NTP (Network Time Protocol)
  Download PDF

1. Overview

WebADM requires an accurate system clock and timezone. Your Linux server should be configured with NTP time synchronization. This guide will show how to install and configure the NTP server. Network Time Protocol traffic runs over port 123 UDP. At RCDevs Hardening Guide are firewall rules examples.

The RCDevs Virtual Appliance uses chrony instead of ntp.

2. Check Installed Packages

2.1 CentOS 7

Please, verify if NTP or Chrony packages are already installed.

[root@centos7-client ~]# yum info ntp
Failed to set locale, defaulting to C
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: mirror.dclux.com
 * extras: mirror.dclux.com
 * updates: mirror.dclux.com
Installed Packages
Name        : ntp
Arch        : x86_64
Version     : 4.2.6p5
Release     : 28.el7.centos
Size        : 1.4 M
Repo        : installed
From repo   : anaconda
Summary     : The NTP daemon and utilities
URL         : http://www.ntp.org
License     : (MIT and BSD and BSD with advertising) and GPLv2
Description : The Network Time Protocol (NTP) is used to synchronize a
            : computer's time with another reference time source. This package
            : includes ntpd (a daemon which continuously adjusts system time)
            : and utilities used to query and configure the ntpd daemon.
            : 
            : Perl scripts ntp-wait and ntptrace are in the ntp-perl package,
            : ntpdate is in the ntpdate package and sntp is in the sntp package.
            : The documentation is in the ntp-doc package.

[root@centos7-client ~]# yum info chrony
Failed to set locale, defaulting to C
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: mirror.dclux.com
 * extras: mirror.dclux.com
 * updates: mirror.dclux.com
Installed Packages
Name        : chrony
Arch        : x86_64
Version     : 3.2
Release     : 2.el7
Size        : 476 k
Repo        : installed
From repo   : anaconda
Summary     : An NTP client/server
URL         : https://chrony.tuxfamily.org
License     : GPLv2
Description : A client/server for the Network Time Protocol, this program keeps
            : your computer's clock accurate. It was specially designed to
            : support systems with intermittent internet connections, but it
            : also works well in permanently connected environments. It can use
            : also hardware reference clocks, system real-time clock or manual
            : input as time references.

[root@centos7-client ~]#

In this example, NTP and Chrony are installed. Only use one service to sync time, therefore, remove one.

[root@centos7-client ~]# yum remove ntp
Failed to set locale, defaulting to C
Loaded plugins: fastestmirror, langpacks
Resolving Dependencies
--> Running transaction check
---> Package ntp.x86_64 0:4.2.6p5-28.el7.centos will be erased
--> Processing Dependency: ntp for package: ipa-client-4.6.4-10.el7.centos.2.x86_64
--> Running transaction check
---> Package ipa-client.x86_64 0:4.6.4-10.el7.centos.2 will be erased
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package         Arch        Version                       Repository      Size
================================================================================
Removing:
 ntp             x86_64      4.2.6p5-28.el7.centos         @anaconda      1.4 M
Removing for dependencies:
 ipa-client      x86_64      4.6.4-10.el7.centos.2         @updates       254 k

Transaction Summary
================================================================================
Remove  1 Package (+1 Dependent package)

Installed size: 1.6 M
Is this ok [y/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Erasing    : ipa-client-4.6.4-10.el7.centos.2.x86_64                      1/2 
  Erasing    : ntp-4.2.6p5-28.el7.centos.x86_64                             2/2 
warning: /etc/ntp.conf saved as /etc/ntp.conf.rpmsave
  Verifying  : ipa-client-4.6.4-10.el7.centos.2.x86_64                      1/2 
  Verifying  : ntp-4.2.6p5-28.el7.centos.x86_64                             2/2 

Removed:
  ntp.x86_64 0:4.2.6p5-28.el7.centos                                            

Dependency Removed:
  ipa-client.x86_64 0:4.6.4-10.el7.centos.2                                     

Complete!
[root@centos7-client ~]#

The NTP service has been removed, verify it.

[root@centos7-client ~]# yum info ntp
Failed tFailed to set locale, defaulting to C
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: mirror.dclux.com
 * extras: mirror.dclux.com
 * updates: mirror.dclux.com
Available Packages
Name        : ntp
Arch        : x86_64
Version     : 4.2.6p5
Release     : 28.el7.centos
Size        : 549 k
Repo        : base/7/x86_64
Summary     : The NTP daemon and utilities
URL         : http://www.ntp.org
License     : (MIT and BSD and BSD with advertising) and GPLv2
Description : The Network Time Protocol (NTP) is used to synchronize a
            : computer's time with another reference time source. This package
            : includes ntpd (a daemon which continuously adjusts system time)
            : and utilities used to query and configure the ntpd daemon.
            : 
            : Perl scripts ntp-wait and ntptrace are in the ntp-perl package,
            : ntpdate is in the ntpdate package and sntp is in the sntp package.
            : The documentation is in the ntp-doc package.

[root@centos7-client ~]# 

2.2 Ubuntu 18.04

Please, verify if NTP or Chrony packages are already installed.

root@ubuntu18-client:/home/ubuntu18-client# apt-cache policy ntp
ntp:
  Installed: 1:4.2.8p10+dfsg-5ubuntu7.1
  Candidate: 1:4.2.8p10+dfsg-5ubuntu7.1
  Version table:
 *** 1:4.2.8p10+dfsg-5ubuntu7.1 500
        500 http://lu.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 Packages
        500 http://security.ubuntu.com/ubuntu bionic-security/universe amd64 Packages
        100 /var/lib/dpkg/status
     1:4.2.8p10+dfsg-5ubuntu7 500
        500 http://lu.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages
root@ubuntu18-client:/home/ubuntu18-client# apt-cache policy chrony
chrony:
  Installed: (none)
  Candidate: 3.2-4ubuntu4.2
  Version table:
     3.2-4ubuntu4.2 500
        500 http://lu.archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages
     3.2-4ubuntu4 500
        500 http://lu.archive.ubuntu.com/ubuntu bionic/main amd64 Packages
root@ubuntu18-client:/home/ubuntu18-client# 

In this example, NTP is installed. If you’d like to switch to Chrony then uninstall NTP.

root@ubuntu18-client:/home/ubuntu18-client# apt-get remove ntp
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages were automatically installed and are no longer required:
  libopts25 sntp
Use 'sudo apt autoremove' to remove them.
The following packages will be REMOVED:
  ntp
0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded.
After this operation, 1.952 kB disk space will be freed.
Do you want to continue? [Y/n] 
(Reading database ... 151541 files and directories currently installed.)
Removing ntp (1:4.2.8p10+dfsg-5ubuntu7.1) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
root@ubuntu18-client:/home/ubuntu18-client# apt-cache policy ntp
ntp:
  Installed: (none)
  Candidate: 1:4.2.8p10+dfsg-5ubuntu7.1
  Version table:
     1:4.2.8p10+dfsg-5ubuntu7.1 500
        500 http://lu.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 Packages
        500 http://security.ubuntu.com/ubuntu bionic-security/universe amd64 Packages
        100 /var/lib/dpkg/status
     1:4.2.8p10+dfsg-5ubuntu7 500
        500 http://lu.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages
root@ubuntu18-client:/home/ubuntu18-client# apt-get autoremove
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages will be REMOVED:
  libopts25 sntp
0 upgraded, 0 newly installed, 2 to remove and 0 not upgraded.
After this operation, 441 kB disk space will be freed.
Do you want to continue? [Y/n] 
(Reading database ... 151526 files and directories currently installed.)
Removing sntp (1:4.2.8p10+dfsg-5ubuntu7.1) ...
Removing libopts25:amd64 (1:5.18.12-4) ...
Processing triggers for libc-bin (2.27-3ubuntu1) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
root@ubuntu18-client:/home/ubuntu18-client#

3. CHRONY

3.1 CentOS 7

3.1.1 Install Chrony

First, install the chrony package with the command yum install chrony.

