Configuring the Oracle Cloud Infrastructure NTP Service for an Instance
Oracle Cloud Infrastructure offers a fully managed, secure, and highly available NTP service that you can use to set the date and time of compute and database instances from within a virtual cloud network (VCN). The Oracle Cloud Infrastructure NTP service uses redundant Stratum 1 devices in every availability domain. The Stratum 2 devices are synchronized to dedicated Stratum 1 devices that every host synchronizes against. The service is available in every region.
This topic describes how to configure compute instances to use this NTP service.
You can also choose to configure instances to use a public NTP service or use FastConnect to leverage an on-premises NTP service.
Platform images for Oracle Autonomous Linux 8.x, Oracle Autonomous Linux 7.x, Oracle Linux 9.x, Oracle Linux 8.x, Oracle Linux 7.x, Oracle Linux Cloud Developer 8.x, CentOS 7.x released after February 2018, and CentOS Stream 8 include the Chrony service by default. You do not need to configure the Oracle Cloud Infrastructure NTP service for these instances.
Use the following steps to configure Oracle Linux 6.x instances to use the Oracle Cloud Infrastructure NTP service.
-
Configure IPtables to allow connections to the Oracle Cloud Infrastructure NTP service, using the following commands:
sudo iptables -I BareMetalInstanceServices 8 -d 169.254.169.254/32 -p udp -m udp --dport 123 -m comment --comment "Allow access to OCI local NTP service" -j ACCEPT
sudo service iptables save
-
Install the NTP service with the following command:
sudo yum install ntp
-
Set the date of your instance with the following command:
sudo ntpdate 169.254.169.254
-
Configure the instance to use the Oracle Cloud Infrastructure NTP service for iburst. To configure, modify the
/etc/ntp.conf
file as follows:-
In the
server
section, comment out the lines specifying the RHEL servers:#server 0.rhel.pool.ntp.org iburst #server 1.rhel.pool.ntp.org iburst #server 2.rhel.pool.ntp.org iburst #server 3.rhel.pool.ntp.org iburst
-
Add an entry for the Oracle Cloud Infrastructure NTP server:
server 169.254.169.254 iburst
The modified
server
section now contains the following:# Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.rhel.pool.ntp.org iburst #server 1.rhel.pool.ntp.org iburst #server 2.rhel.pool.ntp.org iburst #server 3.rhel.pool.ntp.org iburst server 169.254.169.254 iburst
-
-
Set the NTP service to launch automatically when the instance boots with the following command:
sudo chkconfig ntpd on
-
Start the NTP service with the following command:
sudo /etc/init.d/ntpd start
-
Confirm that the NTP service is configured correctly with the following command:
ntpq -p
The output will be similar to the following:
remote refid st t when poll reach delay offset jitter ============================================================================== 169.254.169.254 192.168.32.3 2 u 2 64 1 0.338 0.278 0.187
Use the following steps to configure Oracle Linux 7.x instances to use the Oracle Cloud Infrastructure NTP service.
- Run commands in this section as root with the following command:
sudo su -
- Install the NTP service with the following command:
yum -y install ntp
- Change the firewall rules to allow inbound and outbound traffic with the Oracle Cloud Infrastructure NTP server, at 169.254.169.254, on UDP port 123 with the following command:
awk -v n=13 -v s=' <passthrough ipv="ipv4">-A OUTPUT -d 169.254.169.254/32 -p udp -m udp --dport 123 -m comment --comment "Allow access to OCI local NTP service" -j ACCEPT </passthrough>' 'NR == n {print s} {print}' /etc/firewalld/direct.xml > tmp && mv tmp /etc/firewalld/direct.xml
At the prompt
mv: overwrite '/etc/firewalld/direct.xml'?
