In this article we will learn what the Network Time protocol (NTP) is and how to install it on the two Linux distributions most commonly used on Liquid Web’s servers. We will be focusing on using CentOS 7 and Ubuntu 18.04 servers, but the process is largely the same on other recent versions of each. Before we start, make sure we are familiar with using SSH (Secure Shell) as we’ll need it to connect to the server. Here’s a link to one of our articles on the basics of SSH if you are unfamiliar with its usage.
We’ll be connecting to the server as the root user to simplify things. If you are not comfortable in the terminal, you may want to employ a user account that has sudo privileges. The commands we’ll go through will be the same, but you will need to prepend the commands with the sudo command. If you intend to modify the configuration files, you may also need some familiarity with a command line based text editor, such as nano or vim. Here is an article which can explain this more in detail.
We’ll go through the CentOS installation in a bit more detail and explain some concepts along the way, then just show a similar installation on Ubuntu.
What is NTP?
Its name is fairly self-explanatory — the Network Time Protocol is a protocol used to synchronize internal clock times on computers in a network. This applies to synchronizing clock times with a server on the Internet, as well as synchronizing machines on a local network. It’s typically used in a client-server configuration, but also supports peer-to-peer time synchronization. NTP is used to sync to Coordinated Universal Time (UTC), while timezone management is handled by the operating system. Keeping correct time is particularly important for logging, networking, and even more so on clustered and distributed computer systems.
Now, we can’t really install a protocol but what we will actually be installing is the NTP daemon, or ntpd. Daemons are operating system programs that run in the background without needing any intervention. While computers are very intelligent, they are still just machines which are subject to small fluctuations in the electronic components. This can cause a time drift . A time drift is a small inconsistency in timekeeping. The NTP daemon will handle clock time syncing automatically by querying an NTP server at regular time intervals to correct those discrepancies.
Installing and Configuring NTP on CentOS 7
CentOS comes with an alternative implementation of the Network Time Protocol right out of the box, called chrony. It expands upon ntpd’s functionality somewhat, but ntpd may still be preferred in some instances.
In order to set up ntpd, (network protocol time daemon) we’ll first need to disable the chrony daemon. This is needed as both daemons use the same protocol and port, so they cannot work together. We’ll do so with the following commands: systemctl stop chronyd and systemctl disable chrony commands:
[root@CentOS ~]# systemctl stop chronyd [root@CentOS ~]# systemctl disable chronyd Removed symlink /etc/systemd/system/multi-user.target.wants/chronyd.service.
Keep in mind that if we are not logged in as the root user, we will need to run these commands as a user with sudo privileges. As an example, we’ll check the chronyd service status while logged in as an alternative user with sudo privileges.
[user@host ~]$ sudo systemctl status chronyd ● chronyd.service - NTP client/server Loaded: loaded (/usr/lib/systemd/system/chronyd.service; disabled; vendor preset: enabled) Active: inactive (dead) Docs: man:chronyd(8) man:chrony.conf(5) [...]
Installations on CentOS and other RedHat based distributions are typically best handled best using the yum tool. We’ll be using the yum install -y command. The -y flag is used to auto-confirm on any prompts.
[root@CentOS ~]# yum install -y ntp
Yum automatically handles dependencies for us, so any missing packages that ntpd needs to run will be installed as well. We should see something similar to this at the end of the command output.
Installed: ntp.x86_64 0:4.2.6p5-29.el7.centos Dependency Installed: autogen-libopts.x86_64 0:5.18-5.el7 ntpdate.x86_64 0:4.2.6p5-29.el7.centos Complete!
Don’t worry if it doesn’t install any dependencies as this simply means we already had all the prerequisites installed.
Configuring ntpd and Checking the Firewall
We can leave the ntpd configuration as is, or we can change which timeservers our ntpd service will query. Generally we will want to use a timeserver that is close to either our location or the servers’ location. The ntp pool project is a good place to begin learning more about this topic.
To make the change, we will need to open the /etc/ntpd.conf file with our preferred CLI text editor (Nano or Vim) and edit the following lines.
server 0.centos.pool.ntp.org iburst server 1.centos.pool.ntp.org iburst server 2.centos.pool.ntp.org iburst server 3.centos.pool.ntp.org iburst
For the purposes of this article, we’ll be using the default timeservers noted above.
