How to Configure NTP Time Synchronization on CentOS for Accurate System Clock


3 views

When working with CentOS servers, particularly in production environments, maintaining accurate system time is crucial for:

  • Log synchronization across distributed systems
  • Cron job scheduling accuracy
  • Security certificate validation
  • Database transaction ordering

The manual time adjustment approach you've been using is fundamentally flawed because:

  1. System clocks naturally drift (typically 1-15 seconds per day)
  2. Manual corrections don't address the root cause
  3. You can't maintain microsecond-level precision required for modern applications

The Network Time Protocol (NTP) daemon provides automatic time synchronization. Here's how to implement it properly:

1. Install NTP Packages

sudo yum install ntp ntpdate -y

2. Configure NTP Servers

sudo nano /etc/ntp.conf

Replace the default servers with:

server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst

3. Start and Enable Services

sudo systemctl start ntpd
sudo systemctl enable ntpd
sudo systemctl start ntpdate
sudo systemctl enable ntpdate

For Restricted Networks

Use your local domain controller as time source:

server your-domain-controller.example.com prefer

Monitoring NTP Status

ntpq -pn
ntpstat

Firewall Considerations

sudo firewall-cmd --add-service=ntp --permanent
sudo firewall-cmd --reload

Problem: Large time differences cause refusal to sync
Solution: Force initial sync with:

sudo ntpdate -u pool.ntp.org
sudo systemctl restart ntpd

Problem: Clock still drifts significantly
Solution: Check hardware clock sync:

sudo hwclock --systohc
sudo hwclock --hctosys

For financial systems or distributed databases requiring microsecond precision:

sudo yum install chrony -y
sudo systemctl enable chronyd
sudo systemctl start chronyd

Configure chrony with:

server time.corp.example.com offline minpoll 8
driftfile /var/lib/chrony/drift
makestep 1.0 3

When working with CentOS servers, I've frequently encountered situations where the system clock gradually drifts out of sync, often falling behind by several minutes. This occurs because most Linux systems, including CentOS, rely on the hardware clock (RTC) which isn't perfectly accurate. The solution is implementing Network Time Protocol (NTP) synchronization.

First, let's ensure the necessary packages are installed:


# For CentOS 7:
sudo yum install ntp

# For CentOS 8/Stream/Rocky Linux/AlmaLinux:
sudo dnf install chrony

For CentOS 7 using ntpd:


sudo vi /etc/ntp.conf

# Add these lines (or uncomment existing ones):
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst

For CentOS 8+ using chrony:


sudo vi /etc/chrony.conf

# Add/modify these lines:
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst

For CentOS 7:


sudo systemctl start ntpd
sudo systemctl enable ntpd

For CentOS 8+:


sudo systemctl start chronyd
sudo systemctl enable chronyd

For ntpd:


ntpq -pn

For chrony:


chronyc tracking
chronyc sources

Sometimes you might need to force an immediate synchronization:


# For ntpd:
sudo ntpdate -u pool.ntp.org

# For chrony:
sudo chronyc makestep

For environments with strict time requirements, consider these additional settings in your configuration file:


# For ntpd:
tinker panic 0
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

# For chrony:
makestep 1.0 3
rtcsync

Ensure your firewall allows NTP traffic (UDP port 123):


sudo firewall-cmd --add-service=ntp --permanent
sudo firewall-cmd --reload