vCommunityVMware

Setting up an NTP Server on PhotonOS

I previously wrote about how you can reduce your Windows Server footprint by replacing your Windows DNS server with one running on PhotonOS. This is mostly suitable for a lab environment where the overhead of Windows and Licensing can be troublesome.

This post goes further by showing the steps required to get PhotonOS configured as an NTP server for your lab.

Before you continue, install your PhotonOS system and set a static IP address as mentioned in the earlier post.

Install & Configure NTP

To install NTP simply run:

tdnf install ntp

The configuration is also easy, use VI to edit the configuration file:

vi /etc/ntp.conf

Your configuration requirements will vary. You will likely want to change the upstream NTP servers and the restrict line to match the subnet which you want to allow NTP queries to come from:

tinker panic 0
restrict default kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict -6 ::1
driftfile /var/lib/ntp/drift/ntp.drift
logfile /var/log/ntp.log
restrict 192.168.100.0 netmask 255.255.255.0 nomodify notrap

server 0.uk.pool.ntp.org
server 1.uk.pool.ntp.org
server 2.uk.pool.ntp.org
server 3.uk.pool.ntp.org

Create Firewall rules

PhotonOS uses IPtables so we need to run the following to allow UDP port 123 inbound.

iptables -A INPUT -i eth0 -p udp --dport 123 -j ACCEPT
iptables-save >/etc/systemd/scripts/ip4save
iptables -L

Start NTPD

Finally, set NTPD to start on bootup and start the service:

systemctl enable ntpd
systemctl start ntpd
systemctl status ntpd

The final command should show no errors.

Test

Log in to another system and change the NTP server to the IP address of your PhotonOS machine. Reboot the server and the time should be syncronised up correctly.

On the PhotonOS machine, you can run ntpq -p to ensure that it is syncing up correctly to upstream NTP servers.