Differences
This shows you the differences between two versions of the page.
linux_wiki:synchronize_time_using_other_ntp_peers [2018/04/20 11:27] billdozor [NTP: Client Peering] |
linux_wiki:synchronize_time_using_other_ntp_peers [2019/05/25 23:50] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Synchronize Time Using Other NTP Peers ====== | ||
- | |||
- | **General Information** | ||
- | |||
- | Synchronizing time to a central time server and also keeping in sync with a peer server. | ||
- | |||
- | This type of setup is a tier two NTP setup, allowing for redundancy if the central source of time is lost. The two peers then agree on a time and provide it locally to other servers. | ||
- | |||
- | ---- | ||
- | |||
- | ====== Lab Setup ====== | ||
- | |||
- | The following virtual machines will be used: | ||
- | * ipa.example.com (192.168.1.152) -> Central Time Server | ||
- | * server1.example.com (192.168.1.150) -> NTP Server1 syncs with central (also peers with server2) | ||
- | * server2.example.com (192.168.1.151) -> NTP Server2 syncs with central (also peers with server1) | ||
- | |||
- | ---- | ||
- | |||
- | ====== NTP: Central Time Server ====== | ||
- | |||
- | Setting up the " | ||
- | |||
- | * Server: ipa.example.com (192.168.1.152) | ||
- | * This server should already have ntpd installed and working if FreeIPA has been setup. | ||
- | |||
- | \\ | ||
- | Ensure that the firewall allows NTP in | ||
- | <code bash> | ||
- | firewall-cmd --permanent --add-service=ntp | ||
- | firewall-cmd --reload | ||
- | </ | ||
- | |||
- | ---- | ||
- | |||
- | ====== NTP: Client Peering ====== | ||
- | |||
- | Setup the NTP clients to sync with the central NTP server and also peer with each other to provide a tier two redundancy. This would allow other servers to sync with them. | ||
- | |||
- | * Servers | ||
- | * server1.example.com (192.168.1.150) | ||
- | * server2.example.com (192.168.1.151) | ||
- | |||
- | \\ | ||
- | Install required package | ||
- | <code bash> | ||
- | yum install chrony | ||
- | </ | ||
- | |||
- | \\ | ||
- | Enable and start the service | ||
- | <code bash> | ||
- | systemctl enable chronyd | ||
- | systemctl start chronyd | ||
- | </ | ||
- | |||
- | \\ | ||
- | Edit the config file | ||
- | <code bash> | ||
- | vim / | ||
- | |||
- | # Comment out all server lines, add a new one | ||
- | server ipa.example.com iburst | ||
- | |||
- | # On server1: Peer with server2 | ||
- | peer 192.168.1.151 | ||
- | |||
- | # On server2: Peer with server1 | ||
- | peer 192.168.1.150 | ||
- | </ | ||
- | |||
- | \\ | ||
- | Ensure that the firewall allows NTP in (on both server1 and server2) | ||
- | <code bash> | ||
- | firewall-cmd --permanent --add-service=ntp | ||
- | firewall-cmd --reload | ||
- | </ | ||
- | |||
- | \\ | ||
- | Restart the service | ||
- | <code bash> | ||
- | systemctl restart chronyd | ||
- | </ | ||
- | |||
- | \\ | ||
- | Ensure NTP time sync is enabled | ||
- | <code bash> | ||
- | timedatectl set-ntp true | ||
- | </ | ||
- | |||
- | \\ | ||
- | Check status | ||
- | <code bash> | ||
- | chronyc sources -v | ||
- | </ | ||
- | * Note: It may take a few minutes for the servers to enter a synced state. | ||
- | |||
- | ---- | ||