[root@rcdevs1 ~]# yum install chrony
Failed to set locale, defaulting to C
Loaded plugins: fastestmirror
Determining fastest mirrors
 * base: mirror.checkdomain.de
 * extras: centos.mirror.root.lu
 * updates: centos.mirror.root.lu
base                                                                               | 3.6 kB  00:00:00     
extras                                                                             | 3.4 kB  00:00:00     
updates                                                                            | 3.4 kB  00:00:00     
(1/2): extras/7/x86_64/primary_db                                                  | 179 kB  00:00:00     
(2/2): updates/7/x86_64/primary_db                                                 | 2.4 MB  00:00:00     
Resolving Dependencies
--> Running transaction check
---> Package chrony.x86_64 0:3.2-2.el7 will be installed
--> Processing Dependency: libseccomp.so.2()(64bit) for package: chrony-3.2-2.el7.x86_64
--> Running transaction check
---> Package libseccomp.x86_64 0:2.3.1-3.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

==========================================================================================================
 Package                    Arch                   Version                     Repository            Size
==========================================================================================================
Installing:
 chrony                     x86_64                 3.2-2.el7                   base                 243 k
Installing for dependencies:
 libseccomp                 x86_64                 2.3.1-3.el7                 base                  56 k

Transaction Summary
==========================================================================================================
Install  1 Package (+1 Dependent package)

Total download size: 299 k
Installed size: 773 k
Is this ok [y/d/N]: y
Downloading packages:
(1/2): chrony-3.2-2.el7.x86_64.rpm                                                 | 243 kB  00:00:00     
(2/2): libseccomp-2.3.1-3.el7.x86_64.rpm                                           |  56 kB  00:00:00     
----------------------------------------------------------------------------------------------------------
Total                                                                     986 kB/s | 299 kB  00:00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : libseccomp-2.3.1-3.el7.x86_64                                                          1/2 
  Installing : chrony-3.2-2.el7.x86_64                                                                2/2 
  Verifying  : libseccomp-2.3.1-3.el7.x86_64                                                          1/2 
  Verifying  : chrony-3.2-2.el7.x86_64                                                                2/2 

Installed:
  chrony.x86_64 0:3.2-2.el7                                                                               

Dependency Installed:
  libseccomp.x86_64 0:2.3.1-3.el7                                                                         

Complete!
[root@rcdevs1 ~]# 

Let’s enable and start the chrony daemon service at boot.

[root@rcdevs1 ~]# systemctl start chronyd
[root@rcdevs1 ~]# systemctl status chronyd
● chronyd.service - NTP client/server
   Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2019-02-14 15:25:29 CET; 5s ago
     Docs: man:chronyd(8)
           man:chrony.conf(5)
  Process: 16590 ExecStartPost=/usr/libexec/chrony-helper update-daemon (code=exited, status=0/SUCCESS)
  Process: 16586 ExecStart=/usr/sbin/chronyd $OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 16588 (chronyd)
   CGroup: /system.slice/chronyd.service
           └─16588 /usr/sbin/chronyd

Feb 14 15:25:29 rcdevs1.webadm1 systemd[1]: Starting NTP client/server...
Feb 14 15:25:29 rcdevs1.webadm1 chronyd[16588]: chronyd version 3.2 starting (+CMDMON +NTP +REFCLOCK...UG)
Feb 14 15:25:29 rcdevs1.webadm1 chronyd[16588]: Initial frequency -100.000 ppm
Feb 14 15:25:29 rcdevs1.webadm1 systemd[1]: Started NTP client/server.
Feb 14 15:25:35 rcdevs1.webadm1 chronyd[16588]: Selected source 188.42.54.79
Hint: Some lines were ellipsized, use -l to show in full.
[root@rcdevs1 ~]# systemctl enable chronyd
[root@rcdevs1 ~]# 

3.1.2 Time Zone

Be sure that the correct time zone is set. Verify it with the timedatectl command.

[root@rcdevs1 ~]# timedatectl
      Local time: Thu 2019-02-14 14:32:02 CET
  Universal time: Thu 2019-02-14 13:32:02 UTC
        RTC time: Thu 2019-02-14 13:32:02
       Time zone: Europe/Luxembourg (CET, +0100)
     NTP enabled: yes
NTP synchronized: yes
 RTC in local TZ: no
      DST active: no
 Last DST change: DST ended at
                  Sun 2018-10-28 02:59:59 CEST
                  Sun 2018-10-28 02:00:00 CET
 Next DST change: DST begins (the clock jumps one hour forward) at
                  Sun 2019-03-31 01:59:59 CET
                  Sun 2019-03-31 03:00:00 CEST
[root@rcdevs1 ~]# 

To change it, get the list of all available time zones with timedatectl list-timezones and set it with timedatectl set-timezone Europe/Berlin for example.

[root@rcdevs1 ~]# timedatectl list-timezones
Africa/Abidjan
Africa/Accra
Africa/Addis_Ababa
Africa/Algiers
...
[root@rcdevs1 ~]# timedatectl set-timezone Europe/Berlin
[root@rcdevs1 ~]# timedatectl
      Local time: Thu 2019-02-14 14:34:51 CET
  Universal time: Thu 2019-02-14 13:34:51 UTC
        RTC time: Thu 2019-02-14 13:34:52
       Time zone: Europe/Berlin (CET, +0100)
     NTP enabled: yes
NTP synchronized: yes
 RTC in local TZ: no
      DST active: no
 Last DST change: DST ended at
                  Sun 2018-10-28 02:59:59 CEST
                  Sun 2018-10-28 02:00:00 CET
 Next DST change: DST begins (the clock jumps one hour forward) at
                  Sun 2019-03-31 01:59:59 CET
                  Sun 2019-03-31 03:00:00 CEST
[root@rcdevs1 ~]# 

3.1.3 Public Pool Time Servers

At NTP Public Pool Time Servers, choose your Continent and Country. In this example, we choose Europe Luxembourg.

server 2.lu.pool.ntp.org
server 0.europe.pool.ntp.org
server 1.europe.pool.ntp.org

3.1.4 Configuration

Now, replace the default list of Public Pool Time Servers with the ones for your country. Set your Pool Time Server in the chrony configuration file /etc/chrony.conf.

[root@rcdevs1 ~]# vi /etc/chrony.conf 

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 2.lu.pool.ntp.org iburst
server 0.europe.pool.ntp.org iburst
server 1.europe.pool.ntp.org iburst

# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift

# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3

# Enable kernel synchronization of the real-time clock (RTC).
rtcsync

# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *

# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2

# Allow NTP client access from local network.
#allow 192.168.0.0/16

# Serve time even if not synchronized to a time source.
#local stratum 10

# Specify file containing keys for NTP authentication.
#keyfile /etc/chrony.keys

# Specify directory for log files.
logdir /var/log/chrony

# Select which information is logged.
#log measurements statistics tracking
[root@rcdevs1 ~]#

Afterward, restart the chrony daemon with systemctl restart chronyd. Verify its status systemctl status chronyd -l.

[root@rcdevs1 ~]# systemctl restart chronyd
[root@rcdevs1 ~]# systemctl status chronyd -l
● chronyd.service - NTP client/server
   Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2019-02-14 15:30:59 CET; 5s ago
     Docs: man:chronyd(8)
           man:chrony.conf(5)
  Process: 16633 ExecStartPost=/usr/libexec/chrony-helper update-daemon (code=exited, status=0/SUCCESS)
  Process: 16629 ExecStart=/usr/sbin/chronyd $OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 16631 (chronyd)
   CGroup: /system.slice/chronyd.service
           └─16631 /usr/sbin/chronyd

Feb 14 15:30:59 rcdevs1.webadm1 systemd[1]: Starting NTP client/server...
Feb 14 15:30:59 rcdevs1.webadm1 chronyd[16631]: chronyd version 3.2 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SECHASH +SIGND +ASYNCDNS +IPV6 +DEBUG)
Feb 14 15:30:59 rcdevs1.webadm1 chronyd[16631]: Frequency -111.826 +/- 28.749 ppm read from /var/lib/chrony/drift
Feb 14 15:30:59 rcdevs1.webadm1 systemd[1]: Started NTP client/server.
Feb 14 15:31:04 rcdevs1.webadm1 chronyd[16631]: Received KoD RATE from 185.137.97.4
[root@rcdevs1 ~]# 

3.1.5 Sync Time

Force time sync with the command chronyc makestep and check its sources with chronyc sources.

