Jump to content
documentation.suse.com / Configuring Network Time Protocol time synchronization

Configuring Network Time Protocol time synchronization

Publication Date: 05/24/2022

1 Environment

This document applies to the following products and product versions:

  • SUSE Linux Enterprise Server 15 SP3, 15 SP2, 15 SP1, 15 GA

  • SUSE Linux Enterprise Server for SAP Applications 15 SP3, 15 SP2, 15 SP1, 15 GA

  • SUSE Linux Enterprise High Availability Extension 15 SP3, 15 SP2, 15 SP1, 15 GA

  • SUSE Linux Enterprise High Performance Computing 15 SP3, 15 SP2, 15 SP1, 15 GA

  • SUSE Linux Enterprise Desktop 15 SP3, 15 SP2, 15 SP1, 15 GA

  • SUSE Linux Enterprise Real Time 15 SP3, 15 SP2, 15 SP1, 15 GA

2 Introduction

You will learn how to:

  • Configure Network Time Protocol using YaST.

  • Configure Network Time Protocol by editing its configuration file.

  • Operate the Network Time Protocol service.

  • Change Network Time Protocol configuration at runtime.

3 Requirements

  • You have installed your product and your system is up and running.

  • The system's networking is configured so that a time server is reachable on an external or local network.

  • You have installed the YaST Network Time Protocol module included in the yast2-ntp-client package.

4 Configuring Network Time Protocol with YaST

  1. Open the YaST Network Time Protocol module. Start YaST / Network Services / NTP Configuration.

    NTP configuration window
    Figure 1: NTP configuration window

  2. Specify when to start the Network Time Protocol service:

    Only manually

    Start the Network Time Protocol service manually.

    Synchronize without Daemon

    Set the system time periodically without a permanently running Network Time Protocol service. You can set the Interval of the Synchronization in Minutes.

    Now and on boot

    Start the Network Time Protocol service automatically when the system is booting. This setting is recommended.

  3. Specify the type of configuration source. In the Configuration Source drop-down box, select either Dynamic or Static. Set Static if your server uses only a fixed set of (public) NTP servers. If your internal network offers NTP servers via DHCP, pick Dynamic.

  4. Configure time servers. Time servers for the client to query are listed in the lower part of the NTP Configuration window. Modify this list as needed by clicking Add, Edit, and Delete.

    Click Add to add a new time server:

    Adding a time server
    Figure 2: Adding a time server

    • In the Address field, type the URL of the time server or pool of time servers with which you want to synchronize the machine time. After the URL is complete, click Test to verify that it points to a valid time source.

    • Activate Quick Initial Sync to speed up the time synchronization by sending more requests at the Network Time Protocol service start.

    • Activate Start Offline to speed up the boot time on systems that start the Network Time Protocol service automatically and may not have an Internet connection at boot time. This option is useful, for example, for laptops with network connections managed by NetworkManager.

    • Confirm with OK.

5 Operating the Network Time Protocol service

PRODUCT uses chrony as an implementation of the Network Time Protocol protocol. chrony includes the chronyd systemd service that runs in the background and synchronizes system time with selected time server(s).

You can start, stop, and view the status of chronyd with the following commands: 

> sudo systemctl start chronyd.service
> sudo systemctl stop chronyd.service
> sudo systemctl status chronyd.service

To start chronyd automatically during system boot, run the following command: 

> sudo systemctl enable chronyd.service

6 Configuring chronyd by adjusting /etc/chrony.conf

When chronyd starts, it reads its configuration from the /etc/chrony.conf file.

6.1 Specifying time sources

To keep the computer clock synchronized, you need to tell chronyd what time source(s) to use. For this purpose, use server, pool, and peer directives. You can use each of them multiple times.

The server directive tells chronyd to use a specific host as a time server by its name or IP address. 

server 0.europe.pool.ntp.org offline1
server 1.europe.pool.ntp.org offline prefer2
server 192.168.2.254

1

The offline option will prevent chronyd from querying the time server. This option is useful if the server is not reachable when chronyd is started. You need to put the time server online when it is reachable by using chronyc. Refer to Section 7, “Managing chronyd at runtime using chronyc for more details.

2

The prefer options tells chronyd to prefer the time source over other that do not include such option.

The pool directive lets you specify a network name that resolves to multiple IP addresses that may change over time. 

pool pool.ntp.org iburst1 maxsources 32

1

The iburst option means that chronyd will start with a burst of 4 to 8 requests in order to make the first update of the clock sooner.

2

The maxsources option specifies that three sources from the pool will be used.

The peer directive specifies an Network Time Protocol peer host instead of a time server. Synchronizing system time among peers uses a symmetric architecture instead of the client/server mode invoked by server and pool options. You can use peer multiple times to specify more than one peer. 

peer 192.168.1.116
peer ntp.example.com

6.2 Running chronyd as an Network Time Protocol server

By default, chronyd works as a client to specified Network Time Protocol servers. To make it operate as an Network Time Protocol server as well, add the allow directive to the /etc/chrony.conf file. It opens the server Network Time Protocol port (123 by default) and responds to client requests.

You can either specify a single IP of an Network Time Protocol client, or a subnet to include multiple clients. You can use the allow directive multiple times: 

allow 1.2.3.4
allow 3.4.5.0/24
Tip
Tip

If you do not specify an IP address or a subnet, the standalone allow directive allows access from all IPv4 and IPv6 addresses.

