Wise people learn when they can; fools learn when they must - Arthur Wellesley

Sunday, 9 February 2020

LINUX(48)- NETWORK TIME PROTOCOL (NTP) -2



               LINUX(48)- NETWORK TIME PROTOCOL (NTP) -2

We learned about the basics of NTP, now it’s time for configuration.

Here I used RHEL-6 as NTP server for my network and RHEL-7 as client.

The daemon “ntpd” is responsible for ntp service. Whenever the system/service starts the ntpd reads its configuration file /etc/ntp.conf

But before that we need ntp package to be installed on our system.

Check whether it is installed or not,


[root@rhel6-server2 ~]# rpm -qa |grep -i ntp

If not then,

[root@rhel6-server2 ~]# yum install ntp


[root@rhel6-server2 ~]# rpm -qa |grep -i ntp
fontpackages-filesystem-1.41-1.1.el6.noarch
ntpdate-4.2.4p8-3.el6.x86_64
ntp-4.2.4p8-3.el6.x86_64

Now we can configure our system to operate in two modes, either NTP server or NTP client.

NTP SERVER:

First go to https://www.pool.ntp.org/en/
Choose continent then country for list of active NTP servers.



Make a copy of ntp.conf

[root@rhel6-server2 ~]# cp /etc/ntp.conf /etc/ntp.conf-5JAN20

Before proceeding, I changed the time of system.

[root@rhel6-server2 ~]# date
Sun Jan  5 15:17:21 IST 2020

[root@rhel6-server2 ~]# date +%T -s "13:14:00"
13:14:00

[root@rhel6-server2 ~]# service ntpd status
ntpd is stopped
[root@rhel6-server2 ~]# service ntpd start
Starting ntpd:                                   [  OK  ]
[root@rhel6-server2 ~]# date
Sun Jan  5 13:15:22 IST 2020

Time is still 1PM. Let’s configure this as NTP server.

[root@rhel6-server2 ~]# vi /etc/ntp.conf




I added lines boxed blue, and commented the box green.

What is first blue boxed line?
è Here I am allowing only my subnet (192.168.135.0/24) systems to become client of this server and synchronize with it. The nomodify notrap arguments suggest that the would-be clients are not allowed to configure the server or be used as peers for time sync.

What is done inside green box?
è Commented the previously configured ntp servers.

What is inside bottom blue box?
è New ntp servers address

Now restart the ntpd service,

[root@rhel6-server2 ~]# service ntpd restart
Shutting down ntpd:                                        [  OK  ]
Starting ntpd:                                             [  OK  ]

[root@rhel6-server2 ~]# date
Sun Jan  5 15:29:05 IST 2020

Now the time is synced, but with whom?

[root@rhel6-server2 ~]# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 static.238.6.69 212.224.71.212   2 u   17   64    1  171.022  -29.878   0.000
 173.249.41.242  17.253.54.251    2 u   16   64    1  427.464  -125.86   0.000
 mail.deva-ayurv 79.143.250.152   2 u   15   64    1  708.030   75.734   0.000
 static.137.200. 17.253.38.125    2 u   14   64    1  333.483  -95.206   0.000

[root@rhel6-server2 ~]# ntpdc -c sysinfo
system peer:          0.0.0.0
system peer mode:     unspec
leap indicator:       11
stratum:              16
precision:            -23
root distance:        0.00000 s
root dispersion:      0.00259 s
reference ID:         [73.78.73.84]
reference time:       00000000.00000000  Thu, Feb  7 2036 11:58:16.000
system flags:         auth monitor ntp kernel stats
jitter:               0.000000 s
stability:            0.000 ppm
broadcastdelay:       0.003998 s
authdelay:            0.000000 s

here also no proper info, lets sync it with NTP server.

[root@rhel6-server2 ~]# ntpdate -q 0.in.pool.ntp.org 1.in.pool.ntp.org
server 104.211.91.130, stratum 2, offset -0.007410, delay 0.09711
server 5.103.139.163, stratum 1, offset -0.033369, delay 0.19672
server 139.59.55.93, stratum 2, offset -0.021645, delay 0.10791
server 13.235.109.195, stratum 3, offset 0.041943, delay 0.27083
server 162.159.200.123, stratum 3, offset -0.021845, delay 0.07823
server 162.159.200.1, stratum 3, offset -0.026035, delay 0.07291
server 45.86.70.11, stratum 2, offset -0.027460, delay 0.29431
server 173.249.41.242, stratum 2, offset -0.023087, delay 0.19649
 5 Jan 15:30:38 ntpdate[18965]: adjust time server 5.103.139.163 offset -0.033369 sec

Wait for some time,

[root@rhel6-server2 ~]# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*static.238.6.69 17.253.54.123    2 u   99   64  336  333.994  -26.757  59.687
+173.249.41.242  17.253.54.123    2 u  106   64  336  553.371  -12.467  88.047
+mail.deva-ayurv 194.58.202.20    2 u  102   64  336  420.340  -71.713  77.905
+static.137.200. 17.253.38.125    2 u   32   64  377  213.654  -25.465  55.791

