Inhaltsverzeichnis

NTP - Zeitserver unter CentOS 7 einrichten und nutzen

Zum Abgleichen der Systemuhren unserer Clients, Netzwerkgeräten und realen Servern wie auch virtuellen Maschinen nutzen wird das NTP1). NTP wurde 1985 von David L. Mills entwickelt und wurde als RFC 958 definiert um eine zuverlässige Zeitgabe über Netzwerke mit variabler Paketlaufzeit über das verbindungslose protokolls UDP zu ermöglichen und bekam von der Internet Assigned Numbers Authority den UDP-Ports 123 zugewiesen.

Weitere Hinweise findet man im sehr guten und ausführlichem WIKIPEDIA-Artikel.

NTPD versus Chronyd

Seit CentOS 7 wird neben dem altbekanntem NTP-Daemon ntp ein weiterer Daemon Namens chrony zur Verfügung gestellt. In Adminkreisen wurde dazu oft spekuliert und argumentiert, warum RedHat einen Daemon als Default zur Verfügung gestellt wird, der vom Entwickler hauptsächlich für mobile Geräte oder nur unregelmäßig laufenden Systemen gebaut hat.

Im Kapitel 15.1.1. Differences Between ntpd and chronyd finden sich detailierte Angaben, welche Vor- und Nachteile der Daemon chronyd gegenüber dem NTP Daemon ntphat. Im gleich anschließendem Kapitel 15.1.2. Choosing Between NTP Daemons finden sich dann auch noch weitere Informationen, welcher Daemon wann eingesetzt werden soll.

Eine detailierte Gegenüberstellung von chronyd, ntpd und openntpd ist auf der Seite Comparison of NTP implementations zu finden.

Vor allem folgende Punkte können im Virtualisierungsumfeld erhebliche stabilere synchronisierte Zeiten erreicht werden:

  • chronyd can usually synchronize the clock faster and with better time accuracy.
  • chronyd quickly adapts to sudden changes in the rate of the clock.
  • chronyd can adjust the rate of the clock on a Linux system in a larger range, which allows it to operate even on machines with a broken or unstable clock. For example, on some virtual machines.

Die nachfolgende Graphik zeigt exemplarisch den Offset mehrerer virtueller CentOS-Systeme. Der Offset wird dabei von einem Icinga2-Monitoring-Server laufend überwacht.

Bild: Icinga 2 Monitoring von virtuellen Systemen im Vergleich von ntpd und chronyd

Die Server vml000010 bis vml000050 benutzen für den Abgleich der Zeiten das Paket ntp; die Server vml000052 bis vml000117 hingegen nutzen den Daemon chrony. Bemerkenswert bei diesem Vergleich ist, dass der Offset der einzelnen virtuellen Maschinen bei der Verwendung von chronyd um den Faktor 10 - 100 geringer ist, als bei den vergleichbaren ntp bestückten Systemen.

Ähnliche Ergebnisse kann man auch beim direkten Vergleich der zur Verfügung stehenden Zeitquellen an einem Host mit Hilfe von ntpq.

 # watch -d -n 1 "ntpq -pn4"
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
+10.0.0.20       85.10.200.230    2 u  127  128  377    0.184    1.495   0.113
*10.0.0.57       193.175.73.151   2 u  128  128  377    0.166    0.233   0.124
+10.0.0.127      78.111.224.11    2 u   79  128  377    0.150    1.992   1.517

In dem gezeigtem Beispiel wurde der Test auf einem CentOS 6 Host vorgenommen, wobei die Hosts folgender Natur waren:

Diese beiden Beispiele und die Konfigurationsempfehlung von RedHat finden daher bei den Installation Rund um Djangos WIKI entsprechend Berücksichtigung.

chronyd

Installation

Falls nicht schon bei der Erstinstallation geschehen, installieren wir erst ein mal das benötige RPM chrony für den Abgleich mit unserem Zeitserver.

