Chapter 25. Configuring Time Services

The following topics are covered in this chapter:

• Understanding Local Time

• Using Network Time Protocol

• Managing Time on Red Hat Enterprise Linux

The following RHCSA exam objective is covered in this chapter:

• Configure time service clients

An increasing number of services offered through Linux servers depend on the correct configuration of time on the server. Think of services such as database synchronization, Kerberos authentication, and more. In this chapter, you learn how time is configured on a Linux server.

“Do I Know This Already?” Quiz

The “Do I Know This Already?” quiz allows you to assess whether you should read this entire chapter thoroughly or jump to the “Exam Preparation Tasks” section. If you are in doubt about your answers to these questions or your own assessment of your knowledge of the topics, read the entire chapter. Table 25-1 lists the major headings in this chapter and their corresponding “Do I Know This Already?” quiz questions. You can find the answers in Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes and ‘Review Questions.’”

1. When a system is started, where does it initially get the system time?

a. NTP

b. Software time

c. The hardware clock

d. Network time

2. Which of the following statements is not true about local time?

a. Local time is the current time in the current time zone.

b. In local time, DST is considered.

c. System time typically should correspond to the current local time.

d. Hardware time typically corresponds to the current local time.

3. Which is the recommended command in RHEL 8 to set the local time zone?

a. hwclock

b. tz

c. date

d. timedatectl

4. Which clock type would you recommend on a server that is not connected to any other server but needs to be configured with the most accurate time possible?

a. RTC

b. UTC

c. An atomic clock

d. NTP

5. Which configuration file contains the default list of NTP servers that should be contacted on RHEL 8?

a. /etc/ntp/ntp.conf

b. /etc/ntp.conf

c. /etc/chrony/chronyd.conf

d. /etc/chrony.conf

6. Which of the following shows correct syntax to set the current system time to 9:30 p.m.?

a. date 9:30

b. date --set 9.30 PM

c. date -s 21:30

d. date 2130

7. Which command correctly translates epoch time into human time?

a. time --date '@1420987251'

b. time --date '$1420987251'

c. time --date '#1420987251'

d. time --date '1420987251'

8. Which command enables you to monitor the difference between the hardware clock and system clock?

a. tail -f /var/lib/time/drift

b. date -h

c. hwclock -c

d. hwclock -d

9. Which command enables you to show current information that includes the local time, hardware time, and the time zone the system is in?

a. timedatectl --all

b. timedatectl --tz

c. timedatectl -ht

d. timedatectl

10. Which command can you use to verify that a time client that is running the chrony service has successfully synchronized?

a. timedatectl

b. chronyc sources

c. systemctl chrony status

d. chronyc status

Foundation Topics

Understanding Local Time

When a Linux server boots, the hardware clock, also referred to as the real-time clock, is read. This clock typically resides in the computer hardware, and the time it defines is known as hardware time. Generally, it is an integrated circuit on the system board that is completely independent of the current state of the operating system and keeps running even when the computer is shut down, as long as the mainboard battery or power supply feeds it. From the hardware clock, the system gets its initial time setting.

The time on the hardware clock on Linux servers is usually set to Coordinated Universal Time (UTC). UTC is a time that is the same everywhere on the planet, and based on UTC, the current local time is calculated. (Later in this chapter you learn how this works.)

System time is maintained by the operating system. Once the system has booted, the system clock is completely independent of the hardware clock. Therefore, when system time is changed, the new system time is not automatically synchronized with the hardware clock.

System time maintained by the operating system is kept in UTC. Applications running on the server convert system time into local time. Local time is the actual time in the current time zone. In local time, daylight saving time (DST) is considered so that it always shows an accurate time for that system. Table 25-2 gives an overview of the different concepts that play a role in Linux time.

Using Network Time Protocol

As you learned, the current system time is based on a hardware clock. This hardware clock is typically a part of the computer’s motherboard, and it might be unreliable. Because of its potential unreliability, it is a good idea to use time from a more reliable source. Generally speaking, two solutions are available.

