Install and configure chrony NTP server.
Inspect chrony
package.
$ apt info chrony
Package: chrony Version: 4.0-8 Priority: optional Section: net Maintainer: Vincent Blut Installed-Size: 644 kB Provides: time-daemon Pre-Depends: init-system-helpers (>= 1.54~) Depends: adduser, iproute2, tzdata, ucf, libc6 (>= 2.29), libcap2 (>= 1:2.10), libedit2 (>= 2.11-20080614-0), libgnutls30 (>= 3.7.0), libnettle8, libseccomp2 (>= 2.4.3-1~) Suggests: dnsutils, networkd-dispatcher Conflicts: time-daemon Breaks: network-manager (<< 1.20.0-1~) Replaces: time-daemon Homepage: https://chrony.tuxfamily.org Tag: implemented-in::c, interface::commandline, interface::daemon, interface::text-mode, network::server, network::service, role::program, uitoolkit::ncurses, use::configuring, use::monitor, use::timekeeping Download-Size: 286 kB APT-Sources: http://ftp.task.gda.pl/debian bullseye/main amd64 Packages Description: Versatile implementation of the Network Time Protocol It consists of a pair of programs: . chronyd: This is a daemon which runs in background on the system. It obtains measurements (e.g. via the network) of the system's offset relative to other systems and adjusts the system time accordingly. For isolated systems, the user can periodically enter the correct time by hand (using 'chronyc'). In either case 'chronyd' determines the rate at which the computer gains or loses time, and compensates for this. Chronyd implements the NTP protocol and can act as either a client or a server. . chronyc: This is a command-line driven control and monitoring program. An administrator can use this to fine-tune various parameters within the daemon, add or delete servers etc whilst the daemon is running.
Install chrony
package.
$ sudo apt install chrony
Inspect default configuration.
$ cat /etc/chrony/chrony.conf
# Welcome to the chrony configuration file. See chrony.conf(5) for more # information about usable directives. # Include configuration files found in /etc/chrony/conf.d. confdir /etc/chrony/conf.d # Use Debian vendor zone. pool 2.debian.pool.ntp.org iburst # Use time sources from DHCP. sourcedir /run/chrony-dhcp # Use NTP sources found in /etc/chrony/sources.d. sourcedir /etc/chrony/sources.d # This directive specify the location of the file containing ID/key pairs for # NTP authentication. keyfile /etc/chrony/chrony.keys # This directive specify the file into which chronyd will store the rate # information. driftfile /var/lib/chrony/chrony.drift # Save NTS keys and cookies. ntsdumpdir /var/lib/chrony # Uncomment the following line to turn logging on. #log tracking measurements statistics # Log files location. logdir /var/log/chrony # Stop bad estimates upsetting machine clock. maxupdateskew 100.0 # This directive enables kernel synchronisation (every 11 minutes) of the # real-time clock. Note that it can’t be used along with the 'rtcfile' directive. rtcsync # Step the system clock instead of slewing it if the adjustment is larger than # one second, but only in the first three clock updates. makestep 1 3 # Get TAI-UTC offset and leap seconds from the system tz database. # This directive must be commented out when using time sources serving # leap-smeared time. leapsectz right/UTC
Delete default pool.
$ sudo sed -i -e "/\# Use Debian vendor zone./,+2d" /etc/chrony/chrony.con
Define Debian NTP pool as a source.
$ cat << EOF | sudo tee /etc/chrony/sources.d/debian-pool.sources pool 0.debian.pool.ntp.org iburst pool 1.debian.pool.ntp.org iburst pool 2.debian.pool.ntp.org iburst pool 3.debian.pool.ntp.org iburst EOF
Bind server to a specific interface or IP address and allow access from a particular subnet.
$ cat << EOF | sudo tee /etc/chrony/conf.d/server.conf binddevice eth0 #bindaddress 10.10.0.1 allow 10.10.0.1/16 EOF
Use Unix domain command socket for command and monitoring access.
$ cat << EOF | sudo tee /etc/chrony/conf.d/cmd.conf bindcmdaddress /var/run/chrony/chronyd.sock cmdport 0 EOF
Restart chrony
service.
$ sudo systemctl restart chrony
Inspect service status.
$ systemctl status chrony
● chrony.service - chrony, an NTP client/server Loaded: loaded (/lib/systemd/system/chrony.service; enabled; vendor preset: enabled) Active: active (running) since Thu 2021-09-30 10:02:57 CEST; 3min 53s ago Docs: man:chronyd(8) man:chronyc(1) man:chrony.conf(5) Process: 1149 ExecStart=/usr/sbin/chronyd $DAEMON_OPTS (code=exited, status=0/SUCCESS) Main PID: 1151 (chronyd) Tasks: 2 (limit: 1105) Memory: 1.3M CPU: 44ms CGroup: /system.slice/chrony.service ├─1151 /usr/sbin/chronyd -F 1 └─1152 /usr/sbin/chronyd -F 1
Display tracking information.
$ sudo chronyc tracking
Reference ID : C21D82FC (ntp.coi.pw.edu.pl) Stratum : 2 Ref time (UTC) : Thu Sep 30 08:10:42 2021 System time : 0.000006597 seconds fast of NTP time Last offset : -0.000517745 seconds RMS offset : 0.003449982 seconds Frequency : 6.271 ppm fast Residual freq : +0.046 ppm Skew : 2.133 ppm Root delay : 0.014363421 seconds Root dispersion : 0.001481146 seconds Update interval : 64.7 seconds Leap status : Normal
Display NTP sources.
