chrony

From ArchWiki

This article describes how to set up and run chrony, an alternative NTP client and server that is roaming friendly and designed specifically for systems that are not online all the time.

Installation

Install the chrony package.

Configuration

The smallest useful configuration file (using IP addresses instead of a hostname) would look something like:

/etc/chrony.conf
server 1.2.3.4 offline
server 5.6.7.8 offline
server 9.10.11.12 offline
driftfile /var/lib/chrony/drift
rtconutc

# This sets the rtc, but throws out RTC drift tracking. rtcfile is the recommended alternative: see "RTC options" below.
rtcsync

Refer to /usr/share/doc/chrony/README, which will point you to the right answer to any doubts you could still have. Documentation is also available online. See also the related man pages: chronyc(1), chrony.conf(5), chronyd(8).

NTP Servers

The first thing you define in your /etc/chrony.conf is the servers your machine will synchronize to. NTP servers are classified in a hierarchical system with many levels called strata: the devices which are considered independent time sources are classified as stratum 0 sources; the servers directly connected to stratum 0 devices are classified as stratum 1 sources; servers connected to stratum 1 sources are then classified as stratum 2 sources and so on.

It has to be understood that a server's stratum cannot be taken as an indication of its accuracy or reliability. Typically, stratum 2 servers are used for general synchronization purposes: if you do not already know the servers you are going to connect to, you should use the pool.ntp.org servers (alternate link) and choose the server pool that is closest to your location.

The following lines tells chrony to pick 4 sources from the NTP pool (chrony has special handling of pools, so as to not confuse its tracking of server-side drift), and use a burst behavior on startup:

pool 2.arch.pool.ntp.org iburst maxsources 4

Offline computers

If your computer is not connected to the internet on startup, it is recommended to use the offline option, to tell Chrony not to try and connect to the servers, until it has been given the go:

pool 2.arch.pool.ntp.org iburst maxsources 4 offline

It may also be a good idea to either use IP addresses instead of host names, or to map the hostnames to IP addresses in your /etc/hosts file, as DNS resolving will not be available until you have made a connection.

Using NTS servers

Since version 4.0 [1], chrony supports Network Time Security (NTS), a cryptographically secured variety of NTP. To use it, add an NTS-secured server, and specify nts at the end, like so:

server time.cloudflare.com iburst nts

You can find a list of all known NTS-supporting servers here.

Real-Time Clock

During boot the initial time is read from the hardware real-time clock (RTC) and the system time is then set, and synchronised over a period of minutes once the chrony daemon has been running for a while. If the hardware clock is out of sync then the initial system time can be some minutes away from the true time. Chrony.conf has three different mechanisms for handling the RTC:

  • The first mechanism is rtcsync, which simply writes the current time to the RTC periodically. This is the classical method used by ntpd, but turns off RTC drift tracking: this is bad for intermittently running desktops, which does a lot of time-keeping on the RTC.
  • The second mechanism is rtcautotrim, which overwrites the RTC time only if it goes above a difference threshold. This method can be used with rtcfile, which allows for keeping track of RTC error.
  • The final mechanism is to do nothing about the RTC, but record its error and drift in rtcfile. The RTC time will stay wrong, but the system time will become correct as chrony has an idea of how wrong it is. The rtctrim command in chronyc can still sync the RTC as needed:
# chronyc
chronyc> trimrtc
200 OK
chronyc> quit
Note: rtcsync and rtcfile cannot be used at the same time. Using rtcfile also prevents tools like hwclock and timedatectl from accessing the RTC. See chrony.conf(5) § System clock for details.

In addition, rtconutc describes whether RTC runs on UTC.

Example: intermittently running desktops

An intermittently running desktop would require the use of rtcfile to keep track of RTC error. A machine running Arch Linux for five years, accumulated a 300 s error within the RTC. After a reboot it took chrony a long time to adjust this difference using the above configuration. If we go for the below instead:

Note: /etc/sysconfig is not available by default and must be created.
/etc/sysconfig/chronyd
OPTIONS='-r -s'
/etc/chrony.conf
dumpdir /var/lib/chrony
rtcfile /var/lib/chrony/rtc

This keeps, interestingly, the RTC still out-of-date, but after each re-start, chrony adjusts the accumulated error of the RTC and the system time is quite synchronous to NTP even shortly after a start.

