NTP
Introduction
This page is intended to give you the resources to set up NTP(or suitable equivalent) on the main distrobutions that we support. NTP is important for two main reasons with Passbolt. The first is in regards to GPG authentication. The other area where this becomes important is if you have MFA enabled as if the server and user device time get out of sync the codes will not work.
Ubuntu
Ubuntu uses chrony for time synchronization. This package is not installed by default so you’ll need to install it.
You can check that your server doesn’t have this enabled by running the following:
timedatectl status
The output should look something like the following:
Local time: Tue 2022-12-06 09:26:53 UTC
Universal time: Tue 2022-12-06 09:26:53 UTC
RTC time: Tue 2022-12-06 09:26:52
Time zone: Etc/UTC (UTC, +0000)
System clock synchronized: no
NTP service: inactive
RTC in local TZ: no
The two most important lines here being:
System clock synchronized: no
NTP service: inactive
To install chrony you’ll need to run this command:
sudo apt install chrony
You can configure which time servers you want to use by editing /etc/chrony/chrony.conf
After you are done editing this file run the following to restart chrony
sudo systemctl restart chrony.service
To ensure this is running correctly you can once again run:
timedatectl status
Your output should now be something like:
Local time: Tue 2022-12-06 09:30:40 UTC
Universal time: Tue 2022-12-06 09:30:40 UTC
RTC time: Tue 2022-12-06 09:30:40
Time zone: Etc/UTC (UTC, +0000)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
The important lines are:
System clock synchronized: yes
NTP service: active
If only one of these has changed try running timedatectl status after another minute or two to give it time to be fully correct. Once those are both correct, congratulations you’ve gotten NTP correctly set up!
Debian
A fresh Debian installation should already be properly configured for this. You can confirm this by running:
timedatectl status
The output should be something like this:
Local time: Tue 2022-12-06 14:30:52 UTC
Universal time: Tue 2022-12-06 14:30:52 UTC
RTC time: Tue 2022-12-06 14:30:53
Time zone: Etc/UTC (UTC, +0000)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
The important lines are:
System clock synchronized: yes
NTP service: active
RedHat
On Red Hat Entreprise Linux, you have two choices in terms of NTP installation chrony which is installed by default on some version of Red Hat Entreprise Linux 7 or ntpd.
Chrony should be considered as best match for the systems which are frequently suspended or otherwise intermittently disconnected from a network.
The NTP daemon (ntpd) should be considered for systems which are normally kept permanently on.
Install chrony on RedHat
As mentionned previously, chrony suite is installed by default on some versions of Red Hat Entreprise Linux 7, to ensure that it is, run the following command as root:
yum install chrony
The default location for the chrony daemon is /usr/sbin/chronyd. The command line utility will be installed to /usr/bin/chronyc.
To check the status of chrony, issue the following command:
systemctl status chronyd
The output should be something like this:
chronyd.service - NTP client/server
Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled)
Active: active (running) since Wed 2013-06-12 22:23:16 CEST; 11h ago
If that is not the case, in order to start chrony, issue the following command as root:
systemctl start chronyd
To ensure chrony starts automatically at system start, issue the following command as root:
systemctl enable chronyd
To check if chrony is synchronized, make use of the tracking command:
chronyc tracking
The output should be something like this:
Reference ID : CB00710F (foo.example.net)
Stratum : 3
Ref time (UTC) : Fri Jan 27 09:49:17 2017
System time : 0.000006523 seconds slow of NTP time
Last offset : -0.000006747 seconds
RMS offset : 0.000035822 seconds
Frequency : 3.225 ppm slow
Residual freq : 0.000 ppm
Skew : 0.129 ppm
Root delay : 0.013639022 seconds
Root dispersion : 0.001100737 seconds
Update interval : 64.2 seconds
Leap status : Normal
Install ntpd on RedHat
In order to use ntpd the default user space daemon, chrony, must be stopped and disable. Issue the following commands as root:
systemctl stop chronyd
To prevent it restarting at system start, issue the following command as root:
systemctl disable chronyd
To check the status of chronyd, issue the following command:
systemctl status chronyd
To check if ntpd is installed and install it if not, enter the following command as root:
yum install ntp
To enable ntpd at system start, enter the following command as root:
systemctl enable ntpd
To check if ntpd is running and configured to run at system start, issue the following command:
systemctl status ntpd
To obtain a brief status report from ntpd, issue the following command:
ntpstat
The output should be something like this:
synchronised to NTP server (10.5.26.10) at stratum 2
time correct to within 52 ms
polling server every 1024 s
OpenSUSE
Official OpenSUSE Documentation
To configure NTP on OpenSUSE we will need YaST. YaST is featured in the OpenSUSE Linux distribution.
To run yast you will need to run this command:
sux yast2
Once it is running, specify when to start the network time protocol service:
- Only manually
Start the Network Time Protocol service manually
- Synchronize without Daemon
Set the system time periodically without a permanently running Network Time Protocol service. You can set the Interval of the Synchronization in Minutes.
- Now and on boot
Start the Network Time Protocol service automatically when the system is booting. This setting is recommended.
After this step, you will need to specify the type of configuration source. In the Configuration Source drop-down box, select either Dynamic or Static. Set Static if your server uses only a fixed set of (public) NTP servers. If your internal network offers NTP servers via DHCP, pick Dynamic.
