Setup Chrony NTP Server on Rocky Linux 8

Share on Social Media

Learn how to set up a Chrony NTP server on Rocky Linux 8 with our detailed guide. Follow step-by-step instructions to configure Chrony for accurate time synchronization, ensuring precise timekeeping across your network infrastructure. #centlinux #linux #ntpserver

YouTube player

What is Chrony NTP Server?

Chrony is an implementation of the Network Time Protocol (NTP) used for synchronizing the system clocks of computers over a network. It is designed to be highly accurate and reliable, ensuring that the time on all connected devices remains consistent.

Here are some key aspects of Chrony:

  1. Accurate Timekeeping: Chrony uses a combination of traditional NTP and its own algorithms to achieve precise time synchronization. It can handle irregular network latencies and clock drift, resulting in more accurate timekeeping compared to traditional NTP implementations.
  2. Stratum Hierarchies: In a Chrony setup, time servers are organized into strata based on their distance from an authoritative time source. Lower stratum numbers indicate servers closer to the primary time source, ensuring that time synchronization cascades down in a hierarchical manner.
  3. Flexibility: Chrony offers flexibility in its configuration, allowing administrators to specify various sources for time synchronization. These sources can include NTP servers, local reference clocks (e.g., GPS receivers), and even other Chrony servers.
  4. Monitoring and Logging: Chrony provides detailed monitoring and logging capabilities, allowing administrators to track the performance and status of time synchronization. This includes metrics such as clock offset, jitter, and reachability of time sources.
  5. Security: Chrony includes security features to protect against time-related attacks, such as replay attacks and man-in-the-middle attacks. It supports authentication and encryption of time synchronization packets, ensuring the integrity and confidentiality of time data.

Overall, Chrony is a robust and efficient solution for maintaining accurate time synchronization in distributed computing environments. Whether it’s for enterprise networks, data centers, or critical infrastructure systems, Chrony helps ensure that all connected devices have consistent and reliable time information.

Read Also: How to install Chrony Server on CentOS 8

Chrony vs NTP

Chrony and NTP (Network Time Protocol) are both used for time synchronization in computer networks, but they differ in their approaches and features:

Chrony:

  • Description: Chrony is a newer implementation of the Network Time Protocol designed to improve upon some limitations of traditional NTP implementations.
  • Approach: Chrony uses a combination of traditional NTP and its own algorithms to achieve precise time synchronization. It can adjust the system clock frequency to keep it synchronized with a reference time source more accurately.
  • Features: Chrony offers features such as real-time clock updates, support for hardware timestamps, more efficient resource usage, and better handling of network jitter and asymmetric delays.
  • Use Cases: Chrony is well-suited for systems that require highly accurate and reliable timekeeping, such as financial systems, scientific research, and critical infrastructure.

NTP (Network Time Protocol):

  • Description: NTP is the older, more traditional implementation of the Network Time Protocol that has been widely used for time synchronization for decades.
  • Approach: NTP uses a hierarchical architecture of time servers organized into strata to synchronize time across a network. It adjusts the system clock frequency to minimize the difference between the local clock and a reference time source.
  • Features: NTP offers features such as clock discipline algorithms, reference clock sources, symmetric and asymmetric modes, and support for authentication and encryption of time synchronization packets.
  • Use Cases: NTP is commonly used for time synchronization in a wide range of applications, including network infrastructure, servers, workstations, and IoT devices.

Comparison:

  • Accuracy: Chrony is generally considered to provide more accurate timekeeping compared to traditional NTP implementations, especially in environments with high network jitter or asymmetric delays.
  • Resource Usage: Chrony is known for its efficient resource usage, making it suitable for systems with limited computational resources or high-frequency clock adjustments.
  • Complexity: NTP can be more complex to configure and manage, especially in larger and more distributed environments. Chrony, with its simplified configuration and algorithms, may be easier to set up and maintain.
  • Compatibility: Both Chrony and traditional NTP implementations are compatible with each other, allowing them to be used interchangeably in many cases. However, Chrony may not support all features and configurations available in traditional NTP implementations.

Overall, the choice between Chrony and NTP depends on factors such as the required level of accuracy, system resources, and complexity of the deployment. In many cases, either solution can provide reliable time synchronization for a variety of applications.

Recommended Online Training: Learn Bash Shell in Linux for Beginners

745772 0021show?id=oLRJ54lcVEg&offerid=1074652.745772&bids=1074652

Environment Specification:

We are using a minimal Rocky Linux 8 virtual machine with following specifications.

