Configuring Network Time Protocol time synchronization
1 Environment #
This document applies to the following products and product versions:
SUSE Linux Enterprise Server 15 SP3, 15 SP2, 15 SP1, 15 GA
SUSE Linux Enterprise Server for SAP Applications 15 SP3, 15 SP2, 15 SP1, 15 GA
SUSE Linux Enterprise High Availability Extension 15 SP3, 15 SP2, 15 SP1, 15 GA
SUSE Linux Enterprise High Performance Computing 15 SP3, 15 SP2, 15 SP1, 15 GA
SUSE Linux Enterprise Desktop 15 SP3, 15 SP2, 15 SP1, 15 GA
SUSE Linux Enterprise Real Time 15 SP3, 15 SP2, 15 SP1, 15 GA
2 Introduction #
You will learn how to:
Configure Network Time Protocol using YaST.
Configure Network Time Protocol by editing its configuration file.
Operate the Network Time Protocol service.
Change Network Time Protocol configuration at runtime.
3 Requirements #
You have installed your product and your system is up and running.
The system's networking is configured so that a time server is reachable on an external or local network.
You have installed the YaST Network Time Protocol module included in the yast2-ntp-client package.
4 Configuring Network Time Protocol with YaST #
Open the YaST Network Time Protocol module. Start › › .
Figure 1: NTP configuration window #Specify when to start the Network Time Protocol service:
Start the Network Time Protocol service manually.
Set the system time periodically without a permanently running Network Time Protocol service. You can set the
.Start the Network Time Protocol service automatically when the system is booting. This setting is recommended.
Specify the type of configuration source. In the drop-down box, select either or . Set if your server uses only a fixed set of (public) NTP servers. If your internal network offers NTP servers via DHCP, pick .
Configure time servers. Time servers for the client to query are listed in the lower part of the window. Modify this list as needed by clicking , , and .
Click
to add a new time server:Figure 2: Adding a time server #In the
field, type the URL of the time server or pool of time servers with which you want to synchronize the machine time. After the URL is complete, click to verify that it points to a valid time source.Activate
to speed up the time synchronization by sending more requests at the Network Time Protocol service start.Activate
to speed up the boot time on systems that start the Network Time Protocol service automatically and may not have an Internet connection at boot time. This option is useful, for example, for laptops with network connections managed by NetworkManager.Confirm with
.
5 Operating the Network Time Protocol service #
PRODUCT uses chrony
as an implementation of the Network Time Protocol protocol.
chrony
includes the chronyd
systemd
service that runs in the
background and synchronizes system time with selected time server(s).
You can start, stop, and view the status of chronyd
with the following
commands:
>
sudo
systemctl start chronyd.service>
sudo
systemctl stop chronyd.service>
sudo
systemctl status chronyd.service
To start chronyd
automatically during system boot, run the following
command:
>
sudo
systemctl enable chronyd.service
6 Configuring chronyd
by adjusting /etc/chrony.conf
#
When chronyd
starts, it reads its configuration from the
/etc/chrony.conf
file.
6.1 Specifying time sources #
To keep the computer clock synchronized, you need to tell chronyd
what
time source(s) to use. For this purpose, use server
,
pool
, and peer
directives. You can
use each of them multiple times.
The server
directive tells chronyd
to use a specific
host as a time server by its name or IP address.
server 0.europe.pool.ntp.org offline1 server 1.europe.pool.ntp.org offline prefer2 server 192.168.2.254
The | |
The |
The pool
directive lets you specify a network name that
resolves to multiple IP addresses that may change over time.
pool pool.ntp.org iburst1 maxsources 32
The | |
The |
The peer
directive specifies an Network Time Protocol peer host instead
of a time server. Synchronizing system time among
peers uses a symmetric architecture instead of the
client/server mode invoked by server
and
pool
options. You can use peer
multiple times to specify more than one peer.
peer 192.168.1.116 peer ntp.example.com
6.2 Running chronyd
as an Network Time Protocol server #
By default, chronyd
works as a client to specified Network Time Protocol servers. To make
it operate as an Network Time Protocol server as well, add the allow
directive to the /etc/chrony.conf
file. It opens the
server Network Time Protocol port (123 by default) and responds to client requests.
You can either specify a single IP of an Network Time Protocol client, or a subnet to
include multiple clients. You can use the allow
directive multiple times:
allow 1.2.3.4 allow 3.4.5.0/24
If you do not specify an IP address or a subnet, the standalone
allow
directive allows access from all IPv4 and IPv6
addresses.
To limit the access of the previous allow
directive, use
the deny
directive:
allow 1.2.3.4 deny 1.2.3.0/24 allow 1.2.0.0/16
In the above example, the effect is the same regardless of the order of the
three directives. The 1.2.0.0/16
subnet is allowed
access except for the 1.2.3.0/24
subnet which is denied
access. However, the host 1.2.3.4
is allowed access.
