Category: ntp

Install and configure chrony – CentOS7

What is Chrony ?
Chrony provides another implementation of NTP. It is designed for systems that are often powered down or disconnected from the network. The main configuration file is /etc/chrony.conf and the parameters are similar to those in the /etc/ntp.conf file. Chronyd is a daemon that runs in user space and also is a command-line program that provides a command prompt and a number of commands.

Examples:
tracking: Displays system time information.
sources: Displays information about current sources.

You can find more about here:

https://chrony.tuxfamily.org/comparison.html

1. Make sure you have your hostnames and /etc/hosts file properly configured

Server (host1.localnet.com)
Client (host2.localnet.com)

/etc/hosts file

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.0.200 host2.localnet.com host2
192.168.0.199 host1.localnet.com host1

2. Install chrony package on both the server and the client machine

# yum install chrony

3. Start and enable the daemon on both the server and client machines

# systemctl start chrony
# systemctl enable chrony

4. At the server machine, edit the /etc/chrony.conf file and add your client network

## Allow NTP client access from local network.
allow 192.168.0.0/24

5. At the client machine, edit the /etc/chrony.conf and add your ntp server IP address

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server 192.168.0.199 iburst

6. Restart chrony service on both machines

# systemctl restart chrony

7. Make sure you allow ntp service in your firewall on both machines

# firewall-cmd --permanent --zone=public --add-service ntp
# firewall-cmd --reload
# firewall-cmd --list-all | grep services

8. Verify your sources information

server

# chronyc sources
210 Number of sources = 4
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^? t1.time.ir2.yahoo.com 0 6 0 - +0ns[ +0ns] +/- 0ns
^? bray.walcz.net 0 6 0 - +0ns[ +0ns] +/- 0ns
^? t1.time.ir2.yahoo.com 0 9 0 - +0ns[ +0ns] +/- 0ns
^? tshirt.heanet.ie 0 6 0 - +0ns[ +0ns] +/- 0ns

client

# chronyc sources
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^? host1.localnet.com 0 7 0 - +0ns[ +0ns] +/- 0ns

9. Verify your system time information

# chronyc tracking
Reference ID : 7F7F0101 ()
Stratum : 10
Ref time (UTC) : Wed Aug 15 12:16:29 2018
System time : 0.000000020 seconds fast of NTP time
Last offset : +0.000000000 seconds
RMS offset : 0.000000000 seconds
Frequency : 3.440 ppm fast
Residual freq : +0.000 ppm
Skew : 0.000 ppm
Root delay : 0.000000000 seconds
Root dispersion : 0.000000000 seconds
Update interval : 0.0 seconds
Leap status : Normal

Some of the fields
Reference ID:  The Reference ID and the name or IP address (if available), of the server to which the computer is currently synchronized.
Stratum: The stratum indicates how many hops away from a computer with an attached reference clock you are.
Ref time: This is the time (UTC) at which the last measurement from the reference source was processed.
10. Verify your sources

# chronyc sources -v
210 Number of sources = 4
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^? mail.thefrown.net 0 6 0 - +0ns[ +0ns] +/- 0ns
^? t2.time.ir2.yahoo.com 0 6 0 - +0ns[ +0ns] +/- 0ns
^? bray.walcz.net 0 9 0 - +0ns[ +0ns] +/- 0ns
^? 193.1.12.167 0 6 0 - +0ns[ +0ns] +/- 0ns

M: The mode of the source, where:
^ means a server
= means a peer
# indicates a locally connected reference clock.

S: The state of the sources, where:

“*” indicates the source to which chronyd is currently synchronized.
“+” indicates acceptable sources that are combined with the selected source.
“-” indicates acceptable sources that are excluded by the combining algorithm.
“?” indicates sources to which connectivity has been lost or whose packets do not pass all tests.
“x” indicates a clock that chronyd thinks is a false ticker, that is, its time is inconsistent with a majority of other sources.
“~” indicates a source whose time appears to have too much variability.
“?” condition is also shown at start-up, until at least three samples have been gathered from it.

Name/IP address: This shows the name or the IP address of the source, or reference ID for reference clocks.