06.12.2024

How to configure NTP on Rocky Linux/CentOS?

Time on devices in information-computing systems plays a key role in realisation of functions of electronic digital signatures, TLS/SSL connection, real-time machines, automatic process control systems and many others. Without an accurate representation of the time will not be possible to transfer data over HTTPS on what is based on many services, monitoring of application logs for systems and administrators will be difficult. After all, understanding when a particular event occurred can play a key role! To solve this problem of providing devices with accurate time the NTP service and protocol was developed!

What is NTP and how does it work?

NTP or Network Time Protocol is a service with a client-server architecture, which provides time information to devices using the network protocol of the same name. The principle of operation lies in the hierarchical structure of information exchange between different devices, at different or the same tier level.

The reference value for the beginning of the transmission are reliable sources of time that have the lowest error: atomic clocks or GPS systems, they provide information to the first or zero tier through the RS232 protocol, with which the data are transmitted over a physical communication channel to Stratum 0. Next comes the NTP protocol, which has an implementation in the form of an application on a device that can provide the current time data at the request of clients. Thus, Stratum level 1 is a client of Stratum 0 servers, and so on down the hierarchical chain, the highest level is a client for the lower ones.

Screenshot №1 — NTP structure

If we consider this basic infrastructure service in the context of a corporate network, a server is allocated to work. It can be a dedicated VPS area or a part of the OS space in a container with a running application that processes client requests. And it already receives data from trusted Stratum and provides data to devices in the local network. For fault tolerance, it is common to use several such solutions. As their trusted source can be Glonass-server, which intercepts the GPS signal and transmits the time to the devices.

The algorithm of the protocol provides for the use of UDP on port 123, as well as the transmission of messages from the client to the server and back:

The client sends a request to the server to receive the time with the label T1, which contains the time of sending the client's request. Then the server records the receipt of the request and sends a packet with labels T1, T2, T3, the last ones record the time of receipt of the request and response to the client. After the network communication is finished client fixes the time T4 - receiving the packet and calculates the delays, as well as the current time.

How do I install and configure NTP?

In Rocky Linux // CentOS distributions, the popular ntpd package has been replaced by chrony, which differs little from its predecessor in functionality and configuration. Let's install the package with the command:

dnf install chrony

Screenshot №2 — Installation

To manage the server we can use the chronyc administrator client, which also comes in the installation package. For basic configuration and operation of the service we will need the configuration file at the path:

nano /etc/chrony.conf

Screenshot №3 — Result of configuration

For the service to work, it is necessary to specify the servers from where the time should be received, the list of allowed networks and, if available, the logging file. Let's specify the appropriate settings in the file:

pool 0.eu.pool.ntp.org iburst
pool 1.eu.pool.ntp.org prefer
server ntpo.NL.net
server ntp2.vniiftri.ru
server ntp.ix.ru
server ntps1-1.cs.tu-berlin.de
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
allow 192.168.0.0/16
# Specify directory for log files.
logdir /var/log/chrony
# Select which information is logged.
#log measurements statistics tracking
makestep 1 -1

As a time server, you can specify any of the country's domain zone server pools. To find their list, you can use the search query "List of NTP servers" or specify the above in the settings. The Burst and Prefer tags define more accurate time and preferred pool/server, respectively.

All steps in the tutorial can be performed on powerful cloud servers. Serverspace provides isolated VPS / VDS servers for common and virtualize usage.

Screenshot №4 — Create Server

It will take some time to deploy server capacity. After that you can connect in any of the convenient ways!

Back to configuring our service, once the configuration file is written and saved, we need to reboot it:

systemctl daemon-reload && systemctl enable --now chronyd

Screenshot №5 — Start daemon

To check the operability of our service, let's address the chronyc utility with a request:

chronyc sources

Screenshot №6 — NTP sources

The list shows the stratums or tiers from which our server receives time information. The list lists the number of server tiers from which we receive data and calculations of the delay time. As you can see in the figure, the first one has 12 ms and the second one has 115 ms, respectively the utility will choose the source with less delay. If you write the command date, you will notice that the time still does not coincide. It is necessary to change the time zone, for this we will display the list of zones and select the one we need:

timedatectl list-timezones

Screenshot №7 — List of time zones

After that we will select the required one with the following command:

timedatectl set-timezone Asia/Tokyo && date

Screenshot №8 — Set time/zone

Great, after you need to configure the client, so install the chrony package:

dnf install chrony && nano /etc/chrony.conf

Going to the file it is necessary to specify our created server:

server 192.168.1.2 iburst

Restart the service and put it on autorun:

systemctl saemon-reload && systemctl enable--now chrony

After that you can also check the work through the chronyc utility:

chronyc sources

.

Proper configuration of NTP allows to maintain time synchronisation on all devices in the network, which is critical for security, accuracy and reliability of information and computer systems.