CentOSRHEL Based

How To Install NTP on CentOS Stream 10

r00t

Install NTP on CentOS Stream 10

Time synchronization is a fundamental requirement for any modern operating system that participates in a network environment. Imagine coordinating system processes, managing user authentication, and ensuring accuracy across logs or transactions without correct system time—problems would arise quickly if clocks drifted even by a few seconds. In CentOS Stream 10, accurate system time ensures that distributed services communicate seamlessly and that mission-critical applications function securely and reliably.

This detailed guide covers everything from the basics of Network Time Protocol (NTP) and why it is essential, to step-by-step instructions for installing and configuring time synchronization services on CentOS Stream 10. You will discover how to optimize your server for precise timekeeping, how to troubleshoot common issues, and how to maintain a secure and stable clock source for all your systems. Whether you are a seasoned system administrator or a beginner looking to strengthen your Linux experience, you will find practical tips and insights to install and configure NTP or Chrony with confidence.

The most popular method for keeping server clocks in sync is through the Network Time Protocol. Although Chrony has become the newer standard on many modern Linux distributions, the traditional NTP service remains widely used and supported. Both solutions serve the same purpose: they contact remote time servers (or provide local server functionality) to ensure all servers maintain a cohesive clock. Read on to learn about prerequisites, step-by-step configuration, monitoring your synchronization status, and conquering potential challenges with CentOS Stream 10.

Prerequisites for Installing NTP on CentOS Stream 10

Before configuring CentOS Stream 10 to run your network time synchronization service of choice, there are a few prerequisites to satisfy. First, ensure that you have administrative privileges (root or sudo access) to install software packages and modify system configurations. Second, make sure your server is up to date with the latest patches and security fixes. A timely update can often resolve issues before they begin.

To update your CentOS Stream 10 system, run the following command:

sudo dnf update

A stable network connection is essential. Network time synchronization requires the system to communicate with remote sources of time data. If your server is behind a strict firewall or uses specialized routing rules, ensure that relevant NTP ports (UDP port 123) or Chrony ports are open. Finally, back up any existing time synchronization configuration files, such as /etc/chrony.conf or /etc/ntp.conf, if you have previously attempted a time-related setup. Keeping a backup snapshot of your system’s configuration can be a lifesaver in case you need to revert changes or compare different setups.

Understanding Your Time Synchronization Options

When using CentOS Stream 10, you will find that Chrony is often installed by default in place of the traditional NTP daemon. Chrony is recommended in many new CentOS deployments because of its speed, robustness, and ability to handle time synchronization effectively even under highly variable network conditions. However, many users may still choose to install the older NTP package, especially if they have existing infrastructure or scripts that rely on its configuration or naming conventions.

Chrony vs. Traditional NTP: While both are designed to keep your system time accurate, Chrony generally adapts better to environments where servers may be offline or purposely suspended for extended periods. It quickly recalculates drift upon coming back online. Traditional NTP, on the other hand, provides a stable and well-documented approach that many seasoned administrators are accustomed to. Both are valid choices for time synchronization in CentOS Stream 10, and both can act as either clients or servers. Which to choose often depends on the network environment, performance needs, and preferences of the administrator.

Regardless of your selection, the core principle remains the same: maintaining precise time is integral for logging events, scheduling tasks, and ensuring security protocols that depend on time-sensitive keys and certificates.

Installing and Configuring Chrony

Step 1: Install Chrony

Chrony is the default time synchronization package for many newer Linux distributions, including CentOS Stream 10. To install or confirm its presence, use:

sudo dnf install chrony

If it is already installed, the package manager notifies you. If not, it proceeds with installation. After installation, enable and start the Chrony service:

sudo systemctl enable chronyd
sudo systemctl start chronyd

Keeping Chrony running automatically on reboot ensures consistent time updates from the time sources you specify.

Step 2: Basic Chrony Configuration

The main Chrony configuration file is located at /etc/chrony.conf. Inside this file, you can set NTP pool servers, adjust your local time offset, and determine how the system logs or monitors time synchronization. A typical default configuration might look like:

server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst

driftfile /var/lib/chrony/drift
makestep 1.0 3

The iburst directive allows Chrony to quickly obtain accurate time on startup. The driftfile stores how much the local clock tends to drift relative to a reference clock, helping Chrony quickly correct for known offsets upon service restart. If you prefer specific regional pool servers, replace centos.pool.ntp.org with your region’s recommended ones.

Step 3: Verifying Chrony Operation

To confirm Chrony is up and running, use:

sudo chronyc sources -v

This shows the list of remote servers used for time synchronization, along with the status, offset, and reference ID. Another helpful command is:

chronyc tracking

Within a few moments, you should see Chrony adjusting your system clock and reporting a stable synchronization.

Setting Up Traditional NTP on CentOS Stream 10

Though Chrony is a powerful default solution, it is still possible (and sometimes desirable) to install and configure the legacy NTP daemon. This might be useful if you need continuity across older infrastructure or rely on specialized features or commands specific to NTP.

Step 1: Install NTP Package

Start by installing the NTP package from the default repositories:

sudo dnf install ntp

After installation, enable the service:

sudo systemctl enable ntpd
sudo systemctl start ntpd

To verify that it is running, type:

systemctl status ntpd

Or, you can check synchronization with:

ntpq -p

This command displays the list of configured peers, along with delay, offset, and jitter. It’s a direct way to see if the NTP daemon communicates with remote servers successfully.