[root@rcdevs1 ~]# chronyc makestep
200 OK
[root@rcdevs1 ~]# chronyc sources
210 Number of sources = 3
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^- 85.93.216.115                 2   6    17     8   +344us[ -370us] +/-   54ms
^- magma.woody.ch                3   6    17     8  +2587us[+1873us] +/-  112ms
^* cluster010.linocomm.net       2   6    17     8   -141us[ -855us] +/-   12ms
[root@rcdevs1 ~]# chronyc tracking
Reference ID    : 5B7958A1 (cluster010.linocomm.net)
Stratum         : 3
Ref time (UTC)  : Thu Feb 14 14:34:47 2019
System time     : 0.000000977 seconds slow of NTP time
Last offset     : -0.000713650 seconds
RMS offset      : 0.000713650 seconds
Frequency       : 36.484 ppm slow
Residual freq   : -154.181 ppm
Skew            : 50.081 ppm
Root delay      : 0.019481769 seconds
Root dispersion : 0.003368327 seconds
Update interval : 1.9 seconds
Leap status     : Normal
[root@rcdevs1 ~]# chronyc sourcestats
210 Number of sources = 3
Name/IP Address            NP  NR  Span  Frequency  Freq Skew  Offset  Std Dev
==============================================================================
85.93.216.115               4   4     6    -43.605   2647.217  -1309us   397us
magma.woody.ch              4   3     6    -63.345    366.327   +174us    57us
cluster010.linocomm.net     4   3     6   -154.181   3291.510  -5875us   468us
[root@rcdevs1 ~]# 

3.1.6 Verify Sync

Do the following steps to verify that the NTP daemon is really synchronizing the time. Query the system clock with the command timedatectl status.

[root@rcdevs1 ~]# timedatectl status
      Local time: Thu 2019-02-14 15:36:48 CET
  Universal time: Thu 2019-02-14 14:36:48 UTC
        RTC time: Thu 2019-02-14 14:36:48
       Time zone: Europe/Luxembourg (CET, +0100)
     NTP enabled: yes
NTP synchronized: yes
 RTC in local TZ: no
      DST active: no
 Last DST change: DST ended at
                  Sun 2018-10-28 02:59:59 CEST
                  Sun 2018-10-28 02:00:00 CET
 Next DST change: DST begins (the clock jumps one hour forward) at
                  Sun 2019-03-31 01:59:59 CET
                  Sun 2019-03-31 03:00:00 CEST
[root@rcdevs1 ~]# 

Verify if the NTP synchronization works. First, disable NTP synchronization with timedatectl set-ntp false. Afterward, change the system clock with timedatectl set-time 10:00:00, for example.

[root@rcdevs1 ~]# timedatectl set-ntp false
[root@rcdevs1 ~]# timedatectl set-time 10:00:00
[root@rcdevs1 ~]# timedatectl status
      Local time: Thu 2019-02-14 10:00:07 CET
  Universal time: Thu 2019-02-14 09:00:07 UTC
        RTC time: Thu 2019-02-14 09:00:08
       Time zone: Europe/Luxembourg (CET, +0100)
     NTP enabled: no
NTP synchronized: no
 RTC in local TZ: no
      DST active: no
 Last DST change: DST ended at
                  Sun 2018-10-28 02:59:59 CEST
                  Sun 2018-10-28 02:00:00 CET
 Next DST change: DST begins (the clock jumps one hour forward) at
                  Sun 2019-03-31 01:59:59 CET
                  Sun 2019-03-31 03:00:00 CEST
[root@rcdevs1 ~]# 

Now, enable the NTP synchronization with timedatectl set-ntp true and verify it with timedatectl status.

[root@rcdevs1 ~]# timedatectl set-ntp true
[root@rcdevs1 ~]# timedatectl status
      Local time: Thu 2019-02-14 15:39:02 CET
  Universal time: Thu 2019-02-14 14:39:02 UTC
        RTC time: Thu 2019-02-14 09:00:58
       Time zone: Europe/Luxembourg (CET, +0100)
     NTP enabled: yes
NTP synchronized: yes
 RTC in local TZ: no
      DST active: no
 Last DST change: DST ended at
                  Sun 2018-10-28 02:59:59 CEST
                  Sun 2018-10-28 02:00:00 CET
 Next DST change: DST begins (the clock jumps one hour forward) at
                  Sun 2019-03-31 01:59:59 CET
                  Sun 2019-03-31 03:00:00 CEST
[root@rcdevs1 ~]# 

More information about chrony at Chrony.

3.2 Ubuntu 18.04

3.2.1 Install Chrony

First, install the chrony package with the command apt-get install chrony.

root@ubuntu18-webadm1:/home/webadm1# apt-get install chrony
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  libnspr4 libnss3
The following NEW packages will be installed:
  chrony libnspr4 libnss3
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 1,449 kB of archives.
After this operation, 4,549 kB of additional disk space will be used.
Do you want to continue? [Y/n] 
Get:1 http://archive.ubuntu.com/ubuntu bionic/main amd64 libnspr4 amd64 2:4.18-1ubuntu1 [112 kB]
Get:2 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 libnss3 amd64 2:3.35-2ubuntu2.2 [1,134 kB]
Get:3 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 chrony amd64 3.2-4ubuntu4.2 [203 kB]
Fetched 1,449 kB in 1s (2,052 kB/s)
Selecting previously unselected package libnspr4:amd64.
(Reading database ... 102334 files and directories currently installed.)
Preparing to unpack .../libnspr4_2%3a4.18-1ubuntu1_amd64.deb ...
Unpacking libnspr4:amd64 (2:4.18-1ubuntu1) ...
Selecting previously unselected package libnss3:amd64.
Preparing to unpack .../libnss3_2%3a3.35-2ubuntu2.2_amd64.deb ...
Unpacking libnss3:amd64 (2:3.35-2ubuntu2.2) ...
Selecting previously unselected package chrony.
Preparing to unpack .../chrony_3.2-4ubuntu4.2_amd64.deb ...
Unpacking chrony (3.2-4ubuntu4.2) ...
Processing triggers for ureadahead (0.100.0-20) ...
Setting up libnspr4:amd64 (2:4.18-1ubuntu1) ...
Processing triggers for libc-bin (2.27-3ubuntu1) ...
Processing triggers for systemd (237-3ubuntu10.13) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
Setting up libnss3:amd64 (2:3.35-2ubuntu2.2) ...
Setting up chrony (3.2-4ubuntu4.2) ...
Creating '_chrony' system user/group for the chronyd daemon…

Creating config file /etc/chrony/chrony.conf with new version

Creating config file /etc/chrony/chrony.keys with new version
Created symlink /etc/systemd/system/chronyd.service → /lib/systemd/system/chrony.service.
Created symlink /etc/systemd/system/multi-user.target.wants/chrony.service → /lib/systemd/system/chrony.service.
Processing triggers for libc-bin (2.27-3ubuntu1) ...
Processing triggers for systemd (237-3ubuntu10.13) ...
Processing triggers for ureadahead (0.100.0-20) ...
root@ubuntu18-webadm1:/home/webadm1#

Let’s check the chrony daemon service and if needed start systemctl start chronyd and enable systemctl enable chronyd it at boot.

root@ubuntu18-webadm1:/home/webadm1# systemctl status chronyd
● chrony.service - chrony, an NTP client/server
   Loaded: loaded (/lib/systemd/system/chrony.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2019-03-08 14:01:57 UTC; 2min 41s ago
     Docs: man:chronyd(8)
           man:chronyc(1)
           man:chrony.conf(5)
 Main PID: 1963 (chronyd)
    Tasks: 1 (limit: 2292)
   CGroup: /system.slice/chrony.service
           └─1963 /usr/sbin/chronyd

