Skip to content
Daniel Zamo | SysAdmin & DevOps

NTP Strategy & Time Synchronization

🖧 Infrastructure Context
Network Topology Diagram

Access via SSH from the default terminal. The cluster topology is defined below:

📄 /etc/hosts (Cluster Inventory) 

# Management & Controller
10.0.0.15   terminal       # Main Entry Point

# Web & Application Tier
10.0.0.60   web-srv1   # Nginx / Apache
10.0.0.70   app-srv1    # Backend App

# Data Persistence Tier
10.0.0.80   data-001    # Primary DB
10.0.0.90   data-002    # Replica / Backup

# Virtualization & Containers
10.0.0.100  kvm-001        # Libvirt Hypervisor
10.0.0.110  docker-001     # Container Runtime
⚠️
Constraint: Nested SSH is forbidden. Connect directly from terminal to target IPs.

📋 Engineering Requirements

Section titled “📋 Engineering Requirements”

Business Context: Audit logs indicate drift in system clocks across the cluster, causing failures in distributed transaction reconciliation. A strict NTP policy must be enforced on the controller node to ensure consistency.

Technical Objectives:

  1. Primary Upstreams: Configure 0.pool.ntp.org and 1.pool.ntp.org as authoritative sources.
  2. Failover: Define ntp.ubuntu.com and 0.debian.pool.ntp.org as fallback servers.
  3. Performance Tuning:
    • Max poll interval: 1000s.
    • Connection retry interval: 20s.

🔧 Implementation Procedure

Section titled “🔧 Implementation Procedure”

  1. Audit Current State

    Verify the operating system version and the active time synchronization status before applying changes.

    Ventana de terminal
    # Check OS version
    cat /etc/os-release | grep PRETTY_NAME
    

    # Verify active time service status
    timedatectl timesync-status

  2. Apply Configuration Policy

    Edit the daemon configuration file /etc/systemd/timesyncd.conf.

    Ventana de terminal
    sudo vim /etc/systemd/timesyncd.conf

    Modify the [Time] section to strictly match the engineering requirements:

    /etc/systemd/timesyncd.conf
    [Time]
    NTP=0.pool.ntp.org 1.pool.ntp.org
    FallbackNTP=ntp.ubuntu.com 0.debian.pool.ntp.org
    PollIntervalMaxSec=1000
    ConnectionRetrySec=20

  3. Restart Service

    Apply the new policy by restarting the systemd unit.

    Ventana de terminal
    sudo systemctl restart systemd-timesyncd.service

  4. Validate Implementation

    Confirm the service is active and synchronizing with the correct upstream stratum.

    Ventana de terminal
    # Check service status
    sudo systemctl status systemd-timesyncd.service
    

    # Validate metrics (Poll interval)
    timedatectl timesync-status

    Validation Criteria: Output must show Active: active (running) and Poll interval metrics matching the configuration.

🔍 Troubleshooting

Section titled “🔍 Troubleshooting”

If synchronization fails (e.g., “Packet not received”), inspect the system journal:

Ventana de terminal
sudo journalctl -u systemd-timesyncd --no-pager | tail -n 20

Success Indicator: Look for logs stating: “Contacted time server … (0.pool.ntp.org)”.