{"id":5093,"date":"2020-03-01T22:05:50","date_gmt":"2020-03-01T19:05:50","guid":{"rendered":"https:\/\/kifarunix.com\/?p=5093"},"modified":"2022-05-14T08:01:46","modified_gmt":"2022-05-14T05:01:46","slug":"setup-ntp-server-using-chrony-on-centos-8","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/setup-ntp-server-using-chrony-on-centos-8\/","title":{"rendered":"Setup NTP Server using Chrony on CentOS 8"},"content":{"rendered":"\n<p>In this guide, we are going to learn how to install and setup NTP Server using Chrony on CentOS 8. <strong>Chrony<\/strong>&nbsp;is an implementation of the&nbsp;Network Time Protocol (NTP). Compared to <strong>NTP<\/strong> implementation, <strong>chrony<\/strong>&nbsp;performs well in a wide range of conditions including:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>intermittent network connections,<\/li><li>heavily congested networks<\/li><li>changing temperatures<\/li><li>systems that do not run continuously<\/li><\/ul>\n\n\n\n<p>Chrony can be used to synchronise the system clock with NTP servers, reference clocks. It can also operate as an NTPv4 server and peer to provide a time service to other computers in the network.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Setup NTP Server using Chrony on CentOS 8<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Run System Update<\/h3>\n\n\n\n<p>To synchronize system packages to their latest versions, simply execute the command;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>dnf update<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Installing Chrony on CentOS 8<\/h3>\n\n\n\n<p>Chrony suite is installed by default on RHEL derivatives, CentOS 8 included. You can however verify this by executing the command below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>rpm -q chrony<\/code><\/pre>\n\n\n\n<p>If the package is installed, you should get an output like;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>chrony-3.5-1.el8.x86_64<\/code><\/pre>\n\n\n\n<p>Otherwise, you will get an output like;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>package chrony is not installed<\/code><\/pre>\n\n\n\n<p>To see more information about Chrony;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>rpm -qi chrony<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\nName        : chrony\nVersion     : 3.5\nRelease     : 1.el8\nArchitecture: x86_64\nInstall Date: Sun 01 Mar 2020 08:07:16 PM EAT\nGroup       : System Environment\/Daemons\nSize        : 692391\nLicense     : GPLv2\nSignature   : RSA\/SHA256, Thu 05 Dec 2019 01:51:32 AM EAT, Key ID 05b555b38483c65d\nSource RPM  : chrony-3.5-1.el8.src.rpm\nBuild Date  : Tue 19 Nov 2019 06:32:41 PM EAT\nBuild Host  : x86-01.mbox.centos.org\nRelocations : (not relocatable)\nPackager    : CentOS Buildsys &lt;bugs@centos.org&gt;\nVendor      : CentOS\nURL         : https:\/\/chrony.tuxfamily.org\nSummary     : An NTP client\/server\nDescription :\nchrony is a versatile implementation of the Network Time Protocol (NTP).\nIt can synchronise the system clock with NTP servers, reference clocks\n(e.g. GPS receiver), and manual input using wristwatch and keyboard. It\ncan also operate as an NTPv4 (RFC 5905) server and peer to provide a time\nservice to other computers in the network.\n<\/code><\/pre>\n\n\n\n<p>If for some reasons is not installed by default, you can always install it by running the command below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>dnf install chrony<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Configure Chrony as an NTP server on CentOS 8<\/h3>\n\n\n\n<p>Assuming Chrony is installed, you can now proceed to configure it to provide time synchronization.<\/p>\n\n\n\n<p>The default configuration file of Chrony is <code>\/etc\/chrony.conf<\/code>. Therefore, we will make most configuration changes in this file.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Set Time Servers<\/h4>\n\n\n\n<p>By default, Chrony uses the <code>2.centos.pool.ntp.org<\/code> as the default time server. You need to define the time servers close to your region.