How to Sync Time in CentOS 8 using Chrony

Install Chrony on CentOS

To Install Chrony on CentOS by using following command

yum install chrony -y

Configuration File of Chrony

Configuration file for Chrony is “/etc/chrony.conf”. The file looks like below.

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
pool 2.centos.pool.ntp.org iburst

# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift

# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3

# Enable kernel synchronization of the real-time clock (RTC).
rtcsync

# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *

# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2

# Allow NTP client access from local network.
#allow 192.168.0.0/16

# Serve time even if not synchronized to a time source.
#local stratum 10

# Specify file containing keys for NTP authentication.
keyfile /etc/chrony.keys

# Get TAI-UTC offset and leap seconds from the system tz database.
leapsectz right/UTC

# Specify directory for log files.
logdir /var/log/chrony

# Select which information is logged.
#log measurements statistics tracking

Testing Chrony

we can use chronyd to sync time of our centOS server with remote NTP server manually.

chronyd -q 'server 0.europe.pool.ntp.org iburst'

Output:

[root@my ~]# date
Wed Mar 18 09:53:41 EDT 2020
[root@my ~]# chronyd -q 'server 0.europe.pool.ntp.org iburst'
2020-03-18T13:53:56Z chronyd version 3.5 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +SECHASH +IPV6 +DEBUG)
2020-03-18T13:53:56Z Fatal error : Another chronyd may already be running (pid=1688), check /var/run/chrony/chronyd.pid
[root@my ~]# date
Wed Mar 18 09:55:17 EDT 2020
[root@my ~]#

Start and Enabled Chronyd Service

To start and enable chronyd using following commands.

systemctl start chronyd

systemctl enable chronyd

Output:

[root@my ~]# systemctl start chronyd
[root@my ~]# systemctl enable chronyd
[root@my ~]# systemctl status chronyd
● chronyd.service - NTP client/server
     Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor pre>
     Active: active (running) since Wed 2020-03-18 09:33:19 EDT; 25min ago
         Docs: man:chronyd(8)
                     man:chrony.conf(5)
 Main PID: 1688 (chronyd)
        Tasks: 1 (limit: 11533)
     Memory: 1012.0K
     CGroup: /system.slice/chronyd.service
                     └─1688 /usr/sbin/chronyd

Verify and Track Chrony Synchronization

To verify whether your system’s time is synchronized using chrony.

chronyc tracking

Output:

[root@my ~]# chronyc tracking
Reference ID    : D58800FC (ntp4.bit.nl)
Stratum         : 2
Ref time (UTC)  : Wed Mar 18 14:00:26 2020
System time     : 0.000005412 seconds fast of NTP time
Last offset     : +0.000027441 seconds
RMS offset      : 0.000032782 seconds
Frequency       : 0.552 ppm slow
Residual freq   : -0.001 ppm
Skew            : 0.083 ppm
Root delay      : 0.005957527 seconds
Root dispersion : 0.000338914 seconds
Update interval : 128.9 seconds
Leap status     : Normal
[root@my ~]#

Reference ID is the ID and name of server to which your system’s time currently synced. Stratum , it indicates the number of hops away from the server with an attached reference clock we are.

Check Chrony Sources

To list information about the current time sources that the chronyd is using.

chronyc sources

Output:

[root@my ~]# chronyc sources
210 Number of sources = 4
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^+ schnitzel.team                2   8   377    99   +866us[ +866us] +/-   10ms
^- gowest.hojmark.net            2   7   377    32    +57us[  +57us] +/-   29ms
^* ntp4.bit.nl                   1   8   377   222   -118us[  -91us] +/- 3273us
^- ntp2k.versadns.com            2   8   377   226  +3607us[+3634us] +/-  108ms
[root@my ~]#

Check Chrony Source Statistics

To list the information about drift speed and offset estimation of each source that the chronyd is using.

chronyc sourcestats -v

Output:

[root@my ~]# chronyc sourcestats -v
210 Number of sources = 4
                                                         .- Number of sample points in measurement set.
                                                        /    .- Number of residual runs with same sign.
                                                     |    /    .- Length of measurement set (time).
                                                     |   |    /      .- Est. clock freq error (ppm).
                                                     |   |   |      /           .- Est. error in freq.
                                                     |   |   |     |           /         .- Est. offset.
                                                     |   |   |     |          |          |   On the -.
                                                     |   |   |     |          |          |   samples. \
                                                     |   |   |     |          |          |             |
Name/IP Address            NP  NR  Span  Frequency  Freq Skew  Offset  Std Dev
==============================================================================
schnitzel.team             17   5   23m     +0.206      1.338   +584us   537us
gowest.hojmark.net         22  11   25m     +0.260      1.013   +332us   510us
ntp4.bit.nl                25  13   31m     +0.001      0.074    +95ns    50us
ntp2k.versadns.com         25  13   31m     -0.160      0.435  +4230us   285us
[root@my ~]#

Configure Chrony NTP Server.

Assume you want to configure your Linux Server as a Chrony NTP server for all internal systems. To accomplish this, we need to uncomment two lines from configuration file “/etc/chrony.conf”,by execute the following commands

sed -i "s/#local stratum 10/local stratum 10/g" /etc/chrony.conf

sed -i "s/#allow 192.168.0.0\/16/allow 192.168.0.0\/16/" /etc/chrony.conf

After making changes restart chrony service and track chrony

systemctl restart chronyd ; watch chronyc tracking

Output:

Every 2.0s: chronyc tracking             my.vps.server: Wed Mar 18 10:14:00 2020

Reference ID    : 7F7F0101 ()
Stratum         : 10
Ref time (UTC)  : Wed Mar 18 14:13:59 2020
System time     : 0.000000000 seconds slow of NTP time
Last offset     : +0.000000000 seconds
RMS offset      : 0.000000000 seconds
Frequency       : 0.547 ppm slow
Residual freq   : +0.000 ppm
Skew            : 0.000 ppm
Root delay      : 0.000000000 seconds
Root dispersion : 0.000000000 seconds
Update interval : 0.0 seconds
Leap status     : Normal

Allow NTP Service in firewall using following command.

firewall-cmd --permanent --add-service=ntp

firewall-cmd --reload

Output:

[root@my ~]# firewall-cmd --permanent --add-service=ntp
success
[root@my ~]# firewall-cmd --reload
success
[root@my ~]#