Configuring the Local NTP Server
On a network with multiple systems, it’s always recommended to set up a single system as the NTP server for all the other local systems. The cloud providers follow the same model to run their own NTP pools within their data centers. The benefits of following this model include, reduced load on external connections and remote NTP servers, proper synchronization of the local systems with each other even when the external connection or servers goes down.
You can enable a local server in the configuration file.
-
Specify the network and subnet from where the connections arrive to enable the local server. In addition, you can create an access list and test it on the server using the following command:
accheck address
For instance, you can use the following configuration to allow connections from 192.168.2.0/24 and all of the 10.0.0.0/8 subnet:
allow 192.168.2.0/24 allow 10.0.0.0/8
-
Restart the Chrony service for the configuration to take effect as shown in the following sample configuration file.
user1@cluster-manager:~$ vi /etc/chrony/chrony.conf user1@cluster-manager:~$ sudo vi /etc/chrony/chrony.conf user1@cluster-manager:~$ sudo systemctl daemon-reload user1@cluster-manager:~$ sudo systemctl restart chrony user1@cluster-manager:~$ sudo systemctl status chrony chrony.service - chrony, an NTP client/server Loaded: loaded (/lib/systemd/system/chrony.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2019-11-19 17:54:26 UTC; 10s ago Docs: man:chronyd(8) man:chronyc(1) man:chrony.conf(5) Process: 14237 ExecStartPost=/usr/lib/chrony/chrony-helper update-daemon (code=exited, status=0/SUCCESS) Process: 14196 ExecStart=/usr/lib/systemd/scripts/chronyd-starter.sh $DAEMON_OPTS (code=exited, status=0/SUCCESS) Main PID: 14233 (chronyd) Tasks: 1 (limit: 4915) CGroup: /system.slice/chrony.service └─14233 /usr/sbin/chronyd Nov 19 17:54:26 cluster-manager systemd[1]: Starting chrony, an NTP client/server... Nov 19 17:54:26 cluster-manager chronyd[14233]: chronyd version 3.2 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SECHASH +SIGND +ASYNCDNS +IPV6 -DEBUG) Nov 19 17:54:26 cluster-manager chronyd[14233]: Frequency -12.134 +/- 0.024 ppm read from /var/lib/chrony/chrony.drift Nov 19 17:54:26 cluster-manager systemd[1]: Started chrony, an NTP client/server. Nov 19 17:54:31 cluster-manager chronyd[14233]: Selected source 171.68.38.65
-
Verify the connection to the server using the chronyc activity command. Also, the chronyc clients command allows you to view the list of clients connected to the server. In the following example, you can verify the server connection and clients connected to it.
user1@cluster-manager:~$ sudo chronyc activity 200 OK 2 sources online 0 sources offline 0 sources doing burst (return to online) 0 sources doing burst (return to offline) 0 sources with unknown address user1@cluster-manager:~$ sudo chronyc clients Hostname NTP Drop Int IntL Last Cmd Drop Int Last ===============================================================================
NoteThere are no clients displayed in the clients list since none of them are configured currently.
-
Enter the local server in Cluster Manger configuration.
-
Run the cluster synchronization as follows.
configure node-defaults os ntp servers clock.cisco.com exit
-
Verify the clients on the local server after all the nodes synchronize successfully.
user1cluster-manager:~$ sudo chronyc clients Hostname NTP Drop Int IntL Last Cmd Drop Int Last =============================================================================== 192.168.2.109 11 0 6 - 7 0 0 - - 192.168.2.110 9 0 6 - 49 0 0 - - 192.168.2.111 8 0 6 - 52 0 0 - - 192.168.2.107 4 0 1 - 59 0 0 - - 192.168.2.108 4 0 1 - 59 0 0 - - 192.168.2.106 4 0 1 - 58 0 0 - - 192.168.2.51 4 0 1 - 58 0 0 - - 192.168.2.53 4 0 1 - 58 0 0 - - 192.168.2.52 4 0 1 - 58 0 0 - -
-
Alternatively, you can verify the sources on any of the nodes in the cluster and track the status of the synchronization using the
chronyc sources
andchronyc tracking
commands.user1@kali-worker3:~$ sudo chronyc sources 210 Number of sources = 1 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== 192.168.2.56 2 6 377 25 -13us[ -18us] +/- 1106us user1-cloud@kali-worker3:~$ sudo chronyc tracking Reference ID : AC161238 (192.168.2.56) Stratum : 3 Ref time (UTC) : Tue Nov 19 19:07:07 2019 System time : 0.000000037 seconds slow of NTP time Last offset : +0.000035999 seconds RMS offset : 0.000020778 seconds Frequency : 13.682 ppm slow Residual freq : +0.084 ppm Skew : 0.228 ppm Root delay : 0.001795322 seconds Root dispersion : 0.000163470 seconds Update interval : 64.2 seconds Leap status : Normal