How to clear/flush ntp server peer in Centos

Question

We were using centos.pool.ntp.org for our clock sync among servers. Now we do ave a local NTP server, but the problem is servers are using the old ntp. From centos.pool.ntp.org we can see,

*202.71.136.67   211.39.136.4     3 u   29   64  377   43.005  233594.  18.806
+120.88.47.10    193.79.237.14    2 u    9   64  377   49.654  233581.  16.692
 2401:db00:100:1 .STEP.          16 -    -  512    0    0.000    0.000   0.000
 192.168.100.20   192.168.100.20   15 u   36   64  377    0.799   -6.803   3.360

How do I flush the external NTP serves and instruct my machines to contact the local ntp server instead??

score 0 · Answer 1 · answered Jun 07 '13 at 07:02

Reconfigure your ntp clients to use the new server in /etc/ntp.conf.

Use the server directive to point to the new NTP server, and, in the server side, make sure the clients are accepted.

An example using authentication:

Server side:

discard average 3 minimum 1 monitor
restrict default                                 nomodify notrap nopeer noquery limited kod
restrict 127.0.0.1
#this one does not use auth
restrict some.server.com    mask 255.255.255.0   nomodify notrap nopeer noquery
#this subnets use auth
restrict 172.22.197.0       mask 255.255.255.0   nomodify notrap nopeer limited kod notrust
restrict 172.22.249.0       mask 255.255.255.0   nomodify notrap nopeer limited kod notrust
restrict 172.22.248.128     mask 255.255.255.192 nomodify notrap nopeer limited kod notrust
server server.up.the.hierarchy.com iburst
#fallback local NTP
server 127.127.1.0
fudge  127.127.1.0 stratum 20
tos orphan 17
crypto pw supersecretpassword
crypto randfile /dev/urandom
keysdir /etc/ntp
driftfile /var/lib/ntp/drift

CLient side:

server my.new.ntp.server.com autokey
#fallback local NTP
server  127.127.1.0
fudge   127.127.1.0 stratum 10
driftfile /var/lib/ntp/drift
crypto pw supersecretpassword
crypto randfile /dev/urandom
keysdir /etc/ntp
tinker panic 0

Restart the ntp daemon on your clients. You might want to add the -g to force the initial synchronization.

I apologize for being so blunt but there are some very questionable settings described above. As a rule I am always suspicious of example confs that only list one upstream server and/or do not suggest 3 or more sources of time. The orphan and undisciplined clock settings are rather strange. In the above example clients will fall back to using the undisciplined local clock driver (stratum 10) if the "server" loses it upstream and starts using its local undisciplined clock driver (which is set to stratum 20). Why set `tos orphan 17` this is one higher than the default which is 16. — dfc, Jan 13 '14 at 04:57
More: I am suspicious of autokey and the discard settings since OP didn't mention version of ntp in use. Both of these directives have changed in recent versions and without knowing the version those suggestions may break and/or cause craziness. Space is limited so all I am going to say about autokey is if you need it do more research dont use a cut and paste from SX. As far as `discard average 3 minimum 1 monitor` goes after 4.2.6 the min 1 will break iburst, it is no longer a power of two. These are the defaults in a 4.2.6 world so why set them unless OP required something special? — dfc, Jan 13 '14 at 05:05
I am not even sure what `discard monitor` will do if monitor is not given an argument. But more importantly from ntp docs monitor is "a performance optimization for servers with aggregate arrivals of 1000 packets per second or more." — dfc, Jan 13 '14 at 05:09

dfc · Answer 2 · 2014-01-13T05:35:22.770

I apologize for posting so many comments on the other answer. There are a lot of questionable settings described that you did not ask about and even if you did I would be wary of some of that advice.

The easy answer is to edit the ntp.conf file on the clients and change the line that looks like (i don't have a centos example in front of me, I am sorry I cannot be more specific):

server centos.pool.ntp.org ...

or

pool centos.pool.ntp.org...

and set this to

server ntp.example.org iburst

In a perfect world you should have 3 or more time servers listed in ntp.conf, It is important to note that if your local time server crashes your clients will not have any upstream time sources. The other answer tries to solve the problem of losing the local time server with the orphan craziness but I think you should avoid that for now. If you want to do the orphan setup you need to do some more reading.

If you want to have all the local clients use the local server and then fallback to the ntp.org server in case it goes down or starts acting crazy use one of the following. The first is for 4.2.6p5 and earlier. The second is for 4.2.7 and any future versions barring a change.

# for 4.2.6p5 and earlier (server directive acts differently depending on ver)
# This is the easiest way to deal with all versions 

#prefer our local if its up and not a falseticker 
server ntp.example.org iburst prefer

# fallback to these if things are bad with ntp.e.o
server 0.YOUR-COUNTRY-CODE.pool.ntp.org iburst
server 1.YOUR-COUNTRY-CODE.pool.ntp.org iburst
server 2.YOUR-COUNTRY-CODE.pool.ntp.org iburst
server 3.YOUR-COUNTRY-CODE.pool.ntp.org iburst

Option 2:

# this is the future

#prefer our local if its up and not a falseticker 
server ntp.example.org iburst prefer

# fallback to pool.n.o if things are bad with ntp.e.o
pool YOUR-COUNTRY-CODE.pool.ntp.org iburst

Notice I changed centos.pool to your-country-code.pool. If you are in the US use us.pool.ntp.org. This will mean you do not get servers from another continent/country like you can with vendor pool directives.

You may also want to look into supplying the ntp server address as part of your dhcp responses. I am not sure if centos supports this but some distributions/systems will honor a ntp-server option from dhcp.

How to clear/flush ntp server peer in Centos

2 Answers2