In this guide, you will learn how to easily configure NTP Server on Rocky/Oracle Linux. In this tutorial, we will use Chrony to configure NTP server on Rocky/Oracle Linux. Chrony is currently being used in most cases in favour of the legacy NTPd. Compared to NTP implementation, chrony performs well in a wide range of conditions including:
- intermittent network connections,
- heavily congested networks
- changing temperatures
- systems that do not run continuously
Chrony can be used to synchronize the system clock with NTP servers, reference clocks. It can also operate as an NTPv4 server and peer to provide a time service to other computers in the network.
Configure NTP Server on Rocky/Oracle Linux
Installing Chrony on Rocky/Oracle Linux
Chrony suite is installed by default on RHEL derivatives, Rocky/Oracle Linux included. You can however verify this by executing the command below;
rpm -q chrony
If the package is installed, you should get an output similar to;
Otherwise, you will get an output like;
package chrony is not installed
To see more information about Chrony;
rpm -qi chrony
Name : chrony Version : 4.1 Release : 3.el9.rocky.0.1 Architecture: x86_64 Install Date: Tue 15 Nov 2022 06:22:59 PM EAT Group : Unspecified Size : 608214 License : GPLv2 Signature : RSA/SHA256, Fri 09 Sep 2022 10:43:53 PM EAT, Key ID 702d426d350d275d Source RPM : chrony-4.1-3.el9.rocky.0.1.src.rpm Build Date : Fri 09 Sep 2022 10:38:35 PM EAT Build Host : pb-d952646d-29b9-479d-ac06-aee585aa8dcf-b-x86-64 Packager : Rocky Linux Build System (Peridot)
Vendor : Rocky Enterprise Software Foundation URL : https://chrony.tuxfamily.org Summary : An NTP client/server Description : chrony is a versatile implementation of the Network Time Protocol (NTP). It can synchronise the system clock with NTP servers, reference clocks (e.g. GPS receiver), and manual input using wristwatch and keyboard. It can also operate as an NTPv4 (RFC 5905) server and peer to provide a time service to other computers in the network.
If for some reasons is not installed by default, you can always install it by running the command below;
dnf install chrony
Configure Chrony as an NTP server on Rocky/Oracle Linux
The default configuration file of Chrony is
Set Time Servers
By default, Chrony has some default public Time servers from pool.ntp.org project project already defined in the configuration file.
For example on Rocky Linux;
pool 2.rhel.pool.ntp.org iburst
pool 2.pool.ntp.org iburst
To ensure time accuracy, you need to define the time servers close to your NTP server host region.
You can obtain a list of NTP servers close to your NTP server host region on Internet Cluster of NTP servers page.
Just select the region accordingly. For example, if you are in Europe, below are the available NTP servers;
server 0.europe.pool.ntp.org server 1.europe.pool.ntp.org server 2.europe.pool.ntp.org server 3.europe.pool.ntp.org
To use the pool of NTP servers in your region, simply replace the default time server defined in the configuration with your chosen region time servers. You can comment (Add # at the beginning) the line,
pool 2.pool.ntp.org iburst replacing it as follows;
# Use public servers from the pool.ntp.org project. # Please consider joining the pool (https://www.pool.ntp.org/join.html). #pool 2.rhel.pool.ntp.org iburst server 0.europe.pool.ntp.org iburst server 1.europe.pool.ntp.org iburst server 2.europe.pool.ntp.org iburst server 3.europe.pool.ntp.org iburst
Configure NTP Server Access Control
Next, you need to restrict or control access to the
NTP server. This can be done using the
allow <host/network> directive.
This directive simply is to designate particular servers from which NTP clients are allowed to query an NTP server.
For example, to allow all servers in the network subnet, 192.168.56.0/24 to access your NTP server;
# Allow NTP client access from local network. #allow 192.168.0.0/16 allow 192.168.59.0/24
To allow multiple hosts/networks, use multiple
allow directives. e.g
# Allow NTP client access from local network. #allow 192.168.0.0/16 allow 192.168.59.0/24 allow 192.168.58.0/24 allow 192.168.100.0/24
Save and exit the configuration file.
