About the chrony Suite
chrony is a feature that implements NTP to maintain timekeeping accurately
on the network. In Oracle Linux 8, the chrony daemon
service replaces ntpd for the management of NTP.
chrony has two components, which are provided
in the chrony package:
-
chronydservice daemon -
chronycservice utility
For practical exercises in using chrony, see Configure Chrony on Oracle Linux .
About the chronyd Service Daemon
The chronyd service daemon updates the system clock of mobile systems and
virtual machines after a period of suspension or disconnection from a network. The service can
also be used to implement a basic NTP client or NTP server. As an NTP server,
chronyd can synchronize with upper level stratum NTP servers or act as a
stratum 1 server using time signals that are received from the Global Positioning System (GPS)
or radio broadcasts such as DCF77, MSF, or WWVB.
In an Oracle Linux system, this service daemon is enabled by default
Note:
chronyd uses NTP version 3 (RFC
1305), with features that are compatible with NTP version 4 (RFC
5905). However, chronyd does not support several important
features of NTP version 4, nor does it support the use of PTP.
For more information, see the chrony(1)
manual page and files in the
/usr/share/doc/chrony/ directory.
Using the chronyc Service Utility
The chronyc utility is a tool for managing the
chronyd service, display information about the service's operation, or
change the service's configuration.
The command operates in two modes:
-
Non interactive mode: In this mode, you use the following syntax:
sudo chronyc subcommand -
Interactive mode: Typing the command by itself activates the interactive mode and displays the
chronyc>prompt. From this prompt you can issue chronyc subcommands.sudo chronycchronyc>From the prompt, you can issue the different
chronycsubcommands as needed. The following examples show the information that's generated by thesourcesandsourcestatssubcommands:chronyc> sources210 Number of sources = 4 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^+ service1-eth3.debrecen.hp 2 6 37 21 -2117us[-2302us] +/- 50ms ^* ns2.telecom.lt 2 6 37 21 -811us[ -997us] +/- 40ms ^+ strato-ssd.vpn0.de 2 6 37 21 +408us[ +223us] +/- 78ms ^+ kvm1.websters-computers.c 2 6 37 22 +2139us[+1956us] +/- 54mschronyc> sourcestats210 Number of sources = 4 Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev ============================================================================== service1-eth3.debrecen.hp 5 4 259 -0.394 41.803 -2706us 502us ns2.telecom.lt 5 4 260 -3.948 61.422 +822us 813us strato-ssd.vpn0.de 5 3 259 1.609 68.932 -581us 801us kvm1.websters-computers.c 5 5 258 -0.263 9.586 +2008us 118us chronyc> tracking Reference ID : 212.59.0.2 (ns2.telecom.lt) Stratum : 3 Ref time (UTC) : Tue Sep 30 12:33:16 2014 System time : 0.000354079 seconds slow of NTP time Last offset : -0.000186183 seconds RMS offset : 0.000186183 seconds Frequency : 28.734 ppm slow Residual freq : -0.489 ppm Skew : 11.013 ppm Root delay : 0.065965 seconds Root dispersion : 0.007010 seconds Update interval : 64.4 seconds Leap status : NormalTo quit using the interactive mode, type exit.
Note:
Any changes you implement with the chronyc
command are effective only until the next restart of the
chronyd daemon. To make the changes
permanent, you must enter these in the
/etc/chrony.conf file. See
Editing the chronyd Configuration File.
For more information, see the chronyc(1)
manual page and files in the
/usr/share/doc/chrony/ directory.
Configuring the chronyd Service
To configure the chronyd service on a system:
-
Install the
chronypackage.sudo dnf install chrony -
If remote access to the local NTP service is required, configure the system firewall to allow access to the NTP service in the appropriate zones, for example:
sudo firewall-cmd --zone=zone --add-service=ntpsudo firewall-cmd --zone=zone --permanent --add-service=ntp -
Start the
chronydservice and configure it to start following a system reboot.Note that by default,
chronyis enabled after installation.sudo systemctl start chronydsudo systemctl enable chronyd
Editing the chronyd Configuration File
In the /etc/chrony.conf file, the default
configuration assumes that the system has network access to
public NTP servers with which it can synchronise.
The following example configures a system to access three NTP servers:
pool NTP_server_1
pool NTP_server_2
pool NTP_server_3
driftfile /var/lib/chrony/drift
keyfile /etc/chrony.keys
...
To configure chronyd to act as an NTP server
for a specified client or subnet, use the
allow directive, as shown in bold in the
following example:
pool NTP_server_1
pool NTP_server_2
pool NTP_server_3
allow 192.168.2/24
driftfile /var/lib/chrony/drift
keyfile /etc/chrony.keys
...To create keys for an authentication mechanism based on public key cryptography, use the chronyc keygen command.
Note:
Autokey in ntp no longer works in
chrony.
If a system has only intermittent access to NTP servers, the following configuration might be appropriate:
pool NTP_server_1 offline
pool NTP_server_2 offline
pool NTP_server_3 offline
driftfile /var/lib/chrony/drift
keyfile /etc/chrony.keys
... If you specify the offline keyword, chronyd doesn't poll
the NTP servers until it receives communication that network access is available. You can use
the chronyc online and chronyc offline commands
to inform chronyd of the state of network access.
For a more information about the configuration file and its
directives, see the chrony.conf(5) manual
page.
Converting From ntp to chrony
The following table shows file, command, and terminology
equivalents between ntp and
chrony.
| ntp | chrony |
|---|---|
/etc/ntp.conf
|
/etc/chrony.conf
|
/etc/ntp/keys
|
/etc/chrony.keys
|
ntpd
|
chronyd
|
ntpq command
|
chronyc command
|
ntpd.service
|
chronyd.service
|
ntp-wait.service
|
chrony-wait.service
|
ntpdate and sntp utilities
|
chronyd -q and chronyd -t commands
|
The ntpstat utility which is available in the
ntpstat package, now supports chronyd. Thus, you can still
use the utility in Oracle Linux 8. The command generates output that's
similar to when it's used with ntp.
The /usr/share/doc/chrony/ntp2chrony.py
script is available to help convert existing
ntp configuration to
chrony, for example:
sudo python3 /usr/share/doc/chrony/ntp2chrony.py -b -v The script supports the conversion of the most common directives in
/etc/ntp.conf to chrony. In the example, the
-boption specifies to create backup configuration files before converting,
while the -v option specifies to display verbose messages during the
migration process.
To list the different options that you can use with the script, type the following command:
sudo python3 /usr/share/doc/chrony/ntp2chrony.py --help