{{tag>[centos7 linux ntp high traffic]}}

=====CentOS 7 - install NTPd 4.2.8p10=====
This page describe the installation of NTPd as a server for other clients.
====Prerequisites====
  * Download the latest NTPd source and md5 file from: [[http://www.ntp.org/downloads.html]]
  * Read the changelog: [[http://archive.ntp.org/ntp4/ChangeLog-stable]]
  * Verify md5 sum:<code># md5sum -c ntp-4.2.8p10.tar.gz.md5 
ntp-4.2.8p10.tar.gz: OK
</code>
  * Install development tools, libraries and utilities:<code># yum groupinstall "Development Tools"
# yum install libcap-devel libevent-devel openssl-devel perl-File-Fetch.noarch</code>

====Uninstall CentOS 7 NTPd package====
  * Stop running the distribution default NTPd:<code># systemctl stop ntpd</code>
  * Uninstall NTPd:<code># yum remove ntp</code>
  * Exclude ntp packages in yum config:<code># echo "exclude=ntp*" >> /etc/yum.conf</code>
  * Remove ntp user:<code># userdel ntp
</code>



====Configure and compile NTPd====
  * Extract NTPd sources:<code># tar zxf ntp-4.2.8p10.tar.gz</code>
  * Configure:<code># cd ntp-4.2.8p10
# ./configure --enable-linuxcaps --docdir=/usr/share/doc/ntp-4.2.8p10
</code>
  * Compile:<code># make</code>

====Create NTPd configuration====
  * Create configuration file /etc/ntp.conf:<code>driftfile /var/lib/ntp/drift

restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

restrict 127.0.0.1 
restrict ::1

# pick servers near to you!
server ntp2.polaire.nl iburst
server ntp0.nl.net iburst
server ntp1.nl.net iburst
server ntp.ring.nlnog.net iburst

# Enable writing of statistics records.
statistics clockstats cryptostats loopstats peerstats

leapfile /var/lib/ntp/leap-seconds.list
</code>
====Configure OS====
  * Create group: <code># groupadd ntp</code>
  * Create user: <code># useradd -d /var/lib/ntp -g ntp -s /bin/false ntp</code>
  * Add /usr/local/bin to path:<code># printf 'PATH=${PATH}:/usr/local/bin\n' > /etc/profile.d/ntp-path.sh</code>
  * Create directory: <code># install -v -o ntp -g ntp -d /var/lib/ntp</code>


====Install NTPd====
  * Install NTPd:<code># cd ntp-4.2.8p10
# make install
</code>

====Start NTPd====
  * Start NTPd:<code># /usr/local/bin/ntpd -g -u ntp:ntp</code>
  * Show version: <code># ntpd --version
ntpd 4.2.8p10@1.3728-o Thu Jun  1 12:37:34 UTC 2017 (1)
</code>
====Leapfile====
Make sure your server can reach time.nist.gov over FTP.

use Digest::SHA qw(sha1_hex);
use File::Copy qw(move);
use File::Fetch;
use Getopt::Long qw(:config auto_help no_ignore_case bundling);
use Sys::Syslog;


  * Schedule retrieval of leapfile using the ''update-leap'' script. For example put the script below in /etc/cron.weekly/leap.sh<code>
#!/bin/bash

# update leap file if necessary
/usr/local/bin/update-leap -4 -s ftp://time.nist.gov/pub/leap-seconds.list

# stop ntpd
/bin/pkill ntpd

# start ntpd
if /bin/pgrep ntpd >/dev/null; then
  echo "NTP daemon did not stop! Not trying to start another one."
else
  systemctl start ntpd
fi
</code>
====SystemD service====
  * Create the file: ''/etc/systemd/system/ntpd.service'' <code>
[Unit]
Description=Network Time Service
After=syslog.target ntpdate.service sntp.service
Conflicts=systemd-timesyncd.service

[Service]
Type=forking
ExecStart=/usr/local/bin/ntpd -g -u ntp:ntp
PrivateTmp=true

[Install]
WantedBy=multi-user.target</code>
  * Enable the service at boot:<code>systemctl enable ntpd.service</code>
  * Start the service:<code>systemctl start ntpd.service</code>