About the chrony Suite

chrony is a feature that implements NTP to maintain timekeeping accurately on the network. In Oracle Linux 8, the chrony daemon service replaces ntpd for the management of NTP.

chrony has two components, which are provided in the chrony package:

  • chronyd service daemon

  • chronyc service utility

For practical exercises in using chrony, see Configure Chrony on Oracle Linux .

About the chronyd Service Daemon

The chronyd service daemon updates the system clock of mobile systems and virtual machines after a period of suspension or disconnection from a network. The service can also be used to implement a basic NTP client or NTP server. As an NTP server, chronyd can synchronize with upper level stratum NTP servers or act as a stratum 1 server using time signals that are received from the Global Positioning System (GPS) or radio broadcasts such as DCF77, MSF, or WWVB.

In an Oracle Linux system, this service daemon is enabled by default

Note:

chronyd uses NTP version 3 (RFC 1305), with features that are compatible with NTP version 4 (RFC 5905). However, chronyd does not support several important features of NTP version 4, nor does it support the use of PTP.

For more information, see the chrony(1) manual page and files in the /usr/share/doc/chrony/ directory.

Using the chronyc Service Utility

The chronyc utility is a tool for managing the chronyd service, display information about the service's operation, or change the service's configuration.

The command operates in two modes:

  • Non interactive mode: In this mode, you use the following syntax:

    sudo chronyc subcommand
  • Interactive mode: Typing the command by itself activates the interactive mode and displays the chronyc> prompt. From this prompt you can issue chronyc subcommands.

    sudo chronyc
    chronyc>

    From the prompt, you can issue the different chronyc subcommands as needed. The following examples show the information that's generated by the sources and sourcestats subcommands:

    chronyc> sources
    210 Number of sources = 4
    MS Name/IP address         Stratum Poll Reach LastRx Last sample
    ===============================================================================
    ^+ service1-eth3.debrecen.hp     2   6    37    21  -2117us[-2302us] +/-   50ms
    ^* ns2.telecom.lt                2   6    37    21   -811us[ -997us] +/-   40ms
    ^+ strato-ssd.vpn0.de            2   6    37    21   +408us[ +223us] +/-   78ms
    ^+ kvm1.websters-computers.c     2   6    37    22  +2139us[+1956us] +/-   54ms
    chronyc> sourcestats
    210 Number of sources = 4
    Name/IP Address            NP  NR  Span  Frequency  Freq Skew  Offset  Std Dev
    ==============================================================================
    service1-eth3.debrecen.hp   5   4   259     -0.394     41.803  -2706us   502us
    ns2.telecom.lt              5   4   260     -3.948     61.422   +822us   813us
    strato-ssd.vpn0.de          5   3   259      1.609     68.932   -581us   801us
    kvm1.websters-computers.c   5   5   258     -0.263      9.586  +2008us   118us
    chronyc> tracking
    Reference ID    : 212.59.0.2 (ns2.telecom.lt)
    Stratum         : 3
    Ref time (UTC)  : Tue Sep 30 12:33:16 2014
    System time     : 0.000354079 seconds slow of NTP time
    Last offset     : -0.000186183 seconds
    RMS offset      : 0.000186183 seconds
    Frequency       : 28.734 ppm slow
    Residual freq   : -0.489 ppm
    Skew            : 11.013 ppm
    Root delay      : 0.065965 seconds
    Root dispersion : 0.007010 seconds
    Update interval : 64.4 seconds
    Leap status     : Normal

    To quit using the interactive mode, type exit.

Note:

Any changes you implement with the chronyc command are effective only until the next restart of the chronyd daemon. To make the changes permanent, you must enter these in the /etc/chrony.conf file. See Editing the chronyd Configuration File.

For more information, see the chronyc(1) manual page and files in the /usr/share/doc/chrony/ directory.

Configuring the chronyd Service

To configure the chronyd service on a system:

  1. Install the chrony package.

    sudo dnf install chrony
  2. If remote access to the local NTP service is required, configure the system firewall to allow access to the NTP service in the appropriate zones, for example:

    sudo firewall-cmd --zone=zone --add-service=ntp
    sudo firewall-cmd --zone=zone --permanent --add-service=ntp
  3. Start the chronyd service and configure it to start following a system reboot.

    Note that by default, chrony is enabled after installation.

    sudo systemctl start chronyd
    sudo systemctl enable chronyd

Editing the chronyd Configuration File

In the /etc/chrony.conf file, the default configuration assumes that the system has network access to public NTP servers with which it can synchronise.

The following example configures a system to access three NTP servers:

pool NTP_server_1
pool NTP_server_2
pool NTP_server_3
driftfile /var/lib/chrony/drift
keyfile /etc/chrony.keys
...

To configure chronyd to act as an NTP server for a specified client or subnet, use the allow directive, as shown in bold in the following example:

pool NTP_server_1
pool NTP_server_2
pool NTP_server_3
allow 192.168.2/24
driftfile /var/lib/chrony/drift
keyfile /etc/chrony.keys
...

To create keys for an authentication mechanism based on public key cryptography, use the chronyc keygen command.

Note:

Autokey in ntp no longer works in chrony.

If a system has only intermittent access to NTP servers, the following configuration might be appropriate:

pool NTP_server_1 offline
pool NTP_server_2 offline
pool NTP_server_3 offline
driftfile /var/lib/chrony/drift
keyfile /etc/chrony.keys
...

If you specify the offline keyword, chronyd doesn't poll the NTP servers until it receives communication that network access is available. You can use the chronyc online and chronyc offline commands to inform chronyd of the state of network access.

For a more information about the configuration file and its directives, see the chrony.conf(5) manual page.

Converting From ntp to chrony

The following table shows file, command, and terminology equivalents between ntp and chrony.

ntp chrony
/etc/ntp.conf /etc/chrony.conf
/etc/ntp/keys /etc/chrony.keys
ntpd chronyd
ntpq command chronyc command
ntpd.service chronyd.service
ntp-wait.service chrony-wait.service
ntpdate and sntp utilities chronyd -q and chronyd -t commands

The ntpstat utility which is available in the ntpstat package, now supports chronyd. Thus, you can still use the utility in Oracle Linux 8. The command generates output that's similar to when it's used with ntp.

The /usr/share/doc/chrony/ntp2chrony.py script is available to help convert existing ntp configuration to chrony, for example:

sudo python3 /usr/share/doc/chrony/ntp2chrony.py -b -v

The script supports the conversion of the most common directives in /etc/ntp.conf to chrony. In the example, the -boption specifies to create backup configuration files before converting, while the -v option specifies to display verbose messages during the migration process.

To list the different options that you can use with the script, type the following command:

sudo python3 /usr/share/doc/chrony/ntp2chrony.py --help