1. Importance of NTP on Ubuntu
What is NTP?
NTP (Network Time Protocol) is a protocol used to accurately synchronize the time of computer systems over a network. Maintaining accurate time is essential for log consistency, transaction processing, and precise network communication. Time discrepancies can lead to network errors and data inconsistencies, making it especially critical for server operations.
On Ubuntu, chrony is the recommended choice, as it enables accurate time synchronization even in unstable network environments. Additionally, Chrony is optimized for low latency and fast synchronization, making it suitable for both server and client environments.
2. Configuring NTP
Installing and Setting Up Chrony
Chrony is the standard NTP client for Ubuntu 18.04 and later. Follow the steps below to install it and configure time synchronization using an NTP server.
Installation Steps
sudo apt update
sudo apt install chronyNext, start the Chrony service and enable it to start automatically.
sudo systemctl start chrony
sudo systemctl enable chronyThe configuration file is located at /etc/chrony/chrony.conf. If using NTP servers near Japan, configure them as follows:
server ntp.nict.jp iburst
server 0.jp.pool.ntp.org iburst
server 1.jp.pool.ntp.org iburst
server 2.jp.pool.ntp.org iburstThe iburst option allows for faster synchronization during the initial connection.
3. Optimizing and Choosing an NTP Server
Using the NTP Pool Project
The NTP Pool Project is a global initiative that provides optimized NTP servers based on geographic regions. By configuring multiple NTP servers, reliability is improved, ensuring that if one server goes down, others can take over.
The following configuration example uses NTP servers located in Japan:
server ntp.nict.jp iburst
server 0.jp.pool.ntp.org iburst
server 1.jp.pool.ntp.org iburst
server 2.jp.pool.ntp.org iburst4. Configuring the Time Zone
Using the timedatectl Command
By default, Ubuntu is set to the UTC time zone. To change it to Japan Standard Time (JST), use the following command:
sudo timedatectl set-timezone Asia/TokyoAfter changing the time zone, you can verify the current settings with the following command:
timedatectl5. Troubleshooting
When NTP is Not Synchronizing
Checking the Firewall
NTP uses UDP port 123, which might be blocked by the firewall. Use the following command to open port 123:
sudo ufw allow 123/udpChecking for False Tickers
Use the ntpq -p command to check if the NTP servers are operating correctly. False tickers (servers providing incorrect time) are marked with an x. If detected, consider selecting alternative servers or adjusting the configuration.
Stratum 16 Error
If the NTP server fails to synchronize with higher-level servers, a Stratum 16 error may occur. This indicates that the server is not properly connected or there is a network issue. Verify your server and network settings, and reconfigure a reliable NTP server.
Manually Synchronizing Time
To manually synchronize time using Chrony, run the following command:
sudo ntpdate ntp.nict.jpYou can also check the Chrony logs to diagnose synchronization issues:
sudo journalctl -u chrony6. Optimizing NTP for High-Load Environments
Adjusting minpoll and maxpoll
In environments where high-precision time synchronization is required, adjusting the NTP polling interval can ensure more frequent synchronization and minimize time drift. Below is an example configuration to increase synchronization frequency:
server ntp.nict.jp iburst minpoll 4 maxpoll 10Managing NTP with Juju
In large-scale cloud environments, Juju can be used to automate NTP service management. Juju monitors the load on each host and selects the optimal host as the NTP server. The following commands deploy NTP using Juju:
juju deploy cs:ntp ntp
juju config ntp auto_peers=trueThis automation enhances NTP management and ensures efficient time synchronization with distributed loads.
7. Enhancing Security
Restricting Access to NTP Servers
To improve security, you can restrict access to the NTP server to specific IP addresses. By adding access control rules to /etc/chrony/chrony.conf, you can allow NTP requests only from specific networks or IP addresses:
allow 192.168.1.0/24This prevents unauthorized NTP requests from external sources, strengthening the security of your internal network.
