In this guide, you will learn how to easily configure NTP Server on Rocky/Oracle Linux. In this tutorial, we will use Chrony to configure NTP server on Rocky/Oracle Linux. Chrony is currently being used in most cases in favour of the legacy NTPd. Compared to NTP implementation, chrony performs well in a wide range of conditions including:
- intermittent network connections,
- heavily congested networks
- changing temperatures
- systems that do not run continuously
Chrony can be used to synchronize the system clock with NTP servers, reference clocks. It can also operate as an NTPv4 server and peer to provide a time service to other computers in the network.
Configure NTP Server on Rocky/Oracle Linux
Installing Chrony on Rocky/Oracle Linux
Chrony suite is installed by default on RHEL derivatives, Rocky/Oracle Linux included. You can however verify this by executing the command below;
rpm -q chronyIf the package is installed, you should get an output similar to;
chrony-4.1-3.el9.rocky.0.1.x86_64Otherwise, you will get an output like;
package chrony is not installedTo see more information about Chrony;
rpm -qi chrony
Name : chrony
Version : 4.1
Release : 3.el9.rocky.0.1
Architecture: x86_64
Install Date: Tue 15 Nov 2022 06:22:59 PM EAT
Group : Unspecified
Size : 608214
License : GPLv2
Signature : RSA/SHA256, Fri 09 Sep 2022 10:43:53 PM EAT, Key ID 702d426d350d275d
Source RPM : chrony-4.1-3.el9.rocky.0.1.src.rpm
Build Date : Fri 09 Sep 2022 10:38:35 PM EAT
Build Host : pb-d952646d-29b9-479d-ac06-aee585aa8dcf-b-x86-64
Packager : Rocky Linux Build System (Peridot)
Vendor : Rocky Enterprise Software Foundation
URL : https://chrony.tuxfamily.org
Summary : An NTP client/server
Description :
chrony is a versatile implementation of the Network Time Protocol (NTP).
It can synchronise the system clock with NTP servers, reference clocks
(e.g. GPS receiver), and manual input using wristwatch and keyboard. It
can also operate as an NTPv4 (RFC 5905) server and peer to provide a time
service to other computers in the network.
If for some reasons is not installed by default, you can always install it by running the command below;
dnf install chronyConfigure Chrony as an NTP server on Rocky/Oracle Linux
The default configuration file of Chrony is /etc/chrony.conf.
Set Time Servers
By default, Chrony has some default public Time servers from pool.ntp.org project project already defined in the configuration file.
For example on Rocky Linux;
pool 2.rhel.pool.ntp.org iburstOn Oracle;
pool 2.pool.ntp.org iburstTo ensure time accuracy, you need to define the time servers close to your NTP server host region.
You can obtain a list of NTP servers close to your NTP server host region on Internet Cluster of NTP servers page.
Just select the region accordingly. For example, if you are in Europe, below are the available NTP servers;
server 0.europe.pool.ntp.org
server 1.europe.pool.ntp.org
server 2.europe.pool.ntp.org
server 3.europe.pool.ntp.orgTo use the pool of NTP servers in your region, simply replace the default time server defined in the configuration with your chosen region time servers. You can comment (Add # at the beginning) the line, pool 2.pool.ntp.org iburst replacing it as follows;
vim /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (https://www.pool.ntp.org/join.html).
#pool 2.rhel.pool.ntp.org iburst
server 0.europe.pool.ntp.org iburst
server 1.europe.pool.ntp.org iburst
server 2.europe.pool.ntp.org iburst
server 3.europe.pool.ntp.org iburst
Configure NTP Server Access Control
Next, you need to restrict or control access to the NTP server. This can be done using the allow <host/network> directive.
This directive simply is to designate particular servers from which NTP clients are allowed to query an NTP server.
For example, to allow all servers in the network subnet, 192.168.56.0/24 to access your NTP server;
# Allow NTP client access from local network.
#allow 192.168.0.0/16
allow 192.168.59.0/24To allow multiple hosts/networks, use multiple allow directives. e.g
# Allow NTP client access from local network.
#allow 192.168.0.0/16
allow 192.168.59.0/24
allow 192.168.58.0/24
allow 192.168.100.0/24Save and exit the configuration file.
