Accurate timekeeping is one of the most important configurations required for reliable communication between network-based computers. It is also needed to ensure system components, including systemd timers and cronjobs, run at the correct time. Computers can utilize the Network Time Protocol (NTP) to synchronize their time to an upstream time server or a pool of servers to maintain accurate time.
In Red Hat Enterprise Linux (RHEL), the chronyd daemon provided by the chrony package is the default NTP client. Alternatively, the chronyd daemon can be configured as a server to provide accurate time to computer systems in your internal network.
This article explains both configurations so that you can implement these settings with your network devices.
Configure chrony as an NTP client
At installation, RHEL configures the chronyd service with default settings. One of these settings utilizes an NTP.org pool as the source for time. This is a perfectly acceptable configuration for most home users as these are reliable time sources. However, in an enterprise environment that follows security best practices, outbound NTP is probably restricted, so an internal NTP time source is required.
To configure the chronyd daemon to utilize an internal or another NTP source, you need to edit the /etc/chrony.conf
file. Once in the file, you will configure one of three different settings for your time source. The two most common options used with chrony to set a time source are server and pool. The server directive allows you to specify a single NTP server as a time source. The pool directive is similar to the server directive, but instead of using a single NTP time source, it allows you to specify a pool of NTP servers. The pool name is expected to resolve to multiple addresses, which could change over time.
The following is an example of a default configuration that syncs the chronyd client to an NTP server listed as ntp.lab.int with the iburst option that allows chronyd to make the first update of the clock sooner:
server ntp.lab.int iburst
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
keyfile /etc/chrony.keys
leapsectz right/UTC
logdir /var/log/chrony
[ Download the Manage your Linux environment for success eBook to learn ways to streamline your work. ]
After applying the configuration changes, restart the chronyd service and verify it is up and running. Finally, check the NTP sources and confirm that the system clock is synchronized correctly to the upstream time server:
$ sudo systemctl restart chronyd.service
$ systemctl is-active chronyd.service
active
$ chronyc sources
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 192.168.50.13 4 6 17 22 +28us[ +26us] +/- 27ms
$ timedatectl
Local time: Wed 2022-05-18 12:47:41 EDT
Universal time: Wed 2022-05-18 16:47:41 UTC
RTC time: Wed 2022-05-18 16:47:42
Time zone: America/New_York (EDT, -0400)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
Configure chrony as an NTP server
One of the best features of the chrony package is the ease with which you can configure an authoritative time server. The first step is to configure the server's own time source, as I showed in the previous section. Once you have configured the time source, you need to configure the allow directive in the chrony.conf
file. The allow directive specifies a particular subnet from which NTP clients can access the NTP server. By default, no clients are allowed access, and chronyd operates purely as an NTP client. Therefore, enabling this directive is a requirement for chronyd to act as an NTP server. You can find more information regarding the allow directive in the chrony.conf
man pages.
[ Ready to move up? Download RHEL 9 for free through the Red Hat Developer program. ]
The following example configures the allow directive to accept connections from the 192.168.0.0/24 subnet:
server ntp.lab.int iburst
allow 192.168.0.0/24
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
keyfile /etc/chrony.keys
leapsectz right/UTC
logdir /var/log/chrony
After configuring the time source, adding the allow directive, and restarting the chronyd service, you need to configure firewalld to permit the NTP service:
$ sudo firewall-cmd --add-service=ntp --permanent
$ sudo firewall-cmd --reload
Finally, configure the NTP clients, as shown in the first section.
Wrap up
This article shows how to configure chrony as an NTP client so you can configure your server to utilize a server or a pool-based time source. It also shows how to configure chrony as an authoritative time server to provide accurate time to your NTP clients in your network.
About the author
Morgan Peterman is a Senior Partner Technical Account Manager for Red Hat OpenShift. He is a Red Hat Certified Engineer (RHCE) and a Red Hat Certified Specialist in OpenShift. Before joining Red Hat, Morgan spent 15 years as a Linux Engineer and Systems Administrator, deploying a wide variety of technologies and delivering cost-cutting IT solutions within the healthcare and travel industries.
More like this
Browse by channel
Automation
The latest on IT automation for tech, teams, and environments
Artificial intelligence
Updates on the platforms that free customers to run AI workloads anywhere
Open hybrid cloud
Explore how we build a more flexible future with hybrid cloud
Security
The latest on how we reduce risks across environments and technologies
Edge computing
Updates on the platforms that simplify operations at the edge
Infrastructure
The latest on the world’s leading enterprise Linux platform
Applications
Inside our solutions to the toughest application challenges
Original shows
Entertaining stories from the makers and leaders in enterprise tech
Products
- Red Hat Enterprise Linux
- Red Hat OpenShift
- Red Hat Ansible Automation Platform
- Cloud services
- See all products
Tools
- Training and certification
- My account
- Customer support
- Developer resources
- Find a partner
- Red Hat Ecosystem Catalog
- Red Hat value calculator
- Documentation
Try, buy, & sell
Communicate
About Red Hat
We’re the world’s leading provider of enterprise open source solutions—including Linux, cloud, container, and Kubernetes. We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.
Select a language
Red Hat legal and privacy links
- About Red Hat
- Jobs
- Events
- Locations
- Contact Red Hat
- Red Hat Blog
- Diversity, equity, and inclusion
- Cool Stuff Store
- Red Hat Summit