Search

Chapter 12. Network Time Protocol

download PDF

You need to ensure that systems within your Red Hat OpenStack Platform cluster have accurate and consistent timestamps between systems.

Red Hat OpenStack Platform on Red Hat Enterprise Linux 9 supports Chrony for time management. For more information, see Using the Chrony suite to configure NTP.

12.1. Why consistent time is important

Consistent time throughout your organization is important for both operational and security needs:

Identifying a security event
Consistent timekeeping helps you correlate timestamps for events on affected systems so that you can understand the sequence of events.
Authentication and security systems

Security systems can be sensitive to time skew, for example:

  • A kerberos-based authentication system might refuse to authenticate clients that are affected by seconds of clock skew.
  • Transport layer security (TLS) certificates depend on a valid source of time. A client to server TLS connection fails if the difference between client and server system times exceeds the Valid From date range.
Red Hat OpenStack Platform services
Some core OpenStack services are especially dependent on accurate timekeeping, including High Availability (HA) and Ceph.

12.2. NTP design

Network time protocol (NTP) is organized in a hierarchical design. Each layer is called a stratum. At the top of the hierarchy are stratum 0 devices such as atomic clocks. In the NTP hierarchy, stratum 0 devices provide reference for publicly available stratum 1 and stratum 2 NTP time servers.

Do not connect your data center clients directly to publicly available NTP stratum 1 or 2 servers. The number of direct connections would put unnecessary strain on the public NTP resources. Instead, allocate a dedicated time server in your data center, and connect the clients to that dedicated server.

Configure instances to receive time from your dedicated time servers, not the host on which they reside.

Note

Service containers running within the Red Hat OpenStack Platform environment still receive time from the host on which they reside.

Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.