Task
- install and configure chrony
...
| Table of Contents |
|---|
Install Chrony
| Code Block |
|---|
sudo apt update sudo apt install chrony |
Configure Chrony
The config file is:
| Code Block |
|---|
/etc/chrony/chrony.conf |
Basic things you might want to set:
NTP servers:
You can replace the default pool servers with your preferred NTP servers.
...
| Code Block |
|---|
# Allow clients from local network to query time allow 192.168.1.0/24 |
If you want your machine to serve as a clock without network access:
| Code Block |
|---|
local stratum 10 |
Log settings:
Chrony can log stats:
| Code Block |
|---|
log measurements statistics tracking logdir /var/log/chrony |
Restart Chrony
After editing /etc/chrony/chrony.conf:
| Code Block |
|---|
sudo systemctl restart chrony |
Enable it to start on boot:
| Code Block |
|---|
sudo systemctl enable chrony |
Interact with Chrony
Chrony has a command-line tool:
| Code Block |
|---|
chronyc |
Once in the interactive shell, you can run commands like:
tracking→ Show how well the clock is synced (important).sources→ Show list of servers it is syncing with and their status.sourcestats→ Detailed stats for each server.activity→ See if Chrony is currently doing anything.makestep→ Force Chrony to immediately step the system clock.exit→ Quit the CLI.
Example:
| Code Block |
|---|
chronyc tracking chronyc sources chronyc sourcestats |
You can also run chronyc commands directly:
| Code Block |
|---|
chronyc tracking |
...
| Code Block |
|---|
sudo chronyc makestep |
This forces the system clock to immediately jump to the correct time instead of slewing it gradually (normally, NTP likes to gradually adjust).
Bonus: If you are firewalling, make sure UDP 123 is allowed
Chrony (and NTP in general) uses UDP port 123.
Example with firewalld:
| Code Block |
|---|
sudo firewall-cmd --add-service=ntp --permanent sudo firewall-cmd --reload |
...