How to Set up Chrony as NTP Server and Client on Rocky Linux

NTP or Network Time Protocol is a networking protocol for time and clock synchronization on the computer network.

Chrony is an implementation of the NTP or Network Time Protocol and an alternative to other applications such as up. Chrony can be run on Unix-like operating systems, released under the GNU GPL v2. Chrony is used as the default NTP server software for some Linux distributions and is also available for multiple Linux distributions.

In this guide, you will learn how to install and use Chrony on the Rocky Linux server. You will learn how to use Chrony in two different ways:

• Using Chrony as an NTP Server – this is usually if you want to build an NTP server for your local environment. So, instead of connecting to the public NTP server on the internet, clients will connect to the local machine that runs Chrony as NTP Server.
• Using Chrony as NTP Client – this is when you need to synchronize time on your machine or client to an NTP server.

Prerequisites

This guide assumes that you have two different Rocky Linux servers that will be used as an NTP Server and NTP Client. You can use the Rocky Linux v8 or the latest version 9. Also, you will need a non-root user with sudo root privileges on both machines.

Below is the detailed servers that we will use:

Hostname        IP Address       Used as

-------------------------------------------

rocky8          192.168.5.100    NTP Server

client1         192.168.5.120    NTP Client

Now let’s start Chrony installation and configurations.

Installing Chrony Package

Chrony is one of the implementation of NTP (Network Time Protocol) for Unix-like operating systems.

By default, the Chrony package is available on the baseos Rocky Linux repository.

You can check the Chriony package using the dnf command below. You should see the detailed information about the Chrony package.

sudo dnf info chrony

In the following screenshot, you can see the current version of Chrony v4.1 is available on the baseos Rocky Linux repository.

<img alt="chrony info" data-ezsrc="https://kirelos.com/wp-content/uploads/2022/10/echo/1-info-chrony.png635bde6ef1d7f.jpg" ezimgfmt="rs rscb5 src ng ngcb5" height="367" loading="lazy" src="data:image/svg xml,” width=”750″>

Now, to install Chriony, run the following dnf command below. When prompted to confirm the installation, input y then press ENTER to proceed.

sudo dnf install chrony

After Chrony is installed, start and enable the Chronyd service using the systemctl command below.

sudo systemctl enable chronyd

sudo systemctl start chronyd

After that, verify the Chronyd service using the below command.

sudo systemctl status chronyd

You should see the Chrionyd service is enabled and will be run automatically at system boot. And now, the status of the Chronyd service is running.

<img alt="chronyd status" data-ezsrc="https://kirelos.com/wp-content/uploads/2022/10/echo/2-start-enable-chrony.png635bde707b40b.jpg" ezimgfmt="rs rscb5 src ng ngcb5" height="232" loading="lazy" src="data:image/svg xml,” width=”750″>

Setting up Chrony as NTP Server

In this step, you will learn how to set up Chrony as an NTP Server on the ROcky Linux server. In this example, we will use the Rocky Linux server with hostname ‘rocky8’ and the IP address ‘192.168.5.100’.

To set up Chrony, you must edit the default Chrony configuration ‘/etc/chrony.conf‘ file.

Open the file ‘/opt/.chrony.conf‘ using the following nano editor command.

sudo nano /etc/chrony.conf

On the server directive, you can specify the source of the NTP server that you want to use. You can find the NTP server pool nearest to your location at https://www.ntppool.org/en/.

In this example, we will use the below NTP server pool. Also, we will use the additional option ‘iburst‘ that allows the Chronyd service to make the first update of the clock shortly after the start.

# list servers

server 0.se.pool.ntp.org iburst

server 1.se.pool.ntp.org iburst

server 2.se.pool.ntp.org iburst

server 3.se.pool.ntp.org iburst

Uncomment the ‘allow‘ directive and add the subnet of the IP address that is allowed to access the NTP server. In this example, all clients within the network ‘192.168.5.0/24‘ will be allowed to access the NTP server.

# allowed clients

allow 192.168.5.0/24

Save the file and exit the editor when you are done.

Additional options/directives that you may also want to change:

# Allow the system clock to be stepped in the first three updates

# if its offset is larger than 1 second.

makestep 1.0 3
# Enable hardware timestamping on all interfaces that support it.

#hwtimestamp *
# Specify the file containing keys for NTP authentication.

keyfile /etc/chrony.keys
# Get TAI-UTC offset and leap seconds from the system tz database.

leapsectz right/UTC

Next, run the following command to restart the Chronyd service and apply new changes. And the Chronyd service is now running as the NTP server.

sudo systemctl restart chronyd

Now, let’s run the following chronyc command below to verify the sources of the NTP server pool that is currently used. You should see the list of current NTP server sources that are used by your server.

chronyc sources

<img alt="check ntp sources" data-ezsrc="https://kirelos.com/wp-content/uploads/2022/10/echo/3-check-sources-ntp.png635bde719804c.jpg" ezimgfmt="rs rscb5 src ng ngcb5" height="213" loading="lazy" src="data:image/svg xml,” width=”750″>

You can also get detailed information via the ‘-v‘ option as verbose.

chronyc sources -v

Below is the detailed status of the NTP server source that is used on the server.

