====== Synchronize Time Using Other NTP Peers ======

**General Information**

Synchronizing time to a central time server and also keeping in sync with a peer server.

This type of setup is a tier two NTP setup, allowing for redundancy if the central source of time is lost. The two peers then agree on a time and provide it locally to other servers.

----

====== Lab Setup ======

The following virtual machines will be used:
  * ipa.example.com (192.168.1.152) -> Central Time Server
  * server1.example.com (192.168.1.150) -> NTP Server1 syncs with central (also peers with server2)
  * server2.example.com (192.168.1.151) -> NTP Server2 syncs with central (also peers with server1)

----

====== NTP: Central Time Server ======

Setting up the "central time server" to allow the other servers to sync to it.

  * Server: ipa.example.com (192.168.1.152)
    * This server should already have ntpd installed and working if FreeIPA has been setup.

\\
Ensure that the firewall allows NTP in
<code bash>
firewall-cmd --permanent --add-service=ntp
firewall-cmd --reload
</code>

----

====== NTP: Client Peering ======

Setup the NTP clients to sync with the central NTP server and also peer with each other to provide a tier two redundancy. This would allow other servers to sync with them.

  * Servers
    * server1.example.com (192.168.1.150)
    * server2.example.com (192.168.1.151)

\\
Install required package
<code bash>
yum install chrony
</code>

\\
Enable and start the service
<code bash>
systemctl enable chronyd
systemctl start chronyd
</code>

\\
Edit the config file
<code bash>
vim /etc/chrony.conf

# Comment out all server lines, add a new one
server ipa.example.com iburst

# On server1: Peer with server2
peer 192.168.1.151

# On server2: Peer with server1
peer 192.168.1.150
</code>

\\
Ensure that the firewall allows NTP in (on both server1 and server2)
<code bash>
firewall-cmd --permanent --add-service=ntp
firewall-cmd --reload
</code>

\\
Restart the service
<code bash>
systemctl restart chronyd
</code>

\\
Ensure NTP time sync is enabled
<code bash>
timedatectl set-ntp true
</code>

\\
Check status
<code bash>
chronyc sources -v
</code>
  * Note: It may take a few minutes for the servers to enter a synced state on the peers.

----