chrony is an implementation of the Network Time Protocol (NTP). You can use chrony:
- To synchronize the system clock with
NTPservers. - To synchronize the system clock with a reference clock, for example a GPS receiver.
- And to synchronize the system clock with a manual time input.
- As an
NTPv4(RFC 5905)server or peer to provide a time service to other computers in the network.
NTP (Network time protocol)
NTP(Network Time Protocol) is a protocol which runs over port 123 UDP. NTP synchronize clients time and date with a master server.
The NTP package is no longer supported in RHEL 8. Chrony is a default NTP client as well as an NTP server on Red Hat Enterprise Linux 8.
Service Name= chronyd
Differences between chrony and ntp
| ntp name | chrony name |
| /etc/ntp.conf | /etc/chrony.conf |
| /etc/ntp/keys | /etc/chrony.keys |
| ntpd | chronyd |
| ntpq | chronyc |
| ntpd.service | chronyd.service |
| ntp-wait.service | chrony-wait.service |
Steps to install chrony on system to make a chrony(NTP) server.
Working environment of this lab:
NTP Server IP: 192.168.73.130
Client IP : 192.168.73.128
OS : CentOS8
1. Install the chrony package.
# yum install chrony -y2. Now start chronyd service, enable it to auto start at system boot and verify the running status:
# systemctl start chronyd# systemctl status chronyd# systemctl enable chronyd
3. To make a chrony (NTP) server, after installation of package you need to make some changes in chrony’s configuration file /etc/chrony.conf.
# vi /etc/chrony.conf4. Now search for the “allow” configuration directive and uncomment it and set the network addresses from which the clients are allowed.
# allow 192.168.73.0/24Now save and exit.
5. Restart the chronyd service
# systemctl restart chronyd6. Now open NTP service in firewalld configuration to allow for incoming NTP requests or allow port 123/udp:
# firewall-cmd --permanent --add-service=ntp
or
# firewall-cmd --permanent --add-port=123/udp# firewall-cmd --reloadIf you want to remove the chrony service by any reason for the firewall. you can use below command.
# firewall-cmd --permanent --remove-service=chrony
The Directives that are used in chrony.conf
For a complete list of the directives that can be used see The chronyd configuration file. Some directives we are discussing here.
allow
The allow directive is used to specify a host, subnet, or network from which to allow NTP connections to a machine acting as NTP server. The default is not to allow connections.
cmdallow
This is similar to the allow directive (see section allow), except that it allows control access (rather than NTP client access) to a particular subnet or host.
The syntax is identical. There is also a cmddeny all directive with similar behavior to the cmdallow all directive.
dumpdir
The dumpdir command should be used to define the directory where the measurement histories are saved.
dumponexit
If this command is present, it indicates that chronyd should save the measurement history for each of its time sources. It records all instances whenever the program exits. (See the dumpdir command above).
hwtimestamp
The hwtimestamp directive enables hardware timestamping for extremely accurate synchronization. It means it synchronizes the time from hardware. For more details, see the chrony.conf(5) manual page.
local
The local keyword is in use to allow chronyd to appear synchronized to real time from the viewpoint of clients polling it, even if it has no current synchronization source.
local stratum 10A large value of 10 indicates that the clock is so many hops away from a reference clock that its time is unreliable. If the computer ever has access to another computer which is ultimately synchronized to a reference clock, it will almost certainly be at a stratum less than 10.
Therefore, the choice of a high value like 10 for the local command prevents the machine’s own time from ever being confused with real time, were it ever to leak out to clients that have visibility of real servers.
logdir
This directive allows the directory where log files are written to be specified.
An example of the use of this directive is:
logdir /var/log/chronyConfigure NTP client
7. Installing the chrony package on client side:
# yum install chrony8. Once install you can start enable and verify the chronyd service status:
# systemctl start chronyd# systemctl enable chronyd# systemctl status chronyd9. Configure the system as a direct client of the NTP server. Open the /etc/chrony.conf
# vi /etc/chrony.conf10. Now add the NTP server address:
# Please consider joining the pool
Comment out the default NTP servers set your RHEL 8 NTP server’s address.
Server 192.168.73.130Save the changes in the file and close it.
11. Restart the chronyd service
# systemctl restart chronyd 12. Now run the following command to show the current time sources (NTP server) that chronyd is accessing client side.
# chronyc sources
13. On the server, run the following command to display information about NTP client information.
# chronyc client
14. You can use below command to track the time sync process.
# chronyc tracking
In this article we have discussed about chrony and NTP. Difference between Chronhy and ntp configuration files, services, deamons etc.
Please share your comments and suggestions below. Thank you.
