{"id":14888,"date":"2022-11-15T19:02:17","date_gmt":"2022-11-15T16:02:17","guid":{"rendered":"https:\/\/kifarunix.com\/?p=14888"},"modified":"2024-03-09T23:13:08","modified_gmt":"2024-03-09T20:13:08","slug":"easily-configure-ntp-server-on-rocky-oracle-linux","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/easily-configure-ntp-server-on-rocky-oracle-linux\/","title":{"rendered":"Easily Configure NTP Server on Rocky\/Oracle Linux"},"content":{"rendered":"\n<p>In this guide, you will learn how to easily configure NTP Server on Rocky\/Oracle Linux. In this tutorial, we will use <strong>Chrony<\/strong> to configure NTP server on Rocky\/Oracle Linux. Chrony is currently being used in most cases in favour of the legacy NTPd. Compared to <strong>NTP<\/strong> implementation, <strong>chrony<\/strong>\u00a0performs well in a wide range of conditions including:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>intermittent network connections,<\/li>\n\n\n\n<li>heavily congested networks<\/li>\n\n\n\n<li>changing temperatures<\/li>\n\n\n\n<li>systems that do not run continuously<\/li>\n<\/ul>\n\n\n\n<p>Chrony can be used to synchronize the system clock with NTP servers, reference clocks. It can also operate as an NTPv4 server and peer to provide a time service to other computers in the network.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Configure NTP Server on Rocky\/Oracle Linux<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Installing Chrony on Rocky\/Oracle Linux<\/h3>\n\n\n\n<p>Chrony suite is installed by default on RHEL derivatives, Rocky\/Oracle Linux included. You can however verify this by executing the command below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>rpm -q chrony<\/code><\/pre>\n\n\n\n<p>If the package is installed, you should get an output  similar to;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>chrony-4.1-3.el9.rocky.0.1.x86_64<\/code><\/pre>\n\n\n\n<p>Otherwise, you will get an output like;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>package chrony is not installed<\/code><\/pre>\n\n\n\n<p>To see more information about Chrony;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>rpm -qi chrony<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\nName        : chrony\nVersion     : 4.1\nRelease     : 3.el9.rocky.0.1\nArchitecture: x86_64\nInstall Date: Tue 15 Nov 2022 06:22:59 PM EAT\nGroup       : Unspecified\nSize        : 608214\nLicense     : GPLv2\nSignature   : RSA\/SHA256, Fri 09 Sep 2022 10:43:53 PM EAT, Key ID 702d426d350d275d\nSource RPM  : chrony-4.1-3.el9.rocky.0.1.src.rpm\nBuild Date  : Fri 09 Sep 2022 10:38:35 PM EAT\nBuild Host  : pb-d952646d-29b9-479d-ac06-aee585aa8dcf-b-x86-64\nPackager    : Rocky Linux Build System (Peridot) <releng@rockylinux.org>\nVendor      : Rocky Enterprise Software Foundation\nURL         : https:\/\/chrony.tuxfamily.org\nSummary     : An NTP client\/server\nDescription :\nchrony is a versatile implementation of the Network Time Protocol (NTP).\nIt can synchronise the system clock with NTP servers, reference clocks\n(e.g. GPS receiver), and manual input using wristwatch and keyboard. It\ncan also operate as an NTPv4 (RFC 5905) server and peer to provide a time\nservice to other computers in the network.\n<\/code><\/pre>\n\n\n\n<p>If for some reasons is not installed by default, you can always install it by running the command below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>dnf install chrony<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Configure Chrony as an NTP server on Rocky\/Oracle Linux<\/h3>\n\n\n\n<p>The default configuration file of Chrony is <code>\/etc\/chrony.conf<\/code>.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Set Time Servers<\/h4>\n\n\n\n<p>By default, Chrony has some default public Time servers from pool.ntp.org project project already defined in the configuration file.<\/p>\n\n\n\n<p>For example on Rocky Linux;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>pool 2.rhel.pool.ntp.org iburst<\/code><\/pre>\n\n\n\n<p>On Oracle;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>pool 2.pool.ntp.org iburst<\/code><\/pre>\n\n\n\n<p>To ensure time accuracy, you need to define the time servers close to your NTP server host region.<\/p>\n\n\n\n<p>You can obtain a list of NTP servers  close to your NTP server host region on <a aria-label=\"Internet Cluster of NTP servers (opens in a new tab)\" href=\"https:\/\/www.pool.ntp.org\/en\/\" target=\"_blank\" rel=\"noreferrer noopener\">Internet Cluster of NTP servers<\/a> page.