I'm trying to configure two NTP servers to be peers to each other but I have no idea how to tell if it is working or not or whether my NTP configuration is even correct. I've put a simplified view of how my NTP servers are configured below.
Server A :
ntp.conf :
restrict default kod nomodify notrap noquery
peer Server B
Server B :
ntp.conf :
restrict default kod nomodify notrap noquery
peer Server A
I have two questions with regards to this setup:
EDIT : Added clarification to question 1
- Using the simplified
ntp.conf
I have put up, will the two NTP servers act as peers to each other by attempting to correct their time? I am looking for the simplest possible setup for ntp peers and I am not sure whether I am configuring it correctly. - How do I confirm that my NTP peer configuration is working?
The reason I'm asking the above questions is because I have an alternative setup where the only change is that I've re-added the nopeer
setting to the restrict
stanza and in both cases the following output is returned:
Server A:
ntpdc -l
sym_active : Server B
Server B:
ntpdc -l
sym_active : Server A
Which makes no sense whatsoever since the nopeer
directive should not enable me to peer the two servers together.
Note : This is run on CentOS 6
EDIT : Actual ntp.conf files and ntpq -p as requested. I am not sure how useful these would be:
Server A:
driftfile /var/lib/ntp/drift
restrict default kod nomodify notrap noquery
restrict -6 default kod nomodify notrap noquery
restrict 127.0.0.1
restrict -6 ::1
peer 192.168.122.3
Server B:
driftfile /var/lib/ntp/drift
restrict default kod nomodify notrap noquery
restrict -6 default kod nomodify notrap noquery
restrict 127.0.0.1
restrict -6 ::1
peer 192.168.122.2
The output of ntpq -p after more than 5 minutes (which exceeds the poll interval) is the following for each server.
Server A:
remote refid st t when poll reach delay offset jitter
==============================================================================
secure.jzhu.loc .INIT. 16 u 55 64 0 0.000 0.000 0.000
Server B:
remote refid st t when poll reach delay offset jitter
==============================================================================
masterdns.jzhu. .INIT. 16 u 33 64 0 0.000 0.000 0.000
Note : With or without the nopeer directive, the reach remains consistently at 0. Although that's more likely due to the fact that they are both stratum 16 servers than anything else.
Note : iptables -F was run when performing this test and the default policy for the chain INPUT was ACCEPT.
Best Answer
No this won't work. NTP needs a valid source of time. An unsynchronized host isn't a valid source, so two unsynchronized hosts can't be valid for each other. In fact the NTP philosophy is about distributing the "correct" time, not to try to keep a set of machines synced to each other.
If you absolutely can't get a source of true time, you can lie to NTP and tell it that the clock of one of the machines should be trusted. Pick one server as the "correct" one and set up a local clock on it. That clock would be the source for that server's NTP, and the other server would sync to it.
If you want server A's clock to be the one used, it would have in the ntp.conf:
We tell the server to use the clock and pretend it is a stratum 10 clock. That means that server A should then sync and become a stratum 11 server. You can then point B at it and it will sync.
Server B's ntp.conf
That's it. Run
ntpq -p
to see it sync up.