<\/p>\n\n\n\n<p>To obtain a list of NTP servers close to your region,navigate to <a rel=\"noreferrer noopener\" aria-label=\"Internet Cluster of NTP servers (opens in a new tab)\" href=\"https:\/\/www.pool.ntp.org\/en\/\" target=\"_blank\">Internet Cluster of NTP servers<\/a> page and select your region. For example, if you are in Europe, below are the available NTP servers;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>server 0.europe.pool.ntp.org\nserver 1.europe.pool.ntp.org\nserver 2.europe.pool.ntp.org\nserver 3.europe.pool.ntp.org<\/code><\/pre>\n\n\n\n<p>To use the pool of NTP servers in your region, simply comment (<strong>Add # at the beginning<\/strong>) the line, <code>pool 2.centos.pool.ntp.org iburst<\/code> replacing it as follows;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>vim \/etc\/chrony.conf<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code># Use public servers from the pool.ntp.org project.\n# Please consider joining the pool (http:\/\/www.pool.ntp.org\/join.html).\n<strong># pool 2.centos.pool.ntp.org iburst\nserver 0.europe.pool.ntp.org\nserver 1.europe.pool.ntp.org\nserver 2.europe.pool.ntp.org\nserver 3.europe.pool.ntp.org<\/strong><\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Configure NTP Server Access Control<\/h4>\n\n\n\n<p>Chrony does not allow any access to NTP server. To restrict or control access to the&nbsp;<code>NTP<\/code>&nbsp;service running on a system, use the allow directive. This directive simply is to designate particular servers from which NTP clients are allowed to access the computer as an NTP server.<\/p>\n\n\n\n<p>For example, to allow all servers in the network subnet, 192.168.56.0\/24 to access your NTP server;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code># Allow NTP client access from local network.\n#allow 192.168.0.0\/16\n<strong>allow 192.168.56.0\/24<\/strong><\/code><\/pre>\n\n\n\n<p>Read more on, <strong><code>man chrony.conf<\/code><\/strong>.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Open NTP UDP Port 123 on Firewall<\/h4>\n\n\n\n<p>To be able to allow NTP clients access to your NTP server, you need to open port 123\/UDP on firewall.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>firewall-cmd --add-port=123\/udp --permanent<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>firewall-cmd --reload<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Running Chrony on CentOS 8<\/h4>\n\n\n\n<p><code>Chronyd<\/code> daemon controls the NTP implementation. As such, you can start and enable it to run on system boot by running the command below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl enable --now chronyd<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl status chronyd<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\n\u25cf chronyd.service - NTP client\/server\n   Loaded: loaded (\/usr\/lib\/systemd\/system\/chronyd.service; enabled; vendor preset: enabled)\n   Active: active (running) since Sun 2020-03-01 20:59:01 CET; 10s ago\n     Docs: man:chronyd(8)\n           man:chrony.conf(5)\n  Process: 6685 ExecStartPost=\/usr\/libexec\/chrony-helper update-daemon (code=exited, status=0\/SUCCESS)\n  Process: 6681 ExecStart=\/usr\/sbin\/chronyd $OPTIONS (code=exited, status=0\/SUCCESS)\n Main PID: 6683 (chronyd)\n    Tasks: 1 (limit: 5047)\n   Memory: 828.0K\n   CGroup: \/system.slice\/chronyd.service\n           \u2514\u25006683 \/usr\/sbin\/chronyd\n...\n\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Verify Chrony Time Synchronization<\/h3>\n\n\n\n<p><strong>chronyc<\/strong> commands is be used to verify Chrony time synchronization with the help of command line options such as <strong><code>sources, tracking, sourcestats<\/code><\/strong>.<\/p>\n\n\n\n<p>To display information about the current time sources that chronyd is accessing, run the command;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>chronyc sources<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\n210 Number of sources = 4\nMS Name\/IP address         Stratum Poll Reach LastRx Last sample               \n===============================================================================\n^+ 85.129.0.126                  2   6    77    30  -1023us[-1499us] +\/-  124ms\n^+ valoo.patate.ninja            2   6    77    29  +3687us[+3687us] +\/-  123ms\n^* leeto.nicolbolas.org          2   6    77    30    -79us[ -555us] +\/-   75ms\n^+ backup.kabelnetveendam.nl     2   6    77    30  -3653us[-4129us] +\/-  146ms\n<\/code><\/pre>\n\n\n\n<p>The&nbsp;<strong>M&nbsp;<\/strong>column indicates the mode of the source;<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>^ means a server<\/li><li>= means a peer<\/li><li># indicates a locally connected reference clock<\/li><\/ul>\n\n\n\n<p>The&nbsp;<strong>S<\/strong>&nbsp;column indicates the state of the sources;<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>\u201c*\u201d indicates the source to which chronyd is currently synchronized.