 # yum install chrony

Dokumentation

Was uns das Paket alles mitgebracht hat, zeigt uns der Aufruf vom Befehl rpm mit der Option -qil.

 # rpm -qil chrony
Name        : chrony
Version     : 1.29.1
Release     : 1.el7.centos
Architecture: x86_64
Install Date: Thu 12 Mar 2015 09:40:10 AM CET
Group       : System Environment/Daemons
Size        : 567017
License     : GPLv2
Signature   : RSA/SHA256, Fri 04 Jul 2014 02:57:41 AM CEST, Key ID 24c6a8a7f4a80eb5
Source RPM  : chrony-1.29.1-1.el7.centos.src.rpm
Build Date  : Wed 18 Jun 2014 11:18:41 PM CEST
Build Host  : worker1.bsys.centos.org
Relocations : (not relocatable)
Packager    : CentOS BuildSystem <http://bugs.centos.org>
Vendor      : CentOS
URL         : http://chrony.tuxfamily.org
Summary     : An NTP client/server
Description :
A client/server for the Network Time Protocol, this program keeps your
computer's clock accurate. It was specially designed to support
systems with intermittent internet connections, but it also works well
in permanently connected environments. It can use also hardware reference
clocks, system real-time clock or manual input as time references.
/etc/NetworkManager/dispatcher.d/20-chrony
/etc/chrony.conf
/etc/chrony.keys
/etc/dhcp/dhclient.d/chrony.sh
/etc/logrotate.d/chrony
/usr/bin/chronyc
/usr/lib/systemd/ntp-units.d/50-chronyd.list
/usr/lib/systemd/system/chrony-wait.service
/usr/lib/systemd/system/chronyd.service
/usr/libexec/chrony-helper
/usr/sbin/chronyd
/usr/share/doc/chrony-1.29.1
/usr/share/doc/chrony-1.29.1/COPYING
/usr/share/doc/chrony-1.29.1/NEWS
/usr/share/doc/chrony-1.29.1/README
/usr/share/doc/chrony-1.29.1/chrony.conf.example
/usr/share/doc/chrony-1.29.1/chrony.conf.example2
/usr/share/doc/chrony-1.29.1/chrony.keys.example
/usr/share/doc/chrony-1.29.1/chrony.txt
/usr/share/doc/chrony-1.29.1/faq.txt
/usr/share/info/chrony.info.gz
/usr/share/man/man1/chrony.1.gz
/usr/share/man/man1/chronyc.1.gz
/usr/share/man/man5/chrony.conf.5.gz
/usr/share/man/man8/chronyd.8.gz
/var/lib/chrony
/var/lib/chrony/drift
/var/lib/chrony/rtc
/var/log/chrony

Im Verzeichnis /usr/share/doc/chrony-*/ finden sich sowohl Konfigurationsbeispiele wie auch eine ausführliche Programm- und Konfigurationsbeschreibungen.

Userguid der chrony suite

Eine genaue Beschreibung zur Konfiguration unterschiedlichster Einsatzszenarien wie auch der Konfigurations-Optionen von chrony finden sich in der Datei chrony.txt aus dem Verzeichnis /usr/share/doc/chrony-*/.

 # less /usr/share/doc/chrony-*/chrony.txt
User guide for the chrony suite                                       
*******************************                                       

1 Introduction
**************

1.1 Overview
============

Chrony is a software package for maintaining the accuracy of computer
system clocks.  It consists of a pair of programs :                  

   * 'chronyd'.  This is a daemon which runs in background on the
     system.  It obtains measurements (e.g.  via the network) of the
     system's offset relative to other systems, and adjusts the system
     time accordingly.  For isolated systems, the user can periodically
     enter the correct time by hand (using 'chronyc').  In either case,
     'chronyd' determines the rate at which the computer gains or loses
     time, and compensates for this.                                   