RTC remains out-of-date because we forgot to add the rtcautotrim line telling chrony to adjust the RTC. If we do add it, both the RTC and the system time will become correct.

Other interesting options

Usefulness:

  • makestep: allow chrony to change the time by abrupt sets instead of frequency adjustments. Doing so may surprise running programs, but helps to fix large errors. makestep 0.1 3 may be desirable for computers that are often offline: only the first three changes will be stepped, so surprises are limited to computer startup.

Precision:

  • server and pool: xleave and presend may help increase accuracy without any compatibility cost.
  • hwtimestamp: some network interface cards can timestamp its packages to account for delays in the network stack. Use hwtimestamp * to turn it on: this will not do anything on adapters without such support.
  • tempcomp: keep track of the relationship between software clock errors (usually due to motherboard crystal temperature changes) and a temperature sensor. For those desiring ultimate precision.

Usage

Starting chronyd

The package provides chronyd.service, see systemd for details.

Note:
  • systemd-timesyncd.service is in conflict with chronyd, so you need to disable it first if you want to enable chronyd properly.

Telling chronyd an internet connection has been made

If you are connected to the internet, run:

# chronyc
chronyc> online
200 OK
chronyc> exit

You may also be interested in the activity option to display status:

# chronyc activity
200 OK
3 sources online
0 sources offline
0 sources doing burst (return to online)
0 sources doing burst (return to offline)
0 sources with unknown address

Chrony should now connect to the configured time servers and update your clock if needed. To tell chrony that you are not connected to the Internet anymore, execute the following:

# chronyc offline
200 OK

# chronyc activity
200 OK
0 sources online
3 sources offline
0 sources doing burst (return to online)
0 sources doing burst (return to offline)
0 sources with unknown address

The online/offline status can be automatically handled by dispatcher services for networkmanager and connman, see below.

Checking configured NTP servers

To check which NTP servers chrony is actually using, and how precise they are, you can use chronyc -N 'sources -a -v':

$ chronyc -N 'sources -a -v'

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current best, '+' = combined, '-' = not combined,
| /             'x' = may be in error, '~' = too variable, '?' = unusable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^+ ptbnts1.ptb.de                1   6   377    50    -38us[  -13us] +/- 8723us
^* ptbnts2.ptb.de                1   6   377    49  +2061ns[  +27us] +/- 7538us
^+ nts.ntp.se                    2   6   377    51   +594us[ +619us] +/-   15ms
^+ nts.sth1.ntp.se               2   6   377    51   +655us[ +680us] +/-   15ms
^+ nts.sth2.ntp.se               2   6   377    53   +991us[+1016us] +/-   15ms
^+ time.cloudflare.com           3   6   377    49  -1250us[-1250us] +/-   10ms

Notifying network state

If you have specified your pools as offline in chrony.conf, you need to tell chrony that the network status has changed.

You can either use chronyc to notify chrony that your network configuration has changed, or you can use a dispatcher for your relevant network configuration manager.

NetworkManager

chronyd can go into online/offline mode along with a network connection through the use of NetworkManager's dispatcher scripts. Create a symlink using the shipped upstream NetworkManager dispatcher:

ln -s /usr/share/doc/chrony/examples/chrony.nm-dispatcher.onoffline /etc/NetworkManager/dispatcher.d/20-chrony-onoffline.sh

You can alternatively install networkmanager-dispatcher-chronyAUR from the AUR.

netctl

Install netctl-dispatcher-chronyAUR from the AUR. This adds a hook to netctl which is run automatically for any connection.

dhcpcd

Create the following hook:

/etc/dhcpcd.exit-hook
if $if_up; then
	chronyc online
elif $if_down; then
	chronyc offline
fi

See dhcpcd-run-hooks(8)

See also