Accurate time keeping is important for a number of reasons in IT. In networking for example, accurate time stamps in packets and logs are required. In Linux systems, the Show
The user space daemon updates the system clock running in the kernel. The system clock can keep time by using various clock sources. Usually, the Time Stamp Counter (TSC) is used. The TSC is a CPU register which counts the number of cycles since it was last reset. It is very fast, has a high resolution, and there are no interruptions. There is a choice between the daemons This chapter describes the use of the chrony suite. 18.1. Introduction to the chrony SuiteChrony is an implementation of the Network Time Protocol (NTP). You can use Chrony:
Chrony performs well in a wide range of conditions, including intermittent network connections, heavily congested networks, changing temperatures (ordinary computer clocks are sensitive to temperature), and systems that do not run continuously, or run on a virtual machine. Typical accuracy between two machines synchronized over the Internet is within a few milliseconds, and for machines on a LAN within tens of microseconds. Hardware timestamping or a hardware reference clock may improve accuracy between two machines synchronized to a sub-microsecond level. Chrony consists of 18.1.1. Differences Between ntpd and chronyd Things
Things
Things
18.1.2. Choosing Between NTP DaemonsChrony should be preferred for all systems except for the systems that are managed or monitored by tools that do not support chrony, or the systems that have a hardware reference clock which cannot be used with chrony. Systems which are required to perform authentication of packets with the 18.2. Understanding chrony and Its Configuration18.2.1. Understanding chronyd and chronyc The
chrony daemon, 18.2.2. Understanding the chrony Configuration Commands The default configuration file for Below is a selection of Comments Comments should be preceded by #, %, ; or ! allow Optionally specify a host, subnet, or network from which to allow Example 18.1. Granting access with the
The UDP port number 123 needs to be open in the firewall in order to allow the client access: ~]# firewall-cmd --zone=public --add-port=123/udp If you want to open port 123 permanently, use the ~]# firewall-cmd --permanent --zone=public --add-port=123/udp cmdallow This is similar to the The An example of the command is: local stratum 10 A large value of 10 indicates that the clock is
so many hops away from a reference clock that its time is unreliable. If the computer ever has access to another computer which is ultimately synchronized to a reference clock, it will almost certainly be at a stratum less than 10. Therefore, the choice of a high value like 10 for the The
measurements This option logs the raw This option logs the temperature measurements and system rate compensations to a file called The log files are written to the directory specified by
the An example of the command is: log measurements statistics trackinglogdir This directive allows the directory where log files are written to be specified. An example of the use of this directive is: logdir /var/log/chronymakestep Normally An example of the use of this directive is: makestep 1000 10 This would step the system clock if the adjustment is larger than 1000 seconds, but only in the first ten clock updates. maxchange This directive sets the maximum allowed offset corrected on a clock update. The check is performed only after the specified number of updates to allow a large initial adjustment of the system clock. When an offset larger than the specified maximum occurs, it will be ignored for the specified number of
times and then An example of the use of this directive is: maxchange 1000 1 2 After the first clock update, One of If the range of error is too large, it indicates that the measurements have not settled down yet, and that the estimated gain or loss rate is not very reliable. The The format of the syntax is: maxupdateskew skew-in-ppm Typical values for skew-in-ppm might be 100 for a dial-up connection to servers over a telephone line, and 5 or 10 for a computer on a LAN. It should be noted that this is not the only means of protection against using unreliable estimates. At all times, The The format of the syntax is: minsources number-of-sources By default, number-of-sources is 1. Setting minsources to a larger number can be used to improve the reliability, because multiple sources will need to correspond with each other. noclientlog This directive, which takes no arguments, specifies that client accesses are not to be logged. Normally they are logged, allowing statistics to be reported using the clients command in chronyc. reselectdist When The format of the syntax is: reselectdist dist-in-seconds stratumweight