For ntpd to be able to sync time effectively, it needs to be able to communicate with an external network resource in order to synchronize with authoritative NTP servers. What this means is that we must ensure that port 123 is open for outbound UDP traffic. The port only needs to be open for inbound traffic if our server is going to be configured as a timeserver.
The majority of our CentOS cPanel and Plesk servers come with csf firewall. There are other firewalls in use so these steps may differ depending on which firewall is installed on our system. To check if port 123 is open we can run the following command.
[root@CentOS ~]# grep UDP_ /etc/csf/csf.conf UDP_IN = “20,21,53” UDP_OUT = “20,21,53,113,123,873,6277”
Or, if firewalld is running, we can use this command.
[root@host ~]# firewall-cmd --list-ports | grep -i udp 20/udp 21/udp 123/udp [root@host ~]#
The output may not be the same for everyone, but as long as that port 123 is listed in the UDP_OUT section we should be fine. If the port is missing, we will need to add the port in the csf.conf file using a text editor or via WHM and then reload the firewall rules with the csf -r command. Also, if using firewalld and the port is not open, we can also run this command to open the port.
[root@host ~]# firewall-cmd --zone=public --add-port=123/udp --permanent
We’re almost ready! The last thing we need to do is select a timezone. As we previously learned, ntpd doesn’t actually keep track of our local time, it only syncs to UTC. The operating system’s clock needs to be configured to use the desired timezone. We can check the current time, date and timezone using the timedatectl command.
[root@host ~]# timedatectl Local time: Thu 2020-03-12 15:43:55 EDT Universal time: Thu 2020-03-12 19:43:55 UTC RTC time: Thu 2020-03-12 19:43:56 Time zone: America/New_York (EDT, -0400) NTP enabled: no NTP synchronized: no RTC in local TZ: no DST active: yes Last DST change: DST began at Sun 2020-03-08 01:59:59 EST Sun 2020-03-08 03:00:00 EDT Next DST change: DST ends (the clock jumps one hour backwards) at Sun 2020-11-01 01:59:59 EDT Sun 2020-11-01 01:00:00 EST [root@host ~]#
Let’s look for our timezone. The list of available ones is huge, so it’s best to use the following command to search for a major city in our timezone. Just copy the command and replace the city name and it should give us the name of the timezone.
[root@host ~]# timedatectl list-timezones | grep Detroit America/Detroit [root@host ~]#
To set the listed timezone, we need to issue this command.
[root@host ~]# timedatectl set-timezone America/Detroit [root@host ~]#
Of course, we should use the timezone name we received from the output in the previous command for our server.
Now that we’ve done all the prep work, lets go ahead and activate the ntpd service. The systemctl start ntpd command will start the ntp daemon for this session. The systemctl enable ntpd command tells the operating system to start it every time the computer boots up.
[root@host ~]# systemctl start ntpd [root@host ~]# systemctl enable ntpd Created symlink from /etc/systemd/system/multi-user.target.wants/ntpd.service to /usr/lib/systemd/system/ntpd.service.
We can confirm the service is running using the systemctl status ntpd command.
[root@host ~]# systemctl status ntpd ● ntpd.service - Network Time Service Loaded: loaded (/usr/lib/systemd/system/ntpd.service; enabled; vendor preset: disabled) Active: active (running) since Mon 2020-03-12 19:03:45 EDT; 2min 49s ago Main PID: 23029 (ntpd) CGroup: /system.slice/ntpd.service └─23029 /usr/sbin/ntpd -u ntp:ntp -g [...]
And that’s it, we’re up and running! It will take some time for it to fully sync due to how NTP functions, but no further action is needed.
Installing and Configuring NTP on Ubuntu
Installing and configuring NTP on Ubuntu is very similar to installing it on CentOS. If you have come to this article just for this section and find something that is unclear, check the previous section above as it may be explained in further detail there.
Ubuntu also has an alternative implementation of NTP in the form of the systemd-timesyncd module. This isn’t exclusive to Ubuntu, but it is typically enabled on Ubuntu by default.
First we will check if timesyncd is active using the timedatectl command.
