Original link: https://editor.leonh.space/2023/chrony/
Time synchronization, or school time, is one of the basic services built into all OSs. Taking Ubuntu as an example, it will calibrate its own time based on the time of ntp.ubuntu.com . NTP (Network Time Protocol) is The current mainstream time agreement.
However, in some cases, such as military networks and intranets, our machines may not be able to use the NTP server of the public network, so it is necessary to build an NTP service for the intranet by ourselves, so as to ensure that all machines in the intranet They all have a consistent time basis, so there will be no supernatural phenomenon that your order is at nine o’clock, but mine is shipped at half past eight.
Chrony is a new generation of NTP service. It can be either an NTP client or an NTP server. This article mainly talks about using chrony as an NTP server.
Compared with the old nptd, OpenNTPD, NTPsec, chrony has the following advantages:
- new
- modernization
Yes, that’s right, “new” itself is an advantage. For a more specific comparison, you can see ” Comparison of NTP implementations “. In addition, chrony itself is already the default NTP service of RedHat Linux. safe to use.
Install
On Debian/Ubuntu one line installation:
$ sudo apt install chrony
When installing chrony, you will be prompted to replace systemd-timesyncd. systemd-timesyncd is the NTP client pre-installed in Ubuntu. It does not have the function of NTP server itself, and chrony has both NTP client / server functions, so you can replace it with confidence.
The installation process will configure and run the chrony service by itself. Confirm after installation:
$ systemctl status chrony
You should see the status read as “active (running)”.
In addition, you can also check the current timing status:
$ chronyc tracking
You should see output like this:
Reference ID : 01220D59 Stratum : 3 Ref time (UTC) : Wed Apr 26 01:59:48 2023 System time : 0.000083251 seconds slow of NTP time Last offset : +0.000094192 seconds RMS offset : 0.000860929 seconds Frequency : 13.559 ppm fast Residual freq : +0.016 ppm Skew : 1.030 ppm Root delay : 0.012618504 seconds Root dispersion : 0.001813692 seconds Update interval : 64.1 seconds Leap status : Normal
It looks great, right?
It is enough to confirm that it is working normally, and other commands will be introduced later.
configuration
The configuration file is in /etc/chrony/chrony.conf, which contains several sections, among which the section defining upstream NTP is as follows:
# This will use (up to): # - 4 sources from ntp.ubuntu.com which some are ipv6 enabled # - 2 sources from 2.ubuntu.pool.ntp.org which is ipv6 enabled as well # - 1 source from [01].ubuntu.pool.ntp.org each (ipv4 only atm) # This means by default, up to 6 dual-stack and up to 2 additional IPv4-only # sources will be used. # At the same time it retains some protection against one of the entries being # down (compare to just using one of the lines). See (LP: #1754358) for the # discussion. # # About using servers from the NTP Pool Project in general see (LP: #104525). # Approved by Ubuntu Technical Board on 2011-02-08. # See http://www.pool.ntp.org/join.html for more information. pool ntp.ubuntu.com iburst maxsources 4 pool 0.ubuntu.pool.ntp.org iburst maxsources 1 pool 1.ubuntu.pool.ntp.org iburst maxsources 1 pool 2.ubuntu.pool.ntp.org iburst maxsources 2
The default ones here are all NTP servers on the public network. When used as an NTP client, if you want to change to another one on the intranet, you can comment out these and fill in an NTP server on the intranet:
server time.st.local
The keyword server here and the above pool are both used to indicate the upstream NTP server address, the difference is that pool means a group of NTP servers, while server means a single NTP server.
In the default configuration, chrony’s NTP server is not enabled, and it is very simple to enable it. Add a line to the configuration file:
allow
allow is also like server or pool , and some parameters can be connected later to limit the IPs that are allowed to connect, but in most situations, such detailed rules will not be formulated, just one allow , anyone who wants to connect can connect.
Restart chrony:
$ sudo systemctl restart chrony
After the chrony NTP server is started, use another machine as an NTP client to test it, and there is no problem.
chrony CLI tool
The CLI tool of chrony is chrony c . We have used chronyc tracking to check the timing status of chrony and the upstream NTP server. Besides, there are some other commands.
Check the status of the upstream NTP server:
$ chronyc sources
The output is as follows:
MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^- prod-ntp-5.ntp1.ps5.cano> 2 8 377 108 -243us[ -299us] +/- 106ms ^- pugot.canonical.com 2 9 377 306 +19ms[ +19ms] +/- 156ms ^- alphyn.canonical.com 2 9 377 498 +3126us[+3080us] +/- 177ms ^- prod-ntp-4.ntp1.ps5.cano> 2 7 377 491 -192us[ -237us] +/- 100ms ^- time.cloudflare.com 3 9 377 377 -2563us[-2611us] +/- 58ms ^- 125-229-162-223.hinet-ip> 2 7 377 110 +328us[ +272us] +/- 58ms ^- 140.137.11.50 2 9 277 512 -311us[ -356us] +/- 46ms ^* twtpe2-ntp-002.aaplimg.c> 1 9 377 48 -8300ns[ -66us] +/- 3441us
Some of these fields don’t go into the meaning of it, but it looks very powerful anyway.
View some statistics of the upstream NTP server:
$ chronyc sourcestats
The output is as follows:
Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev ============================================================================== prod-ntp-5.ntp1.ps5.cano> 23 15 56m +0.198 0.662 -704us 807us pugot.canonical.com 29 12 53m +0.937 2.395 +17ms 2888us alphyn.canonical.com 29 17 56m +0.145 1.349 +628us 1520us prod-ntp-4.ntp1.ps5.cano> 9 6 30m -0.050 0.877 -255us 279us time.cloudflare.com 29 15 60m +0.113 0.099 -2907us 116us 125-229-162-223.hinet-ip> 22 11 28m -0.378 0.776 +75us 418us 140.137.11.50 25 12 58m -0.028 0.144 -166us 191us twtpe2-ntp-002.aaplimg.c> 25 13 56m -0.005 0.082 -1070ns 91us
sharp!
Check the liveness status of upstream NTP:
$ chronyc activity
The output is as follows:
200 OK 8 sources online 0 sources offline 0 sources doing burst (return to online) 0 sources doing burst (return to offline) 0 sources with unknown address
They are all alive, great.
The above is the end of the small waste article introducing chrony.
This article is transferred from: https://editor.leonh.space/2023/chrony/
This site is only for collection, and the copyright belongs to the original author.