Overview

Chrony is a versatile implementation of the Network Time Protocol (NTP). It can synchronise the system clock with NTP servers, reference clocks (e.g. GPS receiver), and manual input using wristwatch and keyboard. It can also operate as an NTPv4 (RFC 5905) server and peer to provide a time service to other computers in the network.

Install Chrony

sudo apt update sudo apt install chrony


Configure Chrony

The config file is:

/etc/chrony/chrony.conf


Basic things you might want to set:


NTP servers:
You can replace the default pool servers with your preferred NTP servers.

# Example: server time.google.com iburst server time.cloudflare.com iburst server 0.pool.ntp.org iburst server 1.pool.ntp.org iburst


Allow clients to sync with your machine (if acting as a server):

# Allow clients from local network to query time allow 192.168.1.0/24


If you want your machine to serve as a clock without network access:

local stratum 10


Log settings:

Chrony can log stats:

log measurements statistics tracking logdir /var/log/chrony

Restart Chrony

After editing /etc/chrony/chrony.conf:

sudo systemctl restart chrony

 

Enable it to start on boot:

sudo systemctl enable chrony 


Interact with Chrony

Chrony has a command-line tool:

chronyc

 

Once in the interactive shell, you can run commands like:

  • tracking → Show how well the clock is synced (important).

  • sources → Show list of servers it is syncing with and their status.

  • sourcestats → Detailed stats for each server.

  • activity → See if Chrony is currently doing anything.

  • makestep → Force Chrony to immediately step the system clock.

  • exit → Quit the CLI.

Example:

chronyc tracking chronyc sources chronyc sourcestats


You can also run chronyc commands directly:

chronyc tracking


Example: See Synchronization Status

chronyc tracking Reference ID : 8.8.8.8 (time.google.com) Stratum : 2 Ref time (UTC) : Tue Apr 29 20:10:12 2025 System time : 0.000045678 seconds fast of NTP time Last offset : +0.000034567 seconds RMS offset : 0.000045678 seconds Frequency : 1.234 ppm fast


Force Immediate Sync (Useful for Fresh Setups)

sudo chronyc makestep

This forces the system clock to immediately jump to the correct time instead of slewing it gradually (normally, NTP likes to gradually adjust).


Firewall Requirements

If you are firewalling, make sure UDP 123 is allowed

Chrony (and NTP in general) uses UDP port 123.

Example with firewalld:

sudo firewall-cmd --add-service=ntp --permanent sudo firewall-cmd --reload

 

Troubleshooting:

Check if chrony is running:

sudo systemctl status chrony


Check logs:

journalctl -u chrony

If time isn't syncing, sources will show why.


Ansible 

Configuring chrony using ansible:

- name: Ensure chrony is installed
  apt:
    name: chrony
    state: present
    update_cache: yes

- name: Configure chrony to use time.aws.com
  copy:
    dest: /etc/chrony/chrony.conf
    content: |
      server time.aws.com iburst

      makestep 1.0 3

      log measurements statistics tracking
      logdir /var/log/chrony

    owner: root
    group: root
    mode: '0644'

- name: Set system timezone to UTC
  command: timedatectl set-timezone UTC
  changed_when: true

- name: Restart chrony
  systemd:
    name: chrony
    state: restarted
    enabled: yes

- name: Force chrony to step the clock
  command: chronyc -a makestep
  register: chrony_makestep
  changed_when: >
    "Can't synchronise" not in chrony_makestep.stdout

- name: Show contents of chrony.conf using cat
  command: cat /etc/chrony/chrony.conf
  register: chrony_config_output
  changed_when: false

- name: Display config line by line
  debug:
    var: chrony_config_output.stdout_lines

- name: Get chrony sync status
  command: chronyc tracking
  register: chrony_status
  changed_when: false

- name: Display chrony sync status
  debug:
    var: chrony_status.stdout_lines


References

ReferenceURL
Chrony Projecthttps://chrony-project.org

  • No labels