chrony
This article describes how to set up and run chrony, an alternative NTP client and server that is roaming friendly and designed specifically for systems that are not online all the time.
Installation
Configuration
The smallest useful configuration file (using IP addresses instead of a hostname) would look something like:
/etc/chrony.conf
server 1.2.3.4 offline server 5.6.7.8 offline server 9.10.11.12 offline driftfile /var/lib/chrony/drift rtconutc # This sets the rtc, but throws out RTC drift tracking. rtcfile is the recommended alternative: see "RTC options" below. rtcsync
Refer to /usr/share/doc/chrony/README
, which will point you to the right answer to any doubts you could still have. Documentation is also available online. See also the related man pages: chronyc(1), chrony.conf(5), chronyd(8).
NTP Servers
The first thing you define in your /etc/chrony.conf
is the servers your machine will synchronize to.
NTP servers are classified in a hierarchical system with many levels called strata: the devices which are considered independent time sources are classified as stratum 0 sources; the servers directly connected to stratum 0 devices are classified as stratum 1 sources; servers connected to stratum 1 sources are then classified as stratum 2 sources and so on.
It has to be understood that a server's stratum cannot be taken as an indication of its accuracy or reliability. Typically, stratum 2 servers are used for general synchronization purposes: if you do not already know the servers you are going to connect to, you should use the pool.ntp.org servers (alternate link) and choose the server pool that is closest to your location.
The following lines tells chrony to pick 4 sources from the NTP pool (chrony has special handling of pools, so as to not confuse its tracking of server-side drift), and use a burst behavior on startup:
pool 2.arch.pool.ntp.org iburst maxsources 4
Offline computers
If your computer is not connected to the internet on startup, it is recommended to use the offline option, to tell Chrony not to try and connect to the servers, until it has been given the go:
pool 2.arch.pool.ntp.org iburst maxsources 4 offline
It may also be a good idea to either use IP addresses instead of host names, or to map the hostnames to IP addresses in your /etc/hosts
file, as DNS resolving will not be available until you have made a connection.
Using NTS servers
Since version 4.0 [1], chrony supports Network Time Security (NTS), a cryptographically secured variety of NTP. To use it, add an NTS-secured server, and specify nts
at the end, like so:
server time.cloudflare.com iburst nts
You can find a list of all known NTS-supporting servers here.
Real-Time Clock
During boot the initial time is read from the hardware real-time clock (RTC) and the system time is then set, and synchronised over a period of minutes once the chrony daemon has been running for a while. If the hardware clock is out of sync then the initial system time can be some minutes away from the true time. Chrony.conf has three different mechanisms for handling the RTC:
- The first mechanism is
rtcsync
, which simply writes the current time to the RTC periodically. This is the classical method used by ntpd, but turns off RTC drift tracking: this is bad for intermittently running desktops, which does a lot of time-keeping on the RTC. - The second mechanism is
rtcautotrim
, which overwrites the RTC time only if it goes above a difference threshold. This method can be used withrtcfile
, which allows for keeping track of RTC error. - The final mechanism is to do nothing about the RTC, but record its error and drift in
rtcfile
. The RTC time will stay wrong, but the system time will become correct as chrony has an idea of how wrong it is. Thertctrim
command in chronyc can still sync the RTC as needed:
# chronyc chronyc> trimrtc 200 OK chronyc> quit
rtcsync
and rtcfile
cannot be used at the same time. Using rtcfile
also prevents tools like hwclock
and timedatectl
from accessing the RTC. See chrony.conf(5) § System clock for details.In addition, rtconutc
describes whether RTC runs on UTC.
Example: intermittently running desktops
An intermittently running desktop would require the use of rtcfile
to keep track of RTC error. A machine running Arch Linux for five years, accumulated a 300 s error within the RTC. After a reboot it took chrony a long time to adjust this difference using the above configuration. If we go for the below instead:
/etc/sysconfig
is not available by default and must be created./etc/sysconfig/chronyd
OPTIONS='-r -s'
/etc/chrony.conf
dumpdir /var/lib/chrony rtcfile /var/lib/chrony/rtc
This keeps, interestingly, the RTC still out-of-date, but after each re-start, chrony adjusts the accumulated error of the RTC and the system time is quite synchronous to NTP even shortly after a start.