To limit the access of the previous allow directive, use the deny directive: 

allow 1.2.3.4
deny 1.2.3.0/24
allow 1.2.0.0/16

In the above example, the effect is the same regardless of the order of the three directives. The 1.2.0.0/16 subnet is allowed access except for the 1.2.3.0/24 subnet which is denied access. However, the host 1.2.3.4 is allowed access.

6.3 Configuring a local reference clock

chronyd relies on other programs (such as gpsd) to access the timing data via a specific driver. Use the refclock directive in /etc/chrony.conf to specify a hardware reference clock to be used as a time source. It has two mandatory parameters: a driver name and a driver-specific parameter. The two parameters are followed by zero or more refclock options. chronyd includes the following drivers:

PPS

Driver for the kernel pulse per second API. For example: 

refclock PPS /dev/pps0 lock NMEA refid GPS
SHM

Network Time Protocol shared memory driver. For example: 

refclock SHM 0 poll 3 refid GPS1
refclock SHM 1:perm=0644 refid GPS2
SOCK

Unix domain socket driver. For example: 

refclock SOCK /var/run/chrony.ttyS0.sock
PHC

PTP hardware clock driver. For example: 

refclock PHC /dev/ptp0 poll 0 dpoll -2 offset -37
refclock PHC /dev/ptp1:nocrossts poll 3 pps
Tip
Tip

For more information on individual drivers' options, see man 8 chrony.conf.

7 Managing chronyd at runtime using chronyc

You can use the chronyc command to change the behavior of chronyd at runtime. It also generates status reports about the operation of chronyd.

Note
Note: Temporary changes

Changes made using chronyc are not permanent. They will be lost after the next chronyd restart. For permanent changes, modify /etc/chrony.conf as described in Section 6, “Configuring chronyd by adjusting /etc/chrony.conf.

You can run chronyc either in interactive or non-interactive mode. To run chronyc interactively, enter chronyc on the command line and press Enter. It displays a prompt and waits for your command input. For example, to check how many Network Time Protocol sources are online or offline, run the activity command: 

# chronyc
chronyc> activity
200 OK
4 sources online
2 sources offline
1 sources doing burst (return to online)
1 sources doing burst (return to offline)
0 sources with unknown address

To exit chronyc's prompt, enter quit or exit.

If you do not need to use the interactive prompt, enter the command directly: 

# chronyc activity

7.1 Activating offline time sources

Although chronyd starts up normally on a system that boots without a network connection, it cannot access the time servers specified in /etc/chrony.conf. To prevent chronyd from trying to query inaccessible time servers, use the offline option next to the time source directive, for example: 

server ntp.example.org offline

chronyd will then not try to poll the server until it is enabled using the following command: 

# chronyc online ntp.example.org
Tip
Tip

When the auto_offline option is set instead of the offline option, chronyd assumes that the time server has gone offline when two requests have been sent to it without receiving a response. This option avoids the need to run the offline command from chronyc when disconnecting the network link.

8 Summary

After having successfully configured Network Time Protocol time synchronization, the system time on your computer(s) will be exact.

9 Troubleshooting

In case of errors, check the following.

  • Verify that your computer is connected to a network and that the network is configured correctly: 

    > sudo systemctl status network.service
● NetworkManager.service - Network Manager
     Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; enabled; vendor preset: disabled)
     Active: active (running) since Sat 2021-08-07 20:09:44 CEST; 4 days ago
[...]

  • Verify that the time server(s) that you entered as time source exist and are reachable over network. For example: 

    > ping pool.ntp.org
PING pool.ntp.org (85.199.214.101) 56(84) bytes of data.
64 bytes from 85.199.214.101 (85.199.214.101): icmp_seq=1 ttl=37 time=29.9 ms
[...]

  • If the firewalld service is active on your computer, verify that the Network Time Protocol service allowed.

  • Verify that the Network Time Protocol service is running: 

    > sudo systemctl status chronyd.service
● chronyd.service - NTP client/server
     Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: disabled)
     Active: active (running) since Sat 2021-08-07 20:09:44 CEST; 4 days ago
 [...]

  • If the system time on a virtualized guest diverges from the exact time, make sure that the VM Host Server system time is synchronized with a valid time server and that the guest is synchronized with the same time source as the host.

  • If the Network Time Protocol service fails to start properly during system boot, it can be caused by network switches configured to use the Spanning Tree Protocol while ports are not configured as Edge Ports but Portfast. In this case it can take up to a minute until the network connectivity is established.

  • If the Network Time Protocol service fails to start during system boot when the NetworkManager is used, edit the /etc/sysconfig/network/config file and change the value of NM_ONLINE_TIMEOUT value to 30. If the problem persists increase the timeout value by 15 and try again.

  • If Network Time Protocol source(s) cannot be reached, identify them with the following command: 

    > chronyc sources -v
[...]
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^* time.mydomain.com             3  10   377    81  -5354us[-8257us] +/-  191ms
^? ntp1.example.com              0  10     0     -     +0ns[   +0ns] +/-    0ns
^? 77.177.77.177                 0  10     0     -     +0ns[   +0ns] +/-    0ns
^? ntp3.example.com              0  10     0     -     +0ns[   +0ns] +/-    0ns
^? ntp4.example.net              0  10     0     -     +0ns[   +0ns] +/-    0ns
^? 2a02:3d8:1::1:1               0   6     0     -     +0ns[   +0ns] +/-    0ns
^? ntp2.example.org              0  10     0     -     +0ns[   +0ns] +/-    0ns

    In this case, the only server that is actually serving time is time.mydomain.com. It will be necessary to generally troubleshoot the network connection to the failing remote Network Time Protocol time sources.