To have accurate time in all your systems is as important as having a solid network security strategy (achieved by much more then simple firewall boxes). It is one of the primary components of a system administration based on good practices, which leads to organization and security. Specially when administering distributed applications, web-services, or even a distributed security monitoring tool, accurate time is a must.
We'll not discuss here the protocol, but how this wonderfull invention, added to the pervasiveness of the Internet, can be usefull for us. You can find more about it at www.ntp.org.
Once your system is setup, NTP will manage to keep its time accurate, making very small adjustments to not impact the running applications.
People can get exact time using hardware based on atom's electrons frequency or cyclotrons. There is also a method based on GPS (Global Positioning System). The first is more accurate, but the second is pretty good also. Both require very special and expensive equipment, but their owners (usually universities and research labs) connects them to computers, that run an NTP daemon, that are connected to the Internet, that finally lets us access it for free. And this is how we'll synchronize our systems.
You will need:
A direct or indirect (through a firewall) connection to the Internet.
Choose some NTP servers. There is a list of public time servers on NTP website. If you don't have an Internet access, your WAN administrator (must be a cleaver guy) can provide you some internal addresses.
Have the NTP package installed in all systems you want to synchronize. You can find RPMs in your favorite Linux distribution CD, or make a search on rpmfind.net.
Here is an example of good architecture:
If you have several machines to synchronize, do not make them all access the remote NTP servers you choosed. Only 2 of your server farm's machines must access remote NTP servers, and the other machines will sync with these 2. We will call them the Relay Servers.
Your Relay Servers can be any machine already available in your network. NTP consumes low memory and CPU. You don't need to have a dedicated machine for it.
![]() | It is a good idea to create hostname aliases for your local Relay Servers like ntp1.mydomain.com and ntp2.maydomain.com, and use only these names when configuring the client machines. This way you can move the NTP functionality to a new Relay Server (with a different IP and hostname), without having to reconfigure the clients. Ask your DNS administrator to create this aliases. |
Edit /etc/ntp.conf and add the remote servers you choosed:
Example 5. Relay machines /etc/ntp.conf
. . server otherntp.server.org # A stratum 1 server at server.org server ntp.research.gov # A stratum 2 server at research.gov . . |
Edit /etc/ntp.conf and add your Relay Servers with a standard name:
Example 6. Client machines /etc/ntp.conf
. . server ntp1.my.com # My first local relay server ntp2.my.com # My second local relay . . |
If your machine has a UTC time difference bigger then some minutes comparing to the NTP servers, NTP will not work. So you must do a first full sync, and I recommend you to do it in a non-production hour. You need to do it only when you are making the initial NTP setup. Never more:
Example 7. First sync
The last step is to start or restart the NTP daemons in each machine:
bash# service ntpd restart |
Now you have everything setup. NTP will softly keep your machine time synchronized. You can watch this process using the ntpdc command:
Example 8. A time synchronization status
bash# ntpdc -c peers remote local st poll reach delay offset disp ======================================================================= =LOCAL(0) 127.0.0.1 7 64 377 0.00000 0.000000 0.43828 =ntp.server.org 200.218.38.134 2 64 377 0.44949 -0.023418 0.44000 =otherntp.resear 200.218.38.134 2 64 377 0.22252 -0.024405 0.93861 |
The meaning of each column
Is the name of the remote NTP server. If you use the -n switch, you will see the IP addresses of these servers instead of their hostnames.
Your local IP address used to communicate with remote servers.
Stratum is a number from 1 to 16, to indicate the remote server precision. 1 is the most accurate, 16 means server unreachable. Your Stratum will be equal to the less accurate remote server plus 1.
??????????????????????????? Contribute !
This is an octal representation of an array of 8 bits, representing the last 8 times the local machine tried to reach the server. The bit is set if the remote server was reached.
The amount of time (seconds) needed to receive a response for a "what time is it" request.
The most important value. The difference of time between the local and remote server. In the course of synchronization, the offset time lowers down, indicating that the local machine time is getting more accurate.
??????????????????????????? Contribute !
You may want to have NTP running all the time even if you reboot your machine. On each machine, do the following:
bash# chkconfig --level 2345 ntpd on |
This will ensure autostart.
If your machine is up and running for a long time (months, years) without rebooting, you'll find a big discrepancy between the inaccurate hardware clock and the (now very accurate) system time. Modern Linux distributions copy OS time to the HC everytime the system is shutdown, using a mechanism similar to the setclock command. This way, in the next OS boot, you'll get date and time almost as accurate as it was when you shutdown.