Mar 08 14:01:57 ubuntu18-webadm1 systemd[1]: Starting chrony, an NTP client/server...
Mar 08 14:01:57 ubuntu18-webadm1 chronyd[1963]: chronyd version 3.2 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SECHASH +SIGND +ASYNCDNS +IPV6 -DEBUG)
Mar 08 14:01:57 ubuntu18-webadm1 chronyd[1963]: Initial frequency 43.815 ppm
Mar 08 14:01:57 ubuntu18-webadm1 systemd[1]: Started chrony, an NTP client/server.
Mar 08 14:02:05 ubuntu18-webadm1 chronyd[1963]: Selected source 91.189.94.4
Mar 08 14:02:16 ubuntu18-webadm1 chronyd[1963]: Source 2a01:608:7387::1337 replaced with 46.29.177.17
root@ubuntu18-webadm1:/home/webadm1# 

3.2.2 Time Zone

Be sure that the correct time zone is set. Verify it with the timedatectl command.

root@ubuntu18-webadm1:/home/webadm1# timedatectl
                      Local time: Fri 2019-03-08 14:08:08 UTC
                  Universal time: Fri 2019-03-08 14:08:08 UTC
                        RTC time: Fri 2019-03-08 14:08:08
                       Time zone: Etc/UTC (UTC, +0000)
       System clock synchronized: yes
systemd-timesyncd.service active: yes
                 RTC in local TZ: no
root@ubuntu18-webadm1:/home/webadm1# 

To change it, get the list of all available time zones with timedatectl list-timezones and set it with timedatectl set-timezone Europe/Luxembourg for example.

root@ubuntu18-webadm1:/home/webadm1# timedatectl list-timezones
Africa/Abidjan
Africa/Accra
Africa/Addis_Ababa
Africa/Algiers
...
root@ubuntu18-webadm1:/home/webadm1# timedatectl set-timezone Europe/Luxembourg
root@ubuntu18-webadm1:/home/webadm1# timedatectl
                      Local time: Fri 2019-03-08 15:11:45 CET
                  Universal time: Fri 2019-03-08 14:11:45 UTC
                        RTC time: Fri 2019-03-08 14:11:45
                       Time zone: Europe/Luxembourg (CET, +0100)
       System clock synchronized: yes
systemd-timesyncd.service active: yes
                 RTC in local TZ: no
root@ubuntu18-webadm1:/home/webadm1# 

3.2.3 Public Pool Time Servers

At NTP Public Pool Time Servers, choose your Continent and Country. In this example, we choose Europe Luxembourg.

server 2.lu.pool.ntp.org
server 0.europe.pool.ntp.org
server 1.europe.pool.ntp.org

3.2.4 Configuration

Now, replace the default list of Public Pool Time Servers with the ones for your country. Set your Pool Time Server in the chrony configuration file /etc/chrony/chrony.conf.

root@ubuntu18-webadm1:/home/webadm1# vi /etc/chrony/chrony.conf
# Welcome to the chrony configuration file. See chrony.conf(5) for more
# information about usuable directives.

# This will use (up to):
# - 4 sources from ntp.ubuntu.com which some are ipv6 enabled
# - 2 sources from 2.ubuntu.pool.ntp.org which is ipv6 enabled as well
# - 1 source from [01].ubuntu.pool.ntp.org each (ipv4 only atm)
# This means by default, up to 6 dual-stack and up to 2 additional IPv4-only
# sources will be used.
# At the same time it retains some protection against one of the entries being
# down (compare to just using one of the lines). See (LP: #1754358) for the
# discussion.
#
# About using servers from the NTP Pool Project in general see (LP: #104525).
# Approved by Ubuntu Technical Board on 2011-02-08.
# See http://www.pool.ntp.org/join.html for more information.
server 2.lu.pool.ntp.org iburst
server 0.europe.pool.ntp.org iburst
server 1.europe.pool.ntp.org iburst

# This directive specify the location of the file containing ID/key pairs for
# NTP authentication.
keyfile /etc/chrony/chrony.keys

# This directive specify the file into which chronyd will store the rate
# information.
driftfile /var/lib/chrony/chrony.drift

# Uncomment the following line to turn logging on.
#log tracking measurements statistics

# Log files location.
logdir /var/log/chrony

# Stop bad estimates upsetting machine clock.
maxupdateskew 100.0

# This directive enables kernel synchronisation (every 11 minutes) of the
# real-time clock. Note that it can’t be used along with the 'rtcfile' directive.
rtcsync

# Step the system clock instead of slewing it if the adjustment is larger than
# one second, but only in the first three clock updates.
makestep 1 3

root@ubuntu18-webadm1:/home/webadm1#

Afterward, restart the chrony daemon with systemctl restart chronyd. Verify its status systemctl status chronyd.

root@ubuntu18-webadm1:/home/webadm1# systemctl restart chronyd
root@ubuntu18-webadm1:/home/webadm1# systemctl status chronyd
● chrony.service - chrony, an NTP client/server
   Loaded: loaded (/lib/systemd/system/chrony.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2019-03-08 15:29:55 CET; 9s ago
     Docs: man:chronyd(8)
           man:chronyc(1)
           man:chrony.conf(5)
  Process: 2267 ExecStartPost=/usr/lib/chrony/chrony-helper update-daemon (code=exited, status=0/SUCCESS)
  Process: 2245 ExecStart=/usr/lib/systemd/scripts/chronyd-starter.sh $DAEMON_OPTS (code=exited, status=0/SUCCESS)
 Main PID: 2263 (chronyd)
    Tasks: 1 (limit: 2292)
   CGroup: /system.slice/chrony.service
           └─2263 /usr/sbin/chronyd

Mar 08 15:29:55 ubuntu18-webadm1 systemd[1]: Starting chrony, an NTP client/server...
Mar 08 15:29:55 ubuntu18-webadm1 chronyd[2263]: chronyd version 3.2 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SECHASH +SIGND +ASYNCDNS +IPV6 -DEBUG)
Mar 08 15:29:55 ubuntu18-webadm1 chronyd[2263]: Frequency -171.855 +/- 15.630 ppm read from /var/lib/chrony/chrony.drift
Mar 08 15:29:55 ubuntu18-webadm1 systemd[1]: Started chrony, an NTP client/server.
Mar 08 15:30:00 ubuntu18-webadm1 chronyd[2263]: Selected source 91.121.91.167
root@ubuntu18-webadm1:/home/webadm1#

3.2.5 Sync Time

Force time sync with the command chronyc makestep and check its sources with chronyc sources.

root@ubuntu18-webadm1:/home/webadm1# chronyc makestep
200 OK
root@ubuntu18-webadm1:/home/webadm1# chronyc sources
210 Number of sources = 3
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^- trypill.org                   2   6    37    21  +2853us[+2853us] +/-   58ms
^* cluster009.linocomm.net       2   6    37    22    -81us[-6121us] +/-   12ms
^- epsilon.netinch.com           2   6    37    21  -2212us[-2212us] +/-   76ms
root@ubuntu18-webadm1:/home/webadm1# chronyc tracking
Reference ID    : 5B795BA7 (cluster009.linocomm.net)
Stratum         : 3
Ref time (UTC)  : Fri Mar 08 14:31:05 2019
System time     : 0.000000000 seconds fast of NTP time
Last offset     : -0.006040009 seconds
RMS offset      : 0.006040009 seconds
Frequency       : 171.855 ppm slow
Residual freq   : -81.273 ppm
Skew            : 15.630 ppm
Root delay      : 0.020431373 seconds
Root dispersion : 0.005000473 seconds
Update interval : 64.6 seconds
Leap status     : Normal
root@ubuntu18-webadm1:/home/webadm1# chronyc sourcestats
210 Number of sources = 3
Name/IP Address            NP  NR  Span  Frequency  Freq Skew  Offset  Std Dev
==============================================================================
trypill.org                 5   3    71    -99.743    103.877  -1489us   456us
cluster009.linocomm.net     5   3    71    -81.273    153.849  -3604us   663us
epsilon.netinch.com         5   3    71    -89.628     88.116  -6089us   494us
root@ubuntu18-webadm1:/home/webadm1# 

3.2.6 Verify Sync

Do the following steps to verify that the NTP daemon is really synchronizing the time. Query the system clock with the command timedatectl status.