The The format of the syntax is: stratumweight dist-in-seconds By default, dist-in-seconds is 1 millisecond. This means that sources with lower stratum are usually preferred to sources with higher stratum even when their distance is significantly worse. Setting The The format of the syntax is: rtcfile /var/lib/chrony/rtc rtcsync directive is present in the /etc/chrony.conf file by default. This will inform the kernel the system clock is kept synchronized and the kernel will update the real-time clock every 11 minutes. 18.2.3. Security with chronyc Chronyc can access
By default, chronyc connects to the Unix domain socket. The default path is Only the following
monitoring commands, which do not affect the behavior of
The set of hosts from which All other commands are allowed only through the Unix domain socket. When sent over the network, Accessing chronyd remotely with chronyc
Note that the 18.3. Using chrony18.3.1. Installing chrony The
chrony suite is installed by default on some versions of Red Hat Enterprise Linux 7. If required, to ensure that it is, run the following command as ~]# yum install chrony The default location for the chrony daemon is 18.3.2. Checking the Status of chronyd To check the status of ~]$ 18.3.3. Starting chronyd To start ~]# systemctl start chronyd To ensure ~]# systemctl enable chronyd 18.3.4. Stopping chronyd
To stop ~]# systemctl stop chronyd To prevent ~]# systemctl disable chronyd 18.3.5. Checking if chrony is Synchronized To check if chrony is synchronized, make use of the 18.3.5.1. Checking chrony TrackingTo check chrony tracking, issue the following command: ~]$ The fields are as follows: Reference ID This is the reference ID and name (or This shows the "residual frequency" for the currently selected reference source. This reflects any difference between what the measurements from the reference source indicate the frequency should be and the frequency currently being used. The reason this is not always zero is that a smoothing procedure is applied to the frequency. Each time a measurement from the reference source is obtained and a new residual frequency computed, the estimated accuracy of this residual is compared with the estimated accuracy (see 18.3.5.2. Checking chrony Sources The sources command displays information about the current time sources that The optional argument -v can be specified, meaning verbose. In this case, extra caption lines are shown as a reminder of the meanings of the columns. ~]$ chronyc sources 210 Number of sources = 3 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== #* GPS0 0 4 377 11 -479ns[ -621ns] +/- 134ns ^? a.b.c 2 6 377 23 -923us[ -924us] +/- 43ms ^+ d.e.f 1 6 377 21 -2629us[-2619us] +/- 86ms The columns are as follows: M This indicates the mode of the source. This shows the rate at which the source is being polled, as a base-2 logarithm of the interval in seconds. Thus, a value of 6 would indicate that a measurement is being made every 64 seconds. m , h , d or y indicate minutes, hours, days or years. A value of 10 years indicates there were no samples received from this source
yet. Last sample This column shows the offset between the local clock and the source at the last measurement. The number in the square brackets shows the actual measured offset. This may be suffixed by ns (indicating nanoseconds), us (indicating microseconds), ms (indicating milliseconds), or s (indicating seconds). The number to the left of the square brackets shows the original measurement, adjusted to allow for any slews applied to the
local clock since. The number following the +/- indicator shows the margin of error in the measurement. Positive offsets indicate that the local clock is ahead of the source. 18.3.5.3. Checking chrony Source Statistics The The optional argument ~]$ The columns are as follows: Name/IP address This is the name or 18.3.6. Manually Adjusting the System Clock To step the system clock immediately, bypassing any
adjustments in progress by slewing, issue the following command as ~]# chronyc makestep If the 18.4. Setting Up chrony for Different Environments18.4.1. Setting Up chrony for a System in an Isolated Network For a network that is never connected to the Internet, one computer is selected to be the master timeserver. The other computers are either direct clients of the master, or clients of clients. On the master, the drift file must be manually set with the average rate of drift of the system clock. If the master
is rebooted, it will obtain the time from surrounding systems and calculate an average to set its system clock. Thereafter it resumes applying adjustments based on the drift file. The drift file will be updated automatically when the On the system selected to be the master, using a text editor running as driftfile /var/lib/chrony/drift commandkey 1 keyfile /etc/chrony.keys initstepslew 10 client1 client3 client6 local stratum 8 manual allow 192.0.2.0 Where On
