Login or Register to Ask a Question and Join Our Community


UNIX for Beginners Questions & Answers

NTP synchronised problem in our Centos 7.6 node

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums UNIX for Beginners Questions & Answers NTP synchronised problem in our Centos 7.6 node
# 15  
Old 09-24-2019
Thanks for the update.

I think I will follow you and do the same on some of my Ubuntu boxes.
# 16  
Old 09-24-2019
Hi Neo,

Our servers are nearly all configured with NTP, but as part of the upgrade process on our RHEL estate we are also screwwing down the security so Chrony it is.

We recently had an Audit carried out and the above version of NTP didn't come out of it well. The Cyber Security Team has endorsed a list of trusted sites for sourcing software packages and as a result upgrading NTP was going to be a more tortuos process than installing and configuring Chrony.

The configuration of Chrony is really straight forward, the config file is included.

Regards

Gull04
This User Gave Thanks to gull04 For This Post:
Neo
# 17  
Old 09-26-2019
Here is what I did (as quick test) on a ubuntu server (because did not want to update system with apt in this case, on this particular server):

Code:
wget https://download.tuxfamily.org/chrony/chrony-3.5.tar.gz
tar xvzf chrony-3.5.tar.gztar xvzf chrony-3.5.tar.gz
cat INSTALL
./configure --disable-readline other-options
make all
vi /etc/chrony.conf
ps aux | grep chron* | grep -v grep

root     28922  0.0  0.0  97024  2620 ?        S    23:29   0:00 /usr/local/sbin/chronyd

cd /var/log
grep chrony *log

syslog:Sep 25 23:29:44 www chronyd[28922]: chronyd version 3.5 starting (+CMDMON +NTP +REFCLOCK +RTC -PRIVDROP -SCFILTER -SIGND +ASYNCDNS -SECHASH +IPV6 -DEBUG)
syslog:Sep 25 23:29:44 www chronyd[28922]: Initial frequency 16.866 ppm
syslog:Sep 25 23:29:49 www chronyd[28922]: Selected source 104.168.88.15


Code:
cat /etc/chrony.conf
pool pool.ntp.org iburst
makestep 1.0 3
rtcsync
port 0

References (2):

chrony - Download
chrony - Installation

TODO: Change this so chrony does not run as root (see next post)...
# 18  
Old 09-26-2019
On a second ubuntu server, using apt:

Code:
apt install chrony
ps aux | grep chron | grep -v grep
_chrony  19064  0.0  0.1 108304  3092 ?        S    04:55   0:00 /usr/sbin/chronyd


Code:
cat /etc/chrony/chrony.conf

root@localhost:/etc/chrony# cat chrony.conf
# Welcome to the chrony configuration file. See chrony.conf(5) for more
# information about usuable directives.

# This will use (up to):
# - 4 sources from ntp.ubuntu.com which some are ipv6 enabled
# - 2 sources from 2.ubuntu.pool.ntp.org which is ipv6 enabled as well
# - 1 source from [01].ubuntu.pool.ntp.org each (ipv4 only atm)
# This means by default, up to 6 dual-stack and up to 2 additional IPv4-only
# sources will be used.
# At the same time it retains some protection against one of the entries being
# down (compare to just using one of the lines). See (LP: #1754358) for the
# discussion.
#
# About using servers from the NTP Pool Project in general see (LP: #104525).
# Approved by Ubuntu Technical Board on 2011-02-08.
# See http://www.pool.ntp.org/join.html for more information.
pool ntp.ubuntu.com        iburst maxsources 4
pool 0.ubuntu.pool.ntp.org iburst maxsources 1
pool 1.ubuntu.pool.ntp.org iburst maxsources 1
pool 2.ubuntu.pool.ntp.org iburst maxsources 2

# This directive specify the location of the file containing ID/key pairs for
# NTP authentication.
keyfile /etc/chrony/chrony.keys

# This directive specify the file into which chronyd will store the rate
# information.
driftfile /var/lib/chrony/chrony.drift

# Uncomment the following line to turn logging on.
#log tracking measurements statistics

# Log files location.
logdir /var/log/chrony

# Stop bad estimates upsetting machine clock.
maxupdateskew 100.0

# This directive enables kernel synchronisation (every 11 minutes) of the
# real-time clock. Note that it can't be used along with the 'rtcfile' directive.
rtcsync