One option is to buy a more reliable hardware clock. This may be, for instance, a very accurate atomic clock connected directly to your computer. When such a very reliable clock is used, an increased accuracy of the system time is guaranteed. Using an external hardware clock is a common solution to guarantee that datacenter time is maintained, even if the connection to external networks for time synchronization temporarily is not available.

Another and more common solution is to configure your server to use Network Time Protocol (NTP). NTP is a method of maintaining system time that is provided through NTP servers on the Internet. It is an easy solution to provide an accurate time to servers, because most servers are connected to the Internet anyway.

To determine which Internet NTP server should be used, the concept of stratum is used. The stratum defines the reliability of an NTP time source, and the lower the stratum, the more reliable it is. Typically, Internet time servers are using stratum 1 or 2. When configuring local time servers, you can use a higher stratum number to configure the local time server as a backup, only it will never be used when Internet time is available.

It is good practice, for example, to set stratum 5 on a local time server with a very reliable hardware clock and stratum 8 on a local time server that is not very reliable. A setting of stratum 10 can be used for the local clock on every node that uses NTP time. This enables the server to still have synchronized time when no external connection is available. Stratum 15 is used by clocks that want to indicate they should not be used for time synchronization.

Setting up a server to use NTP time on RHEL 8 is easy if the server is already connected to the Internet. If this is the case, the /etc/chrony.conf file is configured with a standard list of NTP servers on the Internet that should be contacted. The only thing the administrator has to do is switch on NTP, by using timedatectl set-ntp 1.

Managing Time on Red Hat Enterprise Linux

Different commands are involved in managing time on Red Hat Enterprise Linux. Table 25-3 provides an overview.

On a Linux system, time is calculated as an offset of epoch time. Epoch time is the number of seconds since January 1, 1970, in UTC. In some logs (such as /var/log/audit/audit.log), you’ll find time stamps in epoch time and not in human time. To convert such an epoch time stamp to human time, you can use the --date option, followed by the epoch string, starting with an @:

date --date '@1420987251'

The use of epoch time also creates a potential timing problem on Linux. On a 32-bit system, the number of seconds that can be counted in the field that is reserved for time notation will be exceeded in 2037. (Try setting the time to somewhere in 2050 if you are on a 32-bit kernel; it will not work.) 64-bit systems can address time until far into the twenty-second century.

Using date

The date command enables you to manage the system time. You can also use it to show the current time in different formats. Some common usage examples of date are listed here:

• date: Shows the current system time

• date +%d-%m-%y: Shows the current system day of month, month, and year

• date -s 16:03: Sets the current time to 3 minutes past 4 p.m.

Using hwclock

The date command enables you to set and show the current system time. Using the date command will not change the hardware time that is used on your system. To manage hardware time, you can use the hwclock command. The hwclock command has many options, some of which are of particular interest:

• hwclock --systohc: Synchronizes current system time to the hardware clock

• hwclock --hctosys: Synchronizes current hardware time to the system clock

Using timedatectl

A new command that was introduced in RHEL 7 that enables you to manage many aspects of time is timedatectl. As shown in Example 25-1, when used without any arguments, this command shows detailed information about the current time and date. It also displays the time zone your system is in, in addition to information about the use of NTP network time and information about the use of DST.

[root@server1 ~]# timedatectl
                Local time: Mon 2019-06-10 08:27:57 EDT
            Universal time: Mon 2019-06-10 12:27:57 UTC
                  RTC time: Mon 2019-06-10 12:27:57
                 Time zone: America/New_York (EDT, -0400)
 System clock synchronized: yes
               NTP service: active
           RTC in local TZ: no

The timedatectl command works with commands to perform time operations. Table 25-4 provides an overview of the relevant commands.

