INFO-3182 – Operating Systems Linux

Module 16a – Network Time Protocol

Introduction

The Network Time Protocol (NTP) is a network protocol and set of software tools that permits a
computer system’s clock to be synchronized with a time server. Multiple time servers can be specified
on a system but only one is used at a time.

Clock synchronization is important for computer systems to support:

• Log synchronization – provides a method for tracking related events across an organization’s IT
environment. Without synchronized clocks it is almost impossible to properly track events in the
right order.
• Job synchronization – Modern information technology environments often have related jobs
running on different systems, clock synchronization helps to keep them running in the right
order.
• Proving Service Level Agreement (SLA) compliance
• Finding and stopping Security Breaches
• Backups
• Network and service failover and management.

Where are NTP servers located?

There are many NTP servers spread around the world. Some are operated by governmental
organizations such as the U. S. government’s National Institute of Standards and Technology (NIST) and
are publicly available. Other publicly available NTP servers are operated by businesses and non-profit
organizations that provide Internet services.

Many organizations have their own internal NTP time servers which all their internal systems use. This
allows accurate clock synchronization internally, even if external synchronization is unstable due to
Internet connectivity issues.

NTP Stratum

Stratum is the term used in NTP as a measure of the distance (network hops) a system is from a real-
time clock.

Page 1 of 10
 INFO-3182 – Operating Systems Linux

In the information technology world, a real-time clock is a computing device with a network interface
that is directly attached to an atomic clock, or a radio receiver getting accurate time signals. Suitable
radio receivers can use GPS or high frequency technologies.

Real-time clocks are at stratum 0. A computer system that is synchronized with a stratum 0 device is at
stratum 1; a computer system that is synchronized with a stratum 1 system is at stratum 2; and so forth.
The higher the stratum number the less accurate a system’s clock is (microseconds to milli seconds of
variation). The maximum usable stratum level is 15. Systems at stratum 16 or higher are considered to
be unsynchronized.

NTP on CentOS Stream 9

CentOS Stream 9 uses the chronyd service for time synchronization. The chronyd service is a full
implementation of the NTP protocol supporting both client and server operations.

The chronyd service should be installed on all CentOS Stream 9 systems by default. If for some reason it
is not installed, use the following command to install it:
sudo dnf install chronyd

Then enable and start it if necessary.

Along with the chronyd service, the chronyd package includes the chronyc command. This
command can display some useful information about the state of the service and perform a limited
amount of configuration. Most configuration is done by editing the /etc/chrony.conf file.

• chronyc tracking displays detailed tracking (time synchronization) information.

• chronyc sources displays a summary of the NTP servers that chronyd is currently
synchronizing with. The one it is synchronized with is indicated by * towards the left end of the
output.
• chronyc clients displays a list of systems that are using a chronyd instance as their time
server.

Configuring chronyd using /etc/chrony.conf

There are two key items that are normally customized in the /etc/chrony.conf file. These are the servers
that are used by the current system to synchronize its time, and the list of clients that can synchronize
their clocks with the current system.

The time servers being used by this system are specified using either the pool or server directives.

Page 2 of 10
 INFO-3182 – Operating Systems Linux

• When a pool directive is used, the DNS name provided with the directive is assumed to be a
reference to multiple time servers and chronyd attempts to synchronize with all of them.
• The server directive assumes that the DNS name it is provided refers to a single time server. If it
is a list of time servers, one of them is randomly selected.

The default chrony.conf file contains a single pool directive.

pool 2.centos.pool.ntp.org iburst

Using the chronyc sources command reveals that the DNS name in the directive results in the system
attempting to synchronize with four servers as shown in Figure 1, the second one listed is the one that it
has synchronized with as indicated by the * near the beginning of the line. The local server is at stratum
1 so the public server it is synchronized with is at stratum 0. The local system’s clock is within 600
microseconds of that time server’s clock when the screenshot was taken.

Figure 1 Screenshot of the chronyc sources command listing the four servers included in the default pool in the /etc/chrony.conf
file.

Often it is desirable to use public NTP servers that are known to be in the same geographic region as a
system or to use servers with known reliability. It is also common to use internal NTP servers instead of
public ones for all internal systems. The internal NTP servers may use public NTP servers or radio
receivers as their sources.

