This article provides an introduction to Network Time Protocol (NTP) configuration on Linux, with specific reference to the information needed for the RHCE EX300 certification exam.
Remember, the exams are hands-on, so it doesn't matter which method you use to achieve the result, so long as the end product is correct.
The NTP service is installed from a Yum repository using the following command.
# yum install ntp
Turn on the NTP service and make sure it starts automatically on reboot.
# service ntpd start # chkconfig ntpd on
The NTP service is configured using the "/etc/ntp.conf" file. Configuration changes have to be followed by a restart of the NTP service.
# service ntpd restart
There are no specific firewall settings necessary for NTP clients, since they are simply accessing the NTP server, but an NTP server must have the UDP port 123 open. This can be achieved by adding the following entry to the type of firewall script described here.
# Open port for NTP server. iptables -A INPUT -p udp --dport 123 -j ACCEPT
There are no SELinux requirements for NTP.
Installing and starting the NTP service is enough to keep the system time synchronized provided the machine has access to the internet. By default, the "/etc/ntp.conf" file lists the following servers from the pool.ntp.org project.
server 0.rhel.pool.ntp.org server 1.rhel.pool.ntp.org server 2.rhel.pool.ntp.org
If you prefer to use an NTP server on your local network, you can change these entries to point to the local server instead.
servers my-ntp-server.localdomain iburst
The optional "iburst" parameter tells the NTP service to speed up the initial time synchronization.
Remember to restart the service.
# service ntpd restart
The setup of the NTP server is actually the same as the client. The NTP server should have access to some external NTP servers, for example the default servers from the pool.ntp.org project, to make sure it stays in sync. This means it needs access to the internet.
By default the NTP service only allows unrestricted access from "localhost". To allow other machines in the network to synchronize with this server you need to open up query access to your network. This is done by adding a "restrict" entry into the "/etc/ntp.conf" file. The file contains an example entry you can adjust to suit your requirements.
# Hosts on local network are less restricted. restrict 192.168.0.0 mask 255.255.255.0 nomodify notrap
After restarting the NTP service, the server will be enabled as an NTP server on your network, allowing clients without access to the internet to keep their time synchronized.
# service ntpd restart
The "ntpdate -q
" command allows you to query a specific NTP server. Using this from another machine on your network allows you to test the NTP server is configured correctly and accessible.
# ntpdate -q my-ntp-server.localdomain server 192.168.0.4, stratum 3, offset -0.014975, delay 0.02579 27 Dec 23:17:14 ntpdate[2675]: adjust time server 192.168.0.4 offset -0.014975 sec #
The "ntpdate [-u]
" command can be used to perform a one-off update of the system time on the local machine.
# ntpdate -u my-ntp-server.localdomain 27 Dec 23:27:07 ntpdate[2699]: adjust time server 192.168.0.4 offset 0.002777 sec #
The "-u" option tells the command to use an unprivileged port. Without it you may get the following error.
# ntpdate my-ntp-server.localdomain 27 Dec 23:29:27 ntpdate[2726]: the NTP socket is in use, exiting #
As mentioned previously, there are no specific security requirements for NTP clients.
Access to NTP servers is controlled using the "restrict" entries in the "/etc/ntp.conf" file and the Linux firewall.
This section is not related to the RHCE exam, but it is relevant to Oracle DBAs.
When you are using Oracle RAC you have to make a decision whether to configure NTP, or make sure it is not configured so the Oracle Cluster Time Synchronization Service (ctssd) can synchronize the times of the RAC nodes. To deconfigure NTP, do the following.
# service ntpd stop Shutting down ntpd: [ OK ] # chkconfig ntpd off # mv /etc/ntp.conf /etc/ntp.conf.org # rm /var/run/ntpd.pid
If you wish to use NTP, you must add the "-x" option into the following line in the "/etc/sysconfig/ntpd" file.
OPTIONS="-x -u ntp:ntp -p /var/run/ntpd.pid"
Then restart NTP.
# service ntpd restart
For more information see:
Hope this helps. Regards Tim...
Back to normal view: https://oracle-base.com/articles/linux/linux-ntp-configuration