Oracle 8i | Oracle 9i | Oracle 10g | Oracle 11g | Oracle 12c | Miscellaneous | PL/SQL | SQL | Oracle RAC | Oracle Apps | Linux

Linux NTP Configuration

This article provides an introduction to Network Time Protocol (NTP) configuration on Linux, with specific reference to the information needed for the RHCE EX300 certification exam.

Remember, the exams are hands-on, so it doesn't matter which method you use to achieve the result, so long as the end product is correct.

Installation

The NTP service is installed from a Yum repository using the following command.

# yum install ntp

Turn on the NTP service and make sure it starts automatically on reboot.

# service ntpd start
# chkconfig ntpd on

The NTP service is configured using the "/etc/ntp.conf" file. Configuration changes have to be followed by a restart of the NTP service.

# service ntpd restart

Firewall

There are no specific firewall settings necessary for NTP clients, since they are simply accessing the NTP server, but an NTP server must have the UDP port 123 open. This can be achieved by adding the following entry to the type of firewall script described here.

# Open port for NTP server.
iptables -A INPUT -p udp --dport 123 -j ACCEPT

SELinux

There are no SELinux requirements for NTP.

Configure NTP Clients

Installing and starting the NTP service is enough to keep the system time synchronized provided the machine has access to the internet. By default, the "/etc/ntp.conf" file lists the following servers from the pool.ntp.org project.

server 0.rhel.pool.ntp.org
server 1.rhel.pool.ntp.org
server 2.rhel.pool.ntp.org

If you prefer to use an NTP server on your local network, you can change these entries to point to the local server instead.

servers my-ntp-server.localdomain iburst

The optional "iburst" parameter tells the NTP service to speed up the initial time synchronization.

Remember to restart the service.

# service ntpd restart

Configure NTP Servers

The setup of the NTP server is actually the same as the client. The NTP server should have access to some external NTP servers, for example the default servers from the pool.ntp.org project, to make sure it stays in sync. This means it needs access to the internet.

By default the NTP service only allows unrestricted access from "localhost". To allow other machines in the network to synchronize with this server you need to open up query access to your network. This is done by adding a "restrict" entry into the "/etc/ntp.conf" file. The file contains an example entry you can adjust to suit your requirements.

# Hosts on local network are less restricted.
restrict 192.168.0.0 mask 255.255.255.0 nomodify notrap

After restarting the NTP service, the server will be enabled as an NTP server on your network, allowing clients without access to the internet to keep their time synchronized.

# service ntpd restart

ntpdate

The "ntpdate -q" command allows you to query a specific NTP server. Using this from another machine on your network allows you to test the NTP server is configured correctly and accessible.

# ntpdate -q my-ntp-server.localdomain
server 192.168.0.4, stratum 3, offset -0.014975, delay 0.02579
27 Dec 23:17:14 ntpdate[2675]: adjust time server 192.168.0.4 offset -0.014975 sec
#

The "ntpdate [-u]" command can be used to perform a one-off update of the system time on the local machine.

# ntpdate -u my-ntp-server.localdomain
27 Dec 23:27:07 ntpdate[2699]: adjust time server 192.168.0.4 offset 0.002777 sec
#

The "-u" option tells the command to use an unprivileged port. Without it you may get the following error.

# ntpdate my-ntp-server.localdomain
27 Dec 23:29:27 ntpdate[2726]: the NTP socket is in use, exiting
#

Security

As mentioned previously, there are no specific security requirements for NTP clients.

Access to NTP servers is controlled using the "restrict" entries in the "/etc/ntp.conf" file and the Linux firewall.

Oracle RAC and NTP

This section is not related to the RHCE exam, but it is relevant to Oracle DBAs.

When you are using Oracle RAC you have to make a decision whether to configure NTP, or make sure it is not configured so the Oracle Cluster Time Synchronization Service (ctssd) can synchronize the times of the RAC nodes. To deconfigure NTP, do the following.

# service ntpd stop
Shutting down ntpd:                                        [  OK  ]
# chkconfig ntpd off
# mv /etc/ntp.conf /etc/ntp.conf.org
# rm /var/run/ntpd.pid

If you wish to use NTP, you must add the "-x" option into the following line in the "/etc/sysconfig/ntpd" file.

OPTIONS="-x -u ntp:ntp -p /var/run/ntpd.pid"

Then restart NTP.

# service ntpd restart

For more information see:

Hope this helps. Regards Tim...

Back to the Top.