Chrony

This article describes how to set up and run Chrony, an alternative NTP client and server that is roaming friendly and designed specifically for systems that are not online all the time.

Installation

Install the chrony package.

Configuration

The smallest useful configuration file (using IP addresses instead of a hostname) would look something like:

/etc/chrony.conf
server 1.2.3.4 offline
server 5.6.7.8 offline
server 9.10.11.12 offline
driftfile /etc/chrony.drift
keyfile /etc/chrony.keys
generatecommandkey
commandkey 1
rtconutc
rtcsync

NTP Servers

The first thing you define in your /etc/chrony.conf is the servers your machine will synchronize to. NTP servers are classified in a hierarchical system with many levels called strata: the devices which are considered independent time sources are classified as stratum 0 sources; the servers directly connected to stratum 0 devices are classified as stratum 1 sources; servers connected to stratum 1 sources are then classified as stratum 2 sources and so on.

It has to be understood that a server's stratum cannot be taken as an indication of its accuracy or reliability. Typically, stratum 2 servers are used for general synchronization purposes: if you do not already know the servers you are going to connect to, you should use the pool.ntp.org servers (alternate link) and choose the server pool that is closest to your location.

The following lines are just an example:

server 0.pool.ntp.org iburst
server 1.pool.ntp.org iburst
server 2.pool.ntp.org iburst
server 3.pool.ntp.org iburst

If your computer is not connected to the internet on startup, it is recommended to use the offline option, to tell Chrony not to try and connect to the servers, until it has been given the go:

server 0.pool.ntp.org offline
server 1.pool.ntp.org offline
server 2.pool.ntp.org offline
server 3.pool.ntp.org offline

It may also be a good idea to either use IP addresses instead of host names, or to map the hostnames to IP addresses in your /etc/hosts file, as DNS resolving will not be available until you have made a connection.

Command Keys

To tell chronyd that a connection has been established, you need to be able to log in with chronyc. The default /etc/chrony.conf configuration file has the generatecommandkey option set which will generate either a SHA1 or MD5 hash to /etc/chrony.keys the first time chronyd is started that looks like:

/etc/chrony.keys
1 MD5 HEX:BD359B2633CD6105AB8820E47A8D8EAB

The password is the entire string HEX:BD359B2633CD6105AB8820E47A8D8EAB including the HEX: prefix; you can also manually set up a password in plain text like so:

/etc/chrony.keys
1 xyzzy

The configuration option commandkey indicates which entry to use (1, 2, etc.) and is configured by default in /etc/chrony.conf for key number 1:

commandkey 1

By default chronyd only allows connections from the same machine it is running on, no further ACLs need to be configured for basic operation.

Telling chronyd an internet connection has been made

For this to work, you will need to configure the commandkey option in /etc/chrony.conf as shown above. If you are connected to the internet, run:

# chronyc -a
chronyc> online
200 OK
chronyc> exit

The -a option automatically specifies the correct password. You may also be interested in the activity option to display status:

# chronyc -a activity
200 OK
200 OK
3 sources online
0 sources offline
0 sources doing burst (return to online)
0 sources doing burst (return to offline)
0 sources with unknown address

Chrony should now connect to the configured time servers and update your clock if needed. To tell chrony that you are not connected to the Internet anymore, execute the following:

# chronyc -a offline
200 OK
200 OK

# chronyc -a activity
200 OK
200 OK
0 sources online
3 sources offline
0 sources doing burst (return to online)
0 sources doing burst (return to offline)
0 sources with unknown address

The online/offline status can be automatically handled by dispatcher services for networkmanager and connman, see below.

In conclusion, do not forget the user guide at /usr/share/doc/chrony/chrony.txt, which is likely to answer any doubts you could still have. It is also available online. See also the related man pages: man {chrony|chronyc|chronyd|chrony.conf}).

Usage

Starting chronyd

The package provides chrony.service, see systemd for details.

Synchronising chrony hardware clock from the system clock

During boot the initial time is read from the hardware clock (RTC) and the system time is then set, and synchronised over a period of minutes once the chrony daemon has been running for a while. If the hardware clock is out of sync then the initial system time can be some minutes away from the true time. If that is the case it may be necessary to reset the hardware clock.

You can use chronyc to force the current system time to be synced to hardware:

# chronyc> password xyzzy
Password:
200 OK
chronyc> trimrtc
200 OK
chronyc> quit

Then exit from chronyc and the RTC and system time should be within a few microseconds of each other and should then be approximately correct on boot and fully synchronise a short time later.

Notifying network state

If you have specified your pools as offline in chrony.conf, you need to tell chrony that the network status has changed.

You can either use chronyc to notify chrony that your network configuration has changed, or you can use a dispatcher for your relevant network configuration manager.

NetworkManager

chronyd can be go into online/offline mode along with a network connection through the use of NetworkManager's dispatcher scripts. You can install networkmanager-dispatcher-chronyAUR from the AUR.

netctl

Install netctl-dispatcher-chronyAUR from the AUR, and add the included scripts to your netctl profile:

# echo "ExecUpPost='/usr/share/netctl-dispatcher-chrony/chrony-up.sh'" >> /path/to/netctl/profile
# echo "ExecDownPre='/usr/share/netctl-dispatcher-chrony/chrony-down.sh'" >> /path/to/netctl/profile

See also