<img alt="check sources" data-ezsrc="https://kirelos.com/wp-content/uploads/2022/10/echo/4-sources-details.png635bde732378d.jpg" ezimgfmt="rs rscb5 src ng ngcb5" height="409" loading="lazy" src="data:image/svg xml,” width=”750″>

Lastly, you will need to add the NTP service port to the firewalld. This will allows client machines to connect to your NTP Server.

Run the firewall-cmd command below to add NTP service to the firewalld. Then, reload the firewalld. This will allows any machines to connect to the NTP Server.

sudo firewall-cmd --add-service=ntp --permanent

sudo firewall-cmd --reload

<img alt="setup firewall" data-ezsrc="https://kirelos.com/wp-content/uploads/2022/10/echo/5-add-firewall.png635bde743f272.jpg" ezimgfmt="rs rscb5 src ng ngcb5" height="284" loading="lazy" src="data:image/svg xml,” width=”667″>

You can also specify the network subnets that are allowed to access NTP Server via the Firewalld Rich Rules. Add the firewalld rich rule that allows subnet ‘192.168.5.0/24‘ to access the NTP Server via the firewall-cmd command below. Then, reload the firewalld to apply new rules.

sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='192.168.5.0/24' service='ntp' accept"

sudo firewall-cmd --reload

Now you can check firewalld rules using the following firewall-cmd command. You should see enabled services and opened ports on your firewalld.

sudo firewall-cmd --list-all

At this point, you have installed and configured the Chrony as an NTP Server on the Rocky Linux server. You can next set up Chrony as an NTP client.

Setting up Chrony as NTP Client

Now you will learn how to set up Chrony as an NTP client on the Rocky Linux system. In this example, you will set up the Chrony NTP client on the Rocky Linux machine with the hostname ‘client1‘.

Before you start, ensure the Chrony package is installed on the client’s machine. You can install it via the dnf command.

sudo dnf install chrony -y

After Chriony is installed, open the configuration file ‘/etc/chrony.conf‘ using the following nano editor command.

sudo nano /etc/chrony.conf

On the server directive, change the NTP server source with your NTP server. In this example, the NTP Server is running the server with IP address ‘192.168.5.100‘.

Also, you can see additional options on the server directive”

• The iburst option allows the Chronyd service to make the first update of the clock shortly after the start.
• The prefer option will prioritize the NTP Server source among other servers without prefer option.

server 192.168.5.100 iburst prefer

Save the file and exit the editor when you’re done.

Now, run the following command to restart the Chrony service and apply new configurations.

sudo systemctl restart chronyd

Finally, run the following chronyc command to verify the current status of NTP on the ‘client1‘ machine.

chronyc tracking

You should see the ‘client1‘ machine is connected and synchronized the time to the NTP Server ‘ntp.hwdomain.io‘, which is the server IP address ‘192.168.5.100‘.

<img alt="tracking sources" data-ezsrc="https://kirelos.com/wp-content/uploads/2022/10/echo/6-tracking-sources.png635bde757bc3e.jpg" ezimgfmt="rs rscb5 src ng ngcb5" height="373" loading="lazy" src="data:image/svg xml,” width=”531″>

You can also verify the detailed NTP data via the chronyc command below.

chronyc ntpdata

You can now see in the ‘Remote address’ section the IP address of the NTP Server, and the ‘Local address’ section is the current machine IP address.

<img alt="ntpdata" data-ezsrc="https://kirelos.com/wp-content/uploads/2022/10/echo/8-ntpdata.png635bde76b4f93.jpg" ezimgfmt="rs rscb5 src ng ngcb5" height="662" loading="lazy" src="data:image/svg xml,” width=”429″>

Next, you can also verify the NTP Server sources on the ‘client1‘ machine via the chronyc command below. And you should see the client machine is now used the NTP Server ‘ntp.hwdomain.io‘ with IP address 192.168.5.100 as the default and preferred NTP Server source.

chronyc sources

chronyc sources -v

<img alt="check sources" data-ezsrc="https://kirelos.com/wp-content/uploads/2022/10/echo/7-check-sources.png635bde78556b6.jpg" ezimgfmt="rs rscb5 src ng ngcb5" height="428" loading="lazy" src="data:image/svg xml,” width=”750″>

Conclusion

Congratulation! You have now successfully installed Chrony NTP implementation software on the Rocky Linux server. You also learned the basic usage of Chrony that can be used for both NTP Server and Client. In the end, you have also learned the basic usage of the chronyc command line for checking NTP status.