The timedatectl command was developed as a generic solution to manage time on RHEL 7. It has some functions that are offered through other commands, but the purpose of the command is that eventually it will replace other commands used for managing time and date settings. When timedatectl is used to switch on NTP time, it talks to the chronyd process. Exercise 25-1 walks you through some common options to manage time on a RHEL 8 server.

[root@server1 ~]# systemctl status -l chronyd
   chronyd.service - NTP client/server
   Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled;
             vendor preset: enabled)
   Active: active (running) since Mon 2019-06-10 05:22:30 EDT;
             3h 8min ago
     Docs: man:chronyd(8)
           man:chrony.conf(5)
 Main PID: 1062 (chronyd)
    Tasks: 1 (limit: 11365)
   Memory: 1.5M
   CGroup: /system.slice/chronyd.service
           1062 /usr/sbin/chronyd

Jun 10 07:21:04 server1.example.com chronyd[1062]: Selected source
  5.200.6.34
Jun 10 07:28:40 server1.example.com chronyd[1062]: Selected source
  213.154.236.182
Jun 10 07:28:42 server1.example.com chronyd[1062]: Source
  149.210.142.45 replaced with 195.242.98.57
Jun 10 07:43:51 server1.example.com chronyd[1062]: Selected source
  5.200.6.34
Jun 10 07:53:35 server1.example.com chronyd[1062]: Selected source
  195.242.98.57
Jun 10 08:16:24 server1.example.com chronyd[1062]: Forward time jump
  detected!
Jun 10 08:16:24 server1.example.com chronyd[1062]: Can't synchronise:
  no selectable sources
Jun 10 08:20:44 server1.example.com chronyd[1062]: Selected source
  213.154.236.182
Jun 10 08:22:57 server1.example.com chronyd[1062]: Source
  195.242.98.57 replaced with 195.191.113.251
Jun 10 08:25:05 server1.example.com chronyd[1062]: Selected source
  5.200.6.34

Managing Time Zone Settings

Between Linux servers, time is normally communicated in UTC. This allows servers across different time zones to use the same time settings, which makes managing time in large organizations a lot easier. To make it easier for end users, though, the local time must also be set. To do this, the appropriate time zone needs to be selected.

On Red Hat Enterprise Linux 8, you have three approaches to setting the correct local time zone:

• Go to the directory /usr/share/zoneinfo, where you’ll find different subdirectories containing files for each of the time zones that has been defined. To set the local time zone on a server, you can create a symbolic link with the name /etc/localtime to the time zone file that is involved. If you want to set local time to Los Angeles time, for instance, use ln -sf /usr/share/zoneinfo/America/Los_Angeles /etc/localtime.

• Use the tzselect utility. This tool starts the interface shown in Example 25-3, from which the appropriate region and locale can be selected.

• Use timedatectl to set the time zone information.

[root@localhost ~]# tzselect
Please identify a location so that time zone rules can be set
  correctly.
Please select a continent, ocean, "coord", or "TZ".
 1) Africa
 2) Americas
 3) Antarctica
 4) Asia
 5) Atlantic Ocean
 6) Australia
 7) Europe
 8) Indian Ocean
 9) Pacific Ocean
10) coord - I want to use geographical coordinates.
11) TZ - I want to specify the time zone using the Posix TZ format.
#? 1
Please select a country whose clocks agree with yours.
 1) Algeria.             20) Gambia           39) Sao Tome & Principe
 2) Angola.              21) Ghana            40) Senegal
 3) Benin                22) Guinea           41) Sierra Leone
 4) Botswana             23) Guinea-Bissau    42) Somalia
 5) Burkina Faso         24) Kenya            43) South Africa
 6) Burundi              25) Lesotho          44) South Sudan
 7) C?te d'Ivoire        26) Liberia.         45) Spain
 8) Cameroon             27) Libya            46) St Helena
 9) Central African Rep. 28) Madagascar       47) Sudan
10) Chad                 29) Malawi.          48) Swaziland
11) Comoros              30) Mali.            49) Tanzania
12) Congo (Dem. Rep.)    31) Mauritania.      50) Togo
13) Congo (Rep.)         32) Mayotte.         51) Tunisia
14) Djibouti             33) Morocco.         52) Uganda
15) Egypt                34) Mozambique.      53) Western Sahara
16) Equatorial Guinea    35) Namibia          54) Zambia
17) Eritrea              36) Niger.           55) Zimbabwe
18) Ethiopia             37) Nigeria
19) Gabon                38) Rwanda
#? 54
The following information has been given:

