chrony
chrony

Configure chrony as an NTP client or server in Linux

Chrony ( daemon’s name : chronyd) is a versatile implementation of the NTP that can be used to synchronize the time on a CentOS 7 system. This article will explain how to install and configure Chrony as an NTP client and NTP server on a CentOS 7 and 8 / Redhat 7 and 8 system.

chrony

Install chrony

To install Chrony on a CentOS 7 and 8 / RedHat 7 and 8 system, you can use the yum package manager ( or dnf). To do this, run the following command :

[root@Linux ~]# yum install chrony
.
.
.
.
Running transaction
  Installing : chrony-3.4-1.el7.x86_64                                                                                                                                                                        1/1
  Verifying  : chrony-3.4-1.el7.x86_64                                                                                                                                                                        1/1
Installed:
  chrony.x86_64 0:3.4-1.el7
Complete!

Configuring Chrony as ntp client

After the installation is complete, we need to configure chrony as a ntp client. The chrony configuration file is located at /etc/chrony.conf :

[root@Linux ~]# cat /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst

# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift

# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3

# Enable kernel synchronization of the real-time clock (RTC).
rtcsync

# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *

# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2

# Allow NTP client access from local network.
#allow 192.168.0.0/16

# Serve time even if not synchronized to a time source.
#local stratum 10

# Specify file containing keys for NTP authentication.
#keyfile /etc/chrony.keys

# Specify directory for log files.
logdir /var/log/chrony

# Select which information is logged.
#log measurements statistics tracking

As you can see, chrony use an NTP.org pool as the source for time. For most home users this is a perfectly acceptable configuration as these are reliable time sources. However, in an enterprise environment, an internal NTP time source is required.

To configure chronyd to to use an internal or another NTP source, comment out or remove the « server » option and add you own server ntp :

#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst

server 192.168.2.12 iburst

Save configuration changes and restart the chronyd service :

[root@Linux ~]# systemctl restart chronyd

Then verify it is up and running :

[root@Linux ~]# systemctl status chronyd
● chronyd.service - NTP client/server
   Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2023-01-11 18:26:29 +01; 58min left
     Docs: man:chronyd(8)
           man:chrony.conf(5)
  Process: 3870 ExecStartPost=/usr/libexec/chrony-helper update-daemon (code=exited, status=0/SUCCESS)
  Process: 3866 ExecStart=/usr/sbin/chronyd $OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 3868 (chronyd)
    Tasks: 1
   Memory: 372.0K
   CGroup: /system.slice/chronyd.service
           └─3868 /usr/sbin/chronyd


Check system clock is synchronized correctly

Finally, to confirm that the system clock is synchronized correctly to the upstream time server, use the command bellow :

[root@Linux ~]# timedatectl
      Local time: Wed 2023-01-11 17:38:19 +01
  Universal time: Wed 2023-01-11 16:38:19 UTC
        RTC time: Wed 2023-01-11 16:38:19
       Time zone: Africa/Casablanca (+01, +0100)
     NTP enabled: yes
NTP synchronized: yes
 RTC in local TZ: no

 Last DST change: DST began at
                  Sun 2022-05-08 01:59:59 +00
                  Sun 2022-05-08 03:00:00 +01
 Next DST change: DST ends (the clock jumps one hour backwards) at
                  Sun 2023-03-19 02:59:59 +01
                  Sun 2023-03-19 02:00:00 +00

To check the NTP sources, use the command bellow :

[root@Linux ~]# chronyc sources
210 Number of sources = 4
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^* 192.168.2.12           3   6   377    52  +35us[+23us] +/-   29ms


Configuring Chrony as ntp server

Also you can use chrony to configure ntp as server. The first step is to configure the time sources as I showed in the previous section :

server 192.168.2.12 iburst

By default chrony operates purely as an NTP client and no clients are allowed to access, so to make chrony act as a ntp server, we need to enable the allow directive which specifies a particular subnet from which NTP clients can access the NTP server :

allow 192.168.2.0/24

Now all clients which are part of this subnet are allowed to sychronise with NTP server.

after that, restart the chrony service :

[root@Linux ~]# systemctl restart chronyd

Configure firewalld :

After configuring the time source, adding the allow directive, and restarting the chronyd service, you need to configure firewalld to permit the NTP service :

[root@Linux ~]# firewall-cmd --add-service=ntp --permanent
success
[root@Linux ~]# firewall-cmd --reload
success