RH354 - ch04s05

Bookmark this page

Configuring NTP with Chrony

Objectives

After completing this section, students should be able to maintain NTP time synchronization using Chrony, and configure the time zone with timedatectl.

Chrony Replaces ntpd

The Network Time Protocol (NTP) is the standard for machines to provide and synchronize time between authorized systems. A machine may get accurate time information from public NTP services on the Internet such as the NTP Pool Project. A high-quality hardware clock to serve accurate time to local clients is another option.

In Red Hat Enterprise Linux 8, Chrony is the only available implementation of an NTP server. The ntpd implementation, available alongside Chrony on Red Hat Enterprise Linux 7, is no longer available.

Using Chrony as the Default NTP Implementation

Chrony replaces ntpd, which is no longer available.
Chrony uses a different configuration file, with a different format.
The /usr/share/doc/chrony/ntp2chrony.py script converts your /etc/ntp.conf file to /etc/chrony.conf.
timedatectl displays an overview of the current time related system settings.
Use timedatectl set-timezone to define the system time zone.

Introducing Chrony

The chronyd service keeps the local hardware clock (RTC) on track by synchronizing it with the configured NTP servers. If no network connectivity is available, it synchronizes to the calculated RTC clock drift, which is recorded in the driftfile variable specified in the /etc/chrony.conf configuration file.

By default, chronyd uses servers from the NTP Pool project for the time synchronization and does not need additional configuration. It may be useful to change the NTP servers when the machine in question is on an isolated network.

The server lines in the /etc/chrony.conf configuration file give the IP addresses or DNS names of the NTP servers. Following the server IP address or name, you can list a series of options for the server. Red Hat recommends using the iburst option because, after the service starts, Chrony takes four measurements in a short period for a more accurate initial clock synchronization.

[user@demo ~]$ cat /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
# pool 2.rhel.pool.ntp.org iburst
server 192.168.122.14 iburst
server tick.example.com iburst
server tock.example.com iburst

# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
...output omitted...

The pool directive is similar to the server directive, but instead of indicating a single NTP server, it indicates a DNS name that resolves to multiple addresses that may change over time.

After updating the /etc/chrony.conf configuration file, restart the service.

[root@demo ~]# systemctl restart chronyd

The chronyc command acts as a client to the chronyd service. After setting up NTP synchronization, verify the NTP server used to synchronize the system clock with the chronyc sources command or, for a more verbose output, chronyc sources -v:

[user@demo ~]$ chronyc sources -v
210 Number of sources = 3

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| /   '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample
^* tick.example.com              3   7   377    87    +70us[  +90us] +/-   63ms
^+ tock.example.com              1   6    37    23  +1384us[ +409us] +/-   58ms
^+ 192.168.122.14                3   6    37    23  -1514us[-2490us] +/-   84ms

The asterisk character (*) in the S (Source state) field indicates that the tick.example.com server has been used as a time source and is the NTP server the machine is currently synchronized to.

Converting the NTPd Configuration to Chrony

The Chrony configuration file, /etc/chrony.conf, is similar to the ntpd configuration file, /etc/ntp.conf. Some configuration directives are specific to Chrony because the two programs have different features.

Notably, the following ntpd features are not available in Chrony.

Chrony does not implement the broadcast and multicast client features. Therefore, the broadcastclient and multicastclient directives do not exist in chrony.conf. These NTPd features enable reception of NTP messages sent by broadcast or multicast NTP servers.
The autokey directive is not available in chrony.conf. In ntp.conf, this directive activates public key algorithms for packet authentication between NTP clients and servers.
Chrony does not support ephemeral associations when using symmetric peer directives. For example, the peer directive allows two servers at the same level to synchronize their clocks. When only one server defines the peer directive, the other server accepts the connection and establishes an ephemeral association. Chrony does not allow this implicit configuration; both servers must include the peer directive.

To help you convert your ntp.conf file to chrony.conf, the chrony package provides the ntp2chrony.py script in /usr/share/doc/chrony/. Use the --ntp-conf option to specify the ntp.conf file to convert. The --chrony-conf option specifies the output chrony.conf file. The --chrony-keys option specifies the path to the output file containing the key pairs for servers requiring authentication. Review the converted configuration file before restarting the chronyd service.

[root@demo ~]# python3 /usr/share/doc/chrony/ntp2chrony.py \
> --ntp-conf ./ntp.conf \
> --chrony-conf ./chrony.conf \
> --chrony-keys ./chrony.key
[root@demo ~]# cat ./chrony.conf
...output omitted...
[root@demo ~]# cp ./chrony.conf ./chrony.key /etc
[root@demo ~]# systemctl restart chronyd

Setting the Time Zone

The timedatectl command displays an overview of the current time-related system settings, including the current time, time zone, and NTP synchronization settings of the system.

[user@demo ~]$ timedatectl
               Local time: Fri 2019-02-15 03:54:03 EST
           Universal time: Fri 2019-02-15 08:54:03 UTC
                 RTC time: Fri 2019-02-15 08:54:02
                Time zone: America/New_York (EST, -0500)
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no

The system provides a database with the known time zones that you can list with the timedatectl list-timezones command.

[user@demo ~]$ timedatectl list-timezones
Africa/Abidjan
Africa/Accra
Africa/Addis_Ababa
Africa/Algiers
Africa/Asmara
...output omitted...

The tzselect command is useful for identifying the correct name for a time zone. It interactively prompts the user with questions about the system's location and outputs the name of the correct time zone. It does not make any changes to the time zone setting of the system.

As root, you can adjust the system setting for the current time zone with the timedatectl set-timezone command.

[root@demo ~]# timedatectl set-timezone America/Phoenix
[root@demo ~]# timedatectl
               Local time: Fri 2019-02-15 01:58:19 MST
           Universal time: Fri 2019-02-15 08:58:19 UTC
                 RTC time: Fri 2019-02-15 08:58:18
                Time zone: America/Phoenix (MST, -0700)
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no

References

chrony.conf(5), chronyc(1), timedatectl(1), and tzselect(8) man pages.

For more information on Chrony, refer to the Using the Chrony suite to configure NTP chapter in the Configuring basic system settings guide at https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/configuring_basic_system_settings/index#using-chrony-to-configure-ntp

Discuss RHEL 8 New Features for Experienced Linux Administrators

Go to community

Welcome to the Red Hat Enterprise Linux 8 New Features for Experienced Linux Administrators group!

cschunke

26 wrz 2023

We are excited to launch a space dedicated to the Red Hat Training course Red Hat Enterprise Linux 8 New Features for Experienced Linux Administrators! To gain the most value from this group - click the "Join Group" button in the upper right hand corner of the group home page.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to RH354.Read more about Red Hat Enterprise Linux 8 New Features for Experienced Linux Administrators here.

Revision: rh354-8.0-0e36520