RTC remains out-of-date because we forgot to add the rtcautotrim
line telling chrony to adjust the RTC. If we do add it, both the RTC and the system time will become correct.
Other interesting options
Usefulness:
-
makestep
: allow chrony to change the time by abrupt sets instead of frequency adjustments. Doing so may surprise running programs, but helps to fix large errors.makestep 0.1 3
may be desirable for computers that are often offline: only the first three changes will be stepped, so surprises are limited to computer startup.
Precision:
-
server
andpool
:xleave
andpresend
may help increase accuracy without any compatibility cost. -
hwtimestamp
: some network interface cards can timestamp its packages to account for delays in the network stack. Usehwtimestamp *
to turn it on: this will not do anything on adapters without such support. -
tempcomp
: keep track of the relationship between software clock errors (usually due to motherboard crystal temperature changes) and a temperature sensor. For those desiring ultimate precision.
Usage
Starting chronyd
The package provides chronyd.service
, see systemd for details.
Telling chronyd an internet connection has been made
If you are connected to the internet, run:
# chronyc chronyc> online 200 OK chronyc> exit
You may also be interested in the activity
option to display status:
# chronyc activity 200 OK 3 sources online 0 sources offline 0 sources doing burst (return to online) 0 sources doing burst (return to offline) 0 sources with unknown address
Chrony should now connect to the configured time servers and update your clock if needed. To tell chrony that you are not connected to the Internet anymore, execute the following:
# chronyc offline 200 OK # chronyc activity 200 OK 0 sources online 3 sources offline 0 sources doing burst (return to online) 0 sources doing burst (return to offline) 0 sources with unknown address
The online/offline status can be automatically handled by dispatcher services for networkmanager and connman, see below.
Checking configured NTP servers
To check which NTP servers chrony is actually using, and how precise they are, you can use chronyc -N 'sources -a -v'
:
$ chronyc -N 'sources -a -v' .-- Source mode '^' = server, '=' = peer, '#' = local clock. / .- Source state '*' = current best, '+' = combined, '-' = not combined, | / 'x' = may be in error, '~' = too variable, '?' = unusable. || .- xxxx [ yyyy ] +/- zzzz || Reachability register (octal) -. | xxxx = adjusted offset, || Log2(Polling interval) --. | | yyyy = measured offset, || \ | | zzzz = estimated error. || | | \ MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^+ ptbnts1.ptb.de 1 6 377 50 -38us[ -13us] +/- 8723us ^* ptbnts2.ptb.de 1 6 377 49 +2061ns[ +27us] +/- 7538us ^+ nts.ntp.se 2 6 377 51 +594us[ +619us] +/- 15ms ^+ nts.sth1.ntp.se 2 6 377 51 +655us[ +680us] +/- 15ms ^+ nts.sth2.ntp.se 2 6 377 53 +991us[+1016us] +/- 15ms ^+ time.cloudflare.com 3 6 377 49 -1250us[-1250us] +/- 10ms
Notifying network state
If you have specified your pools as offline in chrony.conf
, you need to tell chrony that the network status has changed.
You can either use chronyc to notify chrony that your network configuration has changed, or you can use a dispatcher for your relevant network configuration manager.
NetworkManager
chronyd can go into online/offline mode along with a network connection through the use of NetworkManager's dispatcher scripts. Create a symlink using the shipped upstream NetworkManager dispatcher:
ln -s /usr/share/doc/chrony/examples/chrony.nm-dispatcher.onoffline /etc/NetworkManager/dispatcher.d/20-chrony-onoffline.sh
You can alternatively install networkmanager-dispatcher-chronyAUR from the AUR.
netctl
Install netctl-dispatcher-chronyAUR from the AUR. This adds a hook to netctl which is run automatically for any connection.
dhcpcd
Create the following hook:
/etc/dhcpcd.exit-hook
if $if_up; then chronyc online elif $if_down; then chronyc offline fi