Monday 18 July 2011

NTP -- Synchronize time using other NTP peers

Let's start by configuring an NTP server. You can install the ntp server with:
yum install ntp -y
Make sure that it starts on system start up:
chkconfig ntp on
Open the firewall and save the changes:
 iptables -I INPUT -p udp --dport ntp -j ACCEPT; service iptables save
Edit the ntp config file /etc/ntp.conf and add the following line:
restrict 10.168.20.0 mask 255.255.255.0 nomodify notrap
This will allow any client in the 10.168.20.0 network to get its time from the ntp server, except that it does not quite do it for me, as I don't have an internet connection. This is because a local server is way down in the pecking order or stratum, so a few extra steps are required:
echo "10.168.20.227" >> /etc/ntp/step-tickers
echo "10.168.20.227" >> /etc/ntp/ntpservers
Assuming that 10.168.20.227 is the ip address of your ntp server. You can now start your ntp server with:
service ntpd start
Interestingly, there are no SELinux settings related to ntp and you can block hosts by using iptables rules.

In order to configure a client to use this ntp server, simply add the following line to the ntp config file of your server:
server 10.168.20.227
Set the ntp daemon to start at boot time and start the service:
chkconfig ntpd on
service ntpd start
You can now use the following command to check the configuration is working:
ntpq -p
which should have a result like this:

          remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 10.168.20.227   LOCAL(0)        11 u   45   64    1    0.479  263675.   0.000

No comments:

Post a Comment