[root@host ~]# timedatectl Local time: Mon 2020-03-09 23:44:50 UTC Universal time: Mon 2020-03-09 23:44:50 UTC RTC time: Mon 2020-03-09 23:44:50 Time zone: UTC (UTC, +0000) System clock synchronized: yes systemd-timesyncd.service active: yes RTC in local TZ: no root@ubuntu1804:~#
If we see the system clock is synchronized and the systemd-timesyncd.service active lines return a “yes”, that means the system is currently syncing to a timeserver using timesyncd. Just as ntpd cannot run alongside chrony on CentOS, it is also unable to run alongside timesyncd on Ubuntu. We’ll disable timesyncd with the following command.
[root@host ~]# timedatectl set-ntp no
If we run timedatectl again, we’ll see a difference at the bottom of the output.
System clock synchronized: yes systemd-timesyncd.service active: no RTC in local TZ: no
Systemd-timesyncd.service active is now returning “no”, meaning timesyncd has been disabled.
On Ubuntu, we usually don’t need to check the firewall settings since its firewall defaults to allowing outbound connections. This is especially true if timesyncd was already working correctly. However, in case it was not enabled, we can easily allow ntpd to communicate with the authoritative time servers. Running this command will set it up to behavior as in the previous installation.
[root@host ~]# ufw allow out 123/udp
If our server will be used as a timeserver, we will need to allow both inbound and outbound connections to port 123, which is very similar to the command above.
[root@host ~]# ufw allow 123/udp
Ubuntu and other Debian based Linux distributions primarily use the apt (or apt-get) tool to install and manage packages. So, the first thing we need to do is update our package lists using the apt update command. This ensures we’re getting the most recent versions of the software we are looking to install.
[root@host ~]# apt update [...] Reading package lists... Done Building dependency tree Reading state information... Done 88 packages can be upgraded. Run 'apt list --upgradable' to see them.
Now we can install the ntp package. We’ll use the -y flag again to auto-confirm any interactive prompts. We will see that apt automatically manages installing dependencies just like yum.
[root@host ~]# apt install -y ntp Reading package lists... Done Building dependency tree Reading state information... Done [...] The following additional packages will be installed: libopts25 sntp Suggested packages: ntp-doc The following NEW packages will be installed: libopts25 ntp sntp [...]
A minor difference is that apt will start and enable the ntpd service immediately after the installation.
[root@host ~]# systemctl status ntp ● ntp.service - Network Time Service Loaded: loaded (/lib/systemd/system/ntp.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2020-03-10 00:29:09 UTC; 3min 56s ago Docs: man:ntpd(8) Main PID: 15183 (ntpd) Tasks: 2 (limit: 2317) CGroup: /system.slice/ntp.service └─15183 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 111:118 [...]
After ntp has been set up and activated we can check ntpd’s connections to other time servers using the ntpq -p command.
[root@host ~]# ntpq -p remote refid st t when poll reach delay offset jitter ======================================================================== 0.ubuntu.pool.n .POOL. 16 p - 64 0 0.000 0.000 0.000 1.ubuntu.pool.n .POOL. 16 p - 64 0 0.000 0.000 0.000 2.ubuntu.pool.n .POOL. 16 p - 64 0 0.000 0.000 0.000 3.ubuntu.pool.n .POOL. 16 p - 64 0 0.000 0.000 0.000 ntp.ubuntu.com .POOL. 16 p - 64 0 0.000 0.000 0.000 [...]
We can make changes to the ntp servers and change our server’s timezone the same way as described in the CentOS segment above, the difference being that the ntp configuration file is located at /etc/ntp.conf on Ubuntu.
On both distributions, make sure to reload the ntpd service because any changes to the config file while the service is running will need to be saved or the settings will not take effect. We can also reload the service using the systemctl reload ntp command.
In case we ever need to manually initialize a ntp sync, we can do so in three simple steps. This works on both distributions.
Step 1. Stop the ntpd service.
[root@host ~]# systemctl stop ntpd
Step 2. Run the ntpd -gq command to force a manual time sync.
[root@host ~]# ntpd -gq ntpd: time slew +0.001347s
Step 3. Restart the ntpd service.
[root@host ~]# systemctl start ntpd
If you are experiencing any problems or have any questions about this topic, give us a call today at 800.580.4985, or open a chat or ticket with us to speak with one of our knowledgeable Systems Administrators!