     'chronyd' can also act as an NTP server, and provide a time-of-day
     service to other computers.  A typical set-up is to run 'chronyd' 
     on a gateway computer that has a dial-up link to the Internet, and
     use it to serve time to computers on a private LAN sitting behind 
     the gateway.  The IP addresses that can act as clients of 'chronyd'
     can be tightly controlled.  The default is no client access.       

   * 'chronyc'.  This is a command-line driven control and monitoring
     program.  An administrator can use this to fine-tune various    
     parameters within the daemon, add or delete servers etc whilst the
     daemon is running.                                                

     The IP addresses from which 'chronyc' clients may connect can be
     tightly controlled.  The default is just the computer that      
     'chronyd' itself is running on.                                 

1.2 Acknowledgements
====================

The 'chrony' suite makes use of the algorithm known as _RSA Data
Security, Inc.  MD5 Message-Digest Algorithm_ for authenticating
messages between different machines on the network.             

   In writing the 'chronyd' program, extensive use has been made of
RFC1305, written by David Mills.  The 'ntp' suite's source code has been
occasionally used to check details of the protocol that the RFC did not 
make absolutely clear.  The core algorithms in 'chronyd' are all        
completely distinct from 'ntp', however.                                

1.3 Availability
================

1.3.1 Getting the software
--------------------------

Links on the chrony home page (http://chrony.tuxfamily.org) describe how
to obtain the software.                                                 

1.3.2 Platforms
---------------

Although most of the program is portable between Unix-like systems,
there are parts that have to be tailored to each specific vendor's 
system.  These are the parts that interface with the operating system's
facilities for adjusting the system clock; different operating systems 
may provide different function calls to achieve this, and even where the
same function is used it may have different quirks in its behaviour.    

   The software is known to work in the following environments:
   * Linux 2.2 and newer                                       

   * NetBSD
   * BSD/386

   * Solaris 2.3/2.5/2.5.1/2.6/2.7/2.8 on Sparc (Sparc 20, Ultrasparc)
     and i386                                                         

   * SunOS 4.1.4 on Sparc 2 and Sparc20.

   Closely related systems may work too, but they have not been tested.

   Porting the software to other system (particularly to those
supporting an 'adjtime' system call) should not be difficult, however it
requires access to such systems to test out the driver.                 

1.4 Relationship to other software packages
===========================================

1.4.1 ntpd
----------

The 'reference' implementation of the Network Time Protocol is the
program 'ntpd', available via The NTP home page (http://www.ntp.org/).

   One of the main differences between 'ntpd' and 'chronyd' is in the
algorithms used to control the computer's clock.  Things 'chronyd' can
do better than 'ntpd':                                                

   * 'chronyd' can perform usefully in an environment where access to
     the time reference is intermittent.  'ntpd' needs regular polling
     of the reference to work well.                                   
   * 'chronyd' can usually synchronise the clock faster and with better
     time accuracy.                                                    
   * 'chronyd' quickly adapts to sudden changes in the rate of the clock
     (e.g.  due to changes in the temperature of the crystal            
     oscillator).  'ntpd' may need a long time to settle down again.    
   * 'chronyd' can perform well even when the network is congested for  
     longer periods of time.                                            
   * 'chronyd' in the default configuration never steps the time to not 
     upset other running programs.  'ntpd' can be configured to never   
     step the time too, but it has to use a different means of adjusting
     the clock, which has some disadvantages.                           
   * 'chronyd' can adjust the rate of the clock on Linux in a larger    
     range, which allows it to operate even on machines with broken or  
     unstable clock (e.g.  in some virtual machines).                   

