chrony
chrony is a versatile implementation of the Network Time Protocol (NTP). It can synchronize the system clock with NTP servers, reference clocks (e.g. GPS receiver), and manual input using wristwatch and keyboard. It can also operate as an NTPv4 (RFC 5905) server and peer to provide a time service to other computers in the network.
Installation
USE flags
USE flags for net-misc/chrony NTP client and server programs
+caps
|
Use Linux capabilities library to control privilege |
+cmdmon
|
Support for command and monitoring |
+nettle
|
Use dev-libs/nettle for hash functions or nts |
+ntp
|
Support for the Network Time Protocol (NTP) |
+nts
|
Support for Network Time Security (NTS). Uses net-libs/gnutls |
+phc
|
Support for the PTP (Precision Time Protocol) Hardware Clock (PHC) interface |
+readline
|
Enable support for libreadline, a GNU line-editing library that almost everyone wants |
+refclock
|
Support for reference clocks |
+rtc
|
Support for the Linux Real Time Clock interface |
+seccomp
|
Enable seccomp (secure computing mode) to perform system call filtering at runtime to increase security of programs |
+sechash
|
Enable support for hashes other than MD5 |
debug
|
Get DEBUG_LOG output from chronyd when passing -dd parameter |
html
|
Install HTML documentation |
libtomcrypt
|
Support different hashes via dev-libs/libtomcrypt |
nss
|
Use dev-libs/nss for hash functions |
pps
|
Support for the Linux Pulse Per Second (PPS) interface |
samba
|
Add support for SAMBA (Windows File and Printer sharing) |
selinux
|
!!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur |
verify-sig
|
Verify upstream signatures on distfiles |
Emerge
Install the chrony package:
root #
emerge --ask net-misc/chrony
Configuration
/etc/chrony/chrony.conf is the configuration file for chronyd. The default configuration is populated with:
# Use public NTP servers from the pool.ntp.org project.
pool pool.ntp.org iburst
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# In first three updates step the system clock instead of slew
# if the adjustment is larger than 1 second.
makestep 1.0 3
# Enable kernel synchronization of the real-time clock (RTC).
rtcsync
hwclockfile /etc/adjtime
Time zones and location of the server do not matter for the NTP protocol; it synchronizes via UTC.
On systems where a network connection is not always available at boot (laptops, etc.), it might help to change the pool line in the server configuration:
pool pool.ntp.org iburst auto_offline
This tells chronyd that the machine will be assumed to have gone offline when 2 requests have been sent to it without receiving a response.
Use the chronyc online command to re-enable polling (See below)
Enable Network Time Security (NTS)
NTS provides cryptographic security on NTP client-server connections using Transport Layer Security (TLS) and Authenticated Encryption with Associated Data (AEAD) RFC8915. In order to use this, set specific servers supporting NTS:
# List of NTS servers:
server time.cloudflare.com iburst nts
server virginia.time.system76.com iburst nts
server ohio.time.system76.com iburst nts
server oregon.time.system76.com iburst nts
server nts.netnod.se iburst nts
server nts.time.nl iburst nts
server ptbtime1.ptb.de iburst nts
server ptbtime2.ptb.de iburst nts
server ptbtime3.ptb.de iburst nts
# NTS cookie jar to minimise NTS-KE requests upon chronyd restart
ntsdumpdir /var/lib/chrony
Most NTP pools do not support NTS.
NTS uses TCP/4460 while standard NTP uses UDP/123.
Use UTC time
chronyd assumes by default that the RTC keeps local time (including any daylight saving changes). To use UTC instead use:
rtconutc
Acting as a local NTP server
By default, chronyd only synchronizes the local machine time. By adding allow and deny rules, it will act as a local NTP source:
# Note order does not matter for this example, order does matter with 'allow all' or 'deny all'
# Allow a specific IP
allow 192.0.2.1
# Deny the 198.51.100.0/24 subnet (example)
deny 198.51.100
# Allow all of the 192.0.2.0 subnet
allow 192.0.2
DHCP
To avoid DHCP replacing the local NTP config and the DHCP server is configured with NTP destinations (rare in home use), consider the following configuration options:
netifrc
dhcp="nontp"
Usage
chronyc Client Interface Tool
chronyc is a command-line interface program which can be used to monitor chronyd's performance and to change various operating parameters whilst it is running. A full list of commands can be found in the manual, man 1 chronyc
Examples:
root #
chronyc offline # Set all sources offline
root #
chronyc online # Set all sources online
chronyd service
OpenRC
Add chronyd to the default runlevel to have the time synchronized automatically.
root #
rc-service chronyd start
root #
rc-update add chronyd default
To monitor status of the server:
root #
rc-service chronyd status
systemd
To run the chronyd sync service:
root #
systemctl start chronyd.service
To have the chronyd sync service start at boot:
root #
systemctl enable chronyd.service
To monitor status of the chronyd service:
root #
systemctl status chronyd.service
See also
- Handbook:AMD64/Installation/Tools#Time_synchronization
- Ntp — is a suite of tools utilizing Network Time Protocol. Their purpose is to keep the system clock in time.
- OpenNTPD — a lightweight NTP server ported from OpenBSD.
- Network Time Protocol — is used to synchronize the system time with other devices over the network.
- System time — is used in Unix systems to keep track of time.
- Home router — how to turn an old Gentoo machine into a router for connecting a home network to the Internet.
- Configuring chrony to take advantage of PTP and associated NIC clocks
External resources
- https://wiki.archlinux.org/index.php/Chrony
- https://netfuture.ch/2021/12/transparent-trustworthy-time-with-ntp-and-nts/#server-list
- https://nts.time.nl
- https://www.netnod.se/time-and-frequency/network-time-security
- https://www.netnod.se/time-and-frequency/how-to-use-nts
- https://www.ptb.de/cms/ptb/fachabteilungen/abtq/gruppe-q4/ref-q42/zeitsynchronisation-von-rechnern-mit-hilfe-des-network-time-protocol-ntp.html
- https://blog.cloudflare.com/nts-is-now-rfc/