Differences

This shows you the differences between two versions of the page.

--- linux_wiki:synchronize_time_using_other_ntp_peers [2016/10/08 17:30]
billdozor [Synchronize Time Using Other NTP Peers]
+++ linux_wiki:synchronize_time_using_other_ntp_peers [2019/05/25 23:50] (current)
@@ Line 5: / Line 5: @@
 Synchronizing time to a central time server and also keeping in sync with a peer server.
-This type of setup would be a tier two NTP setup, allowing for redundancy if the central source of time is lost. The two peers could agree on a time and provide it locally to other servers.
+This type of setup is a tier two NTP setup, allowing for redundancy if the central source of time is lost. The two peers then agree on a time and provide it locally to other servers.
 ----
-====== NTP: Time Server ======
+====== Lab Setup ======
-Setting up a local NTP server in order to practice the objective of synchronizing time.
+The following virtual machines will be used:
+  * ipa.example.com (192.168.1.152) -> Central Time Server
+  * server1.example.com (192.168.1.150) -> NTP Server1 syncs with central (also peers with server2)
+  * server2.example.com (192.168.1.151) -> NTP Server2 syncs with central (also peers with server1)
-\\
+----
-Install the ntp package
-<code bash>
-yum install ntp
-</code>
-\\
+====== NTP: Central Time Server ======
-Enable and start ntpd
-<code bash>
-systemctl enable ntpd
-systemctl start ntpd
-</code>
-\\
+Setting up the "central time server" to allow the other servers to sync to it.
-Query NTP to view status
-<code bash>
-ntpq -p
-</code>
-  * -p ->
-\\
+  * Server: ipa.example.com (192.168.1.152)
-NTP Statistics
+    * This server should already have ntpd installed and working if FreeIPA has been setup.
-<code bash>
-ntpstat
-</code>
 \\
-Configure NTP Pool Sources
+Ensure that the firewall allows NTP in
-<code bash>
-vim /etc/ntpd.conf
-# Comment out other servers, add the below
-server 127.127.1.0
-</code>
-  * 127.127.1.0 -> Special IP address that syncs to the local server's clock
-\\
-Restart the service for the change to apply
-<code bash>
-systemctl restart ntpd
-</code>
-\\
-Open the firewall for NTP
 <code bash>
 firewall-cmd --permanent --add-service=ntp
@@ Line 66: / Line 36: @@
 ====== NTP: Client Peering ======
-Setup a NTP client to peer/sync with the NTP server.
+Setup the NTP clients to sync with the central NTP server and also peer with each other to provide a tier two redundancy. This would allow other servers to sync with them.
+  * Servers
+    * server1.example.com (192.168.1.150)
+    * server2.example.com (192.168.1.151)
 \\
 Install required package
 <code bash>
-yum install ntp
+yum install chrony
 </code>
@@ Line 77: / Line 51: @@
 Enable and start the service
 <code bash>
-systemctl enable ntpd
+systemctl enable chronyd
-systemctl start ntpd
+systemctl start chronyd
 </code>
 \\
-Edit the NTP config file
+Edit the config file
 <code bash>
-vim /etc/ntp.conf
+vim /etc/chrony.conf
-# Comment out all server lines, add peer for the newly created NTP server
+# Comment out all server lines, add a new one
-peer 192.168.1.200
+server ipa.example.com iburst
+# On server1: Peer with server2
+peer 192.168.1.151
+# On server2: Peer with server1
+peer 192.168.1.150
+</code>
+\\
+Ensure that the firewall allows NTP in (on both server1 and server2)
+<code bash>
+firewall-cmd --permanent --add-service=ntp
+firewall-cmd --reload
 </code>
@@ Line 93: / Line 80: @@
 Restart the service
 <code bash>
-systemctl restart ntpd
+systemctl restart chronyd
 </code>
 \\
-Open the firewall for ntp
+Ensure NTP time sync is enabled
 <code bash>
-firewall-cmd --permanent --add-service=ntp
+timedatectl set-ntp true
-firewall-cmd --reload
+</code>
+\\
+Check status
+<code bash>
+chronyc sources -v
 </code>
+  * Note: It may take a few minutes for the servers to enter a synced state on the peers.
 ----