You need to configure time servers. Time servers for the client to query are listed in the lower part of the NTP Configuration window. Modify this list as needed by clicking Add, Edit, and Delete.
After you clicked Add to add a new time server in the address field, type the URL of the time server or pool of time servers with which you want to synchronize the machine time (for example, europe.pool.ntp.org).
After URL is complete, click on Test to verify that it points to a valid time source.
You can active Quick initial Sync to speed up the time synchronization by sending more request at the Network Time Protocol service start or you can active Start Offline to speed up the boot time on systems that start the Network Time Protocol service automatically and may not have an internet connection at boot time.
Now that we have configured Network Time Protocol with YaST we need to restart and enable chrony with:
sudo systemctl restart chronyd.service
sudo systemctl enable chronyd.service
Oracle Linux
To configure Network Time Protocol On Oracle you need to install the NTP package:
yum install ntp
Once NTP is installed, you will need to start the service and set it to launch automatically upon boot:
service ntpd start
chkconfig ntpd on
You can check upstream synchronization with the ntpq command:
ntpq -p
The output should be something like this:
remote refid st t when poll reach delay offset jitter
==============================================================================
lists2.luv.asn. 203.161.12.165 16 u 25 64 3 3.495 -3043.1 0.678
ns2.novatelbg.n 130.95.179.80 16 u 27 64 3 26.633 -3016.1 0.797
sp1.mycdn.fr 130.234.255.83 16 u 24 64 3 4.314 -3036.3 1.039
Fedora
The chrony suite is installed by default on some versions of Fedora, but you have two choices the other one being ntpd.
Chrony should be considered as best match for the systems which are frequently suspended or otherwise intermittently disconnected from a network.
The NTP daemon (ntpd) should be considered for systems which are normally kept permanently on.
Install chrony on Fedora
As mentionned previously, chrony suite is installed by default on some versions of Fedora, to ensure that it is, run the following command as root:
dnf install chrony
The default location for the chrony daemon is /usr/sbin/chronyd. The command line utility will be installed to /usr/bin/chronyc.
To check the status of chrony, issue the following command:
systemctl status chronyd
The output should be something like this:
chronyd.service - NTP client/server
Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled)
Active: active (running) since Wed 2013-06-12 22:23:16 CEST; 11h ago
If that is not the case, in order to start chrony, issue the following command as root:
systemctl start chronyd
To ensure chrony starts automatically at system start, issue the following command as root:
systemctl enable chronyd
To check if chrony is synchronized, make use of the tracking command:
chronyc tracking
The output should be something like this:
Reference ID : CB00710F (foo.example.net)
Stratum : 3
Ref time (UTC) : Fri Jan 27 09:49:17 2017
System time : 0.000006523 seconds slow of NTP time
Last offset : -0.000006747 seconds
RMS offset : 0.000035822 seconds
Frequency : 3.225 ppm slow
Residual freq : 0.000 ppm
Skew : 0.129 ppm
Root delay : 0.013639022 seconds
Root dispersion : 0.001100737 seconds
Update interval : 64.2 seconds
Leap status : Normal
Install ntpd on Fedora
In order to use ntpd the default user space daemon, chrony, must be stopped and disable. Issue the following commands as root:
systemctl stop chronyd
To prevent it restarting at system start, issue the following command as root:
systemctl disable chronyd
To check the status of chronyd, issue the following command:
systemctl status chronyd
To check if ntpd is istnalled, enter the following command as root:
dnf install ntp
To enable ntpd at system start, enter the following command as root:
systemctl enable ntpd
To check if ntpd is running and configured to run at system start, issue the following command:
systemctl status ntpd
To obtain a brief status report from ntpd, issue the following command:
ntpstat
The output should be something like this:
synchronised to NTP server (10.5.26.10) at stratum 2
time correct to within 52 ms
polling server every 1024 s
RockyLinux
To configure NTP, you need the chrony service which is installed by default.
Install chrony
As mentionned previously, chrony suite is installed by default on some versions of RockyLinux 9, to ensure that it is, run the following command as root:
dnf install chrony
The default location for the chrony daemon is /usr/sbin/chronyd. The command line utility will be installed to /usr/bin/chronyc.
To check the status of chrony, issue the following command:
systemctl status chronyd
The output should be something like this:
chronyd.service - NTP client/server
Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled)
Active: active (running) since Wed 2013-06-12 22:23:16 CEST; 11h ago
If that is not the case, in order to start chrony, issue the following command as root:
systemctl start --now chronyd
To ensure chrony starts automatically at system start, issue the following command as root:
systemctl enable --now chronyd
To check if chrony is synchronized, make use of the tracking command:
chronyc tracking
The output should be something like this:
Reference ID : CB00710F (foo.example.net)
Stratum : 3
Ref time (UTC) : Fri Jan 27 09:49:17 2017
System time : 0.000006523 seconds slow of NTP time
Last offset : -0.000006747 seconds
RMS offset : 0.000035822 seconds
Frequency : 3.225 ppm slow
Residual freq : 0.000 ppm
Skew : 0.129 ppm
Root delay : 0.013639022 seconds
Root dispersion : 0.001100737 seconds
Update interval : 64.2 seconds
Leap status : Normal
Docker
Docker's time is set via the host's time. You will need to follow the relevant instructions to configure NTP for the server hosting your Docker container.