Overview
Chrony is a versatile implementation of the Network Time Protocol (NTP). It can synchronise the system clock with NTP servers, reference clocks (e.g. GPS receiver), and manual input using wristwatch and keyboard. It can also operate as an NTPv4 (RFC 5905) server and peer to provide a time service to other computers in the network.
Install Chrony
sudo apt update sudo apt install chrony
Configure Chrony
The config file is:
/etc/chrony/chrony.conf
Basic things you might want to set:
NTP servers:
You can replace the default pool servers with your preferred NTP servers.
# Example: server time.google.com iburst server time.cloudflare.com iburst server 0.pool.ntp.org iburst server 1.pool.ntp.org iburst
Allow clients to sync with your machine (if acting as a server):
# Allow clients from local network to query time allow 192.168.1.0/24
If you want your machine to serve as a clock without network access:
local stratum 10
Log settings:
Chrony can log stats:
log measurements statistics tracking logdir /var/log/chrony
Restart Chrony
After editing /etc/chrony/chrony.conf:
sudo systemctl restart chrony
Enable it to start on boot:
sudo systemctl enable chrony
Interact with Chrony
Chrony has a command-line tool:
chronyc
Once in the interactive shell, you can run commands like:
tracking→ Show how well the clock is synced (important).sources→ Show list of servers it is syncing with and their status.sourcestats→ Detailed stats for each server.activity→ See if Chrony is currently doing anything.makestep→ Force Chrony to immediately step the system clock.exit→ Quit the CLI.
Example:
chronyc tracking chronyc sources chronyc sourcestats
You can also run chronyc commands directly:
chronyc tracking
Example: See Synchronization Status
chronyc tracking Reference ID : 8.8.8.8 (time.google.com) Stratum : 2 Ref time (UTC) : Tue Apr 29 20:10:12 2025 System time : 0.000045678 seconds fast of NTP time Last offset : +0.000034567 seconds RMS offset : 0.000045678 seconds Frequency : 1.234 ppm fast
Force Immediate Sync (Useful for Fresh Setups)
sudo chronyc makestep
This forces the system clock to immediately jump to the correct time instead of slewing it gradually (normally, NTP likes to gradually adjust).
Firewall Requirements
If you are firewalling, make sure UDP 123 is allowed
Chrony (and NTP in general) uses UDP port 123.
Example with firewalld:
sudo firewall-cmd --add-service=ntp --permanent sudo firewall-cmd --reload
Troubleshooting:
Check if chrony is running:
sudo systemctl status chrony
Check logs:
journalctl -u chrony
If time isn't syncing, sources will show why.
Ansible
Configuring chrony using ansible:
- name: Ensure chrony is installed
apt:
name: chrony
state: present
update_cache: yes
- name: Configure chrony to use time.aws.com
copy:
dest: /etc/chrony/chrony.conf
content: |
server time.aws.com iburst
makestep 1.0 3
log measurements statistics tracking
logdir /var/log/chrony
owner: root
group: root
mode: '0644'
- name: Set system timezone to UTC
command: timedatectl set-timezone UTC
changed_when: true
- name: Restart chrony
systemd:
name: chrony
state: restarted
enabled: yes
- name: Force chrony to step the clock
command: chronyc -a makestep
register: chrony_makestep
changed_when: >
"Can't synchronise" not in chrony_makestep.stdout
- name: Show contents of chrony.conf using cat
command: cat /etc/chrony/chrony.conf
register: chrony_config_output
changed_when: false
- name: Display config line by line
debug:
var: chrony_config_output.stdout_lines
- name: Get chrony sync status
command: chronyc tracking
register: chrony_status
changed_when: false
- name: Display chrony sync status
debug:
var: chrony_status.stdout_lines
References
| Reference | URL |
|---|---|
| Chrony Project | https://chrony-project.org |