# Step the system clock instead of slewing it if the adjustment is larger than
# one second, but only in the first three clock updates.
makestep 1 3

#If you don't need to serve time to NTP clients or peers, you can add port 0 to the chrony.conf file 
# to completely disable the NTP server functionality and prevent NTP requests from reaching chronyd
port 0

Conclusion: On ubuntu, better to install with apt if possible. It's easier, more secure and more comprehensive than a quick manual install (like in the post above);

Code:
cd /var/log
grep chrony *log

auth.log:Sep 26 04:55:13 localhost groupadd[18713]: group added to /etc/group: name=_chrony, GID=115
auth.log:Sep 26 04:55:13 localhost groupadd[18713]: group added to /etc/gshadow: name=_chrony
auth.log:Sep 26 04:55:13 localhost groupadd[18713]: new group: name=_chrony, GID=115
auth.log:Sep 26 04:55:13 localhost useradd[18717]: new user: name=_chrony, UID=111, GID=115, home=/var/lib/chrony, shell=/usr/sbin/nologin
auth.log:Sep 26 04:55:13 localhost usermod[18723]: change user '_chrony' password
auth.log:Sep 26 04:55:13 localhost chage[18728]: changed password expiry for _chrony
auth.log:Sep 26 04:55:13 localhost chfn[18731]: changed user '_chrony' information
dpkg.log:2019-09-26 04:55:13 install chrony:amd64 <none> 3.2-4ubuntu4.2
dpkg.log:2019-09-26 04:55:13 status half-installed chrony:amd64 3.2-4ubuntu4.2
dpkg.log:2019-09-26 04:55:13 status unpacked chrony:amd64 3.2-4ubuntu4.2
dpkg.log:2019-09-26 04:55:13 status unpacked chrony:amd64 3.2-4ubuntu4.2
dpkg.log:2019-09-26 04:55:13 configure chrony:amd64 3.2-4ubuntu4.2 <none>
dpkg.log:2019-09-26 04:55:13 status unpacked chrony:amd64 3.2-4ubuntu4.2
dpkg.log:2019-09-26 04:55:13 status unpacked chrony:amd64 3.2-4ubuntu4.2
dpkg.log:2019-09-26 04:55:13 status unpacked chrony:amd64 3.2-4ubuntu4.2
dpkg.log:2019-09-26 04:55:13 status unpacked chrony:amd64 3.2-4ubuntu4.2
dpkg.log:2019-09-26 04:55:13 status unpacked chrony:amd64 3.2-4ubuntu4.2
dpkg.log:2019-09-26 04:55:13 status unpacked chrony:amd64 3.2-4ubuntu4.2
dpkg.log:2019-09-26 04:55:13 status unpacked chrony:amd64 3.2-4ubuntu4.2
dpkg.log:2019-09-26 04:55:13 status unpacked chrony:amd64 3.2-4ubuntu4.2
dpkg.log:2019-09-26 04:55:13 status unpacked chrony:amd64 3.2-4ubuntu4.2
dpkg.log:2019-09-26 04:55:13 status unpacked chrony:amd64 3.2-4ubuntu4.2
dpkg.log:2019-09-26 04:55:13 status unpacked chrony:amd64 3.2-4ubuntu4.2
dpkg.log:2019-09-26 04:55:13 status half-configured chrony:amd64 3.2-4ubuntu4.2
dpkg.log:2019-09-26 04:55:15 status installed chrony:amd64 3.2-4ubuntu4.2
kern.log:Sep 26 04:55:14 localhost kernel: [9630131.911799] audit: type=1400 audit(1569473714.650:59): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/sbinchronyd" pid=18964 comm="apparmor_parser"
syslog:Sep 26 04:55:14 localhost kernel: [9630131.911799] audit: type=1400 audit(1569473714.650:59): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/sbin/chronyd" pid=18964 comm="apparmor_parser"
syslog:Sep 26 04:55:15 localhost systemd[1]: Starting chrony, an NTP client/server...
syslog:Sep 26 04:55:15 localhost chronyd[19064]: chronyd version 3.2 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SECHASH +SIGND +ASYNCDNS +IPV6 -DEBUG)
syslog:Sep 26 04:55:15 localhost chronyd[19064]: Initial frequency -0.501 ppm
syslog:Sep 26 04:55:15 localhost systemd[1]: Started chrony, an NTP client/server.
syslog:Sep 26 04:55:23 localhost chronyd[19064]: Selected source 198.50.238.163

# 19  
Old 09-26-2019
.. and just for fun, installed chrony on macOS as follows:

Code:
brew cask install chronycontrol

Image

Reference:

chronyd on MacOS X
This User Gave Thanks to Neo For This Post:
gull04
# 20  
Old 09-26-2019
Hi Neo,

Thanks for the macOS info, I'll maybe get round to installing on my MacBook in the not too distand future.

