Melhttps://unixcop.com
Unix/Linux Guru and FOSS supporter

Chrony configuration for NTP in centos/RHEL 8

chrony is an implementation of the Network Time Protocol (NTP). You can use chrony:

  • To synchronize the system clock with NTP servers.
  • To synchronize the system clock with a reference clock, for example a GPS receiver.
  • And to synchronize the system clock with a manual time input.
  • As an NTPv4(RFC 5905) server or peer to provide a time service to other computers in the network.

NTP (Network time protocol)

NTP(Network Time Protocol) is a protocol which runs over port 123 UDP. NTP synchronize clients time and date with a master server.

The NTP package is no longer supported in RHEL 8. Chrony is a default NTP client as well as an NTP server on Red Hat Enterprise Linux 8.

Service Name= chronyd

Differences between chrony and ntp

ntp namechrony name
/etc/ntp.conf/etc/chrony.conf
/etc/ntp/keys/etc/chrony.keys
ntpdchronyd
ntpqchronyc
ntpd.servicechronyd.service
ntp-wait.servicechrony-wait.service

Steps to install chrony on system to make a chrony(NTP) server.

Working environment of this lab:

NTP Server IP: 192.168.73.130

Client IP : 192.168.73.128

OS : CentOS8

1. Install the chrony package.

# yum install chrony -y

2. Now start chronyd service, enable it to auto start at system boot and verify the running status:

# systemctl start chronyd
# systemctl status chronyd
# systemctl enable chronyd
chrony enabled service

3. To make a chrony (NTP) server, after installation of package you need to make some changes in chrony’s configuration file /etc/chrony.conf.

# vi /etc/chrony.conf

4. Now search for the “allow” configuration directive and uncomment it and set the network addresses from which the clients are allowed.

# allow 192.168.73.0/24

Now save and exit.

5. Restart the chronyd service

# systemctl restart chronyd

6. Now open NTP service in firewalld configuration to allow for incoming NTP requests or allow port 123/udp:

# firewall-cmd --permanent --add-service=ntp
or
# firewall-cmd --permanent --add-port=123/udp
# firewall-cmd --reload

If you want to remove the chrony service by any reason for the firewall. you can use below command.

# firewall-cmd --permanent --remove-service=chrony
chrony .conf

The Directives that are used in chrony.conf

For a complete list of the directives that can be used see The chronyd configuration file. Some directives we are discussing here.

allow

The allow directive is used to specify a host, subnet, or network from which to allow NTP connections to a machine acting as NTP server. The default is not to allow connections.

cmdallow

This is similar to the allow directive (see section allow), except that it allows control access (rather than NTP client access) to a particular subnet or host. 

The syntax is identical. There is also a cmddeny all directive with similar behavior to the cmdallow all directive.

dumpdir

The dumpdir command should be used to define the directory where the measurement histories are saved.

dumponexit

If this command is present, it indicates that chronyd should save the measurement history for each of its time sources. It records all instances whenever the program exits. (See the dumpdir command above).

hwtimestamp

The hwtimestamp directive enables hardware timestamping for extremely accurate synchronization. It means it synchronizes the time from hardware. For more details, see the chrony.conf(5) manual page.

local

The local keyword is in use to allow chronyd to appear synchronized to real time from the viewpoint of clients polling it, even if it has no current synchronization source. 

local stratum 10

A large value of 10 indicates that the clock is so many hops away from a reference clock that its time is unreliable. If the computer ever has access to another computer which is ultimately synchronized to a reference clock, it will almost certainly be at a stratum less than 10.

Therefore, the choice of a high value like 10 for the local command prevents the machine’s own time from ever being confused with real time, were it ever to leak out to clients that have visibility of real servers.

logdir

This directive allows the directory where log files are written to be specified.

An example of the use of this directive is:

logdir /var/log/chrony

Configure NTP client

7. Installing the chrony package on client side:

# yum install chrony

8. Once install you can start enable and verify the chronyd service status:

# systemctl start chronyd
# systemctl enable chronyd
# systemctl status chronyd

9. Configure the system as a direct client of the NTP server. Open the /etc/chrony.conf

# vi /etc/chrony.conf

10. Now add the NTP server address:

# Please consider joining the pool

Comment out the default NTP servers set your RHEL 8 NTP server’s address.

Server 192.168.73.130

Save the changes in the file and close it.

11. Restart the chronyd service

# systemctl restart chronyd 

12. Now run the following command to show the current time sources (NTP server) that chronyd is accessing client side.

# chronyc sources
chrony source

13. On the server, run the following command to display information about NTP client information.

# chronyc client
chrony client

14. You can use below command to track the time sync process.

# chronyc tracking
chrony tracking

In this article we have discussed about chrony and NTP. Difference between Chronhy and ntp configuration files, services, deamons etc.

Please share your comments and suggestions below. Thank you.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest articles

x