  • CPU – 3.4 Ghz (2 cores)
  • Memory – 2 GB
  • Storage – 20 GB
  • Operating SystemRocky Linux 8.5 (Green Obsidian)
  • Hostname – ntp-01.centlinux.com
  • IP Address – 192.168.116.128 /24

Update your Linux Operating System

By using a ssh client, connect with ntp-01.centlinux.com as root user.

Update cache of enabled yum repositories on your Linux server.

# dnf makecache
Rocky Linux 8 - AppStream                       873 kB/s | 9.5 MB     00:11
Rocky Linux 8 - BaseOS                          965 kB/s | 5.6 MB     00:05
Rocky Linux 8 - Extras                          7.2 kB/s |  12 kB     00:01
Last metadata expiration check: 0:00:01 ago on Sat 05 Mar 2022 07:44:32 PM PKT.
Metadata cache created.

It is a best practice to update your Linux operating system before installing a new software.

Execute dnf command to update your Linux server.

# dnf update -y

You may need to reboot your operating system, if the above command updates your Linux Kernel.

After reboot, check the Linux operating system and Kernel versions.

# cat /etc/os-release
NAME="Rocky Linux"
VERSION="8.5 (Green Obsidian)"
ID="rocky"
ID_LIKE="rhel centos fedora"
VERSION_ID="8.5"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Rocky Linux 8.5 (Green Obsidian)"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:rocky:rocky:8:GA"
HOME_URL="https://rockylinux.org/"
BUG_REPORT_URL="https://bugs.rockylinux.org/"
ROCKY_SUPPORT_PRODUCT="Rocky Linux"
ROCKY_SUPPORT_PRODUCT_VERSION="8"

# uname -r
4.18.0-348.12.2.el8_5.x86_64

Install Chrony NTP Server on Rocky Linux 8

Set the required time zone on your Linux Server. You can use timedatectl command for this purpose.

# timedatectl set-timezone America/Chicago

Execute the timedatectl command again without any parameter to check the System Clock status.

# timedatectl
               Local time: Sat 2022-03-05 08:53:46 CST
           Universal time: Sat 2022-03-05 14:53:46 UTC
                 RTC time: Sat 2022-03-05 14:53:46
                Time zone: America/Chicago (CST, -0600)
System clock synchronized: no
              NTP service: n/a
          RTC in local TZ: no

You can see that your System clock is not currently synchronized with any NTP service.

By using dnf command to install Chrony on Linux.

# dnf install -y chrony
Last metadata expiration check: 0:18:13 ago on Sat 05 Mar 2022 08:44:32 AM CST.
Dependencies resolved.
================================================================================
 Package            Architecture    Version               Repository       Size
================================================================================
Installing:
 chrony             x86_64          4.1-1.el8             baseos          326 k
Installing weak dependencies:
 timedatex          x86_64          0.5-3.el8             baseos           31 k

Transaction Summary
================================================================================
Install  2 Packages

Total download size: 357 k
Installed size: 710 k
Downloading Packages:
(1/2): timedatex-0.5-3.el8.x86_64.rpm            31 kB/s |  31 kB     00:01
(2/2): chrony-4.1-1.el8.x86_64.rpm              297 kB/s | 326 kB     00:01
--------------------------------------------------------------------------------
Total                                           146 kB/s | 357 kB     00:02
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1
  Installing       : timedatex-0.5-3.el8.x86_64                             1/2
  Running scriptlet: timedatex-0.5-3.el8.x86_64                             1/2
  Running scriptlet: chrony-4.1-1.el8.x86_64                                2/2
  Installing       : chrony-4.1-1.el8.x86_64                                2/2
  Running scriptlet: chrony-4.1-1.el8.x86_64                                2/2
  Verifying        : chrony-4.1-1.el8.x86_64                                1/2
  Verifying        : timedatex-0.5-3.el8.x86_64                             2/2

Installed:
  chrony-4.1-1.el8.x86_64               timedatex-0.5-3.el8.x86_64

Complete!

Edit Chrony configuration file by using vim text editor.

# vi /etc/chrony.conf

Locate following line therein.

#allow 192.168.0.0/16

And change it as follows. This directive tells the Chrony server to serve NTP request by clients in given network address.

allow 192.168.116.0/24

Enable and start Chrony NTP service.

# systemctl enable --now chronyd.service

Verify the status of Chrony NTP service.

