Thursday, July 26, 2018

Linux: Configuring NTP on Ubuntu 18.4 host and RHEL 7.1 VM guest running on Oracle VirtualBox

I almost never expected to get this going at all. I had been tinkering the whole day and eventually with a little help from my colleague I finally managed to get it running.

I have on my Lenovo laptop; installed Ubuntu 18.4. It boots on Ubuntu, nothing else. I had completely broken down everything on my BIOS to get Ubuntu running. Couple of days back I had installed Oracle VM Virtualbox. I then added a RHEL 7.1 VM/guest on the Virtualbox and named it apollo. For my VirtualBox network settings, I used Bridged Adapter. I also disabled the Promiscuous Mode. Here's a picture of my VM's network settings.



I then proceeded to configure apollo's in accordance to the company's requirement. Halfway done, I came across the NTP config setting. The document I was referring to is outdated at best. So in my own way this is what I did to get my laptop (host) act as an NTP server and my Virtualbox VM (guest) act as NTP client.

On my laptop running Ubuntu 18.4 (host/homer)

Until recently, most network time synchronization was handled by the Network Time Protocol daemon or ntpd. This service connects to a pool of other NTP servers that provide it with constant and accurate time updates.

Ubuntu's default install now uses timesyncd instead of ntpd. timesyncd connects to the same time servers and works in roughly the same way, but is more lightweight and more integrated with systemd and the low level workings of Ubuntu.

We can query the status of timesyncd by running timedatectl

root@homer:~# timedatectl

Local time: Rab 2018-07-25 11:45:45 +08

Universal time: Rab 2018-07-25 03:45:45 UTC

RTC time: Rab 2018-07-25 03:45:45

Time zone: Asia/Kuala_Lumpur (+08, +0800)

System clock synchronized: yes

systemd-timesyncd.service active: yes------------------->look here


If timesyncd isn't active, turn it on with timedatectl:

# timedatectl set-ntp on
Switching to ntpd

Though timesyncd is fine for most purposes, some applications that are very sensitive to even the slightest perturbations in time may be better served by ntpd, as it uses more sophisticated techniques to constantly and gradually keep the system time on track.

Before installing ntpd, we should turn off timesyncd:

# timedatectl set-ntp no

root@homer:~# timedatectl

Local time: Rab 2018-07-25 11:30:59 +08

Universal time: Rab 2018-07-25 03:30:59 UTC

RTC time: Rab 2018-07-25 03:30:59

Time zone: Asia/Kuala_Lumpur (+08, +0800)

System clock synchronized: yes

systemd-timesyncd.service active: no------------------->look here


We can now install the ntp package with apt:

# apt-get install ntp

# systemctl enable ntp


root@homer:~# service ntp status
● ntp.service - Network Time Service
Loaded: loaded (/lib/systemd/system/ntp.service; enabled; vendor preset: enabled)
Active: inactive (dead) since Wed 2018-07-25 18:00:05 +08; 57s ago
Docs: man:ntpd(8)

Main PID: 9177 (code=exited, status=0/SUCCESS)

Jul 25 18:00:05 homer ntpd[9177]: ntpd exiting on signal 15 (Terminated)
Jul 25 18:00:05 homer ntpd[9177]: 10.101.101.103 local addr 10.101.101.103 ->
Jul 25 18:00:05 homer systemd[1]: Stopping Network Time Service...
Jul 25 18:00:05 homer ntpd[9177]: 36.3.117.150 local addr 10.101.101.103 ->
Jul 25 18:00:05 homer ntpd[9177]: 129.250.35.250 local addr 10.101.101.103 ->
Jul 25 18:00:05 homer ntpd[9177]: 45.125.1.20 local addr 10.101.101.103 ->
Jul 25 18:00:05 homer ntpd[9177]: 167.99.64.239 local addr 10.101.101.103 ->
Jul 25 18:00:05 homer ntpd[9177]: 91.189.89.198 local addr 10.101.101.103 ->
Jul 25 18:00:05 homer ntpd[9177]: 91.189.91.157 local addr 10.101.101.103 ->
Jul 25 18:00:05 homer systemd[1]: Stopped Network Time Service.

root@homer:~# service ntp start

root@homer:~# service ntp status

● ntp.service - Network Time Service

Loaded: loaded (/lib/systemd/system/ntp.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2018-07-25 18:01:18 +08; 2s ago
Docs: man:ntpd(8)