<\/p>\n\n\n\n<p>Just select the region accordingly. For example, if you are in Europe, below are the available NTP servers;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>server 0.europe.pool.ntp.org\nserver 1.europe.pool.ntp.org\nserver 2.europe.pool.ntp.org\nserver 3.europe.pool.ntp.org<\/code><\/pre>\n\n\n\n<p>To use the pool of NTP servers in your region, simply replace the default time server defined in the configuration with your chosen region time servers. You can comment (<strong>Add # at the beginning<\/strong>) the line, <code>pool 2.pool.ntp.org iburst<\/code> replacing it as follows;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>vim \/etc\/chrony.conf<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\n# Use public servers from the pool.ntp.org project.\n# Please consider joining the pool (https:\/\/www.pool.ntp.org\/join.html).\n#pool 2.rhel.pool.ntp.org iburst\n<strong>server 0.europe.pool.ntp.org iburst\nserver 1.europe.pool.ntp.org iburst\nserver 2.europe.pool.ntp.org iburst\nserver 3.europe.pool.ntp.org iburst\n<\/strong>\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Configure NTP Server Access Control<\/h4>\n\n\n\n<p>Next, you need to restrict or control access to the\u00a0<code>NTP<\/code>\u00a0server. This can be done using the <code>allow &lt;host\/network><\/code> directive.<\/p>\n\n\n\n<p>This directive simply is to designate particular servers from which NTP clients are allowed to query an NTP server.<\/p>\n\n\n\n<p>For example, to allow all servers in the network subnet, 192.168.56.0\/24 to access your NTP server;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code># Allow NTP client access from local network.\n#allow 192.168.0.0\/16\n<strong>allow 192.168.59.0\/24<\/strong><\/code><\/pre>\n\n\n\n<p>To allow multiple hosts\/networks, use multiple\u00a0<code>allow<\/code>\u00a0directives. e.g<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code># Allow NTP client access from local network.\n#allow 192.168.0.0\/16\n<strong>allow 192.168.59.0\/24<\/strong>\n<strong>allow 192.168.58.0\/24<\/strong>\n<strong>allow 192.168.100.0\/24<\/strong><\/code><\/pre>\n\n\n\n<p>Save and exit the configuration file.<\/p>\n\n\n\n<p>Read more on, <strong><code>man chrony.conf<\/code><\/strong>.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Open NTP UDP Port 123 on Firewall<\/h4>\n\n\n\n<p>To be able to allow NTP clients access to your NTP server, you need to open port 123\/UDP on firewall.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>firewall-cmd --add-port=123\/udp --permanent<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>firewall-cmd --reload<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Running Chrony on Rocky\/Oracle Linux<\/h4>\n\n\n\n<p><code>Chronyd<\/code> daemon controls the NTP implementation. Thus, start and enable it to run on system boot by running the command below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl enable --now chronyd<\/code><\/pre>\n\n\n\n<p>If it was already running, restart it;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl restart chronyd<\/code><\/pre>\n\n\n\n<p>Check the status;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl status chronyd<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\n\u25cf chronyd.service - NTP client\/server\n     Loaded: loaded (\/usr\/lib\/systemd\/system\/chronyd.service; enabled; vendor preset: enabled)\n     Active: active (running) since Tue 2022-11-15 18:43:49 EAT; 1s ago\n       Docs: man:chronyd(8)\n             man:chrony.conf(5)\n    Process: 1757 ExecStart=\/usr\/sbin\/chronyd $OPTIONS (code=exited, status=0\/SUCCESS)\n   Main PID: 1759 (chronyd)\n      Tasks: 1 (limit: 5891)\n     Memory: 796.0K\n        CPU: 11ms\n     CGroup: \/system.slice\/chronyd.service\n             \u2514\u25001759 \/usr\/sbin\/chronyd -F 2\n\nNov 15 18:43:49 localhost.localdomain systemd[1]: Starting NTP client\/server...\nNov 15 18:43:49 localhost.localdomain chronyd[1759]: chronyd version 4.1 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +NTS +SECHASH +IPV6 +DE>\nNov 15 18:43:49 localhost.localdomain chronyd[1759]: Frequency -5.990 +\/- 10.038 ppm read from \/var\/lib\/chrony\/drift\nNov 15 18:43:49 localhost.localdomain chronyd[1759]: Using right\/UTC timezone to obtain leap second data\nNov 15 18:43:49 localhost.localdomain chronyd[1759]: Loaded seccomp filter (level 2)\nNov 15 18:43:49 localhost.localdomain systemd[1]: Started NTP client\/server.\n...\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Verify Chrony Time Synchronization<\/h3>\n\n\n\n<p><strong>chronyc<\/strong> commands is be used to verify Chrony time synchronization.<\/p>\n\n\n\n<p>You can use <code>chronyc<\/code> command with the other options such as <strong><code>sources, tracking, sourcestats<\/code><\/strong>.