$ sudo chronyc sources -v
.-- Source mode '^' = server, '=' = peer, '#' = local clock. / .- Source state '*' = current best, '+' = combined, '-' = not combined, | / 'x' = may be in error, '~' = too variable, '?' = unusable. || .- xxxx [ yyyy ] +/- zzzz || Reachability register (octal) -. | xxxx = adjusted offset, || Log2(Polling interval) --. | | yyyy = measured offset, || \ | | zzzz = estimated error. || | | \ MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^- ntp11.kashra-server.com 2 6 377 102 -468us[ -468us] +/- 42ms ^* ntp.coi.pw.edu.pl 1 6 377 167 -3151us[-3310us] +/- 7850us ^- s.complex.net.pl 2 7 377 42 +611us[ +611us] +/- 57ms ^- ntp.tktelekom.pl 2 7 377 39 +1877us[+1877us] +/- 35ms ^x ciskacz.of.pl 2 6 377 38 +112ms[ +112ms] +/- 88ms ^+ 94-172-186-238.dynamic.c> 2 6 377 39 -2733us[-2733us] +/- 22ms ^+ time.cloudflare.com 3 6 377 105 +366us[ +366us] +/- 21ms ^- 46.175.224.7.maxnet.net.> 3 6 377 39 +806us[ +806us] +/- 61ms ^- ntp.ifj.edu.pl 1 6 377 36 +7466us[+7466us] +/- 23ms ^- main.jakspzoo.pl 2 6 377 26 +1099us[+1099us] +/- 38ms ^+ time.cloudflare.com 3 6 377 168 +996us[ +837us] +/- 20ms ^- ntp.wide-net.pl 2 7 377 40 +1234us[+1234us] +/- 44ms ^- ntp2.pl 2 6 377 40 -4286us[-4286us] +/- 50ms ^- time.taken.pl 2 6 377 9 +905us[ +905us] +/- 58ms ^+ ntp.oa.uj.edu.pl 1 6 377 13 +7166us[+7166us] +/- 22ms ^- ntp2.tktelekom.pl 2 6 377 13 +1453us[+1453us] +/- 40ms ^- 96-7.cpe.smnt.pl 2 7 377 39 +3695us[+3695us] +/- 43ms ^- ntp1.pl 2 6 377 12 -4972us[-4972us] +/- 43ms ^+ host-168-137.prnet.pl 1 6 377 37 +47ms[ +47ms] +/- 63ms ^- 160.ip-54-37-233.eu 2 6 377 42 -3679us[-3679us] +/- 94ms
Display drift rate and offset estimation for each NTP source.
$ sudo chronyc sourcestats -v
.- Number of sample points in measurement set. / .- Number of residual runs with same sign. | / .- Length of measurement set (time). | | / .- Est. clock freq error (ppm). | | | / .- Est. error in freq. | | | | / .- Est. offset. | | | | | | On the -. | | | | | | samples. \ | | | | | | | Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev ============================================================================== ntp11.kashra-server.com 19 13 1046 +0.541 4.492 -3555us 1635us ntp.coi.pw.edu.pl 17 10 1045 +0.047 0.159 -3833us 53us s.complex.net.pl 19 13 979 -0.135 2.795 -118us 980us ntp.tktelekom.pl 19 13 979 +0.104 3.404 +226us 1154us ciskacz.of.pl 6 3 324 +318.852 810.065 +144ms 28ms 94-172-186-238.dynamic.c> 18 11 1046 +0.303 2.307 -3499us 841us time.cloudflare.com 17 11 1044 +0.049 0.122 +310us 47us 46.175.224.7.maxnet.net.> 16 9 971 -0.454 2.881 +1962us 878us ntp.ifj.edu.pl 12 5 713 +1.220 3.789 +7045us 627us main.jakspzoo.pl 19 11 975 +1.826 2.811 +477us 1029us time.cloudflare.com 14 6 851 -0.136 0.174 +334us 44us ntp.wide-net.pl 19 11 980 +1.483 2.882 +463us 968us ntp2.pl 17 11 850 -0.282 1.626 -3957us 446us time.taken.pl 13 6 591 -1.035 5.236 -5058us 770us ntp.oa.uj.edu.pl 13 10 588 -0.313 4.574 +6037us 824us ntp2.tktelekom.pl 13 8 587 -0.380 6.781 +445us 1177us 96-7.cpe.smnt.pl 19 12 981 +0.910 2.586 +2463us 938us ntp1.pl 13 6 587 -1.910 3.397 -4260us 460us host-168-137.prnet.pl 20 12 1047 -1.658 26.042 +1591us 9982us 160.ip-54-37-233.eu 11 7 840 +0.868 0.537 -4204us 106us
Display the number of online and offline sources.
$ sudo chronyc activity
200 OK 20 sources online 0 sources offline 0 sources doing burst (return to online) 0 sources doing burst (return to offline) 0 sources with unknown address
Display the server statistics.
$ sudo chronyc serverstats
NTP packets received : 5 NTP packets dropped : 0 Command packets received : 426 Command packets dropped : 0 Client log records dropped : 0 NTS-KE connections accepted: 0 NTS-KE connections dropped : 0 Authenticated NTP packets : 0
Display clients that have accessed the server
$ sudo chronyc clients
Hostname NTP Drop Int IntL Last Cmd Drop Int Last =============================================================================== 10.10.10.100 7 0 6 - 11 0 0 - - 10.10.10.254 5 0 8 - 303 0 0 - -
Read How to update system time using systemd to configure NTP on clients.
Client NTP status.
$ timedatectl timesync-status
Server: 10.10.1.16 (10.10.1.16) Poll interval: 17min 4s (min: 32s; max 34min 8s) Leap: normal Version: 4 Stratum: 2 Reference: C21D82FC Precision: 1us (-21) Root distance: 8.032ms (max: 5s) Offset: +1.118ms Delay: 677us Jitter: 653us Packet count: 5 Frequency: +4,768ppm