, entery
. - Restart the firewall with the following command:
service firewalld restart
- Set the date of your instance with the following command:
ntpdate 169.254.169.254
- Configure the instance to use the Oracle Cloud Infrastructure NTP service for iburst. To configure, modify the
/etc/ntp.conf
file as follows:- In the
server
section comment out the lines specifying the RHEL servers:#server 0.rhel.pool.ntp.org iburst #server 1.rhel.pool.ntp.org iburst #server 2.rhel.pool.ntp.org iburst #server 3.rhel.pool.ntp.org iburst
-
Add an entry for the Oracle Cloud Infrastructure NTP service:
server 169.254.169.254 iburst
The modified
server
section should now contain the following:# Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.rhel.pool.ntp.org iburst #server 1.rhel.pool.ntp.org iburst #server 2.rhel.pool.ntp.org iburst #server 3.rhel.pool.ntp.org iburst server 169.254.169.254 iburst
- In the
-
Start and enable the NTP service with the following commands:
systemctl start ntpd systemctl enable ntpd
You also need disable the chrony NTP client to ensure that the NTP service starts automatically after a reboot, using the following commands:
systemctl stop chronyd systemctl disable chronyd
-
Confirm that the NTP service is configured correctly with the following command:
ntpq -p
The output will be similar to the following:
remote refid st t when poll reach delay offset jitter ============================================================================== 169.254.169.254 192.168.32.3 2 u 2 64 1 0.338 0.278 0.187
If you encounter a no time data was available error message when setting up the NTP service on Windows Server, review the information in the Microsoft known issue article.
-
Configure a Windows Server instance to use the Oracle Cloud Infrastructure NTP service by doing one of the following things:
-
To configure the NTP service by using Windows Powershell, run the following commands in Powershell as Administrator:
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Services\W32Time\Parameters' -Name 'Type' -Value NTP -Type String Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Services\W32Time\Config' -Name 'AnnounceFlags' -Value 5 -Type DWord Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer' -Name 'Enabled' -Value 1 -Type DWord Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Services\W32Time\Parameters' -Name 'NtpServer' -Value '169.254.169.254,0x9' -Type String Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient' -Name 'SpecialPollInterval' -Value 900 -Type DWord Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Services\W32Time\Config' -Name 'MaxPosPhaseCorrection' -Value 1800 -Type DWord Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Services\W32Time\Config' -Name 'MaxNegPhaseCorrection' -Value 1800 -Type DWord
-
To configure the NTP service by manually editing the registry, do the following:
- Change the server type to NTP:
- From Registry Editor, navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\
- Click Type.
- Change the value to
NTP
and click OK.
- From Registry Editor, navigate to:
-
Configure the Windows Time service to enable the
Timeserv_Announce_Yes
andReliable_Timeserv_Announce_Auto
flags.To configure, set the
AnnounceFlags
parameter to 5:- From Registry Editor, navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\
- Click AnnounceFlags.
- Change the value to
5
and click OK.
- From Registry Editor, navigate to:
- Enable the NTP server:
- From Registry Editor, navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer\
- Click Enabled.
- Change the value to
1
and click OK.
- From Registry Editor, navigate to:
- Set the time sources:
- From Registry Editor, navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\
- Click NtpServer.
- Change the value to
169.254.169.254,0x9
and click OK.
- From Registry Editor, navigate to:
- Set the poll interval:
- From Registry Editor, navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\
- Click SpecialPollInterval.
- Set the value to the interval that you want the time service to synchronize on. The value is in seconds. To set it for 15 minutes, set the value to
900
, and click OK.
- From Registry Editor, navigate to:
- Set the phase correction limit settings to restrict the time sample boundaries:
- From Registry Editor, navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\
- Click MaxPosPhaseCorrection.
- Set the value to the maximum time offset in the future for time samples. The value is in seconds. To set it for 30 minutes, set the value to
1800
and click OK. - Click MaxNegPhaseCorrection.
- Set the value to the maximum time offset in the past for time samples. The value is in seconds. To set it for 30 minutes, set the value to
1800
and click OK.
- From Registry Editor, navigate to:
- Change the server type to NTP:
-
- Restart the time service by running the following command from a command prompt:
net stop w32time && net start w32time
-
Test the connection to the NTP service by running the following command from a command prompt:
w32tm /query /peers
The output will be similar to the following:
#Peer: 1 Peer: 169.254.169.254,0x9 State: Active Time Remaining: 22.1901786s Mode: 3 (Client) Stratum: 0 (unspecified) PeerPoll Interval: 10 (1024s) HostPoll Interval: 10 (1024s)
After the time specified in the poll interval has elapsed,
State
will change fromPending
toActive
.