Replacing the above pool directive with the following two lines and restarting the chronyd service
changes the servers being used to one of the NIST servers and a member of a pool of servers in Canada.
server time.nist.gov
server ca.pool.ntp.org

The screenshot in Figure 2 was taken immediately after restarting the chronyd service with the updated
configuration file. Notice that the system is not synchronized with either server. It can take several
minutes for synchronization to occur.

Page 3 of 10
 INFO-3182 – Operating Systems Linux

Figure 2 Screenshot showing the immediate results of changing to a different set of time servers. Notice that the current system
is not synchronized with either server.

Figure 4 shows that after waiting a few minutes, the system has synchronized with one of the new time
servers. The local server is stratum 2.

Figure 3 Screenshot showing the results of waiting a few minutes after selecting a new set of servers. This system is now
synchronized with one of the new time servers.

To allow a server to act as a time server for other systems, those systems must be granted access to the
NTP service on the server. There are two configuration steps needed to allow a system to act as a time
server: edit the /etc/chrony.conf file to specify the IP addresses of systems that are allowed to
synchronize to the server and add the necessary firewall rule(s).

The default /etc/chrony.conf file does not permit any systems to synchronize with a time server. The
directive to permit synchronization by other systems is called allow and takes an IP address (host or
network) as its value. For example, to allow synchronization by any system on the 192.168.101.0/24
network the directive is:
allow 192.168.191.0/24

The service must then be restarted for the changes to take effect.

Then the firewall rule must be added using the following commands.
firewall-cmd --permanent --add-service=ntp
firewall-cmd --reload

Figure 4 shows the firewall rule being added to the stored configuration for the firewalld firewall and
then being loaded into the running configuration.

The network port number for all NTP servers is 123/UDP.

Page 4 of 10
 INFO-3182 – Operating Systems Linux

Figure 4 Screenshot showing the addition of a firewall rule to the firewalld firewall that allows NTP connections from anywhere.

Changing a system to use an internal NTP server is essentially the same as changing one to use different
public time servers. The difference is that the DNS name or IP address of the time server is internal.

For example, to change the system to use the server configured above, comment out the default pool
directive in the /etc/chrony.conf file and add the following server directive:

server 192.168.101.20.

After restarting the chronyd service on the system that was configured to use 192.168.101.20 as its time
server, it synchronized with that system and said that the local system is at stratum 2. Figure 5 shows
the chronyc sources command and its output for the client system.

Figure 5 Screenshot showing the chronyc sources command on the client system. It is synchronized with the new server.

Why is this client system at stratum 2 while the server was shown earlier to be at stratum 2? The answer
is that NTP is constantly checking and adjusting the clock on every system it is installed on. This includes
checking to see if another server it knows about is a better choice to synchronize with. While the client
system was being configured, the server decided that a different public server was a better choice and
synchronized with it. So, the server is now at stratum 1 so the client should be stratum 2. Figure 6 shows
the new chronyc sources output on the server.

Page 5 of 10
 INFO-3182 – Operating Systems Linux

Figure 6 Screenshot showing the updated synchronization information for the server. It is now a stratum 1 server.

The chronyc clients command lists all systems that are synchronizing their clocks with a time server.
Figure 7 shows the chronyc clients command being used on the local time server. It shows the system
just configured as a client and itself (its own system clock) synchronizing with the server.

Figure 7 Screenshot showing the chronyc clients command and its output. The server's own system clock and the client are both
using the server.

The timedatectl command.

The timedatectl command was introduced around the same time as systemd. It provides a
command line tool for managing several different time and date configuration options, the most
common of which is setting a system’s time zone.

To display a system’s time and date information, issue the timedatectl command without
parameters as shown in Figure 8. The output shows the local time as determined by the system’s time
zone, the UTC time and the time the system’s clock is set to (usually UTC). The output also shows
whether NTP is in use and whether the system is synchronized with a time server.

Page 6 of 10
 INFO-3182 – Operating Systems Linux

Figure 8 Screenshot showing time and time zone information for a system as displayed by the timedatectl command.

Most Linux installers allow the time zone to be set during installation, but sometimes it needs to be
changed later. This may be because the wrong time zone was set during installation or because the
system has moved to a different location in a different time zone. Figure 9 shows the timedatectl
command being used to change a system’s time zone. The new time zone is America/Halifax, Halifax
uses Atlantic Time. The command is:
timedatectl set-timezone “America/Halifax”

Figure 9 Screenshot showing the timedatectl command being used to set a system's time zone to America/Halifax.