Read more on, man chrony.conf.
Open NTP UDP Port 123 on Firewall
To be able to allow NTP clients access to your NTP server, you need to open port 123/UDP on firewall.
firewall-cmd --add-port=123/udp --permanentfirewall-cmd --reloadRunning Chrony on Rocky/Oracle Linux
Chronyd daemon controls the NTP implementation. Thus, start and enable it to run on system boot by running the command below;
systemctl enable --now chronydIf it was already running, restart it;
systemctl restart chronydCheck the status;
systemctl status chronyd
● chronyd.service - NTP client/server
Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2022-11-15 18:43:49 EAT; 1s ago
Docs: man:chronyd(8)
man:chrony.conf(5)
Process: 1757 ExecStart=/usr/sbin/chronyd $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 1759 (chronyd)
Tasks: 1 (limit: 5891)
Memory: 796.0K
CPU: 11ms
CGroup: /system.slice/chronyd.service
└─1759 /usr/sbin/chronyd -F 2
Nov 15 18:43:49 localhost.localdomain systemd[1]: Starting NTP client/server...
Nov 15 18:43:49 localhost.localdomain chronyd[1759]: chronyd version 4.1 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +NTS +SECHASH +IPV6 +DE>
Nov 15 18:43:49 localhost.localdomain chronyd[1759]: Frequency -5.990 +/- 10.038 ppm read from /var/lib/chrony/drift
Nov 15 18:43:49 localhost.localdomain chronyd[1759]: Using right/UTC timezone to obtain leap second data
Nov 15 18:43:49 localhost.localdomain chronyd[1759]: Loaded seccomp filter (level 2)
Nov 15 18:43:49 localhost.localdomain systemd[1]: Started NTP client/server.
...
Verify Chrony Time Synchronization
chronyc commands is be used to verify Chrony time synchronization.
You can use chronyc command with the other options such as sources, tracking, sourcestats.
To display information about the current time sources that chronyd is accessing, run the command;
chronyc sources
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^+ 79-209.butt.spdwpl.net 2 6 17 60 +34ms[ +35ms] +/- 145ms
^- srv01.spectre-net.de 2 6 35 57 +25ms[ +25ms] +/- 123ms
^* ns.aksinet.net 2 6 17 58 -944us[ +571us] +/- 166ms
^? ntp1.karneval.cz 0 6 0 - +0ns[ +0ns] +/- 0ns
The M column indicates the mode of the source;
- ^ means a server
- = means a peer
- # indicates a locally connected reference clock
The S column indicates the state of the sources;
- “*” indicates the source to which chronyd is currently synchronized.
- “+” indicates acceptable sources which are combined with the selected source.
- “-” indicates acceptable sources which are excluded by the combining algorithm.
- “?” indicates sources to which connectivity has been lost or whose packets do not pass all tests. This condition is also shown at start-up, until at least 3 samples have been gathered from it.
- “x” indicates a clock which chronyd thinks is a falseticker (its time is inconsistent with a majority of other sources).
- “~” indicates a source whose time appears to have too much variability
To display parameters about the system’s clock performance;
chronyc tracking
Reference ID : C303FE02 (ns.aksinet.net)
Stratum : 3
Ref time (UTC) : Tue Nov 15 15:49:55 2022
System time : 0.009086476 seconds fast of NTP time
Last offset : +0.001899395 seconds
RMS offset : 0.012369673 seconds
Frequency : 0.425 ppm slow
Residual freq : +15.764 ppm
Skew : 46.456 ppm
Root delay : 0.241274297 seconds
Root dispersion : 0.056591570 seconds
Update interval : 64.6 seconds
Leap status : Normal
And that is it on how to easily configure NTP Server on Rocky/Oracle Linux.
For more command options, refer to;
man chronycOther Tutorials;