Read more on,
Open NTP UDP Port 123 on Firewall
To be able to allow NTP clients access to your NTP server, you need to open port 123/UDP on firewall.
firewall-cmd --add-port=123/udp --permanent
Running Chrony on Rocky/Oracle Linux
Chronyd daemon controls the NTP implementation. Thus, start and enable it to run on system boot by running the command below;
systemctl enable --now chronyd
If it was already running, restart it;
systemctl restart chronyd
Check the status;
systemctl status chronyd
● chronyd.service - NTP client/server Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2022-11-15 18:43:49 EAT; 1s ago Docs: man:chronyd(8) man:chrony.conf(5) Process: 1757 ExecStart=/usr/sbin/chronyd $OPTIONS (code=exited, status=0/SUCCESS) Main PID: 1759 (chronyd) Tasks: 1 (limit: 5891) Memory: 796.0K CPU: 11ms CGroup: /system.slice/chronyd.service └─1759 /usr/sbin/chronyd -F 2 Nov 15 18:43:49 localhost.localdomain systemd: Starting NTP client/server... Nov 15 18:43:49 localhost.localdomain chronyd: chronyd version 4.1 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +NTS +SECHASH +IPV6 +DE> Nov 15 18:43:49 localhost.localdomain chronyd: Frequency -5.990 +/- 10.038 ppm read from /var/lib/chrony/drift Nov 15 18:43:49 localhost.localdomain chronyd: Using right/UTC timezone to obtain leap second data Nov 15 18:43:49 localhost.localdomain chronyd: Loaded seccomp filter (level 2) Nov 15 18:43:49 localhost.localdomain systemd: Started NTP client/server. ...
Verify Chrony Time Synchronization
chronyc commands is be used to verify Chrony time synchronization.
You can use
chronyc command with the other options such as
sources, tracking, sourcestats.
To display information about the current time sources that chronyd is accessing, run the command;
MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^+ 79-209.butt.spdwpl.net 2 6 17 60 +34ms[ +35ms] +/- 145ms ^- srv01.spectre-net.de 2 6 35 57 +25ms[ +25ms] +/- 123ms ^* ns.aksinet.net 2 6 17 58 -944us[ +571us] +/- 166ms ^? ntp1.karneval.cz 0 6 0 - +0ns[ +0ns] +/- 0ns
The M column indicates the mode of the source;
- ^ means a server
- = means a peer
- # indicates a locally connected reference clock
The S column indicates the state of the sources;
- “*” indicates the source to which chronyd is currently synchronized.
- “+” indicates acceptable sources which are combined with the selected source.
- “-” indicates acceptable sources which are excluded by the combining algorithm.
- “?” indicates sources to which connectivity has been lost or whose packets do not pass all tests. This condition is also shown at start-up, until at least 3 samples have been gathered from it.
- “x” indicates a clock which chronyd thinks is a falseticker (its time is inconsistent with a majority of other sources).
- “~” indicates a source whose time appears to have too much variability
To display parameters about the system’s clock performance;
Reference ID : C303FE02 (ns.aksinet.net) Stratum : 3 Ref time (UTC) : Tue Nov 15 15:49:55 2022 System time : 0.009086476 seconds fast of NTP time Last offset : +0.001899395 seconds RMS offset : 0.012369673 seconds Frequency : 0.425 ppm slow Residual freq : +15.764 ppm Skew : 46.456 ppm Root delay : 0.241274297 seconds Root dispersion : 0.056591570 seconds Update interval : 64.6 seconds Leap status : Normal
And that is it on how to easily configure NTP Server on Rocky/Oracle Linux.
For more command options, refer to;
Install and Setup NTP Server on Ubuntu 22.04/Debian 11
How to Configure NTP Server on pfSense