Configure Chrony NTP Server on RHEL 9/CentOS 9/AlmaLinux 9

Time synchronization is essential for network administrators who manage a vast network of infrastructure that include, routers, switches, servers, etc. Hardware clocks of these devices tend to drift and may cause risks in accessing some essential services. To curb this issue, Time Protocols were introduced. This ensures that the devices have the correct time for security and authentication purposes. Other services that require correct timing among devices include; checking the log messages and tracking network usage and latency issues.

There are several mechanisms that are used in time synchronization with the common ones being Network Time Protocol (NTP) and Precision Time Protocol (PTP). NTP is based on Software Timestamping and PTP distributes time over pocket-based networks. NTP uses UDP port 123 and a stratum number to measure the believability of a time source. Stratum number is essentially the distance between the server and the time sources. The less the distance the more accurate the time with 0 being the lowest (High accurate) with 15 being the highest (less accurate) believable time.

NTP server is used to synchronize device clocks over a network. It is basically connected to the master or Gold Standard time source which includes GPS, Radio receiver, and Atomic clocks. It is called the stratum 1 device or Primary time server. You can connect other servers to the Primary servers which would have the stratum 2 number and so on up to the 15th layer, this provides a hierarchy of NTP servers.

Chrony NTP

Chrony NTP solution consists of chronyd which is the daemon that runs in the background on the user’s system and chronyc which is the command-line interface or adjusting the chronyd. The daemon monitors time and the status of the time servers specified in the Chrony default configuration file. The chronyc utility allows the user to enter commands that can be used to adjust the daemon.

Features

• Synchronizes time fast with the time servers.
• It adjusts for network delays and latencies.
• Adjusts well to sudden changes in the rate of the clock.
• Can work without an internet connection.
• After an initial sync at the system startup, Chrony never steps on the clock.
• It provides support for isolated networks

This guide will show you how to configure the Chrony NTP server on RHEL 9|CentOS 9|AlmaLinux 9.

Install Chrony NTP on RHEL 9|CentOS 9|AlmaLinux 9

List timezones with the following command:

timedatectl list-timezones

To set the timezone, use the following command.

sudo timedatectl set-timezone Africa/Nairobi

Your time zone might be different. To check which timezone is closest to your location, use the following command.

sudo timedatectl list-timezones | grep <continent-name>

Update your system.

sudo yum update -y

Install chronyd from the package manager.

sudo yum install chrony

Start and enable the service after installation.

sudo systemctl start chronyd
sudo systemctl enable chronyd

You can check the status to see if it is running.

$ systemctl status chronyd
● chronyd.service - NTP client/server
     Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor p>
     Active: active (running) since Wed 2022-06-08 16:05:30 EAT; 1 day 19h ago
       Docs: man:chronyd(8)
             man:chrony.conf(5)
   Main PID: 763 (chronyd)
      Tasks: 1 (limit: 23440)
     Memory: 3.5M
        CPU: 246ms
     CGroup: /system.slice/chronyd.service
             └─763 /usr/sbin/chronyd -F 2

Configure Chrony NTP Server on RHEL 9|CentOS 9|AlmaLinux 9

Edit the configuration file.

sudo vi /etc/chrony.conf

Add the specific pool zone using the following command to synchronize time. Comment out the first NTP server. In most cases, it is recommended to use pool.ntp.org to find an NTP server in your Zone.

server 0.rhel.pool.ntp.org
server 1.rhel.pool.ntp.org
server 2.rhel.pool.ntp.org
server 3.rhel.pool.ntp.org

Allow the IPV4 address. The allow contains the IP of the clients in the local network.

# Allow NTP client access from local network.
allow 192.168.0.0/24

Restart the Chrony service.

sudo systemctl restart chronyd

If you have an active firewalld, allow NTP service using the following command.

sudo firewall-cmd --permanent --add-service ntp
sudo firewall-cmd --reload

Check if Chrony is synchronized. The sources command shows the information about the time source configured in the configuration file. the -v option provides verbose output.

$ chronyc sources -v
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^+ 45.85.15.7                    2  10   377   417  +1048us[+1118us] +/-  278ms
^+ jhb-ntp.mweb.co.za            2  10   377   313  +2088us[+2156us] +/-  244ms
^+ cpt-ntp.mweb.co.za            2  10   377   300  -3211us[-3143us] +/-  198ms
^* 45.85.15.8                    2   8   377   223   +161us[ +228us] +/-  152ms

The tracking command provides a report that shows how far the system is from the servers.

$ chronyc tracking
Reference ID    : 2D550F08 (45.85.15.8)
Stratum         : 3
Ref time (UTC)  : Fri Jun 10 14:05:58 2022
System time     : 0.000086013 seconds slow of NTP time
Last offset     : -0.000015760 seconds
RMS offset      : 0.000169962 seconds
Frequency       : 50.361 ppm slow
Residual freq   : -0.001 ppm
Skew            : 0.042 ppm
Root delay      : 0.174849167 seconds
Root dispersion : 0.064514525 seconds
Update interval : 259.3 seconds
Leap status     : Normal

Configure NTP client on RHEL 9|CentOS 9|AlmaLinux 9

Install Chrony on your client.

sudo dnf install chrony -y

Start and enable the service

sudo systemctl start chronyd
sudo systemctl enable chronyd

Edit the configuration file to set the NTP server

sudo vi /etc/chrony.conf

Add the NTP server address. I will add the IP address of the server that I have configured above.

server 192.168.200.70

Save and restart the file.

Restart the chronyd.

sudo systemctl restart chronyd

Verify that Chrony is accessing the correct time source.

$ sudo chronyc sources
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* 192.168.200.70                3   6   377    23   +807ns[  -57us] +/-  152ms

You can now connect to the NTP server as shown above.

Conclusion

From this guide, we have looked at Chrony as an NTP solution and its components. We have also installed Chrony and configured it as a server and client on AlmaLinux 9|RHEL 9|CentOS 9. Chrony is a powerful tool for synchronizing time for client hosts over a network with its main benefits being it is fast and can work in isolated environments.

More guides on RHEL 9 based systems.

• Install LAMP Stack on CentOS 9 / AlmaLinux 9 / RHEL 9
• Enable EPEL and REMI on CentOS 9|AlmaLinux 9|RHEL 9