Welcome to our comprehensive guide on mastering time synchronization with Chrony NTP on CentOS Stream. This guide is designed to provide in-depth information for system administrators, IT professionals, and network enthusiasts who are looking to achieve precise and accurate timekeeping across their networks.
We will cover the installation and configuration of Chrony, a modern and efficient NTP solution that offers superior accuracy and can handle network fluctuations with ease. We will also explain how Chrony differs from traditional NTP solutions and why it is a better choice for network timekeeping.
In addition to the installation and configuration process, we will explore common troubleshooting scenarios that can arise when working with Chrony and provide practical solutions to ensure that your network’s timekeeping remains accurate and reliable.
Understanding the basics of NTP
Before we start the installation process, let’s take a moment to understand what NTP is and why it’s crucial for your network. NTP is a protocol used to synchronize the clocks of computers over a network. Accurate timekeeping is essential for various network tasks, including security, log management, and scheduling.
Why choose CentOS Stream for NTP?
CentOS Stream, a rolling-release Linux distribution, provides a stable and flexible platform for setting up an NTP server. Its cutting-edge features and robust community support make it an ideal choice for network administrators.
Preparing for NTP installation on CentOS Stream
First things first, ensure your CentOS Stream system is up-to-date. You can do this by running the following commands:
sudo dnf update sudo dnf upgrade
Installing the NTP Server
The installation process is straightforward. Run the following command to install the NTP server package:
sudo dnf install chrony
Chrony is a versatile implementation of the Network Time Protocol (NTP), designed to synchronize the system clock from different time sources, including NTP servers and GPS receivers. It’s particularly well-suited for systems with intermittent internet connections or in situations where high precision is necessary. Here’s why Chrony stands out:
Advantages of using Chrony
- Rapid Synchronization: Chrony can synchronize the system clock faster than traditional NTP servers, making it ideal for systems that are not always running.
- Better Timekeeping: It maintains accurate time even when the system is off or not connected to the internet, thanks to its advanced algorithms for calculating the drift and offset of the system clock.
- Low Resource Usage: Chrony is designed to use minimal system resources, making it suitable for systems with limited processing power or memory.
- Handling of Network Fluctuations: Chrony performs well under varying network conditions, including changes in network latency and jitter, which are common in wireless networks.
Configuring the NTP Server
Configuring the Chrony service involves editing its main configuration file, located at
/etc/chrony.conf. This file dictates how Chrony behaves, including which NTP servers to synchronize with, security settings, and other operational parameters. Here’s a step-by-step guide to editing and understanding the key elements of this file:
Accessing the configuration file
- Open the Terminal: Start by opening your terminal on your CentOS Stream system.
- Edit the File: Use a text editor to open the configuration file. You can use editors like
vim. For beginners,
nanois often more user-friendly. To open the file with nano, type:
sudo nano /etc/chrony.conf
Key configuration settings
In the configuration file, you’ll see several lines of text. Here are the most important sections to understand and modify:
- Server Lines: These lines specify the NTP servers that Chrony will use to synchronize time. They usually start with the word
serverfollowed by a server address. You can add or change servers based on your preference or geographic location. For example:
server 0.centos.pool.ntp.org iburst server 1.centos.pool.ntp.org iburst
iburstkeyword speeds up the initial synchronization.
- Driftfile: This line specifies the location of the drift file where Chrony saves information about the clock’s rate of drift. It’s usually set by default:
- Allow Directive: If you want your Chrony server to provide time synchronization to other machines, you can specify which networks or hosts are allowed to access your server. For instance:
This line allows access to any machine on the 192.168.0.x network. Be cautious with this setting to avoid unauthorized access.
- Local Stratum: If you want your server to act as a reliable time source even when it’s not synchronized to an external source, you can set a local stratum:
local stratum 10
This is useful in isolated networks.
- Logging: You can specify the logging options for Chrony. By default, it logs to
Saving and exiting
After making your changes:
- Save the File: In nano, you do this by pressing
Ctrl + O, then
- Exit the Editor: Press
Ctrl + Xto exit nano.
After editing the configuration file, restart the Chrony service to apply the changes:
sudo systemctl restart chronyd
Verifying the configuration
Finally, verify that Chrony is working correctly with your new settings:
This command will display the status of the NTP servers you are synchronized with.
Choosing NTP Servers
You should specify a few NTP servers in your configuration file. I personally prefer using servers from the
pool.ntp.org project, as they are usually reliable and easy to use.
