Synchronizing the system clock with NTP and the chrony suite

Synchronizing the system clock with NTP and the chrony suite

—–《CentOS 7 Linux Server Cookbook, 2nd Edition》

In this recipe, we will learn how to synchronize the system clock with an external time server using the Network Time Protocol (NTP) and the chrony suite. From the need to time-stamp documents, e-mails, and log files, to securing, running, and debugging a network, or to simply interact with shared devices and services, everything on your server is dependent on maintaining an accurate system clock, and it is the purpose of this recipe to show you how this can be achieved.

Getting ready

To complete this recipe, you will require a working installation of the CentOS 7 operating system with root privileges, a console-based text editor of your choice, and a connection to the Internet to facilitate downloading additional packages.

How to do it…

In this recipe, we will use the chrony service to manage our time synchronization. As chrony is not installed by default on CentOS minimal, we will start this recipe by installing it:

  1. To begin, log in as root and install the chrony service, then start it and verify that it is running:

yum install -y chrony systemctl  start chronyd systemctl status chronyd

  1. Also, if we want to use chrony permanently, we will have to enable it on server startup:

systemctl enable chronyd

  1. Next, we need to check whether the system already uses NTP to synchronize our system clock over the network:

timedatectl  | grep “NTP synchronized”

  1. If the output from the last step showed No for NTP synchronized, we need to enable it using:

timedatectl  set-ntp  yes

  1. If you run the command (from step 3) again, you should see that it is now synchronizing NTP.
  2. The default installation of chrony will use a public server that has access to the atomic clock, but in order to optimize the service we will need to make a few simple changes to streamline and optimize at what time servers are used. To do this, open the main chrony configuration file with your favorite text editor, as shown here:

vi /etc/chrony.conf

  1. In the file, scroll down and look for the lines containing the following:

server 0.centos.pool.ntp.org iburst server 1.centos.pool.ntp.org iburst server 2.centos.pool.ntp.org iburst server 3.centos.pool.ntp.org iburst

  1. Replace the values shown with a list of preferred local time servers:

server 0.uk.pool.ntp.org iburst server 1.uk.pool.ntp.org iburst server 2.uk.pool.ntp.org iburst server 3.uk.pool.ntp.org iburst

Note

Visit http://www.pool.ntp.org/ to obtain a list of local servers geographically near your current location. Remember, the use of three or more servers will have a tendency to increase the accuracy of the NTP service.

  1. When complete, save and close the file before synchronizing your server using the sytstemctl command:

systemctl restart chronyd

  1. To check whether the modifications in the config file were successful, you can use the following command:

systemctl status chronyd

  1. To check whether chrony is taking care of your system time synchronization, use the following:

chronyc  tracking

  1. To check the network sources chrony uses for synchronization, use the following:

chronyc sources

How it works…

Our CentOS 7 operating system’s time is set on every boot based on the hardware clock, which is a small-battery driven clock located on the motherboard of your computer. Often, this clock is too inaccurate or has not been set right, therefore it’s better to get your system time from a reliable source over the Internet (that uses real atomic time). The chrony daemon, chronyd, sets and maintains system time through a process of synchronization with a remote server using the NTP protocol for communication.

So, what have we learned from this experience?

As a first step, we installed the chrony service, since it is not available by default on a CentOS 7 minimal installation. Afterwards, we enabled the synchronization of our system time with NTP using the timedatectl  set-ntp  yes command.

After that, we opened the main chrony configuration file, /etc/chrony.conf, and showed how to change the external time servers used. This is particularly useful if your server is behind a corporate firewall and have your own NTP server infrastructure.

Having restarted the service, we then learned how to check and monitor our new configuration using the chronyc command. This is a useful command line tool (c stands for client) for interacting and controlling a chrony daemon (locally or remotely). We used the tracking parameter with chronyc, which showed us detailed information of the current NTP synchronization process with a specific server. Please refer to the man pages of the chronyc command if you need further help about the properties shown in the output (man  chronyc).

We also used the sources parameter with the chronyc program, which showed us an overview of the used NTP time servers.

You can also use the older date command to validate correct time synchronization. It is important to realize that the process of synchronizing your server may not be instantaneous, and it can take a while for the process to complete. However, you can now relax in the full knowledge that you now know how to install, manage and synchronize your time using the NTP protocol.

There’s more…

In this recipe, we set our system’s time using the chrony service and the NTP protocol. Usually, system time is set as Coordinated Universal Time (UTC) or world time, which means it is one standard time used across the whole world. From it, we need to calculate our local time using time zones. To find the right time zone, use the following command (read the Navigating textfiles with less recipe to work with the output):

timedatectl  list-timezones

If you have found the right time zone, write it down and use it in the next command; for example, if you are located in Germany and are near the city of Berlin, use the following command:

timedatectl set-timezone Europe/Berlin

Use timedatectl again to check if your local time is correct now:

timedatectl | grep “Local time”

Finally, if it is correct, you can synchronize your hardware clock with your system time to make it more precise:

hwclock –systohc

发表评论

电子邮件地址不会被公开。 必填项已用*标注