CentOS 7 - NTP Server/Client


The chrony suite is installed by default on some versions of Red Hat Enterprise Linux 7. If required, to ensure that it is, run the following command as root:
[root@node1 ~]# yum -y install chrony

To check the status of chronyd, issue the following command:
[root@node1 ~]# systemctl status chronyd
  • chronyd.service - NTP client/server
 Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
 Active: active (running) since Tue 2017-01-03 11:35:11 CET; 3h 21min ago

To start chronyd (if not already started), issue the following command as root:
[root@node1 ~]# systemctl start chronyd

To check if chronyd starts automatically at system start, issue the following command as root:
[root@node1 ~]# systemctl is-enabled chronyd
enabled

If chronyd doesn't start automatically at system start, issue the following command as root:
[root@node1 ~]# systemctl enable chronyd
Created symlink from /etc/systemd/system/multi-user.target.wants/chronyd.service to /usr/lib/systemd/system/chronyd.service.



  1. NTP server.

Set parameters.
[root@server ~]# vi /etc/chrony.conf

# Replace content with items below.
allow 10.0.6.0/26
allow 10.0.7.0/26
allow 10.0.8.0/25
bindaddress 0.0.0.0
bindcmdaddress 127.0.0.1
#bindcmdaddress ::1
commandkey 1
cmddeny all
driftfile /var/lib/chrony/drift
generatecommandkey
keyfile /etc/chrony.keys
local stratum 8
lock_all
log measurements statistics tracking
logchange 0.5
logdir /var/log/chrony
makestep 10 3
maxchange 1000 1 2
#noclientlog
rtcsync
server 3.be.pool.ntp.org iburst
server 3.europe.pool.ntp.org iburst
server 0.europe.pool.ntp.org iburst
stratumweight 0
user chrony

Create our chrony daemon configuration file.
[root@server ~]# vi /etc/sysconfig/chronyd

# Add content below into the file.
# Resolve hostnames only to IPv4 addresses and create only IPv4 sockets.
OPTIONS="-4"

If you are running Firewalld, allow NTP service. NTP uses 123/UDP.
[root@server ~]# firewall-cmd --zone=dmz --add-service=ntp
success
[root@server ~]# firewall-cmd --zone=dmz --add-service=ntp --permanent
success
[root@server ~]# firewall-cmd --reload
success
[root@server ~]# firewall-cmd --zone-dmz --list-all
dmz (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp6s0
  sources:
  services: ntp ssh
  ports:
  protocols:
  masquerade: no
  forward-ports:
  sourceports:
  icmp-blocks:
  rich rules:

To restart chronyd, issue the following command as root:
[root@server ~]# systemctl restart chronyd


  1. NTP client.

Set parameters.
[root@client ~]# vi /etc/chrony.conf

# Replace content with items below.
bindaddress 0.0.0.0
bindcmdaddress 127.0.0.1
#bindcmdaddress ::1
commandkey 1
cmddeny all
driftfile /var/lib/chrony/drift
generatecommandkey
keyfile /etc/chrony.keys
local stratum 4
#log measurements statistics tracking
logchange 0.5
logdir /var/log/chrony
makestep 10 3
maxchange 1000 1 2
noclientlog
rtcsync
server 172.16.252.29 iburst
stratumweight 0
user chrony

Create our chrony daemon configuration file.
[root@client ~]# vi /etc/sysconfig/chronyd

# Add content below into the file.
# Resolve hostnames only to IPv4 addresses and create only IPv4 sockets.
OPTIONS="-4"

To restart chronyd, issue the following command as root:
[root@client ~]# systemctl restart chronyd


  1. Checking if chrony is Synchronized.

To check chrony tracking, issue the following command:
[root@server ~]# chronyc tracking
Reference ID : 85.88.55.5 (ntp.rack66.net)
Stratum : 3
Ref time (UTC) : Sat *** * 15:02:51 20**
System time : 0.000133103 seconds slow of NTP time
Last offset : +0.000000690 seconds
RMS offset : 0.000273219 seconds
Frequency : 1.191 ppm fast
Residual freq : +0.000 ppm
Skew : 0.766 ppm
Root delay : 0.011762 seconds
Root dispersion : 0.013370 seconds
Update interval : 261.0 seconds
Leap status : Normal

The sources command displays information about the current time sources that chronyd is accessing. The optional argument -v can be specified, meaning verbose. In this case, extra caption lines are shown as a reminder of the meanings of the columns.
[root@server ~]# chronyc sources
210 Number of sources = 3
MS Name/IP address Stratum Poll Reach LastRX Last sample
^* ntp.rack66.net 2 8 377 130 -1190us[-1292us] +/- 24ms
^+ schubhart.de 2 9 377 274 +770us[ +672us] +/- 48ms
^- siim.ut.ee 2 8 37 63 -1146us[-1146us] +/- 33ms

The sourcestats command displays information about the drift rate and offset estimation process for each of the sources currently being examined by chronyd. The optional argument -v can be specified, meaning verbose. In this case, extra caption lines are shown as a reminder of the meanings of the columns.
[root@server ~]# chronyc sourcestats
210 Number of sources = 3
Name/IP address NP NR Span Frequency Freq Skew Offset Std Dev
ntp.rack66.net 18 10 47m +0.008 0.633 -492us 559us
schubhart.de 23 11 48m +0.007 0.446 -1002us 477us
siim.ut.ee 8 4 56m +0.216 1.245 -1305us 436us

Geen opmerkingen:

Een reactie posten

Abonneren op: Posts (Atom)