Process: 10071 ExecStart=/usr/lib/ntp/ntp-systemd-wrapper (code=exited, status=0/SUCCESS)
Main PID: 10079 (ntpd)
Tasks: 2 (limit: 4915)
CGroup: /system.slice/ntp.service

└─10079 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 126:131

Jul 25 18:01:18 homer ntpd[10079]: Listen normally on 2 lo 127.0.0.1:123
Jul 25 18:01:18 homer ntpd[10079]: Listen normally on 3 wlp2s0 10.101.101.103:123
Jul 25 18:01:18 homer ntpd[10079]: Listen normally on 4 tun0 192.168.193.49:123
Jul 25 18:01:18 homer ntpd[10079]: Listen normally on 5 lo [::1]:123
Jul 25 18:01:18 homer ntpd[10079]: Listen normally on 6 wlp2s0 [fe80::df55:6242:fc26:a259%3]:123
Jul 25 18:01:18 homer ntpd[10079]: Listen normally on 7 tun0 [fe80::cee:c8ae:65cd:5d19%4]:123
Jul 25 18:01:18 homer ntpd[10079]: Listening on routing socket on fd #24 for interface updates
Jul 25 18:01:18 homer ntpd[10079]: Listen for broadcasts to 10.101.101.255 on interface #3 wlp2s0
Jul 25 18:01:19 homer ntpd[10079]: Soliciting pool server 103.245.79.18
Jul 25 18:01:20 homer ntpd[10079]: Soliciting pool server 202.65.114.202

You can query ntpd for status information to verify that everything is working:

root@homer:~# ntpq -p

remote refid st t when poll reach delay offset jitter

==============================================================================

0.ubuntu.pool.n .POOL. 16 p - 64 0 0.000 0.000 0.000
1.ubuntu.pool.n .POOL. 16 p - 64 0 0.000 0.000 0.000
2.ubuntu.pool.n .POOL. 16 p - 64 0 0.000 0.000 0.000
3.ubuntu.pool.n .POOL. 16 p - 64 0 0.000 0.000 0.000
ntp.ubuntu.com .POOL. 16 p - 64 0 0.000 0.000 0.000
+203.95.213.129 195.66.241.10 2 u 18 64 3 73.523 -59.709 132.626
+timpany.srv.jre 133.11.204.98 2 u 17 64 3 200.323 -104.51 182.499
+ntp.hkg10.hk.le 130.133.1.10 2 u 16 64 3 100.148 -85.168 123.225
-dadns.cdnetwork 216.239.35.12 2 u 13 64 3 97.346 -67.509 138.111
#203.217.204.135 125.142.117.152 2 u 17 64 3 532.743 -181.34 247.584
+82.200.209.236 89.109.251.22 2 u 16 64 3 280.073 -51.717 120.860
+ntp.nic.kz .SHM. 1 u 16 64 3 303.338 -46.429 123.972
*45.125.1.20 (45 223.255.185.2 2 u 16 64 3 59.258 -67.442 135.406
+ntp-sin-02.no-s 103.1.106.69 2 u 17 64 3 58.434 -52.011 136.924
+ntp-a2.nict.go. .NICT. 1 u 20 64 3 200.409 -105.70 181.385
#185.105.186.198 193.93.167.239 2 u 16 64 3 308.142 -92.379 137.911
+jiro.paina.net 131.113.192.40 2 u 17 64 3 113.411 -55.281 137.586
#ntp.gnc.am 195.43.74.123 2 u 14 64 3 309.324 -85.812 128.094
#120.25.115.19 10.137.53.7 2 u 18 64 3 387.921 -51.942 141.329
#ntp.uii.net.id 133.243.238.243 2 u 15 64 3 54.574 -63.613 139.148
pugot.canonical 17.253.34.125 2 u 22 64 3 533.729 -164.53 246.341
#masao.paina.net 131.113.192.40 2 u 16 64 3 366.324 -92.037 124.93


Activate broadcast on my Ubuntu host. For this case, edit your /etc/ntp.conf file and configure the lines below:

#broadcast
#broadcastclient------------------->comment this


The broadcasting IP address is your host's IP address, NOT YOUR VM IP address.

Make sure that your NTP port is opened:

# iptables -A INPUT -p udp --dport 123 -j ACCEPT

# iptables -A OUTPUT -p udp --sport 123 -j ACCEPT


Check if your port is open with the nmap scanner:

root@homer:~# nmap -p123 -sU -P0 localhost

Starting Nmap 7.60 ( https://nmap.org ) at 2018-07-26 10:37 +08
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00011s latency).

