Setup NTP on CentOS Linux

What is NTP?

NTP (Network Time Protocol) is the time protocol that most servers in the world use to keep in sync.  Most companies will have a local NTP server that they keep in sync with an external timing source and then they have all of their internal servers sync their time with that machine.

Set Your Timezone First

Before we go off and setup NTP for your server, we should probably verify the timezone that your system is using first.  We can easily check it by running the “date” command:

$ date
Tue Oct  8 16:31:53 MDT 2013

If your timezone isn’t what you were hoping it to be, you can set your timezone by changing a few files around.  We will first backup our /etc/localtime file and then put in the one that has our timezone configured.  In my case, I am using Mountain time, but you can get the proper file from /usr/share/zoneinfo.  Browse through the subdirectories in there and choose the one that represents your region the best and put it in place like I did below:

mv /etc/localtime /etc/localtime.bkp
cp /usr/share/zoneinfo/America/Denver /etc/localtime

Now verify that you set it properly again with the date command like we did above.

Install and Setup NTP on CentOS Linux

Now that our machine has the correct timezone, let’s sync the time with an NTP server.

Step 1 – Install the NTP packages

Install NTP with yum:

# yum install ntp
Loaded plugins: fastestmirror, refresh-packagekit
Loading mirror speeds from cached hostfile
…================================================================================
Package         Arch           Version                      Repository    Size
================================================================================
Installing:
ntp             x86_64         4.2.4p8-3.el6.centos         base         444 k
Installing for dependencies:
ntpdate         x86_64         4.2.4p8-3.el6.centos         base          58 kTransaction Summary
================================================================================
Install       2 Package(s)Total download size: 502 k
Installed size: 1.2 M
Is this ok [y/N]: y
Downloading Packages:
(1/2): ntp-4.2.4p8-3.el6.centos.x86_64.rpm                                                    | 444 kB     00:00
(2/2): ntpdate-4.2.4p8-3.el6.centos.x86_64.rpm                                                |  58 kB     00:00
———————————————————————————————————————
Total                                                                                416 kB/s | 502 kB     00:01
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : ntpdate-4.2.4p8-3.el6.centos.x86_64                                                               1/2
Installing : ntp-4.2.4p8-3.el6.centos.x86_64                                                                   2/2
Unable to connect to dbus
Verifying  : ntp-4.2.4p8-3.el6.centos.x86_64                                                                   1/2
Verifying  : ntpdate-4.2.4p8-3.el6.centos.x86_64                                                               2/2Installed:
ntp.x86_64 0:4.2.4p8-3.el6.centosDependency Installed:
ntpdate.x86_64 0:4.2.4p8-3.el6.centosComplete!

Our NTP package is now installed.  Let’s set it to startup at boot time:

# chkconfig ntpd on
[root@obelix ~]# chkconfig –list ntpd
ntpd               0:off    1:off    2:on    3:on    4:on    5:on    6:off


Step 2 – Choose NTP Servers to Sync With

Now that we have the prerequisites done, we need to choose at least one NTP file to sync with.  As I mentioned in the opening above, most organizations will setup one local server to sync its time with an external system, then all of the internal machines will sync with it.  The decision is easy if you have an internal system already configured, but if you are setting up the first system in your environment, then you need to find an external source to sync your machine with.

There are many options to choose from one of which is from NTP Pool Project which you can find at http://www.pool.ntp.org/en/.

NTP Pool Project WebPage - Choose an NTP Server

NTP Pool Project WebPage – Choose an NTP Server

 

 

You can get the list of servers for your geographical region by clicking on your region on the right hand side of their webpage.

 

 

 

 

 

 

Since I am in North America, I found the following server pools at http://www.pool.ntp.org/en/:

0.north-america.pool.ntp.org
1.north-america.pool.ntp.org
2.north-america.pool.ntp.org
3.north-america.pool.ntp.org

So, I need to add these lines to the /etc/ntp.conf file:

# cat >> /etc/ntp.conf <<EOF
server 0.north-america.pool.ntp.org
server 1.north-america.pool.ntp.org
server 2.north-america.pool.ntp.org
server 3.north-america.pool.ntp.org
EOF

And add these lines to the /etc/ntp/steptickers file:

# cat >> /etc/ntp/step-tickers <<EOF
0.north-america.pool.ntp.org
1.north-america.pool.ntp.org
2.north-america.pool.ntp.org
3.north-america.pool.ntp.org
EOF

After adding the lines to these files, we need to restart restart the NTP daemon:

# service ntpd restart
Shutting down ntpd:                                        [FAILED]
Starting ntpd:                                             [  OK  ]

