Chrony ( daemon’s name : chronyd) is a versatile implementation of the NTP that can be used to synchronize the time on a CentOS 7 system. This article will explain how to install and configure Chrony as an NTP client and NTP server on a CentOS 7 and 8 / Redhat 7 and 8 system.
Install chrony
To install Chrony on a CentOS 7 and 8 / RedHat 7 and 8 system, you can use the yum package manager ( or dnf). To do this, run the following command :
[root@Linux ~]# yum install chrony . . . . Running transaction Installing : chrony-3.4-1.el7.x86_64 1/1 Verifying : chrony-3.4-1.el7.x86_64 1/1 Installed: chrony.x86_64 0:3.4-1.el7 Complete!
Configuring Chrony as ntp client
After the installation is complete, we need to configure chrony as a ntp client. The chrony configuration file is located at /etc/chrony.conf :
[root@Linux ~]# cat /etc/chrony.conf # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). server 0.centos.pool.ntp.org iburst server 1.centos.pool.ntp.org iburst server 2.centos.pool.ntp.org iburst server 3.centos.pool.ntp.org iburst # Record the rate at which the system clock gains/losses time. driftfile /var/lib/chrony/drift # Allow the system clock to be stepped in the first three updates # if its offset is larger than 1 second. makestep 1.0 3 # Enable kernel synchronization of the real-time clock (RTC). rtcsync # Enable hardware timestamping on all interfaces that support it. #hwtimestamp * # Increase the minimum number of selectable sources required to adjust # the system clock. #minsources 2 # Allow NTP client access from local network. #allow 192.168.0.0/16 # Serve time even if not synchronized to a time source. #local stratum 10 # Specify file containing keys for NTP authentication. #keyfile /etc/chrony.keys # Specify directory for log files. logdir /var/log/chrony # Select which information is logged. #log measurements statistics tracking
As you can see, chrony use an NTP.org pool as the source for time. For most home users this is a perfectly acceptable configuration as these are reliable time sources. However, in an enterprise environment, an internal NTP time source is required.
To configure chronyd to to use an internal or another NTP source, comment out or remove the « server » option and add you own server ntp :
#server 0.centos.pool.ntp.org iburst #server 1.centos.pool.ntp.org iburst #server 2.centos.pool.ntp.org iburst #server 3.centos.pool.ntp.org iburst server 192.168.2.12 iburst
Save configuration changes and restart the chronyd service :
[root@Linux ~]# systemctl restart chronyd
Then verify it is up and running :
[root@Linux ~]# systemctl status chronyd ● chronyd.service - NTP client/server Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2023-01-11 18:26:29 +01; 58min left Docs: man:chronyd(8) man:chrony.conf(5) Process: 3870 ExecStartPost=/usr/libexec/chrony-helper update-daemon (code=exited, status=0/SUCCESS) Process: 3866 ExecStart=/usr/sbin/chronyd $OPTIONS (code=exited, status=0/SUCCESS) Main PID: 3868 (chronyd) Tasks: 1 Memory: 372.0K CGroup: /system.slice/chronyd.service └─3868 /usr/sbin/chronyd
Check system clock is synchronized correctly
Finally, to confirm that the system clock is synchronized correctly to the upstream time server, use the command bellow :
[root@Linux ~]# timedatectl Local time: Wed 2023-01-11 17:38:19 +01 Universal time: Wed 2023-01-11 16:38:19 UTC RTC time: Wed 2023-01-11 16:38:19 Time zone: Africa/Casablanca (+01, +0100) NTP enabled: yes NTP synchronized: yes RTC in local TZ: no Last DST change: DST began at Sun 2022-05-08 01:59:59 +00 Sun 2022-05-08 03:00:00 +01 Next DST change: DST ends (the clock jumps one hour backwards) at Sun 2023-03-19 02:59:59 +01 Sun 2023-03-19 02:00:00 +00
To check the NTP sources, use the command bellow :
[root@Linux ~]# chronyc sources 210 Number of sources = 4 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* 192.168.2.12 3 6 377 52 +35us[+23us] +/- 29ms
Configuring Chrony as ntp server
Also you can use chrony to configure ntp as server. The first step is to configure the time sources as I showed in the previous section :
server 192.168.2.12 iburst
By default chrony operates purely as an NTP client and no clients are allowed to access, so to make chrony act as a ntp server, we need to enable the allow directive which specifies a particular subnet from which NTP clients can access the NTP server :
allow 192.168.2.0/24
Now all clients which are part of this subnet are allowed to sychronise with NTP server.
after that, restart the chrony service :
[root@Linux ~]# systemctl restart chronyd
Configure firewalld :
After configuring the time source, adding the allow directive, and restarting the chronyd service, you need to configure firewalld to permit the NTP service :
[root@Linux ~]# firewall-cmd --add-service=ntp --permanent success [root@Linux ~]# firewall-cmd --reload success
Netstat : Les 14 commandes les plus utilisées
Le montage sous linux
Le fonctionnement du routeur
nmap : les 12 commandes que vous devez connaître
Fail2Ban : How to protect Linux services