NTP server how to

 
Network Time Protocol (NTP)
It’s a protocol used to synchronize Linux system’s clock with an accurate time source. This little yet powerful tool is very important for every big network. And I have few bad experiences with this NTP. Mostly because of either I forgot to configure or ignored for the time being and forgot later.

As I am working with Eucalyptus cloud platform, NTP is a must for the system to work perfectly. It is also used in Openstack cloud platform. In Eucalyptus if you ever find that Cloud Controller and Node Controller is not talking or Node controller is not sharing resources and throwing an error it is very wise to check the NTP configuration in the first place, and make sure that all the machines are following the correct time protocol.

[EUCAERROR ] ERROR: DescribeResource() could not be invoked (check NC host, port, and credentials)

Well, for both the platforms, there are two basic installation needed, one as a server and others as clients. Commands are mostly same for all the Linux platforms.

First install NTP on the server.

$ yum install ntp

it is important that we make sure that run level is set properly

$ chkconfig ntpd on

on server lets synchronize the system clock with an outer source which is more reliable.

$ ntpdate pool.ntp.org

/etc/ntp.conf
for advanced configuration, we can set multiple sources here. Here is a very important catch. Servers who are able to figure out what time it is all on their own, without using the Internet are stratum 1 and then secondary stratum 2. for example,

ntp.amnic.net # stratum 1 timeserver
ntp.adc.am    # stratum 2 timeserver

Then if we want to restrict the access of the servers on our machine,

restrict ntp.amnic.net   mask 255.255.255.255 nomodify notrap noquery
restrict ntp.adc.am      mask 255.255.255.255 nomodify notrap noquery

noquery denies ntpq and ntpdc queries. So the time service does not get affected.
nomodify denies ntpq and ntpdc queries which attempt to modify the state of the server.
Instead of noquery, notrap will still allow queries from ntpq and ntpdc. traps are used by remote event logging programs. Traps provides a way off collecting ntpd information from another machine and require the use a special trap client program.

When the server is going to provide time to a certain network, just allow the network to query the NTP server

restrict 10.10.10.0 mask 255.255.255.0 nomodify notrap

The localhost needs to have the full access, so make sure it has no restriction keywords,

restrict 127.0.0.1

Another thing we should make sure, that if the NTP server is disconnected from the internet, the server provides time from its local system clock,

server  127.127.1.0     # local clock
fudge   127.127.1.0 stratum 10

server says that the local system clock is the timeserver, fudge is the keyword to fake the local server with a high stratum. So, when the server is connected with the internet it will still use the l33t timeserver who has the lowest stratum.

After configuration we must [re]start the NTP server,

$ service ntpd start

check if NTP server is configured properly, it’ll show all the time servers,

$ ntpq -p

To configure Linux Client just add the NTP servers IP with following,

$ ntpdate -u xxx.xxx.xxx.xxx

To check which stratum is running on NTP server,

$ ntptrace

And that’s all. If I miss something important please feel free to add in the comment.

About these ads

One response to “NTP server how to

  1. Informative post! thanks for sharing this.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s