6.3 Configuring a local reference clock #
chronyd
relies on other programs (such as gpsd
)
to access the timing data via a specific driver. Use the
refclock
directive in
/etc/chrony.conf
to specify a hardware reference clock
to be used as a time source. It has two mandatory parameters: a driver name
and a driver-specific parameter. The two parameters are followed by zero or
more refclock
options. chronyd
includes the following
drivers:
- PPS
Driver for the kernel pulse per second API. For example:
refclock PPS /dev/pps0 lock NMEA refid GPS
- SHM
Network Time Protocol shared memory driver. For example:
refclock SHM 0 poll 3 refid GPS1 refclock SHM 1:perm=0644 refid GPS2
- SOCK
Unix domain socket driver. For example:
refclock SOCK /var/run/chrony.ttyS0.sock
- PHC
PTP hardware clock driver. For example:
refclock PHC /dev/ptp0 poll 0 dpoll -2 offset -37 refclock PHC /dev/ptp1:nocrossts poll 3 pps
For more information on individual drivers' options, see man 8
chrony.conf
.
7 Managing chronyd
at runtime using chronyc
#
You can use the chronyc
command to change the behavior of chronyd
at runtime. It
also generates status reports about the operation of chronyd
.
Changes made using chronyc
are not permanent. They will be lost after the
next chronyd
restart. For permanent changes, modify
/etc/chrony.conf
as described in
Section 6, “Configuring chronyd
by adjusting /etc/chrony.conf
”.
You can run chronyc
either in interactive or non-interactive mode. To run
chronyc
interactively, enter chronyc
on the command line and press
Enter. It displays a prompt and waits for your command
input. For example, to check how many Network Time Protocol sources are online or offline,
run the activity
command:
#
chronyc
chronyc> activity 200 OK 4 sources online 2 sources offline 1 sources doing burst (return to online) 1 sources doing burst (return to offline) 0 sources with unknown address
To exit chronyc
's prompt, enter quit
or
exit
.
If you do not need to use the interactive prompt, enter the command directly:
#
chronyc
activity
7.1 Activating offline time sources #
Although chronyd
starts up normally on a system that boots without a
network connection, it cannot access the time servers specified in
/etc/chrony.conf
. To prevent chronyd
from trying to
query inaccessible time servers, use the offline
option
next to the time source directive, for example:
server ntp.example.org offline
chronyd
will then not try to poll the server until it is enabled using
the following command:
#
chronyc online ntp.example.org
When the auto_offline
option is set instead of the
offline
option, chronyd
assumes that the time server
has gone offline when two requests have been sent to it without receiving
a response. This option avoids the need to run the offline
command from chronyc
when disconnecting the network link.
8 Summary #
After having successfully configured Network Time Protocol time synchronization, the system time on your computer(s) will be exact.
9 Troubleshooting #
In case of errors, check the following.
Verify that your computer is connected to a network and that the network is configured correctly:
>
sudo
systemctl status network.service ● NetworkManager.service - Network Manager Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; enabled; vendor preset: disabled) Active: active (running) since Sat 2021-08-07 20:09:44 CEST; 4 days ago [...]Verify that the time server(s) that you entered as time source exist and are reachable over network. For example:
>
ping pool.ntp.org PING pool.ntp.org (85.199.214.101) 56(84) bytes of data. 64 bytes from 85.199.214.101 (85.199.214.101): icmp_seq=1 ttl=37 time=29.9 ms [...]If the
firewalld
service is active on your computer, verify that the Network Time Protocol service allowed.Verify that the Network Time Protocol service is running:
>
sudo
systemctl status chronyd.service ● chronyd.service - NTP client/server Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: disabled) Active: active (running) since Sat 2021-08-07 20:09:44 CEST; 4 days ago [...]If the system time on a virtualized guest diverges from the exact time, make sure that the VM Host Server system time is synchronized with a valid time server and that the guest is synchronized with the same time source as the host.
If the Network Time Protocol service fails to start properly during system boot, it can be caused by network switches configured to use the
Spanning Tree Protocol
while ports are not configured asEdge Ports
butPortfast
. In this case it can take up to a minute until the network connectivity is established.If the Network Time Protocol service fails to start during system boot when the NetworkManager is used, edit the
/etc/sysconfig/network/config
file and change the value ofNM_ONLINE_TIMEOUT
value to 30. If the problem persists increase the timeout value by 15 and try again.If Network Time Protocol source(s) cannot be reached, identify them with the following command:
>
chronyc sources -v [...] MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* time.mydomain.com 3 10 377 81 -5354us[-8257us] +/- 191ms ^? ntp1.example.com 0 10 0 - +0ns[ +0ns] +/- 0ns ^? 77.177.77.177 0 10 0 - +0ns[ +0ns] +/- 0ns ^? ntp3.example.com 0 10 0 - +0ns[ +0ns] +/- 0ns ^? ntp4.example.net 0 10 0 - +0ns[ +0ns] +/- 0ns ^? 2a02:3d8:1::1:1 0 6 0 - +0ns[ +0ns] +/- 0ns ^? ntp2.example.org 0 10 0 - +0ns[ +0ns] +/- 0nsIn this case, the only server that is actually serving time is
time.mydomain.com
. It will be necessary to generally troubleshoot the network connection to the failing remote Network Time Protocol time sources.