Configuring an NTP server on cyberelements Cleanroom machines

Using an NTP server allows you to synchronize the clocks on your machines with that of the NTP server.
This documentation covers the configuration of an NTP server for the cyberelements Cleanroom Mediation Controller server.

Prerequisites

SSH or console access + the ability to use the superuser account on the machine are required. In addition, you must ensure that the Mediation Controller server has UDP port 123 open to the desired NTP server(s).

The configuration of the NTP server(s) for the cyberelements Cleanroom Mediation Controller server is set in the /etc/ntpsec/ntp.conf file. By default, Debian servers are used as NTP servers.

To customize the NTP server(s) to be used, start by commenting out (add # at the beginning of the line) the use of Debian NTP servers on lines 34-37:

# pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server will
# pick a different set every time it starts up.  Please consider joining the
# pool: <http://www.pool.ntp.org/join.html>
#pool 0.debian.pool.ntp.org iburst
#pool 1.debian.pool.ntp.org iburst
#pool 2.debian.pool.ntp.org iburst
#pool 3.debian.pool.ntp.org iburst

Then, starting on line 27, add one or more NTP servers. One server should be added per line in the following format: server IP_ou_DNS_NTP.

Example

To use the servers ntp1.systancia.local and 172.16.20.20, the file would be modified as follows:

# Specify one or more NTP servers.
server ntp1.systancia.local
server 172.16.20.20

# Public NTP servers supporting Network Time Security:
# server time.cloudflare.com nts

# pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server will
# pick a different set every time it starts up.  Please consider joining the
# pool: <http://www.pool.ntp.org/join.html>
#pool 0.debian.pool.ntp.org iburst
#pool 1.debian.pool.ntp.org iburst
#pool 2.debian.pool.ntp.org iburst
#pool 3.debian.pool.ntp.org iburst

Information

More information on configuring the file can be obtained with the command man ntp.conf.

Warning !

If you define fewer than 3 NTP servers, then the minsane parameter on line 24 must be lowered to the number of NTP servers.
Without this modification, ntpsec will not correct the machine's time.

Example

If only one NTP server is defined, then line 24 must be modified so that the value of minsane is 1:

tos minclock 4 minsane 1

Using the configuration example above with two NTP servers configured, and therefore a value of minsane of 2, we would have the following global settings:

# Comment this out if you have a refclock and want it to be able to discipline
# the clock by itself (e.g. if the system is not connected to the network).
tos minclock 4 minsane 2

# Specify one or more NTP servers.
server ntp1.systancia.local
server 172.16.20.20

# Public NTP servers supporting Network Time Security:
# server time.cloudflare.com nts

# pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server will
# pick a different set every time it starts up.  Please consider joining the
# pool: <http://www.pool.ntp.org/join.html>
#pool 0.debian.pool.ntp.org iburst
#pool 1.debian.pool.ntp.org iburst
#pool 2.debian.pool.ntp.org iburst
#pool 3.debian.pool.ntp.org iburst

After saving the new configuration, the ntpsec service must be restarted:

systemctl restart ntpsec