Install Chrony NTP Server on Rocky Linux 8 - CentLinux

Latest

Saturday, 5 March 2022

Install Chrony NTP Server on Rocky Linux 8

Install Chrony NTP Server on Rocky Linux 8

In this article, you will learn how to install Chrony NTP Server on Rocky Linux 8 or other RPM based distros.

 

Table of Contents:

 

What is Chrony?:

Chrony is a versatile implementation of the Network Time Protocol (NTP). It can synchronize the system clock with NTP servers, reference clocks, and manual input using wrist-watch and keyboard. It can also operate as an NTPv4 (RFC 5905) server and peer to provide a time service to other computers in the network.

It is designed to perform well in a wide range of conditions, including intermittent network connections, heavily congested networks, changing temperatures (ordinary computer clocks are sensitive to temperature), and systems that do not run continuously, or run on a virtual machine.

Typical accuracy between two machines synchronized over the Internet is within a few milliseconds; on a LAN, accuracy is typically in tens of microseconds. With hardware time-stamping, or a hardware reference clock, sub-microsecond accuracy may be possible.

Two programs are included in chrony, chronyd is a daemon that can be started at boot time and chronyc is a command-line interface program which can be used to monitor chronyd’s performance and to change various operating parameters whilst it is running. (Source: https://chrony.tuxfamily.org/)

Install Chrony NTP Server on Rocky Linux 8

 

Environment Specification:

We are using a minimal Rocky Linux 8 virtual machine with following specifications.

  • CPU - 3.4 Ghz (2 cores)
  • Memory - 2 GB
  • Storage - 20 GB
  • Operating System - Rocky Linux 8.5 (Green Obsidian)
  • Hostname – ntp-01.centlinux.com
  • IP Address - 192.168.116.128 /24

 

Update your Linux Operating System:

By using a ssh client, connect with ntp-01.centlinux.com as root user.

Update cache of enabled yum repositories on your Linux server.

# dnf makecache
Rocky Linux 8 - AppStream                       873 kB/s | 9.5 MB     00:11
Rocky Linux 8 - BaseOS                          965 kB/s | 5.6 MB     00:05
Rocky Linux 8 - Extras                          7.2 kB/s |  12 kB     00:01
Last metadata expiration check: 0:00:01 ago on Sat 05 Mar 2022 07:44:32 PM PKT.
Metadata cache created.

It is a best practice to update your Linux operating system before installing a new software.

Execute dnf command to update your Linux server.

# dnf update -y

You may need to reboot your operating system, if the above command updates your Linux Kernel.

After reboot, check the Linux operating system and Kernel versions.

# cat /etc/os-release
NAME="Rocky Linux"
VERSION="8.5 (Green Obsidian)"
ID="rocky"
ID_LIKE="rhel centos fedora"
VERSION_ID="8.5"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Rocky Linux 8.5 (Green Obsidian)"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:rocky:rocky:8:GA"
HOME_URL="https://rockylinux.org/"
BUG_REPORT_URL="https://bugs.rockylinux.org/"
ROCKY_SUPPORT_PRODUCT="Rocky Linux"
ROCKY_SUPPORT_PRODUCT_VERSION="8"

# uname -r
4.18.0-348.12.2.el8_5.x86_64

 

Install Chrony NTP Server:

Set the required time zone on your Linux Server. You can use timedatectl command for this purpose.

# timedatectl set-timezone America/Chicago

Execute the timedatectl command again without any parameter to check the System Clock status.

# timedatectl
               Local time: Sat 2022-03-05 08:53:46 CST
           Universal time: Sat 2022-03-05 14:53:46 UTC
                 RTC time: Sat 2022-03-05 14:53:46
                Time zone: America/Chicago (CST, -0600)
System clock synchronized: no
              NTP service: n/a
          RTC in local TZ: no

You can see that your System clock is not currently synchronized with any NTP service.

By using dnf command to install Chrony NTP server.

# dnf install -y chrony
Last metadata expiration check: 0:18:13 ago on Sat 05 Mar 2022 08:44:32 AM CST.
Dependencies resolved.
================================================================================
 Package            Architecture    Version               Repository       Size
================================================================================
Installing:
 chrony             x86_64          4.1-1.el8             baseos          326 k
Installing weak dependencies:
 timedatex          x86_64          0.5-3.el8             baseos           31 k

Transaction Summary
================================================================================
Install  2 Packages

Total download size: 357 k
Installed size: 710 k
Downloading Packages:
(1/2): timedatex-0.5-3.el8.x86_64.rpm            31 kB/s |  31 kB     00:01
(2/2): chrony-4.1-1.el8.x86_64.rpm              297 kB/s | 326 kB     00:01
--------------------------------------------------------------------------------
Total                                           146 kB/s | 357 kB     00:02
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1
  Installing       : timedatex-0.5-3.el8.x86_64                             1/2
  Running scriptlet: timedatex-0.5-3.el8.x86_64                             1/2
  Running scriptlet: chrony-4.1-1.el8.x86_64                                2/2
  Installing       : chrony-4.1-1.el8.x86_64                                2/2
  Running scriptlet: chrony-4.1-1.el8.x86_64                                2/2
  Verifying        : chrony-4.1-1.el8.x86_64                                1/2
  Verifying        : timedatex-0.5-3.el8.x86_64                             2/2

Installed:
  chrony-4.1-1.el8.x86_64               timedatex-0.5-3.el8.x86_64

Complete!