<\/p>\n\n\n\n<p>To display information about the current time sources that chronyd is accessing, run the command;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>chronyc sources<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\nMS Name\/IP address         Stratum Poll Reach LastRx Last sample               \n===============================================================================\n^+ 79-209.butt.spdwpl.net        2   6    17    60    +34ms[  +35ms] +\/-  145ms\n^- srv01.spectre-net.de          2   6    35    57    +25ms[  +25ms] +\/-  123ms\n<strong>^* ns.aksinet.net                2   6    17    58   -944us[ +571us] +\/-  166ms<\/strong>\n^? ntp1.karneval.cz              0   6     0     -     +0ns[   +0ns] +\/-    0ns\n<\/code><\/pre>\n\n\n\n<p>The&nbsp;<strong>M&nbsp;<\/strong>column indicates the mode of the source;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>^<\/strong> means a server<\/li>\n\n\n\n<li><strong>=<\/strong> means a peer<\/li>\n\n\n\n<li><strong>#<\/strong> indicates a locally connected reference clock<\/li>\n<\/ul>\n\n\n\n<p>The&nbsp;<strong>S<\/strong>&nbsp;column indicates the state of the sources;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\u201c*\u201d<\/strong> indicates the source to which chronyd is currently synchronized.<\/li>\n\n\n\n<li><strong>\u201c+\u201d<\/strong> indicates acceptable sources which are combined with the selected source.<\/li>\n\n\n\n<li><strong>\u201c-\u201d<\/strong> indicates acceptable sources which are excluded by the combining algorithm.<\/li>\n\n\n\n<li><strong>\u201c?\u201d<\/strong> indicates sources to which connectivity has been lost or whose packets do not pass all tests. This condition is also shown at start-up, until at least 3 samples have been gathered from it.<\/li>\n\n\n\n<li><strong>\u201cx\u201d<\/strong> indicates a clock which chronyd thinks is a falseticker (its time is inconsistent with a majority of other sources).<\/li>\n\n\n\n<li><strong>\u201c~\u201d<\/strong> indicates a source whose time appears to have too much variability<\/li>\n<\/ul>\n\n\n\n<p>To display parameters about the system\u2019s clock performance;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>chronyc tracking<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\nReference ID    : C303FE02 (ns.aksinet.net)\nStratum         : 3\nRef time (UTC)  : Tue Nov 15 15:49:55 2022\nSystem time     : 0.009086476 seconds fast of NTP time\nLast offset     : +0.001899395 seconds\nRMS offset      : 0.012369673 seconds\nFrequency       : 0.425 ppm slow\nResidual freq   : +15.764 ppm\nSkew            : 46.456 ppm\nRoot delay      : 0.241274297 seconds\nRoot dispersion : 0.056591570 seconds\nUpdate interval : 64.6 seconds\nLeap status     : Normal\n<\/code><\/pre>\n\n\n\n<p>And that is it on how to easily configure NTP Server on Rocky\/Oracle Linux.<\/p>\n\n\n\n<p>For more command options, refer to;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code><strong>man chronyc<\/strong><\/code><\/pre>\n\n\n\n<p>Other Tutorials;<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-and-setup-ntp-server-on-ubuntu-22-04-debian-11\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install and Setup NTP Server on Ubuntu 22.04\/Debian 11<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/how-to-configure-ntp-server-on-pfsense\/\" target=\"_blank\" rel=\"noreferrer noopener\">How to Configure NTP Server on pfSense<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this guide, you will learn how to easily configure NTP Server on Rocky\/Oracle Linux. In this tutorial, we will use Chrony to configure NTP<\/p>\n","protected":false},"author":1,"featured_media":12718,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[121,931,236],"tags":[6110,6109,6113,6112,6111],"class_list":["post-14888","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-howtos","category-chrony","category-ntp","tag-configure-ntp-server-on-rocky-linux","tag-how-to-configure-ntp-server-on-oracle-linux","tag-install-chrony-on-oracle","tag-install-chrony-on-oracle-linux","tag-rocky-linux-ntp-server","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/14888"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=14888"}],"version-history":[{"count":6,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/14888\/revisions"}],"predecessor-version":[{"id":14894,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/14888\/revisions\/14894"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/12718"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=14888"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=14888"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=14888"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}