Regards

Gull04
# 21  
Old 09-26-2019
Welcome,

I will probably install on all four of my Macs.... it's pretty cool !!

Slowly converging (as it should), after initial install a few minutes ago:

Image
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. AIX

GPS Clock Not Synchronised

Hi guys, I got some error on my application server mentioning that gps clock not sync to my db server. what is the command to check is my server is sync with the gps clock? appreciate if you guys can let me know how to troubleshoot this problem. Thanks (1 Reply)
Discussion started by: leecopper
1 Replies

2. AIX

NTP time problem

I got an ntp time problem on AIX server. os version is AIX7.1 OS LEVEL 7.1.0.0 i got below output,when i run the below command bash-3.2# ntpdate -dv XXXXXXXXXXXXXXXXXXXXXXXX 4 Dec 12:50:49 ntpdate: 3.4y transmit(xxxxxxxxx) receive(xxxxxxxxx) transmit(xxxxxxxx) receive(xxxxxxxxx)... (9 Replies)
Discussion started by: murali969
9 Replies

3. UNIX for Advanced & Expert Users

NTP Problem

Hello every one i want to setup a ntp on sco unix 5.0.6 and i don't have any time server how can i do this with local time (1 Reply)
Discussion started by: kaydream
1 Replies

4. Solaris

NTP problem.

Hi, I have edited the /etc/inet/ntp.conf file to point to a new time server. When I restart ntp on Solaris 10 using 'svcadm disable/enable ntp' it still points to the old ntp server when I run a 'ntpq -p'. Any ideas? Thanks. Sparcman (4 Replies)
Discussion started by: sparcman
4 Replies

5. Red Hat

NTP sync problem

Hi, I have 4 machines and all are NTP configured with same ntp.conf file. But 3 machines are in sync with Time server and 4th machine is not contacting & sync with the NTP server. Please see the below details. # service ntpd stop Stopping ntpd: ... (0 Replies)
Discussion started by: uday123
0 Replies

6. AIX

NTP Client problem

Hello everybody! When I run command "ntpdate" the following error occures "ksh: ntpdate: 0403-006 Execute permission denied. " # oslevel -s 5300-08-06-0918 oslevel -r 5300-08 eny suggestion friends? :-) (3 Replies)
Discussion started by: wwwzviadi
3 Replies

7. UNIX for Dummies Questions & Answers

NTP problem

All - i tried to sysn the clock from our server to get the timing and the server IP has been added in the ntp.conf file and i have some problems here. if some1 help me to solve this problem. 1. i can ping server 2. i was unable to ntpq -p (time out, no response from remote server, it looks... (2 Replies)
Discussion started by: March_2007
2 Replies

8. Solaris

NTP Authen Problem

Dear All I'm solaris user . I need to setup NTP authentication for my office server but I have some question for ntp setting up. I need to know if i set authen NTP the client that doesn't set for authen key can sync time from authen ntp server or not ?? when i setup the authen at ntp server ... (1 Reply)
Discussion started by: goasutlor
1 Replies

9. HP-UX

NTP problem

Hi, I have a problem using NTP. We have a setup as following : client --> HP Server(NTP) --> DMZ server --> DMZ server --> Internet Only some clients and our HP server is using NTP, the others are using different software. Now I get an error every day : Oct 1 13:17:15 nlunx1n1 xntpd:... (4 Replies)
Discussion started by: davidg
4 Replies

10. Programming

i-node problem

First , thank you for reading the post. I Use Digital Unix 4.0F . I get an i-node number of a text file using stat() function . I want to read the file context following the i-node information . But I do not know how to read disk information accroding to i-node information . (1 Reply)
Discussion started by: chenhao_no1
1 Replies
Login or Register to Ask a Question