Chrony - versatile implementation of the Network Time Protocol (NTP)

mail

Chrony

Description

  • All details are available at Chrony's homepage, or on Wikipedia.
  • Just remember that :
    • Chrony comes in 2 parts :
    • Chrony is one of the implementations that can replace ntpd and ntpdate
      https://packages.debian.org/stretch/ntpdate
      If the full NTP daemon from the package "ntp" is installed, then ntpdate is not necessary.
      
      https://packages.debian.org/buster/ntpdate
      ntpdate is deprecated. Please use sntp instead for manual or scripted NTP queries/syncs.
      
      https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514318
      please remove ntpdate, which is deprecated
      
    • I picked Chrony because I needed a NTP solution working both for RHEL 7+ and Debian 9+
    • Chrony does not exactly set the system clock (i.e. doing the current date/time is value, like ntpdate does). Instead it speeds / slows the system clock gradually so that it stays close to the right time.
      However, it may step the clock (i.e. jump forward / backward in time) :
      • at boot
      • or if explicitly allowed to do so
      (details)
  • Details :

Install

It's pretty straightforward :
  • apt install chrony
  • yum install chrony

Configuration (source) :

Depending on the Linux distribution, the configuration file has a different path :
  • Debian : /etc/chrony/chrony.conf
  • RHEL : /etc/chrony.conf
When deploying a NTP client, you just have to set the server directive and make sure allow is commented or absent.
Directive Usage
allow 12.34.56.78 list the subnet / hosts from which NTP clients are allowed to access the computer as an NTP server
logdir path/to/log/directory explicit, but useless without log
log metric_1 metric_2 metric_3 list of metrics to log in logdir/logfile
server timeServer [options]
  • list the servers to use as time sources
  • can (should!) be used multiple times
  • the iburst option helps making the first update of the clock sooner

Check installation (inspired by) :

Get the service status

systemctl status chronyd
 chronyd.service - NTP client/server
   Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2021-04-13 15:11:07 CEST; 1h ago
	 Docs: man:chronyd(8)
		   man:chrony.conf(5)
 Main PID: 12282 (chronyd)
 
The service must be :
  • active
  • since not too long ago (read below)
if chrony is installed by Ansible and defined as service must be started :
  • if it was ALREADY installed + started for ages (because part of a default install)
  • Ansible will leave it as-is, and won't load its new configuration
This step will output :
 chronyd.service - NTP client/server
   Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2021-03-26 08:57:07 CET; 2 weeks 4 days ago
	 Docs: man:chronyd(8)
		   man:chrony.conf(5)
 Main PID: 6087 (chronyd)
 
... meaning the latest changes made to chrony.conf by Ansible have not been loaded yet.

Check chronyd has time sources

chronyc sources -v
210 Number of sources = 2								ok if it matches the number of server entries in chrony.conf

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| /   '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^* ntp1.example.com           5   6   377    47    +24ms[  +24ms] +/-  136ms		ok if one source has ^*
^+ ntp2.example.com           4   9   377    91    -27ms[  -26ms] +/-  214ms

Get the current NTP time

chronyc tracking
Reference ID    : 0A1B1981 (ntp1.example.com)		should refer to the same source as in the previous step
Stratum         : 6
Ref time (UTC)  : Wed Apr 14 07:05:17 2021			if you are not back to Epoch, it means it's working 
System time     : 0.002320022 seconds fast of NTP time		below are various metrics about the local clock and drift from the real time
Last offset     : +0.000871681 seconds
RMS offset      : 0.002877922 seconds
Frequency       : 24.251 ppm slow
Residual freq   : +0.247 ppm
Skew            : 6.148 ppm
Root delay      : 0.063965246 seconds
Root dispersion : 0.105693020 seconds
Update interval : 64.7 seconds
Leap status     : Normal