# systemctl status chronyd.service
● chronyd.service - NTP client/server
   Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor pre>
   Active: active (running) since Sat 2022-03-05 09:03:27 CST; 37s ago
     Docs: man:chronyd(8)
           man:chrony.conf(5)
  Process: 9773 ExecStartPost=/usr/libexec/chrony-helper update-daemon (code=ex>
  Process: 9769 ExecStart=/usr/sbin/chronyd $OPTIONS (code=exited, status=0/SUC>
 Main PID: 9771 (chronyd)
    Tasks: 1 (limit: 5808)
   Memory: 940.0K
   CGroup: /system.slice/chronyd.service
           └─9771 /usr/sbin/chronyd

Mar 05 09:03:27 ntp-01.centlinux.com systemd[1]: Starting NTP client/server...
Mar 05 09:03:27 ntp-01.centlinux.com chronyd[9771]: chronyd version 4.1 startin>
Mar 05 09:03:27 ntp-01.centlinux.com chronyd[9771]: Using right/UTC timezone to>
Mar 05 09:03:27 ntp-01.centlinux.com systemd[1]: Started NTP client/server.
Mar 05 09:03:31 ntp-01.centlinux.com chronyd[9771]: Selected source 203.99.62.2>
Mar 05 09:03:31 ntp-01.centlinux.com chronyd[9771]: System clock TAI offset set>

Again check the System clock status.

# timedatectl
               Local time: Sat 2022-03-05 09:05:47 CST
           Universal time: Sat 2022-03-05 15:05:47 UTC
                 RTC time: Sat 2022-03-05 15:05:46
                Time zone: America/Chicago (CST, -0600)
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no

Now your System clock is synchronized with Global NTP servers.

Execute the chronyc command at Linux Bash prompt to check the Time synchronization status.

# chronyc sources -v

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current best, '+' = combined, '-' = not combined,
| /             'x' = may be in error, '~' = too variable, '?' = unusable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                     |          |  zzzz = estimated error.
||                                 |    |           
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^* mbl-99-62-214.dsl.net.pk      2   6   377     7  +1621us[+1742us] +/-  106ms

Configure Linux Firewall

Chrony uses default NTP service port 123/udp. Therefore, you have to allow it in Linux firewall.

You can allow either 123/udp port or predefined NTP service in Linux firewall.

# firewall-cmd --permanent --add-service=ntp
success

# firewall-cmd --reload
success

Your Chrony NTP server is configured successfully.

Configure your NTP Client

Connect with your client machine as root user by using a ssh client.

Set the Time zone on our NTP client.

# timedatectl set-timezone America/Chicago

Check the status of System clock.

# timedatectl
               Local time: Sat 2022-03-05 09:40:04 CST
           Universal time: Sat 2022-03-05 15:40:04 UTC
                 RTC time: Sat 2022-03-05 15:40:05
                Time zone: America/Chicago (CST, -0600)
System clock synchronized: no
              NTP service: n/a
          RTC in local TZ: no

Chrony is both NTP server and client software. Therefore, install the same Chrony NTP software on your client machine.

# dnf install -y chrony

Edit Chrony configuration file with the help of vim text editor.

# vi /etc/chrony.conf

Find and comment the line that starts with “pool” directive.

Add following line in this file.

server ntp-01.centlinux.com iburst

Enable and start Chrony NTP service.

# systemctl enable --now chronyd.service

Again check the status of System clock.

# timedatectl
               Local time: Sat 2022-03-05 09:45:38 CST
           Universal time: Sat 2022-03-05 15:45:38 UTC
                 RTC time: Sat 2022-03-05 15:45:38
                Time zone: America/Chicago (CST, -0600)
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no

Your system clock is being synchronized now.

If the time synchronization is not enable on your NTP client, then execute the following command to enable it.

# timedatectl set-ntp true

Check the status of time synchronization.

# chronyc sources -v

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current best, '+' = combined, '-' = not combined,
| /             'x' = may be in error, '~' = too variable, '?' = unusable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                     |          |  zzzz = estimated error.
||                                 |    |           
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^* ntp-01.centlinux.com          3   6    17    36  +6222ns[  -41us] +/-   98ms

Your NTP client is successfully synchronizing with your Time server.

If you are new to Linux command line then, we recommend that you should read Linux for Beginners: Why You’re Not Using Linux yet and How to Overcome Command Line Fear by Nathan Clark.

Final Thoughts

Configuring a Chrony NTP server on Rocky Linux 8 is essential for maintaining accurate time synchronization across your network infrastructure. With our comprehensive guide, you’re now equipped to ensure precise timekeeping for all your systems.

If you need further assistance or prefer a professional touch, I offer expert services to help you set up and optimize your Chrony NTP server. Visit my Fiverr profile to explore my services and ensure your time synchronization is flawlessly implemented on Rocky Linux 8. Let’s ensure your systems are always in perfect sync!

Leave a Comment