[root@rhel6-server2 ~]# ntpdc -c sysinfo
system peer:          static.238.6.69.159.clients.your-server.de
system peer mode:     client
leap indicator:       00
stratum:              3
precision:            -23
root distance:        0.19943 s
root dispersion:      0.56247 s
reference ID:         [159.69.6.238]
reference time:       e1bc32ee.eb3de16b  Sun, Jan  5 2020 15:33:26.918
system flags:         auth monitor ntp kernel stats
jitter:               0.059540 s
stability:            0.000 ppm
broadcastdelay:       0.003998 s
authdelay:            0.000000 s

[root@rhel6-server2 ~]# ntpstat
synchronised to NTP server (51.158.186.98) at stratum 3
   time correct to within 70 ms
   polling server every 64 s

Now server is configured as NTP server.

NTP CLIENT:

First change the time,

[root@rhel7-server ~]# date
Sun Jan  5 16:13:33 IST 2020
[root@rhel7-server ~]# date +%T -s "13:14:00"
13:14:00
[root@rhel7-server ~]# date
Sun Jan  5 13:14:02 IST 2020

[root@rhel7-server ~]# systemctl status ntpd
ntpd.service
   Loaded: not-found (Reason: No such file or directory)
   Active: inactive (dead)

[root@rhel7-server ~]# systemctl start ntpd
Failed to issue method call: Unit ntpd.service failed to load: No such file or directory.

Its not available, we need to install. [RHEL 7 having default chronyd service for time sync. But we will go with conventional ntpd for now. Consider both ntpd & chronyd should not run at a time]

[root@rhel7-server ~]# systemctl stop chronyd
[root@rhel7-server ~]# systemctl disable chronyd
rm '/etc/systemd/system/multi-user.target.wants/chronyd.service'

[root@rhel7-server yum.repos.d]# yum install ntp

[root@rhel7-server yum.repos.d]# systemctl start ntpd

[root@rhel7-server ~]# vi /etc/ntp.conf



Here blue boxed are previous entries which are commented, and red box is new entry of NTP server.

iburst: For each NTP server, we can optionally specify the NTP iburst mode for faster clock synchronization. The iburst mode sends up ten queries within the first minute to the NTP server. (When iburst mode is not enabled, only one query is sent within the first minute to the NTP server.)

[root@rhel7-server yum.repos.d]# systemctl status ntpd
ntpd.service - Network Time Service
   Loaded: loaded (/usr/lib/systemd/system/ntpd.service; disabled)
   Active: active (running) since Sun 2020-01-05 13:19:06 IST; 2s ago
  Process: 43160 ExecStart=/usr/sbin/ntpd -u ntp:ntp $OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 43161 (ntpd)
   CGroup: /system.slice/ntpd.service
           ├─43161 /usr/sbin/ntpd -u ntp:ntp -g
           └─43166 /usr/sbin/ntpd -u ntp:ntp -g

Jan 05 13:19:06 rhel7-server ntpd[43161]: Deferring DNS for 2.rhel.pool.ntp.org 1
Jan 05 13:19:06 rhel7-server ntpd[43161]: Deferring DNS for 3.rhel.pool.ntp.org 1
Jan 05 13:19:06 rhel7-server ntpd[43161]: 0.0.0.0 c016 06 restart
Jan 05 13:19:06 rhel7-server ntpd[43161]: 0.0.0.0 c012 02 freq_set kernel 0.000 PPM
Jan 05 13:19:06 rhel7-server ntpd[43161]: 0.0.0.0 c011 01 freq_not_set
Jan 05 13:19:06 rhel7-server ntpd[43166]: signal_no_reset: signal 17 had flags 4000000
Jan 05 13:19:08 rhel7-server ntpd_intres[43166]: host name not found: 0.rhel.pool.ntp.org
Jan 05 13:19:08 rhel7-server ntpd_intres[43166]: host name not found: 1.rhel.pool.ntp.org
Jan 05 13:19:08 rhel7-server ntpd_intres[43166]: host name not found: 2.rhel.pool.ntp.org
Jan 05 13:19:08 rhel7-server ntpd_intres[43166]: host name not found: 3.rhel.pool.ntp.org

[root@rhel7-server ~]# cp /etc/ntp.conf /etc/ntp.conf-5JAN20

[root@rhel7-server yum.repos.d]# ntpq -p
No association ID's returned

What is this? ☹☹

[root@rhel7-server yum.repos.d]# ntpdc -c sysinfo
system peer:          0.0.0.0
system peer mode:     unspec
leap indicator:       11
stratum:              16
precision:            -24
root distance:        0.00000 s
root dispersion:      0.00372 s
reference ID:         [73.78.73.84]
reference time:       00000000.00000000  Mon, Jan  1 1900  5:53:20.000
system flags:         auth ntp kernel stats
jitter:               0.000000 s
stability:            0.000 ppm
broadcastdelay:       0.000000 s
authdelay:            0.000000 s

let’s check whether the service is running or not,

[root@rhel7-server ~]# ps -ef | grep -i ntp
ntp       43161      1  0 13:19 ?        00:00:00 /usr/sbin/ntpd -u ntp:ntp -g
root      43166  43161  0 13:19 ?        00:00:00 /usr/sbin/ntpd -u ntp:ntp -g
root      43336  42706  0 13:27 pts/3    00:00:00 grep --color=auto -i ntp

