CentOS / Redhat Linux: Install OpenNTPD To Synchronize The Local Clock

Posted on in Categories , , , , last updated November 22, 2016

OpenNTPD is a Unix system daemon implementing the Network Time Protocol to synchronize the local clock of a computer system with remote NTP servers. How do I install OpenNTPD under CentOS / RHEL / Fedora Linux instead of default NTPD client / server supplied by Linux operating system?

OpenNTPD offers simplicity and security over traditional NTPD that comes with CentOS/RHEL/Fedora Linux. The software provides the ability to sync the local clock to remote NTP servers and can act as NTP server itself, redistributing the local clock. OpenNTPD is a part of OpenBSD project. In this tutorial, you will learn how to install OpenNTPD on a CentOS/RHEL/Fedora Linux.
OpenNTPD on CentOS/RHEL 7 with systemd
OpenNTPD on CentOS/RHEL 7 with systemd

Compile and Install OpenNTPD

Download portable OpenNTPD version by visiting this page, enter:
# cd /tmp
# wget http://ftp3.usa.openbsd.org/pub/OpenBSD/OpenNTPD/openntpd-6.0p1.tar.gz

Untar tar ball:
# tar -zxvf openntpd-6.0p1.tar.gz
# cd openntpd-6.0p1

You must have GNU compiler installed on your CentOS/RHEL 7 box. See how to install compilers on CentOS/RHEL 7 to compile OpenNTPD. To compile OpenNTPD with default options, enter:
# ./configure
# make
# make install

Sample outputs:

Making install in include
make[1]: Entering directory `/tmp/openntpd-6.0p1/include'
make[2]: Entering directory `/tmp/openntpd-6.0p1/include'
make[2]: Nothing to be done for `install-exec-am'.
make[2]: Nothing to be done for `install-data-am'.
....
..
...
make[2]: Entering directory `/tmp/openntpd-6.0p1/src'
 /usr/bin/mkdir -p '/usr/local/sbin'
  /bin/sh ../libtool   --mode=install /usr/bin/install -c ntpd '/usr/local/sbin'
libtool: install: /usr/bin/install -c ntpd /usr/local/sbin/ntpd
make  install-exec-hook
make[3]: Entering directory `/tmp/openntpd-6.0p1/src'
 
 WARNING: the privilege separation path is specified as /var/empty, 
          but this directory contains files!
 
 Please ensure that /var/empty is empty. If you installed a previous 
 OpenNTPD version and created a user with a home directory at /var/empty/ntpd, 
 please adjust that user to use /var/empty instead and delete /var/empty/ntpd.
 
make[3]: Leaving directory `/tmp/openntpd-6.0p1/src'
 /usr/bin/mkdir -p '/usr/local/share/man/man5'
 /usr/bin/install -c -m 644 ntpd.conf.5 '/usr/local/share/man/man5'
 /usr/bin/mkdir -p '/usr/local/share/man/man8'
 /usr/bin/install -c -m 644 ntpctl.8 ntpd.8 '/usr/local/share/man/man8'
make[2]: Leaving directory `/tmp/openntpd-6.0p1/src'
make[1]: Leaving directory `/tmp/openntpd-6.0p1/src'
make[1]: Entering directory `/tmp/openntpd-6.0p1'
make[2]: Entering directory `/tmp/openntpd-6.0p1'
make  install-exec-hook
make[3]: Entering directory `/tmp/openntpd-6.0p1'
 
 /usr/local/etc/ntpd.conf already exists, install will not overwrite
make[3]: Leaving directory `/tmp/openntpd-6.0p1'
make[2]: Nothing to be done for `install-data-am'.
make[2]: Leaving directory `/tmp/openntpd-6.0p1'
make[1]: Leaving directory `/tmp/openntpd-6.0p1'

Configure OpenNTPD

Type the following commands to create _ntp user and group to run OpenNTPD in its own jail:
# groupadd _ntp
# useradd -g _ntp -s /sbin/nologin -d /var/empty/openntpd -c 'OpenNTP daemon' _ntp
# mkdir -p /var/empty/openntpd
# chown 0 /var/empty/openntpd
# chgrp 0 /var/empty/openntpd
# chmod 0755 /var/empty/openntpd

Install systemd based startup script

Edit /usr/lib/systemd/system/openntpd.service :
# vi /usr/lib/systemd/system/openntpd.service
Add the following lines

[Unit]
Description=OpenNTP Daemon
After=network.target
Conflicts=systemd-timesyncd.service

[Service]
Type=forking
ExecStart=/usr/local/sbin/ntpd -s

[Install]
WantedBy=multi-user.target

Save and close the file.

ntpd.conf configuration

Edit /usr/local/etc/ntpd.conf, enter:
# vi /usr/local/etc/ntpd.conf
Make sur it listen on localhost and main server IP:

listen on 127.0.0.1
listen on 10.210.206.58
listen on ::1

Sync to a single server called ntp.example.com or ntp.isp.example.com:

server ntp.isp.example.com
 
# Or Use a random selection of 8 public stratum 2 servers
servers pool.ntp.org

Close and save the file.

