Commands
Want to pass the RHCSA9 exam? This section of the RHCSA9 Exam Series: Operate Running Systems will review how to operate running systems–a key skill
In this article, we will review how to configure NTP on RHEL9 using chrony. We will focus on the server-side setup and finish with the client-side setup.
Before we begin, this article assumes that you already have running instances of RHEL9 or CentOS9 available. If not, you may reference the following articles for RHEL7 or CentOS8 installation procedures. Those installation procedures are similar in nature with a few minor differences and can be utilized for installing RHEL9 or CentOS9.
For this exercise, we will provision two virtual machines (VMs):
VM #1: node1.infotechys.example.com (server instance)
VM #2: node2.infotechys.example.com (client instance)
Starting with the Red Hat Enterprise Linux (RHEL) 7 release, chronyd became the default time service option and replaced ntpd. However, ntpd is still available for those environments that still require it. Chrony is just as easy to install and configure as ntp and some may even argue it’s easier. Some of its benefits include:
Firstly, check if the chrony package is installed on your machine. If not, install it. Also, ensure the chronyd service is not running. We will make some configuration changes before we start the service.
# dnf install chrony
# systemctl status chronyd.service
○ chronyd.service - NTP client/server
Loaded: loaded (/usr/lib/systemd/system/chronyd.service)
Active: inactive (dead) since Sat 2022-08-06 22:00:00 EDT; 4s ago
Docs: man:chronyd(8)
man:chrony.conf(5)
Process: 757 ExecStart=/usr/sbin/chronyd $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 764 (code=exited, status=0/SUCCESS)
CPU: 121ms
Using your favorite text editor, open the /etc/chrony.conf file and make the following changes.
# vim /etc/chrony.conf
Comment out the existing server entry. By default, it will be set to the public servers from the pool.ntp.org project.
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (https://www.pool.ntp.org/join.html).
# pool 2.rhel.pool.ntp.org iburst
Uncomment the allow <IP> section to allow client instances on your local network to connect to your time server. NOTE: If client instances reside on a different subnet or IP address range, you’ll need to specify it here (below). For this example, our client instances all reside on the 192.168.4.0/24 subnet.
# Allow NTP client access from local network.
allow 192.168.4.0/24
Uncomment the local stratum entry. This allows your server to act as a time source. For the stratum setting, change its value to 3. The stratum hierachy ranges from 1 to 15 with 1 being the best or most reliable time source. Therefore, we are setting our time server to 3 because it’s a local setup for testing and learning purposes.
# Serve time even if not synchronized to a time source.
local stratum 3
After completing the configuration changes, save and exit the /etc/chrony.conf file and enable the chronyd service with the --now option so that it starts up and autostarts upon reboot.
# systemctl enable --now chronyd.service
# systemctl status chronyd.service
● chronyd.service - NTP client/server
Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2022-08-06 23:09:38 EDT; 13s ago
Docs: man:chronyd(8)
man:chrony.conf(5)
Process: 1360 ExecStart=/usr/sbin/chronyd $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 1362 (chronyd)
Tasks: 1 (limit: 9122)
Memory: 716.0K
CPU: 36ms
CGroup: /system.slice/chronyd.service
└─1362 /usr/sbin/chronyd -F 2
Using the firewall-cmd command, allow network access for the ntp and ptp services.
# firewall-cmd --permanent --add-service=ntp --add-service=ptp
success
# firewall-cmd --reload
success
# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: enp1s0
sources:
services: cockpit dhcpv6-client ntp ptp ssh
ports:
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
The client-side setup also involves modifying the /etc/chrony.conf. Simply change the server entry to the fully-qualified domain name (FQDN) or IP address of your time server (node1.infotechys.example.com).
# vim /etc/chrony.conf
Also, add the iburst option so that chronyd make an update of the first clock sooner.
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (https://www.pool.ntp.org/join.html).
server node1.infotechys.example.com iburst
Then, restart the chronyd service.
# systemctl restart chronyd.service
NOTE: Check to see if the chronyd service is enabled to autostart on reboot. If not, enable it with the following command: systemctl enable chronyd.service
To verify the client instance (node2) is syncing to node1 (time server instance), run the chronyc sources command with the -v option for verbose output.
Photo by admingeek from Infotechys.com
Related Posts
Want to pass the RHCSA9 exam? This section of the RHCSA9 Exam Series: Operate Running Systems will review how to operate running systems–a key skill
In today’s tutorial, we will install CentOS8 on KVM. The install process is fairly straightforward and we will cover it here step-by-step. We will follow
Table of Contents Introduction According to the Linux manual pages (man yum), there are 35 standard YUM commands. That number increases to the hundreds when