That should be enough to get our machine to begin syncing with these servers.  It can take 5 minutes or so for the NTP daemon to sync.  Wait 5-10 minutes and then verify that it took.  You can check by running the date command and verifying that it is correct:

# date
Tue Oct  8 16:16:10 MDT 2013

You can also run the ntpdate command against the pool that you choose:

# ntpdate -db 0.north-america.pool.ntp.org
8 Oct 16:19:30 ntpdate[31940]: ntpdate 4.2.4p8@1.1612-o Fri Feb 22 11:23:28 UTC 2013 (1)
Looking for host 0.north-america.pool.ntp.org and service ntp
host found : web1.amdgtechnology.net
transmit(50.97.210.169)
receive(50.97.210.169)
server 50.97.210.169, port 123
stratum 2, precision -23, leap 00, trust 000
refid [50.97.210.169], delay 0.02785, dispersion 0.00000
transmitted 4, in filter 4
reference time:    d5feff90.6bc3aaf4  Tue, Oct  8 2013 16:02:56.420
originate timestamp: d5ff0373.4db562e3  Tue, Oct  8 2013 16:19:31.303
transmit timestamp:  d5ff0373.4da5e00e  Tue, Oct  8 2013 16:19:31.303
filter delay:  0.02795  0.02785  0.02788  0.02791
0.00000  0.00000  0.00000  0.00000
filter offset: -0.00091 -0.00093 -0.00094 -0.00093
0.000000 0.000000 0.000000 0.000000
delay 0.02785, dispersion 0.00000
offset -0.000939

You can see that the offset is now a very microscopic portion of a second difference between my machine’s time and the NTP server at ntp.org.

Troubleshooting NTP

If your server doesn’t ever sync up with the NTP server pool, there are some things you can do to try to identify the problem.  Often the problem is due to a firewall on the server.  You can try shutting down the firewall for a moment and seeing if it works.  Verify that you don’t have any typographical errors in the files that we edited.  You will also want to verify that your DNS is working fine and that the machine can resolve the hostnames of the NTP servers.

Checking that Your Server Recognizes its Config

Frequently, you think that you’ve done everything above correctly and you just want to verify that it read the /etc/ntp.conf correctly.  You can verify this by using the ntpdc command.  ntpdc will tell you how your ntp service is configured including telling you which machine it is configured to contact for ntp updates.

# ntpdc -l   ( -l parameter lists all of the peers known to the server. )
client clock1.albyny.inoc.net
client bitdonut.co
client ntp2.h.vporn.com
client x.ns.gin.ntt.net

# ntpdc -p    ( -p prints a lists of known peers as well as a summary of their state. )
     remote           local      st poll reach  delay   offset    disp
=======================================================================
*clock1.albyny.i 192.241.213.28   1 1024  377 0.08350 -0.003566 0.13672
=bitdonut.co     192.241.213.28   3 1024  377 0.06804 -0.008990 0.12183
=ntp2.h.vporn.co 192.241.213.28   2 1024  377 0.05376 -0.012095 0.13669
=x.ns.gin.ntt.ne 192.241.213.28   2 1024  377 0.00182 -0.003281 0.13670

Additionally, ntpdc has both a debug and an interactive mode to help you get your hands deep into testing your ntp configuration.

Use Tcpdump to Watch the Traffic

Another good troubleshooting technique is to watch the traffic destined for the typical ntp port (123/tcp) going out from your server.  In the example below, I installed tcpdump and then ran it and was able to see my machine query ntp servers and then receive responses back from those servers:

# tcpdump dst port 123
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
22:05:39.654502 IP myserver.ntp > 199.30.140.74.ntp: NTPv4, Client, length 48  <– NTP query
22:05:39.663888 IP 199.30.140.74.ntp > myserver.ntp: NTPv4, Server, length 48  <– NTP response
22:05:40.655047 IP myserver.ntp > services.quadranet.com.ntp: NTPv4, Client, length 48<– NTP query
22:05:40.664994 IP services.quadranet.com.ntp > myserver.ntp: NTPv4, Server, length 48<– NTP response
The following two tabs change content below.
Jeff has 20 years of professional IT experience, having done nearly everything in his roles of IT consultant, Systems Integrator, Systems Engineer, CNOC Engineer, Systems Administrator, Network Systems Administrator, and IT Director. If there is one thing he knows for sure, it is that there is always a simple answer to every IT problem and that downtime begins with complexity. Seasoned IT professional by day, Jeff hopes to help other IT professionals by blogging about his experiences at night on his blog: http://uptimemadeeasy.com. You can find Jeff on or LinkedIn at: LinkedIn or Twitter at: Twitter

Latest posts by Jeff Staten (see all)

Leave a Reply

Your email address will not be published. Required fields are marked *