<\/li><li>\u201c+\u201d indicates acceptable sources which are combined with the selected source.<\/li><li>\u201c-\u201d indicates acceptable sources which are excluded by the combining algorithm.<\/li><li>\u201c?\u201d indicates sources to which connectivity has been lost or whose packets do not pass all tests. This condition is also shown at start-up, until at least 3 samples have been gathered from it.<\/li><li>\u201cx\u201d indicates a clock which chronyd thinks is a falseticker (its time is inconsistent with a majority of other sources).<\/li><li>\u201c~\u201d indicates a source whose time appears to have too much variability<\/li><\/ul>\n\n\n\n<p>To display parameters about the system\u2019s clock performance;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>chronyc tracking<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\nReference ID    : C39AAED1 (leeto.nicolbolas.org)\nStratum         : 3\nRef time (UTC)  : Sun Mar 01 18:14:38 2020\nSystem time     : 0.001563942 seconds fast of NTP time\nLast offset     : +0.001314329 seconds\nRMS offset      : 0.002229846 seconds\nFrequency       : 2.614 ppm fast\nResidual freq   : +0.147 ppm\nSkew            : 24.449 ppm\nRoot delay      : 0.150412217 seconds\nRoot dispersion : 0.008927128 seconds\nUpdate interval : 128.5 seconds\nLeap status     : Normal\n<\/code><\/pre>\n\n\n\n<p>For more command options, refer to <strong><code>man chronyc<\/code><\/strong>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Setup NTP Client using Chrony on CentOS 8<\/h3>\n\n\n\n<p>Since our NTP server using Chrony on CentOS 8 is setup and running, it is time to verify that it can serve our NTP clients as expected.<\/p>\n\n\n\n<p>In this demo, we are using another CentOS 8 VM as our NTP client.<\/p>\n\n\n\n<p>Check if Chrony is installed;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>rpm -q chrony<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>chrony-3.5-1.el8.x86_64<\/code><\/pre>\n\n\n\n<p>Setting NTP client on CentOS 8 is the same as setting the NTP server as described above except that the client doesn\u2019t have access permissions set hence no server can query time information from it.<\/p>\n\n\n\n<p>Open the configuration file and set the NTP server as shown below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>vim \/etc\/chrony.conf<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code># Use public servers from the pool.ntp.org project.\n# Please consider joining the pool (http:\/\/www.pool.ntp.org\/join.html).\n#pool 2.centos.pool.ntp.org iburst\n<strong>server ntp.kifarunix-demo.com iburst<\/strong><\/code><\/pre>\n\n\n\n<p>Ensure that the hostname of the NTP server is resolvable, otherwise use IP address.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Verify Connection to NTP Server UDP Port 123<\/h4>\n\n\n\n<p>To verify that there is a connection from the NTP client to NTP server on UDP port 123, simply use netcat command as shown below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>dnf install nc -y<\/code><\/pre>\n\n\n\n<p>To verify connection to UDP port 123;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>nc -uzv ntp.kifarunix-demo.com 123<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>Ncat: Connected to 192.168.56.133:123.\nNcat: UDP packet sent successfully\nNcat: 1 bytes sent, 0 bytes received in 2.14 seconds.<\/code><\/pre>\n\n\n\n<p>Great. You can now proceed to restart and enable <strong>chronyd<\/strong> to run on system boot.