ref time (UTC)  : Tue Sep 30 12:33:16 2014
System time     : 0.000354079 seconds slow of NTP time
Last offset     : -0.000186183 seconds
RMS offset      : 0.000186183 seconds
Frequency       : 28.734 ppm slow
Residual freq   : -0.489 ppm
Skew            : 11.013 ppm
Root delay      : 0.065965 seconds
Root dispersion : 0.007010 seconds
Update interval : 64.4 seconds
Leap status     : Normal
chronyc> exit

chronyc> tracking

Reference ID    : 212.59.0.2 (ns2.telecom.lt)
Stratum         : 3
Ref time (UTC)  : Tue Sep 30 12:33:16 2014
System time     : 0.000354079 seconds slow of NTP time
Last offset     : -0.000186183 seconds
RMS offset      : 0.000186183 seconds
Frequency       : 28.734 ppm slow
Residual freq   : -0.489 ppm
Skew            : 11.013 ppm
Root delay      : 0.065965 seconds
Root dispersion : 0.007010 seconds
Update interval : 64.4 seconds
Leap status     : Normal

chronyc> exit