Now NTP server is reachable or not,

[root@rhel7-server ~]# ping 192.168.135.133
PING 192.168.135.133 (192.168.135.133) 56(84) bytes of data.
64 bytes from 192.168.135.133: icmp_seq=1 ttl=64 time=1.85 ms
64 bytes from 192.168.135.133: icmp_seq=2 ttl=64 time=0.908 ms
^C
--- 192.168.135.133 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.908/1.383/1.859/0.476 ms

[root@rhel7-server ~]# systemctl restart ntpd

[root@rhel7-server ~]# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 192.168.135.133 .INIT.          16 u    -   64    0    0.000    0.000   0.000

[root@rhel7-server ~]# date
Sun Jan  5 13:40:54 IST 2020

It’s RHEL 7 and firewall on by default so added rule.

[root@rhel7-server ~]# firewall-cmd --add-service=ntp --permanent
success
[root@rhel7-server ~]# firewall-cmd --reload
success
[root@rhel7-server ~]# systemctl restart ntpd

[root@rhel7-server ~]# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 192.168.135.133 .INIT.          16 u   30   64    0    0.000    0.000   0.000

Nothing happened,

[root@rhel7-server ~]# ntpdate -u 192.168.135.133
 5 Jan 13:49:06 ntpdate[44438]: no server suitable for synchronization found

Check the port 123 status at server,

[root@rhel7-server ~]# nmap -p123 -sU -P0 localhost

Starting Nmap 6.40 ( http://nmap.org ) at 2020-01-05 16:52 IST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00017s latency).
Other addresses for localhost (not scanned): 127.0.0.1
PORT    STATE SERVICE
123/udp open  ntp

Nmap done: 1 IP address (1 host up) scanned in 1.12 seconds

It’s open.

[root@rhel7-server ~]# ntpdate -dv 192.168.135.133
 5 Jan 16:53:26 ntpdate[44524]: ntpdate 4.2.6p5@1.2349-o Tue Feb 11 17:21:40 UTC 2014 (1)
Looking for host 192.168.135.133 and service ntp
host found : 192.168.135.133
transmit(192.168.135.133)
receive(192.168.135.133)
transmit(192.168.135.133)
receive(192.168.135.133)
transmit(192.168.135.133)
receive(192.168.135.133)
transmit(192.168.135.133)
receive(192.168.135.133)
server 192.168.135.133, port 123
stratum 3, precision -23, leap 00, trust 000
refid [192.168.135.133], delay 0.02652, dispersion 0.00017
transmitted 4, in filter 4
reference time:    e1bc4569.7a7578da  Sun, Jan  5 2020 16:52:17.478
originate timestamp: e1bc45b5.09951f21  Sun, Jan  5 2020 16:53:33.037
transmit timestamp:  e1bc45b5.087e09f9  Sun, Jan  5 2020 16:53:33.033
filter delay:  0.02676  0.02652  0.02711  0.02655
         0.00000  0.00000  0.00000  0.00000
filter offset: 0.003354 0.003306 0.003361 0.003639
         0.000000 0.000000 0.000000 0.000000
delay 0.02652, dispersion 0.00017
offset 0.003306

 5 Jan 16:53:33 ntpdate[44524]: adjust time server 192.168.135.133 offset 0.003306 sec

-d
Enable the debugging mode, in which ntpdate will go through all the steps, but not adjust the local clock. Information useful for general debugging will also be printed.
-v
Be verbose. This option will cause ntpdate's version identification string to be logged.

It seems connected now, may be firewall was blocking it to communicate with NTP server.

[root@rhel7-server ~]# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*192.168.135.133 173.249.41.242   3 u   11   64    3    0.780    3.973   3.844

 [root@rhel7-server ~]# timedatectl status
      Local time: Sun 2020-01-05 16:56:44 IST
  Universal time: Sun 2020-01-05 11:26:44 UTC
        RTC time: Sun 2020-01-05 08:24:49
        Timezone: Asia/Kolkata (IST, +0530)
     NTP enabled: yes
NTP synchronized: no
 RTC in local TZ: no
      DST active: n/a


[root@rhel7-server ~]# ntpdc -c sysinfo
system peer:          192.168.135.133
system peer mode:     client
leap indicator:       11
stratum:              4
precision:            -24
root distance:        0.20132 s
root dispersion:      0.19150 s
reference ID:         [192.168.135.133]
reference time:       e1bc470c.3bd392c3  Sun, Jan  5 2020 16:59:16.233
system flags:         auth ntp kernel stats
jitter:               0.000000 s
stability:            0.000 ppm
broadcastdelay:       0.000000 s
authdelay:            0.000000 s

[root@rhel7-server ~]# ntpstat
synchronised to NTP server (192.168.135.133) at stratum 4
   time correct to within 8101 ms
   polling server every 64 s





Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)