If you’re reading this you probably know already what an NTP server is. However, long story short NTP stands for Network Time Protocol, used for clock synchronization most of the times in client-server scenarios. It uses UDP port 123. Easy. For a CentOS 7 NTP Server, read below.
You are probably already running a distro of Centos 7 (on a side note, Tuesday 24th of Sept CentOS 8 will be released). If not, you may want to visit the CentOS page and download what suits you best.
So on my VM I’m running CentOS 7.7. To find out what version of CentOS you’re running type:
cat /etc/centos-release
The steps for the NTP server install and configuration would be:
- Install the NTP package. I’m on 7.7 so the NTP package is already installed:
yum install ntp
- The next step would be to identify the best servers that would sync the clock on your VM by visiting the NTP Pool Project official page. “The best” is a very generic statement so I suggest you to chose a pool as close as possible from a geographic point of view, to your server. For example if you’re based in the UK you may choose uk.pool.ntp.org
- next you’ll have to edit the ntp configuration file and “tell” your server to sync the clock with the pool chosen in the previous step. Of course you may use as well the default CentOS pools.
However, in this tutorial we will use the Google NTP servers, therefore we will have to remove the pools already configured, or just comment them as shown below:nano /etc/ntp.confadd#in front of the centos servers and insert:server time1.google.com iburst
server time2.google.com iburst
server time3.google.com iburst
server time4.google.com iburst
More info on the above servers on Google NTP Servers.
The end result should be as shown below:
- moving ahead, we’ll have to configure the network/subnet/hosts that will be allowed to query our CentOS NTP server. Edit the same configuration file and then add:
restrict 10.0.0.0 mask 255.255.255.0 nomodify notrap
In this example, any computer/switch/router that’s part of the 10.0.0.0/24 will be allowed to query and sync their clock with our NTP server. You will have to replace that network with the subnet where your network devices management resides.
- this step is not mandatory but it’s something nice to have and it might come handy when troubleshooting. In the same configuration file add the below line, which will create a log file:
logfile /var/log/ntp.log - save the configuration file. Very important, save the configuration only, don’t create a new file;
- then you’ll have to edit the firewall rules and allow UDP port 123:
firewall-cmd --add-service=ntp --permanent
firewall-cmd --reload
- with the firewall configured, you’ll now have to enable, start and check the status of ntp process:
systemctl start ntpd
systemctl enable ntpd
systemctl status ntpd
Now you’ll have to wait a few minutes so that your server/VM will sync it’s time with the servers configured in the previous steps. To verify clock synchronization and the stratum value use:ntpq -p
In the above example, the Google NTP servers reach-ability value is 377, which is the max value. The stratum value is 1, therefore our CentOS server will have a stratum value of 2.
That’s it! Now you should have an NTP server which you can use internally within your organization.