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl restart chronyd<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl enable chronyd<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Check NTP time synchronization<\/h3>\n\n\n\n<p>To verify that time synchronization is working, you can use the <strong>tracking<\/strong> or <strong>sources<\/strong> command with <strong>chronyc<\/strong> command as shown below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>chronyc tracking<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\n<strong>Reference ID    : C0A83885 (ntp.kifarunix-demo.com)<\/strong>\nStratum         : 4\nRef time (UTC)  : Sun Mar 01 18:56:03 2020\nSystem time     : 0.000000034 seconds slow of NTP time\nLast offset     : +0.000032892 seconds\nRMS offset      : 0.000032892 seconds\nFrequency       : 2.246 ppm fast\nResidual freq   : +14.373 ppm\nSkew            : 0.564 ppm\nRoot delay      : 0.151499271 seconds\nRoot dispersion : 0.001610240 seconds\nUpdate interval : 2.0 seconds\nLeap status     : Normal\n<\/code><\/pre>\n\n\n\n<p>Using the sources command;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>chronyc sources<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>210 Number of sources = 1\nMS Name\/IP address         Stratum Poll Reach LastRx Last sample               \n===============================================================================\n<strong>^* ntp.kifarunix-demo.com<\/strong>        3   6    37     7   -671ns[  -12us] +\/-   77ms<\/code><\/pre>\n\n\n\n<p>Check sources statistics<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>chronyc sourcestats<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>210 Number of sources = 1\nName\/IP Address            NP  NR  Span  Frequency  Freq Skew  Offset  Std Dev\n==============================================================================\nntp.kifarunix-demo.com      5   3    70     +0.408      4.663    +24us    27us<\/code><\/pre>\n\n\n\n<p>The NTP client is now connected to our NTP server. That brings us to the end of our guide on how to setup NTP Server using Chrony on CentOS 8. We hope this was informative. Enjoy.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Related Tutorials<\/h3>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/setup-ntp-server-using-ntpd-on-debian-10-buster\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\">Setup NTP server Using NTPd on Debian 10 Buster<\/a><\/p>\n\n\n\n<p><a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/kifarunix.com\/configure-ntp-server-using-ntpd-on-fedora-30\/\" target=\"_blank\">Configure NTP Server using NTPd on Fedora 30<\/a><\/p>\n\n\n\n<p><a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/kifarunix.com\/how-to-install-and-configure-ntp-server-using-ntpd-on-fedora-29-fedora-28\/\" target=\"_blank\">How to Install and Configure NTP Server Using NTPd on Fedora 29\/Fedora 28<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/how-to-install-and-configure-ntp-server-using-chrony-on-fedora-29\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\">How to Install and Configure NTP Server Using Chrony on Fedora 29\/Fedora 28<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this guide, we are going to learn how to install and setup NTP Server using Chrony on CentOS 8. Chrony&nbsp;is an implementation of the&nbsp;Network<\/p>\n","protected":false},"author":3,"featured_media":12718,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[121,931,236],"tags":[1142,1301,1306,239,240,1303,1302],"class_list":["post-5093","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-howtos","category-chrony","category-ntp","tag-centos-8","tag-chrony-centos-8","tag-chrony-ntp-server-centos-8","tag-chronyc","tag-chronyd","tag-ntp-server-centos-8","tag-setup-ntp-using-chrony","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/5093"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=5093"}],"version-history":[{"count":3,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/5093\/revisions"}],"predecessor-version":[{"id":12729,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/5093\/revisions\/12729"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/12718"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=5093"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=5093"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=5093"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}