Adjusting other settings
In the configuration file, you can also set various parameters like the drift file, log options, and access controls, as described above. Here’s an example of a basic configuration:
server 0.centos.pool.ntp.org iburst server 1.centos.pool.ntp.org iburst server 2.centos.pool.ntp.org iburst server 3.centos.pool.ntp.org iburst driftfile /var/lib/chrony/drift logdir /var/log/chrony
Starting and enabling the NTP Service
Once the configuration is done, start the Chrony service and enable it to start on boot:
sudo systemctl start chronyd sudo systemctl enable chronyd
Verifying the NTP Server
After you have configured and started your NTP server, it’s always a good practice to verify that everything is functioning correctly. Here’s how you can do it and what to expect:
How to verify
chronyc sources command to check the status of the NTP servers your system is synchronized with. This command will display a list of servers along with their current status.
Understanding the Output
When you run the
chronyc sources command, you’ll see an output similar to this:
MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^+ time1.example.com 2 6 377 35 -143us[ -289us] +/- 38ms ^* time2.example.com 1 7 377 73 +20us[ -24us] +/- 17ms ^- time3.example.com 3 6 377 85 +1568us[+1568us] +/- 106ms ^+ time4.example.com 2 6 377 58 -73us[ -73us] +/- 24ms
MS: Indicates the mode and status of the source (e.g.,
^*indicates the currently selected source).
Name/IP address: Shows the hostname or IP address of the time source.
Stratum: Represents the stratum level of the server (lower is generally better).
Poll: Shows the polling interval, in seconds.
Reach: Indicates the reachability register in octal (377 means fully reachable).
LastRx: The time since the last received packet.
Last sample: The offset between the local clock and the server’s clock.
Analyzing the output
^*symbol next to
time2.example.comshows that it is the current time source being used.
- The offsets (
+20us, etc.) are quite small, which means your server’s time is very close to the source’s time.
Reachvalue of 377 for all servers suggests excellent network connectivity to these time sources.
Securing your NTP Server
Security is a significant aspect of maintaining an NTP server. Ensure that your server is not open to abuse as a public NTP server. Modify the
allow directive in the
chrony.conf file to restrict access.
Common troubleshooting for Chrony on CentOS Stream
Even with careful configuration, you might encounter some issues with your Chrony NTP server. Here are common problems and their solutions:
Chrony Service isn’t starting
- Check Service Status: First, check if the Chrony service is running:
sudo systemctl status chronydIf the service isn’t active, try to start it manually:
sudo systemctl start chronyd
- Review System Logs: System logs can provide clues. Check them using:
journalctl -u chronydLook for any error messages that might indicate what’s going wrong.
Time is not synchronizing
- Check NTP Sources: Ensure that the NTP servers listed in your
/etc/chrony.confare accessible and working:
chronyc sourcesIf the servers are unreachable or have a high offset or jitter, consider switching to different NTP servers.
- Firewall Settings: Verify that your firewall allows NTP traffic (UDP port 123). If you’re using
firewalld, you can enable NTP traffic with:
sudo firewall-cmd --add-service=ntp --permanent
sudo firewall-cmd --reload
Drift too high
If Chrony reports that the time drift is too high:
- Check System Clock: Ensure your system’s hardware clock is set accurately. Significant drifts might indicate a hardware issue.
- Restart Chrony: Sometimes, simply restarting Chrony can resolve drift issues:
sudo systemctl restart chronyd
Network connectivity issues
If the server has intermittent or poor network connectivity:
- Test Network Connection: Ensure the server has a stable connection to the internet or network. You can use tools like
tracerouteto diagnose connectivity problems.
- Use Local Time Sources: If the server frequently loses internet connectivity, consider configuring local time sources or using GPS as a time source.
Permissions or Access Control Issues
chrony.conf: Ensure that the
/etc/chrony.confis correctly configured to permit time synchronization from your network.
- SELinux Policies: If you’re using SELinux, ensure it’s not blocking Chrony. Check for SELinux denials related to Chrony in the logs.
Setting up and maintaining a Chrony NTP server on CentOS Stream might seem daunting at first, but with the right steps, it’s a task well within the reach of network administrators and enthusiasts alike. Throughout this guide, we’ve delved into the installation, configuration, and optimization of Chrony, showcasing its advantages over traditional NTP solutions, especially in terms of synchronization speed, accuracy, and handling network variability.
- Installation and Configuration: We learned that installing Chrony is straightforward, and configuring it mainly involves editing the
/etc/chrony.conffile to set NTP servers, drift files, and access controls.
- Advantages of Chrony: Its ability to quickly synchronize time, even in challenging network environments, and its low resource footprint make Chrony an ideal choice for modern CentOS Stream systems.
- Troubleshooting Tips: We covered common issues like service start-up problems, synchronization errors, high time drift, network connectivity, and access control, offering practical solutions for each.