root@ubuntu18-webadm1:/home/webadm1# timedatectl status
                      Local time: Fri 2019-03-08 15:32:29 CET
                  Universal time: Fri 2019-03-08 14:32:29 UTC
                        RTC time: Fri 2019-03-08 14:32:29
                       Time zone: Europe/Luxembourg (CET, +0100)
       System clock synchronized: yes
systemd-timesyncd.service active: yes
                 RTC in local TZ: no
root@ubuntu18-webadm1:/home/webadm1# 

Verify if the NTP synchronization works. First, disable NTP synchronization with timedatectl set-ntp false. Afterward, change the system clock with timedatectl set-time 10:00:00, for example.

root@ubuntu18-webadm1:/home/webadm1# timedatectl set-ntp false
root@ubuntu18-webadm1:/home/webadm1# timedatectl set-time 10:00:00
root@ubuntu18-webadm1:/home/webadm1# timedatectl status
                      Local time: Fri 2019-03-08 10:00:05 CET
                  Universal time: Fri 2019-03-08 09:00:05 UTC
                        RTC time: Fri 2019-03-08 09:00:06
                       Time zone: Europe/Luxembourg (CET, +0100)
       System clock synchronized: no
systemd-timesyncd.service active: no
                 RTC in local TZ: no
root@ubuntu18-webadm1:/home/webadm1# 

Now, enable the NTP synchronization with timedatectl set-ntp true and verify it with timedatectl status.

root@ubuntu18-webadm1:/home/webadm1# timedatectl set-ntp true
root@ubuntu18-webadm1:/home/webadm1# timedatectl status
                      Local time: Fri 2019-03-08 15:33:34 CET
                  Universal time: Fri 2019-03-08 14:33:34 UTC
                        RTC time: Fri 2019-03-08 09:00:37
                       Time zone: Europe/Luxembourg (CET, +0100)
       System clock synchronized: yes
systemd-timesyncd.service active: yes
                 RTC in local TZ: no
root@ubuntu18-webadm1:/home/webadm1# 

More information about chrony at Chrony.

4. NTP

4.1 CentOS 7

4.1.1 Install NTP

First, install the ntp package with the command yum install ntp.

[root@rcdevs1 ~]# yum install ntp
Failed to set locale, defaulting to C
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: centos.intergenia.de
 * extras: ftp.halifax.rwth-aachen.de
 * updates: mirror2.hs-esslingen.de
Resolving Dependencies
--> Running transaction check
---> Package ntp.x86_64 0:4.2.6p5-28.el7.centos will be installed
--> Processing Dependency: ntpdate = 4.2.6p5-28.el7.centos for package: ntp-4.2.6p5-28.el7.centos.x86_64
--> Processing Dependency: libopts.so.25()(64bit) for package: ntp-4.2.6p5-28.el7.centos.x86_64
--> Running transaction check
---> Package autogen-libopts.x86_64 0:5.18-5.el7 will be installed
---> Package ntpdate.x86_64 0:4.2.6p5-28.el7.centos will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package              Arch        Version                       Repository
                                                                           Size
================================================================================
Installing:
 ntp                  x86_64      4.2.6p5-28.el7.centos         base      549 k
Installing for dependencies:
 autogen-libopts      x86_64      5.18-5.el7                    base       66 k
 ntpdate              x86_64      4.2.6p5-28.el7.centos         base       86 k

Transaction Summary
================================================================================
Install  1 Package (+2 Dependent packages)

Total download size: 701 k
Installed size: 1.6 M
Is this ok [y/d/N]: y
Downloading packages:
(1/3): autogen-libopts-5.18-5.el7.x86_64.rpm               |  66 kB   00:00     
(2/3): ntpdate-4.2.6p5-28.el7.centos.x86_64.rpm            |  86 kB   00:00     
(3/3): ntp-4.2.6p5-28.el7.centos.x86_64.rpm                | 549 kB   00:00     
--------------------------------------------------------------------------------
Total                                              1.4 MB/s | 701 kB  00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : autogen-libopts-5.18-5.el7.x86_64                            1/3 
  Installing : ntpdate-4.2.6p5-28.el7.centos.x86_64                         2/3 
  Installing : ntp-4.2.6p5-28.el7.centos.x86_64                             3/3 
  Verifying  : ntpdate-4.2.6p5-28.el7.centos.x86_64                         1/3 
  Verifying  : autogen-libopts-5.18-5.el7.x86_64                            2/3 
  Verifying  : ntp-4.2.6p5-28.el7.centos.x86_64                             3/3 

Installed:
  ntp.x86_64 0:4.2.6p5-28.el7.centos                                            

Dependency Installed:
  autogen-libopts.x86_64 0:5.18-5.el7   ntpdate.x86_64 0:4.2.6p5-28.el7.centos  

Complete!
[root@rcdevs1 ~]# 

Let’s enable and start the NTP daemon service at boot.

[root@rcdevs1 ~]# systemctl enable ntpd
Created symlink from /etc/systemd/system/multi-user.target.wants/ntpd.service to /usr/lib/systemd/system/ntpd.service.
[root@rcdevs1 ~]# systemctl start ntpd
[root@rcdevs1 ~]# reboot
[root@rcdevs1 ~]# systemctl status ntpd -l
● ntpd.service - Network Time Service
   Loaded: loaded (/usr/lib/systemd/system/ntpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2019-02-14 11:27:43 CET; 16s ago
  Process: 6148 ExecStart=/usr/sbin/ntpd -u ntp:ntp $OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 6165 (ntpd)
   CGroup: /system.slice/ntpd.service
           └─6165 /usr/sbin/ntpd -u ntp:ntp -g

Feb 14 11:27:43 rcdevs1.webadm1 systemd[1]: Started Network Time Service.
Feb 14 11:27:45 rcdevs1.webadm1 ntpd_intres[6182]: DNS 0.centos.pool.ntp.org -> 185.137.97.4
Feb 14 11:27:45 rcdevs1.webadm1 ntpd_intres[6182]: DNS 1.centos.pool.ntp.org -> 94.242.208.130
Feb 14 11:27:45 rcdevs1.webadm1 ntpd_intres[6182]: DNS 2.centos.pool.ntp.org -> 185.137.97.5
Feb 14 11:27:45 rcdevs1.webadm1 ntpd_intres[6182]: DNS 3.centos.pool.ntp.org -> 46.29.177.17
Feb 14 11:27:46 rcdevs1.webadm1 ntpd[6165]: Listen normally on 4 ens33 192.168.3.80 UDP 123
Feb 14 11:27:46 rcdevs1.webadm1 ntpd[6165]: new interface(s) found: waking up resolver
Feb 14 11:27:48 rcdevs1.webadm1 ntpd[6165]: Listen normally on 5 ens33 fe80::20c:29ff:fe1d:5dff UDP 123
Feb 14 11:27:48 rcdevs1.webadm1 ntpd[6165]: new interface(s) found: waking up resolver
Feb 14 11:27:53 rcdevs1.webadm1 ntpd[6165]: 0.0.0.0 c614 04 freq_mode
[root@rcdevs1 ~]# 

4.1.2 Time Zone

Be sure that the correct time zone is set. Verify it with the timedatectl command.

[root@rcdevs1 ~]# timedatectl
      Local time: Thu 2019-02-14 14:32:02 CET
  Universal time: Thu 2019-02-14 13:32:02 UTC
        RTC time: Thu 2019-02-14 13:32:02
       Time zone: Europe/Luxembourg (CET, +0100)
     NTP enabled: yes
NTP synchronized: yes
 RTC in local TZ: no
      DST active: no
 Last DST change: DST ended at
                  Sun 2018-10-28 02:59:59 CEST
                  Sun 2018-10-28 02:00:00 CET
 Next DST change: DST begins (the clock jumps one hour forward) at
                  Sun 2019-03-31 01:59:59 CET
                  Sun 2019-03-31 03:00:00 CEST
[root@rcdevs1 ~]# 

To change it, get the list of all available time zones with timedatectl list-timezones and set it with timedatectl set-timezone Europe/Berlin for example.

