About the chrony Suite
chrony
is a feature that implements NTP to maintain timekeeping accurately
on the network. In Oracle Linux 8, the chrony
daemon
service replaces ntpd
for the management of NTP.
chrony
has two components, which are provided
in the chrony
package:
-
chronyd
service daemon -
chronyc
service utility
For practical exercises in using chrony
, see Configure Chrony on Oracle Linux .
About the chronyd Service Daemon
The chronyd
service daemon updates the system clock of mobile systems and
virtual machines after a period of suspension or disconnection from a network. The service can
also be used to implement a basic NTP client or NTP server. As an NTP server,
chronyd
can synchronize with upper level stratum NTP servers or act as a
stratum 1 server using time signals that are received from the Global Positioning System (GPS)
or radio broadcasts such as DCF77, MSF, or WWVB.
In an Oracle Linux system, this service daemon is enabled by default
Note:
chronyd
uses NTP version 3 (RFC
1305), with features that are compatible with NTP version 4 (RFC
5905). However, chronyd
does not support several important
features of NTP version 4, nor does it support the use of PTP.
For more information, see the chrony(1)
manual page and files in the
/usr/share/doc/chrony/
directory.
Using the chronyc Service Utility
The chronyc utility is a tool for managing the
chronyd
service, display information about the service's operation, or
change the service's configuration.
The command operates in two modes:
-
Non interactive mode: In this mode, you use the following syntax:
sudo chronyc subcommand
-
Interactive mode: Typing the command by itself activates the interactive mode and displays the
chronyc>
prompt. From this prompt you can issue chronyc subcommands.sudo chronyc
chronyc>
From the prompt, you can issue the different
chronyc
subcommands as needed. The following examples show the information that's generated by thesources
andsourcestats
subcommands:chronyc> sources
210 Number of sources = 4 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^+ service1-eth3.debrecen.hp 2 6 37 21 -2117us[-2302us] +/- 50ms ^* ns2.telecom.lt 2 6 37 21 -811us[ -997us] +/- 40ms ^+ strato-ssd.vpn0.de 2 6 37 21 +408us[ +223us] +/- 78ms ^+ kvm1.websters-computers.c 2 6 37 22 +2139us[+1956us] +/- 54ms
chronyc> sourcestats
210 Number of sources = 4 Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev ============================================================================== service1-eth3.debrecen.hp 5 4 259 -0.394 41.803 -2706us 502us ns2.telecom.lt 5 4 260 -3.948 61.422 +822us 813us strato-ssd.vpn0.de 5 3 259 1.609 68.932 -581us 801us kvm1.websters-computers.c 5 5 258 -0.263 9.586 +2008us 118us chronyc> tracking Reference ID : 212.59.0.2 (ns2.telecom.lt) Stratum : 3 Ref time (UTC) : Tue Sep 30 12:33:16 2014 System time : 0.000354079 seconds slow of NTP time Last offset : -0.000186183 seconds RMS offset : 0.000186183 seconds Frequency : 28.734 ppm slow Residual freq : -0.489 ppm Skew : 11.013 ppm Root delay : 0.065965 seconds Root dispersion : 0.007010 seconds Update interval : 64.4 seconds Leap status : Normal
To quit using the interactive mode, type exit.
Note:
Any changes you implement with the chronyc
command are effective only until the next restart of the
chronyd
daemon. To make the changes
permanent, you must enter these in the
/etc/chrony.conf
file. See
Editing the chronyd Configuration File.
For more information, see the chronyc(1)
manual page and files in the
/usr/share/doc/chrony/
directory.
Configuring the chronyd Service
To configure the chronyd
service on a system:
-
Install the
chrony
package.sudo dnf install chrony
-
If remote access to the local NTP service is required, configure the system firewall to allow access to the NTP service in the appropriate zones, for example:
sudo firewall-cmd --zone=zone --add-service=ntp
sudo firewall-cmd --zone=zone --permanent --add-service=ntp
-
Start the
chronyd
service and configure it to start following a system reboot.Note that by default,
chrony
is enabled after installation.sudo systemctl start chronyd
sudo systemctl enable chronyd
Editing the chronyd Configuration File
In the /etc/chrony.conf
file, the default
configuration assumes that the system has network access to
public NTP servers with which it can synchronise.
The following example configures a system to access three NTP servers:
pool NTP_server_1
pool NTP_server_2
pool NTP_server_3
driftfile /var/lib/chrony/drift
keyfile /etc/chrony.keys
...
To configure chronyd
to act as an NTP server
for a specified client or subnet, use the
allow
directive, as shown in bold in the
following example:
pool NTP_server_1
pool NTP_server_2
pool NTP_server_3
allow 192.168.2/24
driftfile /var/lib/chrony/drift
keyfile /etc/chrony.keys
...
To create keys for an authentication mechanism based on public key cryptography, use the chronyc keygen command.
Note:
Autokey
in ntp
no longer works in
chrony
.
If a system has only intermittent access to NTP servers, the following configuration might be appropriate:
pool NTP_server_1 offline
pool NTP_server_2 offline
pool NTP_server_3 offline
driftfile /var/lib/chrony/drift
keyfile /etc/chrony.keys
...
If you specify the offline
keyword, chronyd
doesn't poll
the NTP servers until it receives communication that network access is available. You can use
the chronyc online and chronyc offline commands
to inform chronyd
of the state of network access.
For a more information about the configuration file and its
directives, see the chrony.conf(5)
manual
page.
Converting From ntp to chrony
The following table shows file, command, and terminology
equivalents between ntp
and
chrony
.
ntp | chrony |
---|---|
/etc/ntp.conf
|
/etc/chrony.conf
|
/etc/ntp/keys
|
/etc/chrony.keys
|
ntpd
|
chronyd
|
ntpq command
|
chronyc command
|
ntpd.service
|
chronyd.service
|
ntp-wait.service
|
chrony-wait.service
|
ntpdate and sntp utilities
|
chronyd -q and chronyd -t commands
|
The ntpstat utility which is available in the
ntpstat
package, now supports chronyd
. Thus, you can still
use the utility in Oracle Linux 8. The command generates output that's
similar to when it's used with ntp
.
The /usr/share/doc/chrony/ntp2chrony.py
script is available to help convert existing
ntp
configuration to
chrony
, for example:
sudo python3 /usr/share/doc/chrony/ntp2chrony.py -b -v
The script supports the conversion of the most common directives in
/etc/ntp.conf
to chrony
. In the example, the
-b
option specifies to create backup configuration files before converting,
while the -v
option specifies to display verbose messages during the
migration process.
To list the different options that you can use with the script, type the following command:
sudo python3 /usr/share/doc/chrony/ntp2chrony.py --help