{{tag>[centos7 linux ntp high traffic]}}
=====CentOS 7 - install NTPd 4.2.8p10=====
This page describe the installation of NTPd as a server for other clients.
====Prerequisites====
* Download the latest NTPd source and md5 file from: [[http://www.ntp.org/downloads.html]]
* Read the changelog: [[http://archive.ntp.org/ntp4/ChangeLog-stable]]
* Verify md5 sum:# md5sum -c ntp-4.2.8p10.tar.gz.md5
ntp-4.2.8p10.tar.gz: OK
* Install development tools, libraries and utilities:# yum groupinstall "Development Tools"
# yum install libcap-devel libevent-devel openssl-devel perl-File-Fetch.noarch
====Uninstall CentOS 7 NTPd package====
* Stop running the distribution default NTPd:# systemctl stop ntpd
* Uninstall NTPd:# yum remove ntp
* Exclude ntp packages in yum config:# echo "exclude=ntp*" >> /etc/yum.conf
* Remove ntp user:# userdel ntp
====Configure and compile NTPd====
* Extract NTPd sources:# tar zxf ntp-4.2.8p10.tar.gz
* Configure:# cd ntp-4.2.8p10
# ./configure --enable-linuxcaps --docdir=/usr/share/doc/ntp-4.2.8p10
* Compile:# make
====Create NTPd configuration====
* Create configuration file /etc/ntp.conf:driftfile /var/lib/ntp/drift
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict ::1
# pick servers near to you!
server ntp2.polaire.nl iburst
server ntp0.nl.net iburst
server ntp1.nl.net iburst
server ntp.ring.nlnog.net iburst
# Enable writing of statistics records.
statistics clockstats cryptostats loopstats peerstats
leapfile /var/lib/ntp/leap-seconds.list
====Configure OS====
* Create group: # groupadd ntp
* Create user: # useradd -d /var/lib/ntp -g ntp -s /bin/false ntp
* Add /usr/local/bin to path:# printf 'PATH=${PATH}:/usr/local/bin\n' > /etc/profile.d/ntp-path.sh
* Create directory: # install -v -o ntp -g ntp -d /var/lib/ntp
====Install NTPd====
* Install NTPd:# cd ntp-4.2.8p10
# make install
====Start NTPd====
* Start NTPd:# /usr/local/bin/ntpd -g -u ntp:ntp
* Show version: # ntpd --version
ntpd 4.2.8p10@1.3728-o Thu Jun 1 12:37:34 UTC 2017 (1)
====Leapfile====
Make sure your server can reach time.nist.gov over FTP.
use Digest::SHA qw(sha1_hex);
use File::Copy qw(move);
use File::Fetch;
use Getopt::Long qw(:config auto_help no_ignore_case bundling);
use Sys::Syslog;
* Schedule retrieval of leapfile using the ''update-leap'' script. For example put the script below in /etc/cron.weekly/leap.sh
#!/bin/bash
# update leap file if necessary
/usr/local/bin/update-leap -4 -s ftp://time.nist.gov/pub/leap-seconds.list
# stop ntpd
/bin/pkill ntpd
# start ntpd
if /bin/pgrep ntpd >/dev/null; then
echo "NTP daemon did not stop! Not trying to start another one."
else
systemctl start ntpd
fi
====SystemD service====
* Create the file: ''/etc/systemd/system/ntpd.service''
[Unit]
Description=Network Time Service
After=syslog.target ntpdate.service sntp.service
Conflicts=systemd-timesyncd.service
[Service]
Type=forking
ExecStart=/usr/local/bin/ntpd -g -u ntp:ntp
PrivateTmp=true
[Install]
WantedBy=multi-user.target
* Enable the service at boot:systemctl enable ntpd.service
* Start the service:systemctl start ntpd.service