Network Time Protocol (NTP)
It’s a protocol used to synchronize Linux system’s clock with an accurate time source. This little yet powerful tool is very important for every big network. And I have few bad experiences with this NTP. Mostly because of either I forgot to configure or ignored for the time being and forgot later.
As I am working with Eucalyptus cloud platform, NTP is a must for the system to work perfectly. It is also used in Openstack cloud platform. In Eucalyptus if you ever find that Cloud Controller and Node Controller is not talking or Node controller is not sharing resources and throwing an error it is very wise to check the NTP configuration in the first place, and make sure that all the machines are following the correct time protocol.
[EUCAERROR ] ERROR: DescribeResource() could not be invoked (check NC host, port, and credentials)
Well, for both the platforms, there are two basic installation needed, one as a server and others as clients. Commands are mostly same for all the Linux platforms.
First install NTP on the server.
$ yum install ntp
it is important that we make sure that run level is set properly
$ chkconfig ntpd on
on server lets synchronize the system clock with an outer source which is more reliable.
$ ntpdate pool.ntp.org
for advanced configuration, we can set multiple sources here. Here is a very important catch. Servers who are able to figure out what time it is all on their own, without using the Internet are stratum 1 and then secondary stratum 2. for example,
ntp.amnic.net # stratum 1 timeserver ntp.adc.am # stratum 2 timeserver
Then if we want to restrict the access of the servers on our machine,
restrict ntp.amnic.net mask 255.255.255.255 nomodify notrap noquery restrict ntp.adc.am mask 255.255.255.255 nomodify notrap noquery
noquery denies ntpq and ntpdc queries. So the time service does not get affected.
nomodify denies ntpq and ntpdc queries which attempt to modify the state of the server.
Instead of noquery, notrap will still allow queries from ntpq and ntpdc. traps are used by remote event logging programs. Traps provides a way off collecting ntpd information from another machine and require the use a special trap client program.
When the server is going to provide time to a certain network, just allow the network to query the NTP server
restrict 10.10.10.0 mask 255.255.255.0 nomodify notrap
The localhost needs to have the full access, so make sure it has no restriction keywords,
Another thing we should make sure, that if the NTP server is disconnected from the internet, the server provides time from its local system clock,
server 127.127.1.0 # local clock fudge 127.127.1.0 stratum 10
server says that the local system clock is the timeserver, fudge is the keyword to fake the local server with a high stratum. So, when the server is connected with the internet it will still use the l33t timeserver who has the lowest stratum.
After configuration we must [re]start the NTP server,
$ service ntpd start
check if NTP server is configured properly, it’ll show all the time servers,
$ ntpq -p
To configure Linux Client just add the NTP servers IP with following,
$ ntpdate -u xxx.xxx.xxx.xxx
To check which stratum is running on NTP server,
And that’s all. If I miss something important please feel free to add in the comment.