[root@rcdevs1 ~]# timedatectl list-timezones
Africa/Abidjan
Africa/Accra
Africa/Addis_Ababa
Africa/Algiers
...
[root@rcdevs1 ~]# timedatectl set-timezone Europe/Berlin
[root@rcdevs1 ~]# timedatectl
      Local time: Thu 2019-02-14 14:34:51 CET
  Universal time: Thu 2019-02-14 13:34:51 UTC
        RTC time: Thu 2019-02-14 13:34:52
       Time zone: Europe/Berlin (CET, +0100)
     NTP enabled: yes
NTP synchronized: yes
 RTC in local TZ: no
      DST active: no
 Last DST change: DST ended at
                  Sun 2018-10-28 02:59:59 CEST
                  Sun 2018-10-28 02:00:00 CET
 Next DST change: DST begins (the clock jumps one hour forward) at
                  Sun 2019-03-31 01:59:59 CET
                  Sun 2019-03-31 03:00:00 CEST
[root@rcdevs1 ~]# 

4.1.3 Public Pool Time Servers

At NTP Public Pool Time Servers, choose your Continent and Country. In this example, we choose Europe Luxembourg.

server 2.lu.pool.ntp.org
server 0.europe.pool.ntp.org
server 1.europe.pool.ntp.org

4.1.4 Configuration

Now, replace the default list of Public Pool Time Servers with the ones for your country. Therefore, edit the following NTP daemon configuration file /etc/ntp.conf and also add logfile /var/log/ntp.log.

[root@rcdevs1 ~]# vi /etc/ntp.conf
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).

driftfile /var/lib/ntp/drift

# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify notrap nopeer noquery

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
#restrict ::1

# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 2.lu.pool.ntp.org iburst
server 0.europe.pool.ntp.org iburst
server 1.europe.pool.ntp.org iburst

#broadcast 192.168.1.255 autokey        # broadcast server
#broadcastclient                        # broadcast client
#broadcast 224.0.1.1 autokey            # multicast server
#multicastclient 224.0.1.1              # multicast client
#manycastserver 239.255.254.254         # manycast server
#manycastclient 239.255.254.254 autokey # manycast client

# Enable public key cryptography.
#crypto

includefile /etc/ntp/crypto/pw

# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys

# Specify the key identifiers which are trusted.
#trustedkey 4 8 42

# Specify the key identifier to use with the ntpdc utility.
#requestkey 8

# Specify the key identifier to use with the ntpq utility.
#controlkey 8

# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats

# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor

logfile /var/log/ntp.log

[root@rcdevs1 ~]# 

Afterward, restart the NTP daemon with systemctl restart ntpd. Verify its status systemctl status ntpd -l and log files /var/log/ntp.log.

[root@rcdevs1 ~]# systemctl restart ntpd
[root@rcdevs1 ~]# systemctl status ntpd -l
● ntpd.service - Network Time Service
   Loaded: loaded (/usr/lib/systemd/system/ntpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2019-02-14 11:41:51 CET; 2s ago
  Process: 7327 ExecStart=/usr/sbin/ntpd -u ntp:ntp $OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 7328 (ntpd)
   CGroup: /system.slice/ntpd.service
           └─7328 /usr/sbin/ntpd -u ntp:ntp -g

Feb 14 11:41:51 rcdevs1.webadm1 systemd[1]: Starting Network Time Service...
Feb 14 11:41:51 rcdevs1.webadm1 ntpd[7328]: proto: precision = 0.029 usec
Feb 14 11:41:51 rcdevs1.webadm1 ntpd[7328]: 0.0.0.0 c01d 0d kern kernel time sync enabled
Feb 14 11:41:51 rcdevs1.webadm1 systemd[1]: Started Network Time Service.
[root@rcdevs1 ~]# cat /var/log/ntp.log 
14 Feb 11:41:51 ntpd[7328]: ntp_io: estimated max descriptors: 1024, initial socket boundary: 16
14 Feb 11:41:51 ntpd[7328]: Listen and drop on 0 v4wildcard 0.0.0.0 UDP 123
14 Feb 11:41:51 ntpd[7328]: Listen and drop on 1 v6wildcard :: UDP 123
14 Feb 11:41:51 ntpd[7328]: Listen normally on 2 lo 127.0.0.1 UDP 123
14 Feb 11:41:51 ntpd[7328]: Listen normally on 3 ens33 192.168.3.80 UDP 123
14 Feb 11:41:51 ntpd[7328]: Listen normally on 4 lo ::1 UDP 123
14 Feb 11:41:51 ntpd[7328]: Listen normally on 5 ens33 fe80::20c:29ff:fe1d:5dff UDP 123
14 Feb 11:41:51 ntpd[7328]: Listening on routing socket on fd #22 for interface updates
14 Feb 11:41:51 ntpd[7328]: 0.0.0.0 c016 06 restart
14 Feb 11:41:51 ntpd[7328]: 0.0.0.0 c012 02 freq_set kernel 0.000 PPM
14 Feb 11:41:51 ntpd[7328]: 0.0.0.0 c011 01 freq_not_set
14 Feb 11:41:58 ntpd[7328]: 0.0.0.0 c614 04 freq_mode
[root@rcdevs1 ~]# 

4.1.5 Sync Time

Force a time synchronization and specify an NTP server with the command ntpdate -u 2.lu.pool.ntp.org.

[root@rcdevs1 ~]# ntpdate -u 2.lu.pool.ntp.org
14 Feb 13:51:17 ntpdate[16373]: adjust time server 85.93.216.115 offset 0.018919 sec
[root@rcdevs1 ~]# 

Show the NTP report with ntpstat.

[root@rcdevs1 ~]# ntpstat
synchronised to NTP server (185.137.97.5) at stratum 3 
   time correct to within 80 ms
   polling server every 64 s
[root@rcdevs1 ~]# 

4.1.6 Verify Sync

Do the following steps to verify that the NTP daemon is really synchronizing the time. Query the system clock with the command timedatectl status.

[root@rcdevs1 ~]# timedatectl status
      Local time: Thu 2019-02-14 11:53:44 CET
  Universal time: Thu 2019-02-14 10:53:44 UTC
        RTC time: Thu 2019-02-14 10:53:44
       Time zone: Europe/Luxembourg (CET, +0100)
     NTP enabled: yes
NTP synchronized: yes
 RTC in local TZ: no
      DST active: no
 Last DST change: DST ended at
                  Sun 2018-10-28 02:59:59 CEST
                  Sun 2018-10-28 02:00:00 CET
 Next DST change: DST begins (the clock jumps one hour forward) at
                  Sun 2019-03-31 01:59:59 CET
                  Sun 2019-03-31 03:00:00 CEST
[root@rcdevs1 ~]#

Verify if the NTP synchronization works. First, disable NTP synchronization with timedatectl set-ntp false. Afterward, change the system clock with timedatectl set-time 10:00:00, for example.

[root@rcdevs1 ~]# timedatectl set-ntp false
[root@rcdevs1 ~]# timedatectl set-time 10:00:00
[root@rcdevs1 ~]# timedatectl status
      Local time: Thu 2019-02-14 10:00:01 CET
  Universal time: Thu 2019-02-14 09:00:01 UTC
        RTC time: Thu 2019-02-14 09:00:02
       Time zone: Europe/Luxembourg (CET, +0100)
     NTP enabled: no
NTP synchronized: no
 RTC in local TZ: no
      DST active: no
 Last DST change: DST ended at
                  Sun 2018-10-28 02:59:59 CEST
                  Sun 2018-10-28 02:00:00 CET
 Next DST change: DST begins (the clock jumps one hour forward) at
                  Sun 2019-03-31 01:59:59 CET
                  Sun 2019-03-31 03:00:00 CEST
[root@rcdevs1 ~]# 

Now, enable the NTP synchronization with timedatectl set-ntp true and verify it with timedatectl status.

