Time Settings

It’s important to ensure that your host always maintains accurate timekeeping. This is vital for some services that are time sensitive but also extremely important when analyzing logs after a security incident.

Time Zone

Debian provides a handy utility called timedatectl to set the timezone on your host. Using this tool, we can easily state our preferred timezone for this host. To see a listing of all available timezone’s run timedatectl list-timezones.

timedatectl list-timezones

Once you’ve located your preferred timezone, use the following command to apply it to your host.

sudo timedatectl set-timezone [timezone]

timezone: America/Vancouver

- name: Configure timezone.
  community.general.timezone:
    name: "{{ timezone }}"

Verify the timezone has been applied.

timedatectl

Time Synchronization

Applications running on your host typically expect neighboring hosts to have and maintain the same time. Time deviations between hosts can cause either an application to refuse to communicate or experience time-related bugs. To ensure your host’s time does not drift, a timekeeping service is recommended.

Two commonly employed timekeeping services are ntpd and chrony. ntpd is considered the traditional option and has been used widely by technicians for years. chronyd is a newcomer and works well as a ntpd replacement. Its main advantage is in its superior ability to handles time drift and as such is commonly recommended for devices which periodically loss connectivity to their upstream time sources.

If your instance will be always connected to its time source and you’d prefer the safe option ntpd is recommended. For all other scenarios, chrony is a future-proof option.

NTP

Install, start and configure the NTP service to automatically start on boot.

sudo apt install ntp ntpstat

# The service will be configured to start on boot automatically.

- name: Install ntp packages.
  ansible.builtin.apt: 
    name:
    - ntp
    - ntpstat
    state: latest

Verify that the service is functioning and has successfully synchronized against an NTP source.

ntpstat

# Output:
synchronized to NTP server (199.182.204.197) at stratum 3 
   time correct to within 27 ms
   polling server every 64 s

To see additional information run ntpd -q.

Chrony

Install, start and configure the chronyd service to automatically start on boot.

sudo apt install chrony

- name: Install chrony package.
  ansible.builtin.apt: 
    name: chrony
    state: latest

The service will be configured to start on boot automatically. Use the following two commands to verify the functionality of the service and that its successfully connected to a number of time sources.

user@HOST:~$ chronyc tracking

# Output:
Reference ID    : A29FC87B (time.cloudflare.com)
Stratum         : 4
Ref time (UTC)  : Tue Aug 02 20:48:10 2022
System time     : 0.000000377 seconds fast of NTP time
Last offset     : -0.000375710 seconds
RMS offset      : 0.000375710 seconds
Frequency       : 15.484 ppm fast
Residual freq   : -11.852 ppm
Skew            : 1000000.000 ppm
Root delay      : 0.031586580 seconds
Root dispersion : 41.507770538 seconds
Update interval : 2.1 seconds
Leap status     : Normal

user@HOST:~$ chronyc sources

# Output:
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^* time.cloudflare.com           3   6    37    19  +5060ns[ +401us] +/-   17ms
^+ dns2.switch.ca                2   6    37    21   +408us[ +805us] +/-   30ms
^+ speedtest.switch.ca           2   6    37    20   +418us[ +814us] +/-   25ms
^- sys.meinwald.info             3   6    37    21   -789us[ -392us] +/-   93ms