Accurate timekeeping is more crucial for a server than you might initially think. From precise log analysis during security incidents to ensuring smooth operation of distributed systems, having your server’s clock in sync is essential. While systemd-timesyncd is often the default, chrony is a versatile and highly regarded Network Time Protocol (NTP) client and server implementation that offers more advanced features and better accuracy, especially in environments with intermittent network connectivity.
Here’s how to install and configure chrony on your Linux server:
Step 1: Installation
The installation process is straightforward and uses your distribution’s package manager.
- For Debian/Ubuntu based systems:
$ sudo apt update
$ sudo apt install -y chrony - For CentOS/RHEL based systems:
$ sudo yum install -y chrony
Step 2: Configuration
The main configuration file for chrony is typically located at /etc/chrony/chrony.conf. You’ll need to edit this file to specify your preferred time sources and other settings.
Open the configuration file with your favorite text editor (like nano or vim):
$ sudo nano /etc/chrony/chrony.confHere are some key configuration options you’ll likely want to adjust:
serverdirective: This specifies the NTP servers your system will synchronize with. By default, the configuration file usually includes pool servers for your distribution. It’s generally a good idea to keep a few reliable public NTP servers. You can comment out the existing ones (by adding a#at the beginning of the line) and add your own. Consider using the public NTP pool project (pool.ntp.org) which automatically selects nearby servers.
# server ntp.ubuntu.com iburst
# server 0.debian.pool.ntp.org iburst
# server 1.debian.pool.ntp.org iburst
# server 2.debian.pool.ntp.org iburst
# server 3.debian.pool.ntp.org iburst
server pool.ntp.org iburst
server 0.europe.pool.ntp.org iburst
server 1.europe.pool.ntp.org iburst
server 2.europe.pool.ntp.org iburstThe iburst option tells chrony to send a burst of initial packets to the server to speed up the initial synchronization.
driftfiledirective: This specifies the file wherechronystores the rate at which your system clock gains or loses time. This information is used to improve accuracy over time, even when not actively synchronizing. The default is usually fine:driftfile /var/lib/chrony/chrony.drift
makestepdirective: This controls howchronycorrects significant time differences. The default usually makes an initial step if the offset is too large. You might want to adjust this based on your application’s sensitivity to time jumps.makestep 1.0 3
This means that if the clock is off by more than 1.0 seconds, a step will be made. This will happen at most 3 times during the first few synchronizations.
logdirdirective: Specifies the directory forchrony‘s log files. The default is typically/var/log/.logdir /var/log/chrony
- Allowing NTP access (if you want to serve time to other machines): If you intend for this server to act as an NTP server for other devices on your local network, you’ll need to allow connections from those networks using the
allowdirective. Replace192.168.1.0/24with your actual network range:allow 192.168.1.0/24
Step 3: Starting and Enabling the Chrony Service
After you’ve configured chrony, you need to start the service and enable it to start automatically on boot:
$ sudo systemctl start chronyd
$ sudo systemctl enable chronydStep 4: Verify Chrony Status
To check if chrony is running correctly and synchronizing, use the chronyc command-line utility:
- Check the overall status:
chronyc activity
This will show you the number of sourceschronyis currently tracking and their reachability. - List the NTP sources:
chronyc sources -v
This provides detailed information about each NTP server, including its stratum (distance from a reference clock), poll interval, reachability, and offset. Look for a^+or^*next to a source, which indicates that it’s currently being used for synchronization. - Check the synchronization status:
chronyc tracking
This command displays detailed information about the current synchronization status, including the reference ID, stratum, system time offset, estimated error, and more. Pay attention to the “System time offset” – ideally, this should be close to zero.
Step 5: (Optional) Stopping the Default Time Service
If your system was previously using systemd-timesyncd, you might want to stop and disable it to avoid conflicts:
$ sudo systemctl stop systemd-timesyncd
$ sudo systemctl disable systemd-timesyncdConclusion
By following these steps, you’ve successfully installed and configured chrony on your Linux server. This will ensure that your server maintains accurate time, which is crucial for security, logging, and the proper functioning of various applications and services. Regularly checking the chronyc status will help you monitor the health and synchronization of your time service.