Step 2: NTP Configuration File

The /etc/ntp.conf file defines how your NTP service connects to external servers, enforces access rules, and configures logging. A typical configuration includes pool directives for remote servers:

pool 0.centos.pool.ntp.org iburst
pool 1.centos.pool.ntp.org iburst
pool 2.centos.pool.ntp.org iburst
pool 3.centos.pool.ntp.org iburst

restrict default kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict ::1
driftfile /var/lib/ntp/drift

The restrict statements specify how other systems can interact with your server. Typically, you want to limit unauthorized querying and modifications. After adjusting your configuration, restart NTP for changes to take effect:

sudo systemctl restart ntpd

Firewall Configuration for NTP

Whether you use Chrony or the traditional NTP daemon, the service must communicate over UDP port 123. By default, CentOS Stream 10 includes firewalld for managing firewall rules, although iptables can also be used in some cases. If your server will act as an NTP server, confirm that inbound traffic on port 123 is permitted. For local time sync only, outgoing traffic from port 123 also needs to be allowed.

To open UDP port 123 for inbound connections, run the following commands:

sudo firewall-cmd --add-service=ntp --permanent
sudo firewall-cmd --reload

This approach uses the predefined “ntp” service in firewalld, which typically covers the correct port. However, if a custom firewall service is managed, ensure you specifically allow udp/123. Once configured, use sudo firewall-cmd --list-all to confirm that NTP is allowed.

Enabling NTP Server Functionality

If you want to turn your CentOS Stream 10 machine into an NTP server for your network, make the following adjustments. In Chrony, edit /etc/chrony.conf and add:

allow 192.168.1.0/24

(Adjust the subnet to match your local network.) This directive allows clients on that subnet to sync time from this server. In the legacy NTP daemon, you also adjust /etc/ntp.conf and create appropriate restrict statements for each range you want to permit. Keep security in mind. Grant access only to recognized subnets or hosts to avoid open or anonymous usage.

Additionally, confirm that your system has accurate remote sources. A server that is not itself well-synchronized offers little advantage to your clients. Test the server’s own synchronization thoroughly before publicizing it as an NTP reference for your network.

Client Configuration

On other systems in your environment—whether they run CentOS Stream 10 or another Linux distribution—point them to the local NTP or Chrony server. For instance, on another CentOS system using Chrony, edit /etc/chrony.conf to include lines like:

server 192.168.1.10 iburst

Replace 192.168.1.10 with the IP or hostname of your newly configured NTP server. If you are using the traditional NTP client, add an entry in /etc/ntp.conf such as:

server 192.168.1.10 iburst

Remember to disable any default public pool entries if you want these client machines to sync time exclusively from your local server. Then reload or restart Chrony or NTP so the changes take effect.

Verification and Monitoring

Checking Chrony Synchronization

To validate synchronization on your Chrony-based server or client, use:

chronyc sources

This displays acquired time sources, their delay, and offset outcomes. A “^*” symbol next to the source typically indicates the currently active synchronization peer. You can run:

chronyc tracking

to see more details about system drift, reference ID, and last offset correction. A well-tuned Chrony environment maintains offset within a few milliseconds of real time.

Checking NTP Synchronization

When using ntpd, the ntpq -p command provides a table of remote servers, their stratum, and offset values. You might also see “*” next to a server that is currently selected as the primary time source. Over time, if everything is configured properly, the difference between your local clock and the remote server remains minimal.

Troubleshooting Common Issues

Time synchronization problems can arise from configuration mistakes, network challenges, or hardware limitations. Here are the most common issues and how to address them:

1. No Servers Reachable

If your NTP or Chrony setup shows “reach=0” or no servers are marked as active sources, check firewall rules. Ensure your server can initiate outbound traffic on udp/123 and that the remote server is accessible. Occasionally, DNS or routing problems hamper time synchronization when relying on domain-based pool servers. Try substituting domain names with IP addresses to rule out DNS issues.

2. Large Time Drift

When the local clock drifts significantly from the remote time source, Chrony or NTP might take additional steps to adjust gradually, rather than introducing abrupt changes. For systems with extremely inaccurate hardware clocks, consider enabling the makestep directive in Chrony or using the tinker settings in NTP. These options let the service perform a large correction if it detects a significant offset, ensuring your system clock settles quickly after reboots or downtime.

3. Conflicts Between Chrony and NTP

Occasionally, having both Chrony and the legacy NTP daemon installed simultaneously leads to conflicts. If your intention is to use only one service, remove or disable the other to avoid competition over udp/123. For instance, if you are standardizing on Chrony, uninstall the ntp package. Conversely, if you strictly want the older NTP daemon, stop and disable chronyd and remove any references to Chrony from your system startup.

4. Permission Denied for Clients

When turning your server into an NTP source, strict security settings may block clients from syncing. Double-check restrictions sets in chrony.conf or ntp.conf. If you see “Access denied” or “No server suitable for synchronization found,” confirm that your allow or restrict statements match client IP addresses or subnets. Then confirm your firewall is not inadvertently blocking inbound or outbound traffic on udp/123.

Congratulations! You have successfully installed NTP. Thanks for using this tutorial for installing the NTP on CentOS Stream 10 system. For additional help or useful information, we recommend you check the official NTP website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!
Tags
r00t
Photo of r00t

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Copyright © 2025 idroot.us | All Rights Reserved.
Back to top button