NTP on Ubuntu

Ubuntu 24.04 uses the systemd-timesyncd service by default. The systemd-timesyncd service is not a full
implementation of the NTP protocol, it only supports client operations. This means that an Ubuntu
24.04 system running timesyncd cannot act as a time server for other systems.

Prior to Ubuntu 24.04, when a system was to act as a time server, the timesyncd service had to be
disabled and the ntpd service installed using the ntp package. While this package still exists in the
Ubuntu 24.04 repositories, it does not install properly.

The proper service to use for a NTP server on Ubuntu 24.04 is chronyd in the chrony package, the same
as the service that is installed on CentOS Stream 9 by default. The configuration file is
/etc/chrony/chrony.conf (same file name as on CentOS Stream 9, but a different path). When using
chronyd on Ubuntu 24.04, timesyncd is not disabled.

Page 7 of 10
 INFO-3182 – Operating Systems Linux

The chrony.conf file on Ubuntu 24.04 contains the same configuration settings as the one on CentOS
Stream 9, so the details are not repeated here.

When configuring an Ubuntu 24.04 system to act as a NTP server, remember to add the appropriate
firewall rules.

The hostnamectl command

The hostnamectl command, like timedatectl was introduced around the same time as systemd. This
command, when used without parameters or with the status parameter, provides a list of
information about a system. As shown in Figure 10, this information includes the host name, machine
identifier, physical or virtual machine information and operating system information. The Machine ID
item in the list is also known as the system’s Universally Unique Identifier (UUID) which is a similar
concept to Microsoft’s GUID.

Figure 10 Screenshot showing the hostnamectl command being executed on a CentOS Stream 9 system. The output lists
information about the system.

Figure 11 shows the hostnamectl command run on an Ubuntu 24.04 system. Some of the information is
different from that shown in Figure 10 for the obvious reason that the screenshots are for two different

Page 8 of 10
 INFO-3182 – Operating Systems Linux

distributions of Linux. However, there is one difference that is worthy of note, the Kernel versions.
CentOS Stream 9, like all RedHat family distributions, follows the principle of stability so the kernel stays
at the same base level (5 in this case) for the entire life of the product. It is regularly updated for bug
fixes and security patches, but the base version does not change. Ubuntu 24.04 was released about 2
years after CentOS Stream 9 and therefore has a much newer version of the kernel. The kernel
developers maintain multiple versions of the Linux kernel, so both have the latest security patches, but
the newer one will have functionality improvements in it.

Figure 11 Screenshot showing the execution of the hostnamectl command on an Ubuntu 24.04 system. The output shown here is
a bit different from that shown in Figure 10 because it is for a different distribution of Linux.

The hostnamectl command can be used to change the hostname of a Linux system. This is done
using the hostname parameter or its alias set-hostname. Figure 12 shows the hostname for a
system being changed. The command used is
hostnamectl hostname cs9-swg-1

where cs9-swg-1 is the new name for the host. This example uses just the host name of the system, a
fully qualified domain name (FQDN) can be specified if necessary.

Page 9 of 10
 INFO-3182 – Operating Systems Linux

NOTE: The hostnamectl command, used this way, updates the configuration file containing the
hostname, but does not put the change into effect. A reboot is required. This is one of the few
configuration changes on a Linux system that always requires a reboot.

Figure 12 Screenshot showing the hostnamectl command being used to rename a Linux system. Notice that the hostname has
not changed in the prompt following the command, a reboot is required for the change to take effect.

In some cases, especially in scripts, it is necessary to obtain a system’s hostname without all the
information shown in Figures 10 and 11. This can be done by executing the command:
hostnamectl hostname

as shown in Figure 13. Notice that a new name is not specified when using the command this way.

Figure 13 Screenshot showing the hostnamectl command being used to display just a system's hostname.

NOTE: There are many online articles that say to edit the /etc/hostname file to change a system’s name.
This is an older approach that does still work, although using hostnamectl is recommended today.

NOTE: There is an older command, hostname, that can be used instead of the last use of hostnamectl
shown above. This command works well for displaying a hostname, but its ability to change hostnames
varies between distributions and is often only temporary. This command is expected to be deprecated
soon.

Page 10 of 10