######################################################################### ## # SPECIFY YOUR NTP SERVERS # Most computers using chrony will send measurement requests to one or # more 'NTP servers'. You will probably find that your Internet Service # Provider or company have one or more NTP servers that you can specify. # Failing that, there are a lot of public NTP servers. There is a list # you can access at http://support.ntp.org/bin/view/Servers/WebHome or # you can use servers from the pool.ntp.org project. server 0.pool.ntp.org iburst server 1.pool.ntp.org iburst server 2.pool.ntp.org iburst # However, for dial-up use you probably want these instead. The word # 'offline' means that the server is not visible at boot time. Use # chronyc's 'online' command to tell chronyd that these servers have # become visible after you go on-line. # server 0.pool.ntp.org offline # server 1.pool.ntp.org offline # server 2.pool.ntp.org offline ######################################################################### ## # AVOIDING POTENTIALLY BOGUS CHANGES TO YOUR CLOCK # To avoid changes being made to your computer's gain/loss compensation # when the measurement history is too erratic, you might want to enable # one of the following lines. The first seems good for dial-up (or # other high-latency connections like slow leased lines), the second # seems OK for a LAN environment. # maxupdateskew 100 # maxupdateskew 5 ######################################################################### ## # FILENAMES ETC # Chrony likes to keep information about your computer's clock in files. # The 'driftfile' stores the computer's clock gain/loss rate in parts # per million. When chronyd starts, the system clock can be tuned # immediately so that it doesn't gain or lose any more time. You # generally want this, so it is uncommented. driftfile /var/lib/chrony/drift # If you want to use the program called chronyc to configure aspects of # chronyd's operation once it is running (e.g. tell it the Internet link # has gone up or down), you need a password. This is stored in the # following keys file. (You also need keys to support authenticated NTP # exchanges between cooperating machines.) Again, this option is # assumed by default. keyfile /etc/chrony.keys # Tell chronyd which numbered key in the file is used as the password # for chronyc. (You can pick any integer up to 2**32-1. '1' is just a # default. Using another value will _NOT_ increase security.) commandkey 1 # Generate command key if missing. generatecommandkey # chronyd can save the measurement history for the servers to files when # it it exits. This is useful in 2 situations: # # 1. On Linux, if you stop chronyd and restart it with '-r' (e.g. after # an upgrade), the old measurements will still be relevant when chronyd # is restarted. This will reduce the time needed to get accurate # gain/loss measurements, especially with a dial-up link. # # 2. Again on Linux, if you use the RTC support and start chronyd with # '-r -s' on bootup, measurements from the last boot will still be # useful (the real time clock is used to 'flywheel' chronyd between # boots). # # Enable these two options to use this. # dumponexit # dumpdir /var/lib/chrony # chronyd writes its process ID to a file. If you try to start a second # copy of chronyd, it will detect that the process named in the file is # still running and bail out. If you want to change the path to the PID # file, uncomment this line and edit it. The default path is shown. # pidfile /var/run/chronyd.pid ######################################################################### ## # INITIAL CLOCK CORRECTION # This option is useful to quickly correct the clock on start if it's # off by a large amount. The value '10' means that if the error is less # than 10 seconds, it will be gradually removed by speeding up or # slowing down your computer's clock until it is correct. If the error # is above 10 seconds, an immediate time jump will be applied to correct # it. The value '1' means the step is allowed only on the first update # of the clock. Some software can get upset if the system clock jumps # (especially backwards), so be careful! makestep 10 3 ######################################################################### ## # LOGGING # If you want to log information about the time measurements chronyd has # gathered, you might want to enable the following lines. You probably # only need this if you really enjoy looking at the logs, you want to # produce some graphs of your system's timekeeping performance, or you # need help in debugging a problem. # logdir /var/log/chrony # log measurements statistics tracking # If you have real time clock support enabled, you might want this line # this instead: # log measurements statistics tracking rtc # Normally, chronyd will keep track of how many times each client # machine accesses it. The information can be accessed by the 'clients' # command of chronyc. You can disable this facility by uncommenting the # following line. This will save a bit of memory if you have many # clients. # noclientlog # The clientlog size is limited to 512KB by default. If you have many # clients, especially in many different subnets, you might want to # increase the limit. # clientloglimit 4194304 ######################################################################### ## # REPORTING BIG CLOCK CHANGES # Perhaps you want to know if chronyd suddenly detects any large error # in your computer's clock. This might indicate a fault or a problem # with the server(s) you are using, for example. # # The next option causes a message to be written to syslog when chronyd # has to correct an error above 0.5 seconds (you can use any amount you # like). # logchange 0.5 # The next option will send email to the named person when chronyd has # to correct an error above 0.5 seconds. (If you need to send mail to # several people, you need to set up a mailing list or sendmail alias # for them and use the address of that.) # mailonchange wibble@foobar.org 0.5 ######################################################################### ## # COMMAND ACCESS # The program chronyc is used to show the current operation of chronyd # and to change parts of its configuration whilst it is running. # Normally, chronyd will only allow connections from chronyc on the same # machine as itself. This is for security. If you have a subnet # 192.168.*.* and you want to be able to use chronyc from any machine on # it, you could uncomment the following line. (Edit this to your own # situation.) # cmdallow 192.168/16 # You can add as many 'cmdallow' and 'cmddeny' lines as you like. The # syntax and meaning is the same as for 'allow' and 'deny', except that # 'cmdallow' and 'cmddeny' control access to the chronyd's command port. # NOTE, even if the host where you run chronyc is granted access, you # still need a command key set up and you have to know the password to # put into chronyc to allow you to modify chronyd's parameters. By # default all you can do is view information about chronyd's operation. ######################################################################### ## # REAL TIME CLOCK # chronyd can characterise the system's real-time clock. This is the # clock that keeps running when the power is turned off, so that the # machine knows the approximate time when it boots again. The error at # a particular epoch and gain/loss rate can be written to a file and # used later by chronyd when it is started with the '-s' option. # # You need to have 'enhanced RTC support' compiled into your Linux # kernel. (Note, these options apply only to Linux.) # rtcfile /var/lib/chrony/rtc # The 'rtcsync' directive will enable a kernel mode where the system time # is copied to the real time clock (RTC) every 11 minutes. # This directive is supported only on Linux and cannot be used when the # normal RTC tracking is enabled, i.e. when the 'rtcfile' directive is # used. rtcsync # The 'stratumweight' directive sets how much distance should be added per # stratum to the synchronisation distance when 'chronyd' selects the # synchronisation source from available sources. # The syntax is: "stratumweight ". By default, it is one # second. This usually means that sources with lower stratum will be # preferred to sources with higher stratum even when their distance is # significantly worse. Setting 'stratumweight' to 0 makes 'chronyd' # ignore stratum when selecting the source. stratumweight 0 ######################################################################### ## # ACTING AS AN NTP SERVER # You might want the computer to be an NTP server for other computers. # e.g. you might be running chronyd on a dial-up machine that has a LAN # sitting behind it with several 'satellite' computers on it. # This option allows the UDP port on which the server understands NTP # requests to be specified. For normal servers this option should not # not be required (the default is 123, the standard NTP port). # port 123 # # By default, chronyd does not allow any clients to access it. You need # to explicitly enable access using 'allow' and 'deny' directives. # # e.g. to enable client access from the 192.168.*.* class B subnet, # allow 192.168/16 # .. but disallow the 192.168.100.* subnet of that, # deny 192.168.100/24 # You can have as many allow and deny directives as you need. The order # is unimportant. # If you want chronyd to act as an NTP broadcast server, enable and edit # (and maybe copy) the following line. This means that a broadcast # packet is sent to the address 192.168.1.255 every 60 seconds. The # address MUST correspond to the broadcast address of one of the network # interfaces on your machine. If you have multiple network interfaces, # add a broadcast line for each. # broadcast 60 192.168.1.255 # If you want to present your computer's time for others to synchronise # with, even if you don't seem to be synchronised to any NTP servers # yourself, enable the following line. The value 10 may be varied # between 1 and 15. You should avoid small values because you will look # like a real NTP server. The value 10 means that you appear to be 10 # NTP 'hops' away from an authoritative source (atomic clock, GPS # receiver, radio clock etc). # local stratum 10 # 'chronyd' will trim the rate at which it samples the server during # normal operation, the user may wish to constrain the minimum polling # interval. This is always defined as a power of 2, so