Difference between revisions of "Network Time Protocol"

From Christoph's Personal Wiki
Jump to: navigation, search
(Install and configure ntpd on CentOS)
Line 67: Line 67:
 
* Use <code>[[tcpdump]]</code> to watch the NTP traffic:
 
* Use <code>[[tcpdump]]</code> to watch the NTP traffic:
 
  $ tcpdump dst port 123
 
  $ tcpdump dst port 123
 +
 +
* Add [[iptables]] rules (note: NTP uses UDP port 123 to conduct its business, either connecting out to another NTP server or accepting incoming connections. If you have iptables filtering incoming traffic on the main NTP server in your cluster, then you will need to open port 123 to UDP traffic to allow the other servers to connect to it. You can open port 123 for UDP traffic with the following iptables arguments):
 +
 +
-I INPUT -p udp --dport 123 -j ACCEPT
 +
-I OUTPUT -p udp --sport 123 -j ACCEPT
  
 
==External links==
 
==External links==

Revision as of 13:04, 7 October 2014

Network Time Protocol (NTP) is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks.

Install and configure ntpd on CentOS

  • Install the necessary packages:
$ yum install ntp ntpdate ntp-doc
  • Turn on the ntpd service persistently:
$ chkconfig ntpd on
  • Synchronize the system clock with 0.pool.ntp.org server:
$ ntpdate pool.ntp.org
  • Start the NTP server. The following will continuously adjusts system time from upstream NTP server (i.e., o need to run ntpdate):
$ /etc/init.d/ntpd start
$ #~OR~
$ service ntpd start
$ for i in africa asia europe north-america south-america; do \
  curl -s http://www.pool.ntp.org/zone/$i|sed -n -e '/<pre>/,/<\/pre>/p'|sed -e 's/<[^>]*>//g'; done
server 0.africa.pool.ntp.org
server 1.africa.pool.ntp.org
server 2.africa.pool.ntp.org
server 3.africa.pool.ntp.org

server 0.asia.pool.ntp.org
server 1.asia.pool.ntp.org
server 2.asia.pool.ntp.org
server 3.asia.pool.ntp.org

server 0.europe.pool.ntp.org
server 1.europe.pool.ntp.org
server 2.europe.pool.ntp.org
server 3.europe.pool.ntp.org

server 0.north-america.pool.ntp.org
server 1.north-america.pool.ntp.org
server 2.north-america.pool.ntp.org
server 3.north-america.pool.ntp.org

server 0.south-america.pool.ntp.org
server 1.south-america.pool.ntp.org
server 2.south-america.pool.ntp.org
server 3.south-america.pool.ntp.org
  • Since I am in North America, I will add the lines above for North America to the following two files:
$ cat >> /etc/ntp.conf <<EOF
server 0.north-america.pool.ntp.org
server 1.north-america.pool.ntp.org
server 2.north-america.pool.ntp.org
server 3.north-america.pool.ntp.org
EOF
$ cat >> /etc/ntp/step-tickers <<EOF
0.north-america.pool.ntp.org
1.north-america.pool.ntp.org
2.north-america.pool.ntp.org
3.north-america.pool.ntp.org
EOF
  • Finally, restart the NTP daemon:
$ service ntpd restart
  • You can also list out your server pools and get details with the following:
$ ntpdc -l
$ ntpdc -p
  • Use tcpdump to watch the NTP traffic:
$ tcpdump dst port 123
  • Add iptables rules (note: NTP uses UDP port 123 to conduct its business, either connecting out to another NTP server or accepting incoming connections. If you have iptables filtering incoming traffic on the main NTP server in your cluster, then you will need to open port 123 to UDP traffic to allow the other servers to connect to it. You can open port 123 for UDP traffic with the following iptables arguments):
-I INPUT -p udp --dport 123 -j ACCEPT
-I OUTPUT -p udp --sport 123 -j ACCEPT

External links