   Things 'chronyd' can do that 'ntpd' can't:

   * 'chronyd' provides support for isolated networks whether the only
     method of time correction is manual entry (e.g.  by the          
     administrator looking at a clock).  'chronyd' can look at the    
     errors corrected at different updates to work out the rate at which
     the computer gains or loses time, and use this estimate to trim the
     computer clock subsequently.                                       

   * 'chronyd' provides support to work out the gain or loss rate of the
     'real-time clock', i.e.  the clock that maintains the time when the
     computer is turned off.  It can use this data when the system boots
     to set the system time from a corrected version of the real-time   
     clock.  These real-time clock facilities are only available on     
     Linux, so far.                                                     

   Things 'ntpd' can do that 'chronyd' can't:

   * 'ntpd' fully supports NTP version 4 (RFC5905), including broadcast,
     multicast, manycast clients / servers and the orphan mode.  It also
     supports extra authentication schemes based on public-key          
     cryptography (RFC5906).  'chronyd' uses NTP version 3 (RFC1305),   
     which is compatible with version 4.                                

   * 'ntpd' has been ported to more types of computer / operating
     system.                                                     

   * 'ntpd' includes drivers for many reference clocks.  'chronyd'
     relies on other programs (e.g.  gpsd) to access the data from the
     reference clocks.                                                

1.4.2 timed
-----------

'timed' is a program that is part of the BSD networking suite.  It uses
broadcast packets to find all machines running the daemon within a     
subnet.  The machines elect a master which periodically measures the   
system clock offsets of the other computers using ICMP timestamps.     
Corrections are sent to each member as a result of this process.       

   Problems that may arise with 'timed' are :

   * Because it uses broadcasts, it is not possible to isolate its
     functionality to a particular group of computers; there is a risk
     of upsetting other computers on the same network (e.g.  where a  
     whole company is on the same subnet but different departments are
     independent from the point of view of administering their        
     computers.)                                                      
   * The update period appears to be 10 minutes.  Computers can build up
     significant offsets relative to each other in that time.  If a     
     computer can estimate its rate of drift it can keep itself closer  
     to the other computers between updates by adjusting its clock every
     few seconds.  'timed' does not seem to do this.                    
   * 'timed' does not have any integrated capability for feeding        
     real-time into its estimates, or for estimating the average rate of
     time loss/gain of the machines relative to real-time (unless one of
     the computers in the group has access to an external reference and 
     is always appointed as the 'master').                              

   'timed' does have the benefit over 'chronyd' that for isolated
networks of computers, they will track the 'majority vote' time.  For
such isolated networks, 'chronyd' requires one computer to be the    
'master' with the others slaved to it.  If the master has a particular
defective clock, the whole set of computers will tend to slip relative
to real time (but they _will_ stay accurate relative to one another). 

1.5 Distribution rights and (lack of) warranty
==============================================

Chrony may be distributed in accordance with the GNU General Public
License version 2, reproduced in *Note GPL::.                      

1.6 Bug reporting and suggestions
=================================

If you think you've found a bug in chrony, or have a suggestion, please
let us know.  You can join chrony users mailing list by sending a      
message with the subject subscribe to                                  
<chrony-users-request@chrony.tuxfamily.org>.  Only subscribers can post
to the list.                                                           

   When you are reporting a bug, please send us all the information you
can.  Unfortunately, chrony has proven to be one of those programs where
it is very difficult to reproduce bugs in a different environment.  So  
we may have to interact with you quite a lot to obtain enough extra     
logging and tracing to pin-point the problem in some cases.  Please be  
patient and plan for this!                                              

   Of course, if you can debug the problem yourself and send us a source
code patch to fix it, we will be very grateful!                         

1.7 Contributions
=================

Although chrony is now a fairly mature and established project, there
are still areas that could be improved.  If you can program in C and 
have some expertise in these areas, you might be able to fill the gaps.

   Particular areas that need addressing are :

  1. Porting to other Unices

     This involves creating equivalents of sys_solaris.c, sys_linux.c
     etc for the new system.  Note, the Linux driver has been reported
     as working on a range of different architectures (Alpha, Sparc,  
     MIPS as well as x86 of course).                                  