the systems selected to be direct clients of the master, using a text editor running as server master driftfile /var/lib/chrony/drift logdir /var/log/chrony log measurements statistics tracking keyfile /etc/chrony.keys commandkey 24 local stratum 10 initstepslew 20 master allow 192.0.2.123 Where On the client systems which are not to be direct clients of the master, the In an Isolated Network, you can also use the To allow multiple servers in the network to use the same local configuration and to be synchronized to one another, without confusing clients that poll more than one server, use the 18.5. Using chronyc18.5.1. Using chronyc to Control chronyd To make changes to the local instance of ~]# chronyc chronyc must run as The chronyc command prompt will be displayed as follows: chronyc> You can type The utility can also be invoked in non-interactive command mode if called together with a command as follows:
Changes made using chronyc are not permanent, they will be lost after a 18.6. Chrony with HW timestamping18.6.1. Understanding Hardware Timestamping Hardware timestamping is a feature supported in some Network Interface Controller (NICs) which provides accurate timestamping of incoming and outgoing packets. Another protocol for time synchronization that uses hardware timestamping is
18.6.2. Verifying Support for Hardware Timestamping To verify that hardware timestamping with Example 18.2. Verifying Support for Hardware Timestamping on a Specific Interface ~]# ethtool -T eth0 Output: Timestamping parameters for eth0: Capabilities: hardware-transmit (SOF_TIMESTAMPING_TX_HARDWARE) software-transmit (SOF_TIMESTAMPING_TX_SOFTWARE) hardware-receive (SOF_TIMESTAMPING_RX_HARDWARE) software-receive (SOF_TIMESTAMPING_RX_SOFTWARE) software-system-clock (SOF_TIMESTAMPING_SOFTWARE) hardware-raw-clock (SOF_TIMESTAMPING_RAW_HARDWARE) PTP Hardware Clock: 0 Hardware Transmit Timestamp Modes: off (HWTSTAMP_TX_OFF) on (HWTSTAMP_TX_ON) Hardware Receive Filter Modes: none (HWTSTAMP_FILTER_NONE) all (HWTSTAMP_FILTER_ALL) ptpv1-l4-sync (HWTSTAMP_FILTER_PTP_V1_L4_SYNC) ptpv1-l4-delay-req (HWTSTAMP_FILTER_PTP_V1_L4_DELAY_REQ) ptpv2-l4-sync (HWTSTAMP_FILTER_PTP_V2_L4_SYNC) ptpv2-l4-delay-req (HWTSTAMP_FILTER_PTP_V2_L4_DELAY_REQ) ptpv2-l2-sync (HWTSTAMP_FILTER_PTP_V2_L2_SYNC) ptpv2-l2-delay-req (HWTSTAMP_FILTER_PTP_V2_L2_DELAY_REQ) ptpv2-event (HWTSTAMP_FILTER_PTP_V2_EVENT) ptpv2-sync (HWTSTAMP_FILTER_PTP_V2_SYNC) ptpv2-delay-req (HWTSTAMP_FILTER_PTP_V2_DELAY_REQ) 18.6.3. Enabling Hardware Timestamping To enable hardware timestamping, use the Example 18.3. Enabling Hardware Timestamping by Using the hwtimestamp Directive hwtimestamp eth0 hwtimestamp eth2 hwtimestamp * 18.6.4. Configuring Client Polling IntervalThe default range of a polling interval (64-1024 seconds) is recommended for servers on the Internet. For local servers and hardware timestamping, a shorter polling interval needs to be configured in order to minimize offset of the system clock. The
following directive in server ntp.local minpoll 0 maxpoll 0 18.6.5. Enabling Interleaved Mode server ntp.local minpoll 0 maxpoll 0 xleave 18.6.6. Configuring Server for Large Number of Clients The default server configuration allows a few thousands of clients at most to use the interleaved mode concurrently. To configure the server for a larger number of clients, increase the clientloglimit 100000000 18.6.7. Verifying Hardware TimestampingTo verify that the interface has successfully enabled hardware timestamping, check the system log. The log should contain a message from chronyd for each interface with successfully enabled hardware timestamping. Example 18.4. Log Messages for Interfaces with Enabled Hardware Timestamping chronyd[4081]: Enabled HW timestamping on eth0 chronyd[4081]: Enabled HW timestamping on eth2 When chronyd is configured
as an Example 18.5. Reporting the Transmit, Receive Timestamping and Interleaved Mode for Each NTP Source ~]# chronyc ntpdata Output: Remote address : 203.0.113.15 (CB00710F) Remote port : 123 Local address : 203.0.113.74 (CB00714A) Leap status : Normal Version : 4 Mode : Server Stratum : 1 Poll interval : 0 (1 seconds) Precision : -24 (0.000000060 seconds) Root delay : 0.000015 seconds Root dispersion : 0.000015 seconds Reference ID : 47505300 (GPS) Reference time : Wed May 03 13:47:45 2017 Offset : -0.000000134 seconds Peer delay : 0.000005396 seconds Peer dispersion : 0.000002329 seconds Response time : 0.000152073 seconds Jitter asymmetry: +0.00 NTP tests : 111 111 1111 Interleaved : Yes Authenticated : No TX timestamping : Hardware RX timestamping : Hardware Total TX : 27 Total RX : 27 Total valid RX : 27 Example 18.6. Reporting the Stability of NTP Measurements # chronyc sourcestats With hardware timestamping enabled, stability of Output: 210 Number of sources = 1 Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev ntp.local 12 7 11 +0.000 0.019 +0ns 49ns 18.6.8. Configuring PTP-NTP bridge If a highly accurate Precision Time Protocol ( Configure the ptp4l and
phc2sys programs from the linuxptp packages to use one interface to synchronize the system clock using Example 18.7. Configuring chronyd to Provide the System Time Using the Other Interface bindaddress 203.0.113.74 hwtimestamp eth2 local stratum 1 18.7. Additional ResourcesThe following sources of information provide additional resources regarding chrony. 18.7.1. Installed Documentation
18.7.2. Online Documentation
For answers to FAQs, see http://chrony.tuxfamily.org/faq.html |