Configuring the Local NTP Server

On a network with multiple systems, it’s always recommended to set up a single system as the NTP server for all the other local systems. The cloud providers follow the same model to run their own NTP pools within their data centers. The benefits of following this model include, reduced load on external connections and remote NTP servers, proper synchronization of the local systems with each other even when the external connection or servers goes down.

You can enable a local server in the configuration file.

  1. Specify the network and subnet from where the connections arrive to enable the local server. In addition, you can create an access list and test it on the server using the following command:
    accheck  address

    For instance, you can use the following configuration to allow connections from 192.168.2.0/24 and all of the 10.0.0.0/8 subnet:

    allow 192.168.2.0/24
    allow 10.0.0.0/8
  2. Restart the Chrony service for the configuration to take effect as shown in the following sample configuration file.

    user1@cluster-manager:~$ vi /etc/chrony/chrony.conf
    user1@cluster-manager:~$ sudo vi /etc/chrony/chrony.conf
    user1@cluster-manager:~$ sudo systemctl daemon-reload
    user1@cluster-manager:~$ sudo systemctl restart chrony 
    user1@cluster-manager:~$ sudo systemctl status chrony 
     chrony.service - chrony, an NTP client/server
       Loaded: loaded (/lib/systemd/system/chrony.service; enabled; vendor preset: enabled)
       Active: active (running) since Tue 2019-11-19 17:54:26 UTC; 10s ago
         Docs: man:chronyd(8)
               man:chronyc(1)
               man:chrony.conf(5)
      Process: 14237 ExecStartPost=/usr/lib/chrony/chrony-helper update-daemon (code=exited, status=0/SUCCESS)
      Process: 14196 ExecStart=/usr/lib/systemd/scripts/chronyd-starter.sh $DAEMON_OPTS (code=exited, status=0/SUCCESS)
     Main PID: 14233 (chronyd)
        Tasks: 1 (limit: 4915)
       CGroup: /system.slice/chrony.service
               └─14233 /usr/sbin/chronyd
    
    Nov 19 17:54:26 cluster-manager systemd[1]: Starting chrony, an NTP client/server...
    Nov 19 17:54:26 cluster-manager chronyd[14233]: chronyd version 3.2 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SECHASH +SIGND +ASYNCDNS +IPV6 -DEBUG)
    Nov 19 17:54:26 cluster-manager chronyd[14233]: Frequency -12.134 +/- 0.024 ppm read from /var/lib/chrony/chrony.drift
    Nov 19 17:54:26 cluster-manager systemd[1]: Started chrony, an NTP client/server.
    Nov 19 17:54:31 cluster-manager chronyd[14233]: Selected source 171.68.38.65
  3. Verify the connection to the server using the chronyc activity command. Also, the chronyc clients command allows you to view the list of clients connected to the server. In the following example, you can verify the server connection and clients connected to it.

    user1@cluster-manager:~$ sudo chronyc activity
    200 OK
    2 sources online
    0 sources offline
    0 sources doing burst (return to online)
    0 sources doing burst (return to offline)
    0 sources with unknown address
    user1@cluster-manager:~$ sudo chronyc clients
    Hostname                      NTP   Drop Int IntL Last     Cmd   Drop Int  Last
    ===============================================================================
    
    Note

    There are no clients displayed in the clients list since none of them are configured currently.

  4. Enter the local server in Cluster Manger configuration.

  5. Run the cluster synchronization as follows.

     configure
        node-defaults os ntp servers clock.cisco.com  
        exit 
  6. Verify the clients on the local server after all the nodes synchronize successfully.

    user1cluster-manager:~$ sudo chronyc clients
    Hostname                      NTP   Drop Int IntL Last     Cmd   Drop Int  Last
    ===============================================================================
    192.168.2.109                  11      0   6   -     7       0      0   -     -
    192.168.2.110                   9      0   6   -    49       0      0   -     -
    192.168.2.111                   8      0   6   -    52       0      0   -     -
    192.168.2.107                   4      0   1   -    59       0      0   -     -
    192.168.2.108                   4      0   1   -    59       0      0   -     -
    192.168.2.106                   4      0   1   -    58       0      0   -     -
    192.168.2.51                    4      0   1   -    58       0      0   -     -
    192.168.2.53                    4      0   1   -    58       0      0   -     -
    192.168.2.52                    4      0   1   -    58       0      0   -     -
  7. Alternatively, you can verify the sources on any of the nodes in the cluster and track the status of the synchronization using the chronyc sources and chronyc tracking commands.

    user1@kali-worker3:~$ sudo chronyc sources
    210 Number of sources = 1
    MS Name/IP address         Stratum Poll Reach LastRx Last sample               
    ===============================================================================
    
    192.168.2.56                  2   6   377    25    -13us[  -18us] +/- 1106us
    
    user1-cloud@kali-worker3:~$ sudo chronyc tracking
    Reference ID : AC161238 (192.168.2.56)
    Stratum : 3
    Ref time (UTC) : Tue Nov 19 19:07:07 2019
    System time : 0.000000037 seconds slow of NTP time
    Last offset : +0.000035999 seconds
    RMS offset : 0.000020778 seconds
    Frequency : 13.682 ppm slow
    Residual freq : +0.084 ppm
    Skew : 0.228 ppm
    Root delay : 0.001795322 seconds
    Root dispersion : 0.000163470 seconds
    Update interval : 64.2 seconds
    Leap status : Normal