Skip to content

Configuring a private master NTP server

Control Center requires a common time source. The procedures in this section configure a private master NTP server to synchronize the system clocks of all Control Center hosts.

A private master server is only required when a multi-host deployment does not have internet access and no time synchronization servers are available behind the firewall. Single-host deployments do not require time synchronization, and deployments with internet access can rely on the default public time servers that are configured in /etc/ntp.conf.

VMware vSphere guest systems can synchronize their system clocks with the host system. If that feature is enabled, it must be disabled to configure a private master NTP server or to use a time synchronization server that is available behind the firewall. For more information, refer to the VMware documentation for your version of vSphere.

The following procedures assume that Control Center is not installed. If it is installed, stop the serviced service before configuring NTP.

Configuring an NTP master server

Use this procedure to configure an NTP master server on the Control Center master host. Perform this procedure only if the host does not have internet access.

On VMware vSphere guests, before performing this procedure, disable time synchronization between guest and host operating systems.

  1. Log in to the Control Center master host as root or as a user with superuser privileges.
  2. Create a backup of the NTP configuration file.

    cp -p /etc/ntp.conf /etc/ntp.conf.orig
    
  3. Edit the NTP configuration file.

    1. Open /etc/ntp.conf with a text editor.
    2. Replace all of the lines in the file with the following lines:

      # Use the local clock
      server 127.127.1.0 prefer
      fudge  127.127.1.0 stratum 10
      driftfile /var/lib/ntp/drift
      broadcastdelay 0.008
      
      # Give localhost full access rights
      restrict 127.0.0.1
      
      # Grant access to client hosts
      restrict Address-Range mask Netmask nomodify notrap
      
    3. Replace Address-Range with the range of IPv4 network addresses that are allowed to query this NTP server.

      For example, the following IP addresses are assigned to Control Center hosts: - 203.0.113.10 - 203.0.113.11 - 203.0.113.12 - 203.0.113.13

      For the preceding addresses, the value for Address-Range is 203.0.113.0.

    4. Replace Netmask with the IPv4 network mask that corresponds with the address range.

      For example, a valid network mask for 203.0.113.0 is 255.255.255.0.

    5. Save the file and exit the editor.

    6. Stop Control Center.
    systemctl stop serviced
    
  4. Enable and start the NTP daemon.

    1. Enable the ntpd daemon.

      systemctl enable ntpd
      
    2. Configure ntpd to start when the system starts.

      Currently, an unresolved issue associated with NTP prevents ntpd from restarting correctly after a reboot, and the following commands provide a workaround to ensure that it does.

      echo "systemctl start ntpd" >> /etc/rc.d/rc.local
      chmod +x /etc/rc.d/rc.local
      
    3. Start ntpd.

      systemctl start ntpd
      
  5. Start Control Center.

    systemctl start serviced
    

Configuring NTP clients

Use this procedure to configure a delegate hosts to synchronize its clocks with the NTP server on the Control Center master host. Perform this procedure only if the hosts do not have internet access. Repeat this procedure on each Control Center delegate host.

On VMware vSphere guests, before performing this procedure, disable time synchronization between guest and host operating systems.

  1. Log in to the Control Center delegate host as root or as a user with superuser privileges.
  2. Create a backup of the NTP configuration file.

    cp -p /etc/ntp.conf /etc/ntp.conf.orig
    
  3. Edit the NTP configuration file.

    1. Open /etc/ntp.conf with a text editor.
    2. Replace all of the lines in the file with the following lines:

      # Point to the master time server
      server Master-Address
      
      restrict default ignore
      restrict 127.0.0.1
      restrict Master-Address mask 255.255.255.255 nomodify notrap noquery
      
      driftfile /var/lib/ntp/drift
      
    3. Replace both instances of Master-Address with the IPv4 address of the host where the NTP server is running (the Control Center master host).

    4. Save the file and exit the editor.
    5. Stop Control Center.
    systemctl stop serviced
    
  4. Synchronize the clock with the master server.

    ntpd -gq
    
  5. Enable and start the NTP daemon.

    1. Enable the ntpd daemon.

      systemctl enable ntpd
      
    2. Configure ntpd to start when the system starts.

      Currently, an unresolved issue associated with NTP prevents ntpd from restarting correctly after a reboot, and the following commands provide a workaround to ensure that it does.

      echo "systemctl start ntpd" >> /etc/rc.d/rc.local
      chmod +x /etc/rc.d/rc.local
      
    3. Start ntpd.

      systemctl start ntpd
      
  6. Start Control Center.

    systemctl start serviced