  2. Porting to Windows NT

     A small amount of work on this was done under Cygwin.  Only the
     sorting out of the include files has really been achieved so far.
     The two main areas still to address are                          

       1. The system clock driver.
       2. How to make chronyd into an NT service (i.e.  what to replace
          fork(), setsid() etc with so that chronyd can be automatically
          started in the system bootstrap.                              

  3. More drivers for reference clock support

  4. Automation of the trimrtc and writertc mechanisms

     Currently, the RTC trimming mechanism is a manual operation,
     because there has to be a reasonable guarantee that the system will
     stay up for a reasonable length of time afterwards.  (If it is shut
     down too soon, a poor characterisation of the RTC drift rate will  
     be stored on disc, giving a bad system clock error when the system 
     is next booted.)                                                   

     To make chrony more automated for the non-expert user, it would be
     useful if this problem could be avoided so that trimrtc could be  
     done automatically (e.g.  in a crontab, or as part of the ip-up or
     ip-down scripts.)                                                 

2 Installation
**************

The software is distributed as source code which has to be compiled.
The source code is supplied in the form of a gzipped tar file, which
unpacks to a subdirectory identifying the name and version of the   
program.                                                            

   After unpacking the source code, change directory into it, and type

     ./configure

   This is a shell script that automatically determines the system type.
There is a single optional parameter, '--prefix' which indicates the    
directory tree where the software should be installed.  For example,    

     ./configure --prefix=/opt/free

   will install the 'chronyd' daemon into /opt/free/sbin and the chronyc
control program into /opt/free/bin.  The default value for the prefix is
/usr/local.                                                             

   The configure script assumes you want to use gcc as your compiler.
If you want to use a different compiler, you can configure this way: 

     CC=cc CFLAGS=-O ./configure --prefix=/opt/free

   for Bourne-family shells, or

     setenv CC cc
     setenv CFLAGS -O
     ./configure --prefix=/opt/free

   for C-family shells.

   If the software cannot (yet) be built on your system, an error
message will be shown.  Otherwise, 'Makefile' will be generated. 

   If editline or readline library is available, chronyc will be built
with line editing support.  If you don't want this, specify the       
-disable-readline flag to configure.  Please refer to *note line editing
support:: for more information.                                         

   If a 'timepps.h' header is available, chronyd will be built with PPS
API reference clock driver.  If the header is installed in a location  
that isn't normally searched by the compiler, you can add it to the    
searched locations by setting 'CPPFLAGS' variable to                   
'-I/path/to/timepps'.                                                  

   Now type

     make

   to build the programs.

   If you want to build the manual in plain text, HTML and info
versions, type                                                 

     make docs

   Once the programs have been successfully compiled, they need to be
installed in their target locations.  This step normally needs to be 
performed by the superuser, and requires the following command to be 
entered.                                                             

     make install

   This will install the binaries, plain text manual and manpages.

   To install the HTML and info versions of the manual as well, enter
the command                                                          

     make install-docs

   If you want chrony to appear in the top level info directory listing,
you need to run the 'install-info' command manually after this step.    
'install-info' takes 2 arguments.  The first is the path to the         
'chrony.info' file you have just installed.  This will be the argument  
you gave to -prefix when you configured ('/usr/local' by default), with 
'/share/info/chrony.info' on the end.  The second argument is the       
location of the file called 'dir'.  This will typically be              
'/usr/share/info/dir'.  So the typical command line would be            

     install-info /usr/local/share/info/chrony.info /usr/share/info/dir

   Now that the software is successfully installed, the next step is to
set up a configuration file.  The contents of this depend on the network
environment in which the computer operates.  Typical scenarios are      
described in the following section of the document.                     

2.1 Support for line editing libraries
======================================

Chronyc can be built with support for line editing, this allows you to
use the cursor keys to replay and edit old commands.  Two libraries are
supported which provide such functionality, editline and GNU readline. 

   Please note that readline since version 6.0 is licensed under GPLv3+
which is incompatible with chrony's license GPLv2.  You should use     
editline instead if you don't want to use older readline versions.     