[root@rcdevs1 ~]# timedatectl set-ntp true
[root@rcdevs1 ~]# timedatectl status
      Local time: Thu 2019-02-14 11:56:54 CET
  Universal time: Thu 2019-02-14 10:56:54 UTC
        RTC time: Thu 2019-02-14 09:00:53
       Time zone: Europe/Luxembourg (CET, +0100)
     NTP enabled: yes
NTP synchronized: yes
 RTC in local TZ: no
      DST active: no
 Last DST change: DST ended at
                  Sun 2018-10-28 02:59:59 CEST
                  Sun 2018-10-28 02:00:00 CET
 Next DST change: DST begins (the clock jumps one hour forward) at
                  Sun 2019-03-31 01:59:59 CET
                  Sun 2019-03-31 03:00:00 CEST
[root@rcdevs1 ~]# 

4.2 Ubuntu 18.04

4.2.1 Install NTP

First, install the ntp package with the command apt-get install ntp.

root@ubuntu18-webadm1:/home/webadm1# apt-get install ntp
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  libopts25 sntp
Suggested packages:
  ntp-doc
The following NEW packages will be installed:
  libopts25 ntp sntp
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 785 kB of archives.
After this operation, 2,393 kB of additional disk space will be used.
Do you want to continue? [Y/n] 
Get:1 http://archive.ubuntu.com/ubuntu bionic/universe amd64 libopts25 amd64 1:5.18.12-4 [58.2 kB]
Get:2 http://archive.ubuntu.com/ubuntu bionic-updates/universe amd64 ntp amd64 1:4.2.8p10+dfsg-5ubuntu7.1 [640 kB]
Get:3 http://archive.ubuntu.com/ubuntu bionic-updates/universe amd64 sntp amd64 1:4.2.8p10+dfsg-5ubuntu7.1 [86.9 kB]
Fetched 785 kB in 0s (4,121 kB/s)
Selecting previously unselected package libopts25:amd64.
(Reading database ... 102334 files and directories currently installed.)
Preparing to unpack .../libopts25_1%3a5.18.12-4_amd64.deb ...
Unpacking libopts25:amd64 (1:5.18.12-4) ...
Selecting previously unselected package ntp.
Preparing to unpack .../ntp_1%3a4.2.8p10+dfsg-5ubuntu7.1_amd64.deb ...
Unpacking ntp (1:4.2.8p10+dfsg-5ubuntu7.1) ...
Selecting previously unselected package sntp.
Preparing to unpack .../sntp_1%3a4.2.8p10+dfsg-5ubuntu7.1_amd64.deb ...
Unpacking sntp (1:4.2.8p10+dfsg-5ubuntu7.1) ...
Processing triggers for ureadahead (0.100.0-20) ...
Processing triggers for libc-bin (2.27-3ubuntu1) ...
Processing triggers for systemd (237-3ubuntu10.13) ...
Setting up libopts25:amd64 (1:5.18.12-4) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
Setting up sntp (1:4.2.8p10+dfsg-5ubuntu7.1) ...
Setting up ntp (1:4.2.8p10+dfsg-5ubuntu7.1) ...
Created symlink /etc/systemd/system/network-pre.target.wants/ntp-systemd-netif.path → /lib/systemd/system/ntp-systemd-netif.path.
Created symlink /etc/systemd/system/multi-user.target.wants/ntp.service → /lib/systemd/system/ntp.service.
ntp-systemd-netif.service is a disabled or a static unit, not starting it.
Processing triggers for libc-bin (2.27-3ubuntu1) ...
Processing triggers for systemd (237-3ubuntu10.13) ...
Processing triggers for ureadahead (0.100.0-20) ...
root@ubuntu18-webadm1:/home/webadm1# 

Let’s check the chrony daemon service and if needed start systemctl start ntp and enable systemctl enable ntp it at boot.

root@ubuntu18-webadm1:/home/webadm1# systemctl start ntp
root@ubuntu18-webadm1:/home/webadm1# systemctl enable ntp
Synchronizing state of ntp.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable ntp
root@ubuntu18-webadm1:/home/webadm1# systemctl status ntp
● ntp.service - Network Time Service
   Loaded: loaded (/lib/systemd/system/ntp.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2019-03-08 14:41:57 UTC; 1min 36s ago
     Docs: man:ntpd(8)
 Main PID: 1925 (ntpd)
    Tasks: 2 (limit: 2292)
   CGroup: /system.slice/ntp.service
           └─1925 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 111:113

Mar 08 14:41:59 ubuntu18-webadm1 ntpd[1925]: Soliciting pool server 213.167.241.72
Mar 08 14:42:00 ubuntu18-webadm1 ntpd[1925]: Soliciting pool server 94.242.208.130
Mar 08 14:42:00 ubuntu18-webadm1 ntpd[1925]: Soliciting pool server 85.93.216.115
Mar 08 14:42:01 ubuntu18-webadm1 ntpd[1925]: Soliciting pool server 2a02:2290::16
Mar 08 14:42:01 ubuntu18-webadm1 ntpd[1925]: Soliciting pool server 185.137.97.4
Mar 08 14:42:02 ubuntu18-webadm1 ntpd[1925]: Soliciting pool server 91.189.94.4
Mar 08 14:42:03 ubuntu18-webadm1 ntpd[1925]: Soliciting pool server 91.189.89.199
Mar 08 14:42:04 ubuntu18-webadm1 ntpd[1925]: Soliciting pool server 91.189.89.198
Mar 08 14:42:05 ubuntu18-webadm1 ntpd[1925]: Soliciting pool server 91.189.91.157
Mar 08 14:42:06 ubuntu18-webadm1 ntpd[1925]: Soliciting pool server 2001:67c:1560:8003::c8
root@ubuntu18-webadm1:/home/webadm1# 

4.2.2 Time Zone

Be sure that the correct time zone is set. Verify it with the timedatectl command.

root@ubuntu18-webadm1:/home/webadm1# timedatectl
                      Local time: Fri 2019-03-08 14:46:56 UTC
                  Universal time: Fri 2019-03-08 14:46:56 UTC
                        RTC time: Fri 2019-03-08 14:46:56
                       Time zone: Etc/UTC (UTC, +0000)
       System clock synchronized: yes
systemd-timesyncd.service active: yes
                 RTC in local TZ: no
root@ubuntu18-webadm1:/home/webadm1# 

To change it, get the list of all available time zones with timedatectl list-timezones and set it with timedatectl set-timezone Europe/Luxembourg for example.

root@ubuntu18-webadm1:/home/webadm1# timedatectl list-timezones
Africa/Abidjan
Africa/Accra
Africa/Addis_Ababa
Africa/Algiers
...
root@ubuntu18-webadm1:/home/webadm1# timedatectl set-timezone Europe/Luxembourg
root@ubuntu18-webadm1:/home/webadm1# timedatectl
                      Local time: Fri 2019-03-08 15:47:48 CET
                  Universal time: Fri 2019-03-08 14:47:48 UTC
                        RTC time: Fri 2019-03-08 14:47:48
                       Time zone: Europe/Luxembourg (CET, +0100)
       System clock synchronized: yes
systemd-timesyncd.service active: yes
                 RTC in local TZ: no
root@ubuntu18-webadm1:/home/webadm1# 

4.2.3 Public Pool Time Servers

At NTP Public Pool Time Servers, choose your Continent and Country. In this example, we choose Europe Luxembourg.

server 2.lu.pool.ntp.org
server 0.europe.pool.ntp.org
server 1.europe.pool.ntp.org

4.2.4 Configuration

Now, replace the default list of Public Pool Time Servers with the ones for your country. Therefore, edit the following NTP daemon configuration file /etc/ntp.conf.

root@ubuntu18-webadm1:/home/webadm1# vi /etc/ntp.conf 

# Leap seconds definition provided by tzdata
leapfile /usr/share/zoneinfo/leap-seconds.list

# Enable this if you want statistics to be logged.
#statsdir /var/log/ntpstats/

statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable

# Specify one or more NTP servers.

# Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board
# on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for
# more information.
server 2.lu.pool.ntp.org iburst
server 0.europe.pool.ntp.org iburst
server 1.europe.pool.ntp.org iburst

# Use Ubuntu's ntp server as a fallback.
#pool ntp.ubuntu.com

# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
# details.  The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
# might also be helpful.
#
# Note that "restrict" applies to both servers and clients, so a configuration
# that might be intended to block requests from certain clients could also end
# up blocking replies from your own upstream servers.

# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery limited
restrict -6 default kod notrap nomodify nopeer noquery limited

# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1

# Needed for adding pool entries
restrict source notrap nomodify noquery

# Clients from this (example!) subnet have unlimited access, but only if
# cryptographically authenticated.
#restrict 192.168.123.0 mask 255.255.255.0 notrust


# If you want to provide time to your local subnet, change the next line.
# (Again, the address is an example only.)
#broadcast 192.168.123.255

# If you want to listen to time broadcasts on your local subnet, de-comment the
# next lines.  Please do this only if you trust everybody on the network!
#disable auth
#broadcastclient

#Changes recquired to use pps synchonisation as explained in documentation:
#http://www.ntp.org/ntpfaq/NTP-s-config-adv.htm#AEN3918

#server 127.127.8.1 mode 135 prefer    # Meinberg GPS167 with PPS
#fudge 127.127.8.1 time1 0.0042        # relative to PPS for my hardware

#server 127.127.22.1                   # ATOM(PPS)
#fudge 127.127.22.1 flag3 1            # enable PPS API

root@ubuntu18-webadm1:/home/webadm1# 

Afterward, restart the NTP daemon with systemctl restart ntp. Verify its status systemctl status ntp.

root@ubuntu18-webadm1:/home/webadm1# systemctl restart ntp
root@ubuntu18-webadm1:/home/webadm1# systemctl status ntp
● ntp.service - Network Time Service
   Loaded: loaded (/lib/systemd/system/ntp.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2019-03-08 15:52:15 CET; 12s ago
     Docs: man:ntpd(8)
  Process: 2817 ExecStart=/usr/lib/ntp/ntp-systemd-wrapper (code=exited, status=0/SUCCESS)
 Main PID: 2834 (ntpd)
    Tasks: 2 (limit: 2292)
   CGroup: /system.slice/ntp.service
           └─2834 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 111:113

Mar 08 15:52:15 ubuntu18-webadm1 ntpd[2834]: proto: precision = 0.069 usec (-24)
Mar 08 15:52:15 ubuntu18-webadm1 ntpd[2834]: leapsecond file ('/usr/share/zoneinfo/leap-seconds.list'): good hash signature
Mar 08 15:52:15 ubuntu18-webadm1 ntpd[2834]: leapsecond file ('/usr/share/zoneinfo/leap-seconds.list'): loaded, expire=2019-06-28T00:00:00Z last=2017-01-01T00:00:00Z ofs=37
Mar 08 15:52:15 ubuntu18-webadm1 ntpd[2834]: Listen and drop on 0 v6wildcard [::]:123
Mar 08 15:52:15 ubuntu18-webadm1 ntpd[2834]: Listen and drop on 1 v4wildcard 0.0.0.0:123
Mar 08 15:52:15 ubuntu18-webadm1 ntpd[2834]: Listen normally on 2 lo 127.0.0.1:123
Mar 08 15:52:15 ubuntu18-webadm1 ntpd[2834]: Listen normally on 3 ens33 192.168.3.80:123
Mar 08 15:52:15 ubuntu18-webadm1 ntpd[2834]: Listen normally on 4 lo [::1]:123
Mar 08 15:52:15 ubuntu18-webadm1 ntpd[2834]: Listen normally on 5 ens33 [fe80::20c:29ff:fe8f:d283%2]:123
Mar 08 15:52:15 ubuntu18-webadm1 ntpd[2834]: Listening on routing socket on fd #22 for interface updates
root@ubuntu18-webadm1:/home/webadm1#

4.2.5 Sync Time

Force a time synchronization with the command ntpq -p.

root@ubuntu18-webadm1:/home/webadm1# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
+alpha.derg.xyz  192.60.141.183   3 u   41   64   17   28.828   19.097  15.532
*ah.e-lista.pl   145.238.203.14   2 u   35   64   17   16.104   18.191  15.880
+51.255.141.154  37.187.5.167     3 u   35   64   17   15.257   17.014  16.439
root@ubuntu18-webadm1:/home/webadm1# 

4.2.6 Verify Sync

Do the following steps to verify that the NTP daemon is really synchronizing the time. Query the system clock with the command timedatectl status.

root@ubuntu18-webadm1:/home/webadm1# timedatectl status
                      Local time: Fri 2019-03-08 15:57:21 CET
                  Universal time: Fri 2019-03-08 14:57:21 UTC
                        RTC time: Fri 2019-03-08 14:57:22
                       Time zone: Europe/Luxembourg (CET, +0100)
       System clock synchronized: yes
systemd-timesyncd.service active: yes
                 RTC in local TZ: no
root@ubuntu18-webadm1:/home/webadm1# 

Verify if the NTP synchronization works. First, disable NTP synchronization with timedatectl set-ntp false. Afterward, change the system clock with timedatectl set-time 10:00:00, for example.

root@ubuntu18-webadm1:/home/webadm1# timedatectl set-ntp false
root@ubuntu18-webadm1:/home/webadm1# timedatectl set-time 10:00:00
root@ubuntu18-webadm1:/home/webadm1# timedatectl status
                      Local time: Fri 2019-03-08 10:00:05 CET
                  Universal time: Fri 2019-03-08 09:00:05 UTC
                        RTC time: Fri 2019-03-08 09:00:06
                       Time zone: Europe/Luxembourg (CET, +0100)
       System clock synchronized: no
systemd-timesyncd.service active: no
                 RTC in local TZ: no
root@ubuntu18-webadm1:/home/webadm1# 

Now, enable the NTP synchronization with timedatectl set-ntp true and verify it with timedatectl status.

root@ubuntu18-webadm1:/home/webadm1# timedatectl set-ntp true
root@ubuntu18-webadm1:/home/webadm1# timedatectl status
                      Local time: Fri 2019-03-08 15:58:18 CET
                  Universal time: Fri 2019-03-08 14:58:18 UTC
                        RTC time: Fri 2019-03-08 09:00:29
                       Time zone: Europe/Luxembourg (CET, +0100)
       System clock synchronized: yes
systemd-timesyncd.service active: yes
                 RTC in local TZ: no
root@ubuntu18-webadm1:/home/webadm1# 

5. WebADM

WebADM connects regularly the an NTP server to check the server’s clock. If it detects a drift then a message will be shown in the WebADM GUI under Admin and in the Background Job Log File under Databases.

screenshot

-bash-4.2# cat /opt/webadm/logs/bgjobs.log | grep NTP
[2019-02-12 15:52:47] [5756] Checking NTP server time drift... Ok (exact match)
[2019-02-28 13:43:25] [5568] Checking NTP server time drift... Ok (exact match)
[2019-02-28 13:50:16] [6055] Checking NTP server time drift... Ok (113 seconds)
-bash-4.2# 

However, WebADM never synchronizes the server’s clock. One can point the WebADM to any NTP server by adding it to the configuration file /opt/webadm/conf/webadm.conf.

-bash-4.2# vi /opt/webadm/conf/webadm.conf
#
# WebADM Server Configuration
#
...
# Misc options
#treeview_width 300
#treeview_items 1500
#default_portal Admin
#ldap_uidcase No
ntp_server "2.lu.pool.ntp.org"

-bash-4.2# /opt/webadm/bin/webadm restart
Stopping WebADM HTTP server... Ok
Stopping WebADM PKI server... Ok
Stopping WebADM Session server... Ok
Checking libudev dependency... Ok
Checking system architecture... Ok
Checking server configurations... Ok

No Enterprise license found (using bundled Freeware license)
Please contact sales@rcdevs.com for commercial information

Starting WebADM Session server... Ok
Starting WebADM PKI server... Ok
Starting WebADM Watchd server... Ok
Starting WebADM HTTP server... Ok

Checking server connections. Please wait... 
Connected LDAP server: LDAP Server (127.0.0.1)
Connected SQL server: SQL Server (127.0.0.1)
Connected PKI server: PKI Server (127.0.0.1)
Connected Session server: Session Server (::1)

Checking LDAP proxy user access... Ok
Checking SQL database access... Ok
Checking PKI service access... Ok
-bash-4.2#