Essential Chrony Commands Every System Administrator Should Know

 

1. 
   

Introduction

Chrony is an NTP client and server software designed for keeping accurate time on Linux-based systems. It is especially suited for systems that may have intermittent network connectivity or systems that need to maintain time synchronization during periods of high latency. Unlike older NTP implementations, Chrony is optimized for faster response times, greater precision, and less resource consumption.

Chrony’s main advantages include:

Faster initial synchronization compared to traditional NTP

Better accuracy on systems with unreliable or intermittent network connections

The ability to work with systems that have no permanent internet connection

Easy-to-use configuration and troubleshooting tools

With Chrony, system administrators can ensure that their systems remain in sync with reliable time sources, which is crucial for everything from logging to security protocols and performance monitoring.

Chrony Commands for Systems Administrators: Installing Chrony

Before using Chrony commands, you’ll need to install Chrony on your system. This is a straightforward process.

On CentOS/RHEL/Fedora (Linux-based Distributions)

sudo yum install chrony

sudo dnf install chrony      # CentOS/RHEL 8 or higher

On Ubuntu (Debian-based Distributions)

sudo apt install chrony

Once Chrony is installed, you can start and enable the Chrony service.

Start and Enable Chrony

sudo systemctl enable --now chronyd

This will start the Chrony service and ensure that it starts automatically on boot.

Key Chrony Commands for System Administrators

Checking Synchronization Status

The first thing you need to know when working with Chrony is whether your system is synchronized to a reliable time source. To check the status, use the following command:

chronyc tracking

This command provides detailed information about the synchronization state, including the current time offset and the last time the system synchronized with its time sources.

Reference ID    : 192.168.1.17 (time.dev.naijalabs.net)
Stratum         : 2
Ref time (UTC)  : Sun Feb 17 09:34:16 2025
System time     : 0.000123456 seconds fast
Last offset     : +0.000012345 seconds
RMS offset      : 0.000001234 seconds
Frequency       : 0.000000123 Hz

In the example output (above), you’ll find details like:

Reference ID: The time server to which your system is synced.

Stratum: The level of your time server in the NTP hierarchy.

Last offset: The time difference between your system and the reference time source.

Configuring Chrony Servers

To set up Chrony to synchronize with specific NTP servers, you need to edit the /etc/chrony.conf configuration file. Open the configuration file for editing:

sudo vim /etc/chrony.conf

Inside this file, you can add or modify server entries like so:

server time.dev.naijalabs.net iburst
server time1.example.org iburst

The iburst option ensures rapid synchronization at startup. Once the changes are made, restart the Chrony service to apply them:

sudo systemctl restart chronyd

To verify your server synchronization status, use the following command:

chronyc sources

Your output should look similar to (example output):

MS Name/IP address            Stratum Poll Reach LastRx Last sample
===============================================================================
^- time1.example.org          2  10   377    14  -3658us[-3658us] +/-   34ms
^* time.dev.naijalabs.net     2  10   377   421  +3914us[+3830us] +/-   16ms

Popular Time Servers

Here’s a list of actual time servers widely used and trusted across various network, enterprise, academic and public environments.

#	Time Server Name	IP Address	Stratum	Description
1	pool.ntp.org	162.159.200.123	1	Public NTP server pool providing reliable time synchronization.
2	time.google.com	216.239.35.0	1	Google’s NTP servers offering high availability and accuracy.
3	time.windows.com	131.107.0.0	1	Microsoft’s public time server used for Windows devices.
4	time.apple.com	17.253.56.24	1	Apple’s public time server used by Apple devices and services.
5	time.cloudflare.com	1.1.1.1	1	Cloudflare’s fast and secure time synchronization service.
6	tick.usno.navy.mil	192.5.41.209	0	U.S. Naval Observatory’s official time server.
7	ntp1.za.net	196.190.24.15	2	South African time server operated by ZA-NTCP.
8	ntp2.nict.jp	133.243.238.164	1	National Institute of Information and Communications Technology (Japan).
9	ntp.time.org	216.239.35.4	1	Time.org’s public NTP service offering accurate time data.
10	europe.pool.ntp.org	193.167.212.100	2	European region of the public NTP server pool for global access.

For a reliable configuration, ensure that you configure multiple time sources to avoid disruptions and ensure precision in your system clocks.

Force Synchronization

At times, you may need to manually synchronize the system clock with a time source immediately. Use the chronyc makestep command to force synchronization and correct any clock drift.

sudo chronyc makestep

This command is particularly useful if the system clock is off by a large margin, for instance, after the server is started or the time server has changed.

Configure Additional Time Servers

To add more NTP servers to your Chrony configuration, edit the chrony.conf file or use the chronyc command for dynamic changes. Here’s how you can add an additional server using the chronyc CLI:

sudo chronyc add server 203.0.113.2 iburst

Show Synchronization Sources

To get a more detailed view of the time sources, including reachability, stratum, and timestamps, the chronyc sourcestats command provides an in-depth summary of each server’s statistics.

sudo chronyc sourcestats

Example Output:

MS Name/IP address         Stratum    Poll Reach  LastRx  Last sample
===============================================================================
^+ 203.0.113.2                  2       6   377    20     -0.000038   +/-  0.000079
^* 192.168.1.100                2       6   377    19     +0.000012   +/-  0.000076
^- 198.51.100.200               3       6   377    22     +0.000017   +/-  0.000098

Check Drift (Clock Stability)

Chrony tracks the stability of the system clock with an internal drift file. Use the chronyc activity command to assess how stable your system clock is.

sudo chronyc activity

200 OK
4 sources online
0 sources offline
0 sources doing burst (return to online)
0 sources doing burst (return to offline)
0 sources with unknown address

This command gives you insight into whether Chrony is successfully stabilizing the system clock or if there are any issues in maintaining synchronization.

View Chrony Log

Chrony logs can provide valuable insight into any issues that may arise. On most systems, Chrony logs are stored in the system log files. To view them:

sudo journalctl -u chronyd

This will display recent logs related to the Chrony service. Look for errors or warnings that might indicate time synchronization issues.

Comparison of Chrony Commands and Their Functions

Command	Function
chronyc tracking	Displays the system’s synchronization status
chronyc sources	Shows a list of NTP servers and their synchronization status
chronyc makestep	Forces an immediate synchronization of the system clock
chronyc add server	Adds a new NTP server dynamically
chronyc sourcestats	Provides detailed stats about time sources
chronyc activity	Shows the system’s clock stability and drift
chronyc time	Displays the current time in UTC

Best Practices for Using Chrony

Use Multiple Time Sources: Always configure more than one time source to ensure accurate synchronization, especially if one server becomes unreachable.

Configure Local Time Servers for High Availability: If you are managing a large infrastructure, consider setting up internal time servers that sync with external NTP servers, minimizing dependency on external sources.

Monitor Regularly: Use chronyc tracking and chronyc sources to monitor the status of synchronization regularly. This helps you identify and address potential issues before they affect system performance.