Start OpenNTPD

Type the following command:
$ sudo systemctl start openntpd.service
To stop openntpd, enter:
$ sudo systemctl stop openntpd.service
To restart openntpd, enter:
$ sudo systemctl restart openntpd.service

Verify OpenNTPD Is Working Or Not

Type the following command:
$ sudo systemctl status openntpd.service
Sample outputs:

? openntpd.service - OpenNTP Daemon
   Loaded: loaded (/usr/lib/systemd/system/openntpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2016-11-22 10:20:08 UTC; 3s ago
  Process: 15508 ExecStart=/usr/local/sbin/ntpd -s (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/openntpd.service
           ??15509 ntpd: ntp engine
           ??15510 ntpd: dns engine
           ??15511 /usr/local/sbin/ntpd -s

Nov 22 10:20:07 cenots-db systemd[1]: Starting OpenNTP Daemon...
Nov 22 10:20:07 cenots-db ntpd[15509]: listening on 127.0.0.1
Nov 22 10:20:07 cenots-db ntpd[15509]: listening on 10.210.206.58
Nov 22 10:20:07 cenots-db ntpd[15509]: listening on ::1
Nov 22 10:20:07 cenots-db ntpd[15509]: ntp engine ready
Nov 22 10:20:08 cenots-db systemd[1]: Started OpenNTP Daemon.

Make sure it starts on reboot:
$ sudo systemctl enable openntpd
Type the following command to verify OpenNTPD (ntpd) running:
$ netstat -tulpn
$ netstat -tulpn | grep :123

OR
$ sudo ss -ltun
Sample outputs:

udp        0      0 10.210.206.58:123               0.0.0.0:*                               31182/ntpd          
udp        0      0 127.0.0.1:123               0.0.0.0:*                               31182/ntpd  

Is NTP synchronized?

Type the following command:
$ timedatectl status
Sample outputs:

      Local time: Tue 2016-11-22 10:25:46 UTC
  Universal time: Tue 2016-11-22 10:25:46 UTC
        RTC time: n/a
       Time zone: UTC (UTC, +0000)
     NTP enabled: n/a
NTP synchronized: yes
 RTC in local TZ: no
      DST active: n/a

See Also:

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.

3 comment

  1. Hi,

    I followed all your steps on ubuntu but i could not get ntpd up after bootup. also the /etc/init.d/functions file is missing in ubuntu. Also
    # tail -f /var/log/messages

    is not printing anything for me even if i run it manually from command line.
    same for
    # netstat -tulpn | grep :123
    command.

    Please help me.

  2. I believe that the openntpd.service file should be installed in some place like:
    /etc/systemd/system/
    rather than:
    /usr/lib/systemd/system/

    The doc says:
    Table 9.2, “Systemd Unit Files Locations” lists three main directories where unit files are stored on the system, the /etc/systemd/system/ directory is reserved for unit files created or customized by the system administrator.

    /usr/lib/systemd/system/ is for systemd unit files distributed with installed RPM packages.

    Also, if someone has an OpenSSH server installed, they’re going to run into issues by using /var/empty as the privilege separation chroot path. A better choice is to use something like /var/run/openntpd.

    I accomplished this with the following configure options:
    ./configure --prefix=/opt --sysconfdir=/etc/ntp --with-privsep-path=/var/run/openntpd

    This configured openntpd so that it installed everything into the /opt directory, except for the config file, which it installed in the /etc/ntp directory, and it used the /var/run/openntpd directory as a privileged separation chroot path.

    Also, I just wanted to point out, you can just list the local loopback device’s IP addresses in the config file. You don’t need to listen on your public IP addresses if you don’t want to. openntpd will still synchronize just fine. This is what my /etc/ntp/ntpd.conf file looks like:

    # $OpenBSD: ntpd.conf,v 1.14 2015/07/15 20:28:37 ajacoutot Exp $
    #
    # See ntpd.conf(5) and /etc/examples/ntpd.conf
    
    servers pool.ntp.org
    sensor *
    constraints from "https://www.google.com"
    
    listen on 127.0.0.1
    listen on ::1
    

    I just thought I’d share. Thanks for the tutorial. I couldn’t quite remember some of the steps to install and I really appreciate you taking the time to write this webpage for everyone to share.

    1. I typed that late at night last night. There’s a typo in it. The configure command should actually look more like this:

      ./configure --prefix=/opt --sysconfdir=/etc/ntp --with-privsep-path=/var/run/openntpd

      The /etc/systemd/system/openntpd.service file would then look like this:

          [Unit]
          Description=OpenNTP Daemon
          After=network.target
          Conflicts=systemd-timesyncd.service
          
          [Service]
          Type=forking
          ExecStart=/opt/openntpd/sbin/ntpd -s
          
          [Install]
          WantedBy=multi-user.target
      

Comments are closed.