         Zambia
         Central Africa Time

Therefore TZ='Africa/Maputo' will be used.
Selected time is now: Mon Jul 22 12:03:41 CAT 2019.
Universal Time is now: Mon Jul 22 10:03:41 UTC 2019.
Is the above information OK?
1) Yes
2) No
#? 1

You can make this change permanent for yourself by appending the line
  TZ='Africa/Maputo'; export TZ to the file '.profile' in your home
  directory; then log out and log in again.

Here is that TZ value again, this time on standard output so that
  you can use the /usr/bin/tzselect command in shell scripts:
  Africa/Maputo

Configuring Time Service Clients

By default, the chrony service is configured to get the right time from the Internet. As a default configuration, the highly reliable time servers from pool.ntp.org are used to synchronize time. However, in a corporate environment it is not always desirable for time clients to go out to the Internet, and local time services should be used instead. This can be configured by making a simple modification to the chrony.conf configuration file.

By default, the chrony.conf configuration file contains the line pool 2.rhel.pool.ntp.org. If you comment out this line by putting a pound sign in front of it and add the line server yourtimeserver.example.com, your time server will be used instead of the servers in pool.ntp.org. Exercise 25-2 explains how to make this modification. Notice that this exercise requires access to two servers, in which server1 is configured as the time server and server2 is configured as the time client.

Summary

In this chapter, you learned how time works on Linux. You read how your operating system can get its time by using hardware time, system time, and local time. You also learned how to manage time using the date, hwclock, and timedatectl commands.

Exam Preparation Tasks

As mentioned in the section “How to Use This Book” in the Introduction, you have several choices for exam preparation: the end-of-chapter labs; the memory tables in Appendix B; Chapter 26, “Final Preparation”; and the practice exams.

Review All Key Topics

Review the most important topics in the chapter, noted with the Key Topic icon in the outer margin of the page. Table 25-5 lists a reference of these key topics and the page number on which each is found.

Complete Tables and Lists from Memory

Print a copy of Appendix B, “Memory Tables” (found on the companion website), or at least the section for this chapter, and complete the tables and lists from memory. Appendix C, “Memory Tables Answer Key,” includes completed tables and lists to check your work.

Define Key Terms

Define the following key terms from this chapter and check your answers in the glossary:

hardware time

RTC

system time

network time

UTC

epoch time

time synchronization

stratum

Review Questions

The questions that follow are meant to help you test your knowledge of concepts and terminology and the breadth of your knowledge. You can find the answers to these questions in Appendix A.

1. Which command enables you to set the system time to 4:24 p.m.?

2. Which command sets hardware time to the current system time?

3. Which command enables you to show epoch time as human-readable time?

4. Which command enables you to synchronize the system clock with hardware time?

5. Which service is used to manage NTP time on RHEL 8?

6. Which command enables you to use NTP time on your server?

7. Which configuration file contains the list of NTP servers to be used?

8. Which command enables you to list time zones?

9. Which command enables you to set the current time zone?

10. How do you use chrony to set system time?

End-of-Chapter Lab

In this chapter, you learned how to manage time on Linux servers. Because it is very important to ensure that a server uses the correct time, you can now practice some of the most essential skills you have acquired in this chapter.

Lab 25.1

1. Compare the current hardware time to the system time. If there is a difference, make sure to synchronize time.

2. Set the time zone to correspond to the current time in Boston (USA East Coast).