In this guide, we are going to learn how to install and setup NTP Server using Chrony on CentOS 8. Chrony is an implementation of the Network Time Protocol (NTP). Compared to NTP implementation, chrony performs well in a wide range of conditions including:
- intermittent network connections,
- heavily congested networks
- changing temperatures
- systems that do not run continuously
Chrony can be used to synchronise the system clock with NTP servers, reference clocks. It can also operate as an NTPv4 server and peer to provide a time service to other computers in the network.
Setup NTP Server using Chrony on CentOS 8
Run System Update
To synchronize system packages to their latest versions, simply execute the command;
dnf updateInstalling Chrony on CentOS 8
Chrony suite is installed by default on RHEL derivatives, CentOS 8 included. You can however verify this by executing the command below;
rpm -q chronyIf the package is installed, you should get an output like;
chrony-3.5-1.el8.x86_64Otherwise, you will get an output like;
package chrony is not installedTo see more information about Chrony;
rpm -qi chrony
Name : chrony
Version : 3.5
Release : 1.el8
Architecture: x86_64
Install Date: Sun 01 Mar 2020 08:07:16 PM EAT
Group : System Environment/Daemons
Size : 692391
License : GPLv2
Signature : RSA/SHA256, Thu 05 Dec 2019 01:51:32 AM EAT, Key ID 05b555b38483c65d
Source RPM : chrony-3.5-1.el8.src.rpm
Build Date : Tue 19 Nov 2019 06:32:41 PM EAT
Build Host : x86-01.mbox.centos.org
Relocations : (not relocatable)
Packager : CentOS Buildsys <[email protected]>
Vendor : CentOS
URL : https://chrony.tuxfamily.org
Summary : An NTP client/server
Description :
chrony is a versatile implementation of the Network Time Protocol (NTP).
It can synchronise the system clock with NTP servers, reference clocks
(e.g. GPS receiver), and manual input using wristwatch and keyboard. It
can also operate as an NTPv4 (RFC 5905) server and peer to provide a time
service to other computers in the network.
If for some reasons is not installed by default, you can always install it by running the command below;
dnf install chronyConfigure Chrony as an NTP server on CentOS 8
Assuming Chrony is installed, you can now proceed to configure it to provide time synchronization.
The default configuration file of Chrony is /etc/chrony.conf. Therefore, we will make most configuration changes in this file.
Set Time Servers
By default, Chrony uses the 2.centos.pool.ntp.org as the default time server. You need to define the time servers close to your region.
To obtain a list of NTP servers close to your region,navigate to Internet Cluster of NTP servers page and select your region. For example, if you are in Europe, below are the available NTP servers;
server 0.europe.pool.ntp.org
server 1.europe.pool.ntp.org
server 2.europe.pool.ntp.org
server 3.europe.pool.ntp.orgTo use the pool of NTP servers in your region, simply comment (Add # at the beginning) the line, pool 2.centos.pool.ntp.org iburst replacing it as follows;
vim /etc/chrony.conf# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
# pool 2.centos.pool.ntp.org iburst
server 0.europe.pool.ntp.org
server 1.europe.pool.ntp.org
server 2.europe.pool.ntp.org
server 3.europe.pool.ntp.orgConfigure NTP Server Access Control
Chrony does not allow any access to NTP server. To restrict or control access to the NTP service running on a system, use the allow directive. This directive simply is to designate particular servers from which NTP clients are allowed to access the computer as an NTP server.
For example, to allow all servers in the network subnet, 192.168.56.0/24 to access your NTP server;
# Allow NTP client access from local network.
#allow 192.168.0.0/16
allow 192.168.56.0/24Read more on, man chrony.conf.
Open NTP UDP Port 123 on Firewall
To be able to allow NTP clients access to your NTP server, you need to open port 123/UDP on firewall.
firewall-cmd --add-port=123/udp --permanentfirewall-cmd --reloadRunning Chrony on CentOS 8
Chronyd daemon controls the NTP implementation. As such, you can start and enable it to run on system boot by running the command below;
systemctl enable --now chronydsystemctl status chronyd
● chronyd.service - NTP client/server
Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2020-03-01 20:59:01 CET; 10s ago
Docs: man:chronyd(8)
man:chrony.conf(5)
Process: 6685 ExecStartPost=/usr/libexec/chrony-helper update-daemon (code=exited, status=0/SUCCESS)
Process: 6681 ExecStart=/usr/sbin/chronyd $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 6683 (chronyd)
Tasks: 1 (limit: 5047)
Memory: 828.0K
CGroup: /system.slice/chronyd.service
└─6683 /usr/sbin/chronyd
...
Verify Chrony Time Synchronization
chronyc commands is be used to verify Chrony time synchronization with the help of command line options such as sources, tracking, sourcestats.