PORT STATE SERVICE
123/udp open ntp

Nmap done: 1 IP address (1 host up) scanned in 0.30 seconds

Restart ntp service

# service ntp restart

Check if NTP is syncing properly with ubuntu's NTP servers:

root@homer:~# ntpstat
synchronised to NTP server (129.250.35.251) at stratum 3

time correct to within 192 ms
polling server every 1024 s


There are a lot of limitations on Ubuntu 18 on a service checking. For one, chkconfig is no longer available for download. I was not able to download and install sysv-rc-conf and I was instead given the option to install init-system-helpers but I wasn't going to learn something new so I just resorted to service, update-rc.d command and systemctl commands

To check if ntp has been enabled at boot, run the service command, and look for ntp:

root@homer:~# service --status-all

[ + ] acpid
[ - ] alsa-utils
[ - ] anacron
[ + ] apparmor
[ + ] apport
[ + ] avahi-daemon
[ + ] bluetooth
[ - ] console-setup.sh
[ + ] cron
[ + ] cups
[ + ] cups-browsed
[ + ] dbus
[ - ] dns-clean
[ + ] gdm3
[ + ] grub-common
[ - ] hwclock.sh
[ + ] irqbalance
[ + ] kerneloops
[ - ] keyboard-setup.sh
[ + ] kmod
[ - ] lvm2
[ + ] lvm2-lvmetad
[ + ] lvm2-lvmpolld
[ + ] network-manager
[ + ] networking
[ + ] ntp----------------------------->should be a + sign
...

If it is a negative (-) sign then enable ntp to run at boot up with the other rc scripts

root@homer:~# update-rc.d ntp defaults

Enable ntp on all run levels

root@homer:~# update-rc.d ntp enable 2 3 4 5

And you're pretty much done. Let's move on to our guest/client/VM running on our Ubuntu host.

On my Virtual Machine running RHEL 7.1 (guest/apollo)

First things first, if not yet installed, please use yum to install ntp and ntpdate

# yum install ntp ntpdate

Once installed and before we start the service, we want to make sure that the ntpd service starts up automatically on boot and on all run levels so that we can maintain accurate time.

[root@apollo ~]# systemctl list-unit-files | grep ntpd

ntpd.service enabled
ntpdate.service enabled

[root@apollo ~]# chkconfig --level 345 ntpd on
Note: Forwarding request to 'systemctl enable ntpd.service'.
ln -s '/usr/lib/systemd/system/ntpd.service' '/etc/systemd/system/multi-user.target.wants/ntpd.service'

Edit the NTP config file at /etc/ntp.conf:

[root@apollo ~]# more /etc/ntp.conf
driftfile /var/lib/ntp/drift
restrict default nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict ::1
restrict 10.101.101.0 mask 255.255.255.0 nomodify notrap
server 10.101.101.103-------------------------->this is my Ubuntu host's IP address
includefile /etc/ntp/crypto/pw
keys /etc/ntp/keys
disable monitor

Allow port 123 for NTP:

[root@apollo ~]# iptables -A OUTPUT -p udp --dport 123 -j ACCEPT

[root@apollo ~]# iptables -A INPUT -p udp --sport 123 -j ACCEPT

[root@apollo ~]# service ntpd start
Redirecting to /bin/systemctl start ntpd.service
Sync NTP with homer (the IP address below is my Ubuntu host's)

[root@apollo ~]# ntpdate -u 10.101.101.103
25 Jul 18:14:03 ntpdate[2478]: adjust time server 10.101.101.103 offset -0.025663 sec

[root@apollo log]# ntpq -c lpeer
remote refid st t when poll reach delay offset jitter

==============================================================================
*10.101.101.103 133.243.238.243 2 u 19 64 37 0.117 -4.281 15.797


I found that apollo's NTP still wasn't syncing with homer, so I ran ntpdate again with localhost:

[root@apollo ~]# ntpstat
unsynchronised

time server re-starting
polling server every 8 s

[root@apollo ~]# ntpdate -u 127.0.0.1
25 Jul 18:19:34 ntpdate[2481]: adjust time server 127.0.0.1 offset 0.000000 sec

[root@apollo ~]# ntpstat
synchronised to NTP server (10.101.101.103) at stratum 4

time correct to within 111 ms
polling server every 64 s


Once you have done that, update your VM's hardware clock with the system clock:

[root@apollo ~]# hwclock --systohc

[root@apollo ~]#

The end! My VM's NTP time is now in sync with my laptop's!

No comments:

Post a Comment