Edit Chrony configuration file by using vim text editor.

# vi /etc/chrony.conf

Locate following line therein.

#allow 192.168.0.0/16

And change it as follows. This directive tells the Chrony server to serve NTP request by clients in given network address.

allow 192.168.116.0/24

Enable and start Chrony NTP service.

# systemctl enable --now chronyd.service

Verify the status of Chrony NTP service.

# systemctl status chronyd.service
● chronyd.service - NTP client/server
   Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor pre>
   Active: active (running) since Sat 2022-03-05 09:03:27 CST; 37s ago
     Docs: man:chronyd(8)
           man:chrony.conf(5)
  Process: 9773 ExecStartPost=/usr/libexec/chrony-helper update-daemon (code=ex>
  Process: 9769 ExecStart=/usr/sbin/chronyd $OPTIONS (code=exited, status=0/SUC>
 Main PID: 9771 (chronyd)
    Tasks: 1 (limit: 5808)
   Memory: 940.0K
   CGroup: /system.slice/chronyd.service
           └─9771 /usr/sbin/chronyd

Mar 05 09:03:27 ntp-01.centlinux.com systemd[1]: Starting NTP client/server...
Mar 05 09:03:27 ntp-01.centlinux.com chronyd[9771]: chronyd version 4.1 startin>
Mar 05 09:03:27 ntp-01.centlinux.com chronyd[9771]: Using right/UTC timezone to>
Mar 05 09:03:27 ntp-01.centlinux.com systemd[1]: Started NTP client/server.
Mar 05 09:03:31 ntp-01.centlinux.com chronyd[9771]: Selected source 203.99.62.2>
Mar 05 09:03:31 ntp-01.centlinux.com chronyd[9771]: System clock TAI offset set>

Again check the System clock status.

# timedatectl
               Local time: Sat 2022-03-05 09:05:47 CST
           Universal time: Sat 2022-03-05 15:05:47 UTC
                 RTC time: Sat 2022-03-05 15:05:46
                Time zone: America/Chicago (CST, -0600)
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no

Now your System clock is synchronized with Global NTP servers.

Execute the chronyc command at Linux Bash prompt to check the Time synchronization status.

# chronyc sources -v

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current best, '+' = combined, '-' = not combined,
| /             'x' = may be in error, '~' = too variable, '?' = unusable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^* mbl-99-62-214.dsl.net.pk      2   6   377     7  +1621us[+1742us] +/-  106ms

 

Configure Linux Firewall:

Chrony uses default NTP service port 123/udp. Therefore, you have to allow it in Linux firewall.

You can allow either 123/udp port or predefined NTP service in Linux firewall.

# firewall-cmd --permanent --add-service=ntp
success

# firewall-cmd --reload
success

Your Chrony NTP server is configured successfully.

 

Configure your NTP Client:

Connect with your client machine as root user by using a ssh client.

Set the Time zone on our NTP client.

# timedatectl set-timezone America/Chicago

Check the status of System clock.

# timedatectl
               Local time: Sat 2022-03-05 09:40:04 CST
           Universal time: Sat 2022-03-05 15:40:04 UTC
                 RTC time: Sat 2022-03-05 15:40:05
                Time zone: America/Chicago (CST, -0600)
System clock synchronized: no
              NTP service: n/a
          RTC in local TZ: no

Chrony is both NTP server and client software. Therefore, install the same Chrony NTP software on your client machine.

# dnf install -y chrony

Edit Chrony configuration file with the help of vim text editor.

# vi /etc/chrony.conf

Find and comment the line that starts with "pool" directive.

Add following line in this file.

server ntp-01.centlinux.com iburst

Enable and start Chrony NTP service.

# systemctl enable --now chronyd.service

Again check the status of System clock.

# timedatectl
               Local time: Sat 2022-03-05 09:45:38 CST
           Universal time: Sat 2022-03-05 15:45:38 UTC
                 RTC time: Sat 2022-03-05 15:45:38
                Time zone: America/Chicago (CST, -0600)
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no

Your system clock is being synchronized now.

If the time synchronization is not enable on your NTP client, then execute the following command to enable it.

# timedatectl set-ntp true

Check the status of time synchronization.

# chronyc sources -v

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current best, '+' = combined, '-' = not combined,
| /             'x' = may be in error, '~' = too variable, '?' = unusable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^* ntp-01.centlinux.com          3   6    17    36  +6222ns[  -41us] +/-   98ms

Your NTP client is successfully synchronizing with your Time server.

 

Conclusion:

In this article, you have successfully installed Chrony NTP server on Rocky Linux 8 or other RPM based distros. You have also learned how to configure NTP clients to synchronize system clocks with your Time server.

No comments:

Post a Comment