To display information about the current time sources that chronyd is accessing, run the command;
chronyc sources
210 Number of sources = 4
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^+ 85.129.0.126 2 6 77 30 -1023us[-1499us] +/- 124ms
^+ valoo.patate.ninja 2 6 77 29 +3687us[+3687us] +/- 123ms
^* leeto.nicolbolas.org 2 6 77 30 -79us[ -555us] +/- 75ms
^+ backup.kabelnetveendam.nl 2 6 77 30 -3653us[-4129us] +/- 146ms
The M column indicates the mode of the source;
- ^ means a server
- = means a peer
- # indicates a locally connected reference clock
The S column indicates the state of the sources;
- “*” indicates the source to which chronyd is currently synchronized.
- “+” indicates acceptable sources which are combined with the selected source.
- “-” indicates acceptable sources which are excluded by the combining algorithm.
- “?” indicates sources to which connectivity has been lost or whose packets do not pass all tests. This condition is also shown at start-up, until at least 3 samples have been gathered from it.
- “x” indicates a clock which chronyd thinks is a falseticker (its time is inconsistent with a majority of other sources).
- “~” indicates a source whose time appears to have too much variability
To display parameters about the system’s clock performance;
chronyc tracking
Reference ID : C39AAED1 (leeto.nicolbolas.org)
Stratum : 3
Ref time (UTC) : Sun Mar 01 18:14:38 2020
System time : 0.001563942 seconds fast of NTP time
Last offset : +0.001314329 seconds
RMS offset : 0.002229846 seconds
Frequency : 2.614 ppm fast
Residual freq : +0.147 ppm
Skew : 24.449 ppm
Root delay : 0.150412217 seconds
Root dispersion : 0.008927128 seconds
Update interval : 128.5 seconds
Leap status : Normal
For more command options, refer to man chronyc.
Setup NTP Client using Chrony on CentOS 8
Since our NTP server using Chrony on CentOS 8 is setup and running, it is time to verify that it can serve our NTP clients as expected.
In this demo, we are using another CentOS 8 VM as our NTP client.
Check if Chrony is installed;
rpm -q chronychrony-3.5-1.el8.x86_64Setting NTP client on CentOS 8 is the same as setting the NTP server as described above except that the client doesn’t have access permissions set hence no server can query time information from it.
Open the configuration file and set the NTP server as shown below;
vim /etc/chrony.conf# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#pool 2.centos.pool.ntp.org iburst
server ntp.kifarunix-demo.com iburstEnsure that the hostname of the NTP server is resolvable, otherwise use IP address.
Verify Connection to NTP Server UDP Port 123
To verify that there is a connection from the NTP client to NTP server on UDP port 123, simply use netcat command as shown below;
dnf install nc -yTo verify connection to UDP port 123;
nc -uzv ntp.kifarunix-demo.com 123Ncat: Connected to 192.168.56.133:123.
Ncat: UDP packet sent successfully
Ncat: 1 bytes sent, 0 bytes received in 2.14 seconds.Great. You can now proceed to restart and enable chronyd to run on system boot.
systemctl restart chronydsystemctl enable chronydCheck NTP time synchronization
To verify that time synchronization is working, you can use the tracking or sources command with chronyc command as shown below;
chronyc tracking
Reference ID : C0A83885 (ntp.kifarunix-demo.com)
Stratum : 4
Ref time (UTC) : Sun Mar 01 18:56:03 2020
System time : 0.000000034 seconds slow of NTP time
Last offset : +0.000032892 seconds
RMS offset : 0.000032892 seconds
Frequency : 2.246 ppm fast
Residual freq : +14.373 ppm
Skew : 0.564 ppm
Root delay : 0.151499271 seconds
Root dispersion : 0.001610240 seconds
Update interval : 2.0 seconds
Leap status : Normal
Using the sources command;
chronyc sources210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* ntp.kifarunix-demo.com 3 6 37 7 -671ns[ -12us] +/- 77msCheck sources statistics
chronyc sourcestats210 Number of sources = 1
Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev
==============================================================================
ntp.kifarunix-demo.com 5 3 70 +0.408 4.663 +24us 27usThe NTP client is now connected to our NTP server. That brings us to the end of our guide on how to setup NTP Server using Chrony on CentOS 8. We hope this was informative. Enjoy.
Related Tutorials
Setup NTP server Using NTPd on Debian 10 Buster
Configure NTP Server using NTPd on Fedora 30
How to Install and Configure NTP Server Using NTPd on Fedora 29/Fedora 28
How to Install and Configure NTP Server Using Chrony on Fedora 29/Fedora 28
Loving all the CentOS posts!! Thanks for sharing.
Hi,
Thanks for sharing this article
I Love CentOS/RedHat