For an active-active, multiple-server environment such as the one we’re building to work properly, the time-of-day clocks on all servers in the environment must be in agreement. The Network Time Protocol (NTP) is used to ensure that each server is synchronized to Coordinated Universal Time (UTC).
Determine if NTP is already in use
RHEL 7 offers two NTP implementations, ntpd
and chronyd
. Run the commands
# systemctl status chronyd
# systemctl status ntpd
to determine whether either of these is already in use. If output similar to this:
● chronyd.service - NTP client/server
Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled)
Active: active (running) since Ddd YYYY-MM-DD HH:MM:SS EDT; 58s ago
Main PID: 2530 (chronyd)
CGroup: /system.slice/chronyd.service
└─2530 /usr/sbin/chronyd -u chrony
or this:
● ntpd.service - Network Time Service
Loaded: loaded (/usr/lib/systemd/system/ntpd.service; enabled; vendor preset: disabled)
Active: active (running) since Ddd YYYY-MM-DD HH:MM:SS EDT; 58s ago
Process: 25086 ExecStart=/usr/sbin/ntpd -u ntp:ntp $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 25087 (ntpd)
CGroup: /system.slice/ntpd.service
└─25087 /usr/sbin/ntpd -u ntp:ntp -g
appears, then one service or the other is installed and running, and nothing further needs to be done (go to the next section, Install Apache Tomcat on the CAS servers). On the other hand, if output similar to this:
● ntpd.service - Network Time Service
Loaded: loaded (/usr/lib/systemd/system/ntpd.service; disabled; vendor preset: disabled)
Active: inactive (dead)
or this:
Unit chronyd.service could not be found.
appears for both commands, then time is not being synchronized and NTP needs to be installed on each server in the development environment by following the remaining steps in this section.
Install NTP (ntpd
)
Generally, ntpd
is preferred for always-on systems like servers, while chronyd
is intended for use on systems like laptops that are shut down frequently or connected only intermittently to a network. Run the command
# yum -y install ntp
to install ntpd
.
Configure /etc/ntp.conf
Edit the file /etc/ntp.conf
and replace its entire contents with the ntpd
configuration used by your organization. If your organization doesn’t have a standard configuration, use something like the following example, which makes use of public time servers from the NTP Pool Project:
#
# Network Time Protocol configuration file (/etc/ntp.conf)
#
# Use this configuration file on Stratum 3 Linux systems.
#
#
# Stratum 2 servers. The total number of servers listed should be at least 2 more
# than the number specified for minclock and minsane, below.
#
server 0.us.pool.ntp.org iburst
server 1.us.pool.ntp.org iburst
server 2.us.pool.ntp.org iburst
server 3.us.pool.ntp.org iburst
server 0.north-america.pool.ntp.org iburst
server 1.north-america.pool.ntp.org iburst
server 2.north-america.pool.ntp.org iburst
server 3.north-america.pool.ntp.org iburst
#
# At least minsane candidate servers must be available for selection, and the
# mitigation algorithm must produce at least minclock candidates. Byzantine
# agreement principles require at least 4 candidates to correctly discard a
# single falseticker.
#
# http://support.ntp.org/bin/view/Support/StartingNTP4#Section_7.1.4.3.1.
#
tos minsane 4
tos minclock 4
#
# File used to record the frequency of the local clock oscillator. This is
# used at startup to set the initial frequency.
#
driftfile /var/lib/ntp/drift
If you’re not in the United States or North America, consult the NTP Pool Project’s pool server lists for a list of servers in your country or on your continent.
Open the NTP port in the firewall
In order to synchronize time with other systems, ntpd
needs to be able to communicate on UDP port 123. RHEL 7’s firewalld
includes a pre-defined service for ntp
to enable this. Run the commands
# firewall-cmd --zone=public --add-service=ntp --permanent
success
# firewall-cmd --reload
success
#
to open that service in the system firewall.
Enable and start ntpd
Run the commands
# systemctl enable ntpd
Created symlink from /etc/systemd/system/multi-user.target.wants/ntpd.service to /usr/lib/systemd/system/ntpd.service.
# systemctl start ntpd
to enable and start ntpd
. After about 15-20 minutes, the protocol should have selected a server to synchronize with, and its status can be checked with the ntpstat
and/or ntpq
commands:
# ntpstat
synchronised to NTP server (208.75.89.4) at stratum 3
time correct to within 72 ms
polling server every 1024 s
# ntpq -p localhost
remote refid st t when poll reach delay offset jitter
==============================================================================
+ns20.alltraders 127.67.113.92 2 u 713 1024 377 82.958 -2.849 1.783
-four10.gac.edu 18.26.4.105 2 u 403 1024 377 35.805 -0.444 2.610
-barry.tsi.io 198.60.22.240 2 u 352 1024 377 88.362 -0.088 2.111
-mdnworldwide.co 127.67.113.92 2 u 412 1024 371 52.765 2.509 4.455
-static-96-244-9 192.168.10.254 2 u 268 1024 377 10.932 1.255 3.564
+srcf-ntp.stanfo 171.64.7.105 2 u 219 1024 377 82.896 -3.092 1.710
*time.tritn.com 198.60.22.240 2 u 530 1024 377 68.547 -1.660 3.617
+bindcat.fhsu.ed 132.163.4.103 2 u 916 1024 377 58.940 -2.841 2.145
#