   The configure script will automatically enable the line editing
support if one of the supported libraries is available.  If they are
both available, the editline library will be used.                  

   If you don't want to use it (in which case chronyc will use a minimal
command line interface), invoke configure like this:                    

     ./configure --disable-readline other-options...

   If you have editline, readline or ncurses installed in locations that
aren't normally searched by the compiler and linker, you need to use    
extra options:                                                          

'--with-readline-includes=directory_name'
     This defines the name of the directory above the one where
     'readline.h' is.  'readline.h' is assumed to be in 'editline' or
     'readline' subdirectory of the named directory.                 

'--with-readline-library=directory_name'
     This defines the directory containing the 'libedit.a' or
     'libedit.so' file, or 'libreadline.a' or 'libreadline.so' file.

'--with-ncurses-library=directory_name'
     This defines the directory containing the 'libncurses.a' or
     'libncurses.so' file.                                      

2.2 Extra options for package builders
======================================

The configure and make procedures have some extra options that may be
useful if you are building a distribution package for chrony.        

   The -infodir=DIR option to configure specifies an install directory
for the info files.  This overrides the 'info' subdirectory of the    
argument to the -prefix option.  For example, you might use           

     ./configure --prefix=/usr --infodir=/usr/share/info

   The -mandir=DIR option to configure specifies an install directory
for the man pages.  This overrides the 'man' subdirectory of the     
argument to the -prefix option.                                      

     ./configure --prefix=/usr --infodir=/usr/share/info --mandir=/usr/share/man

   to set both options together.

   The final option is the DESTDIR option to the make command.  For
example, you could use the commands                                

     ./configure --prefix=/usr --infodir=/usr/share/info --mandir=/usr/share/man
     make all docs                                                              
     make install DESTDIR=./tmp                                                 
     cd tmp                                                                     
     tar cvf - . | gzip -9 > chrony.tar.gz                                      

   to build a package.  When untarred within the root directory, this
will install the files to the intended final locations.              

3 Typical operating scenarios
*****************************

3.1 Computers connected to the internet
=======================================

In this section we discuss how to configure chrony for computers that
have permanent connections to the internet (or to any network containing
true NTP servers which ultimately derive their time from a reference    
clock).                                                                 

   To operate in this mode, you will need to know the names of the NTP
server machines you wish to use.  You may be able to find names of    
suitable servers by one of the following methods:                     

   * Your institution may already operate servers on its network.
     Contact your system administrator to find out.              

   * Your ISP probably has one or more NTP servers available for its
     customers.                                                     

   * Somewhere under the NTP homepage there is a list of public stratum
     1 and stratum 2 servers.  You should find one or more servers that
     are near to you -- check that their access policy allows you to use
     their facilities.                                                  

   * Use public servers from the pool.ntp.org project
     (http://www.pool.ntp.org/).                     

   Assuming that you have found some servers, you need to set up a
configuration file to run chrony.  The (compiled-in) default location
for this file is '/etc/chrony.conf'.  Assuming that your ntp servers are
called 'a.b.c' and 'd.e.f', your 'chrony.conf' file could contain as a  
minimum                                                                 

     server a.b.c
     server d.e.f
     server g.h.i

   However, you will probably want to include some of the other
directives described later.  The following directives will be  
particularly useful : 'driftfile', 'commandkey', 'keyfile'.  The
smallest useful configuration file would look something like    

     server a.b.c
     server d.e.f
     server g.h.i
     keyfile /etc/chrony.keys
     commandkey 1            
     driftfile /var/lib/chrony/drift

3.2 Infrequent connection to true NTP servers
=============================================

In this section we discuss how to configure chrony for computers that
have occasional connections to the internet.                         

3.2.1 Setting up the configuration file for infrequent connections
------------------------------------------------------------------

As in the previous section, you will need access to NTP servers on the
internet.  The same remarks apply for how to find them.               

   In this case, you will need some additional configuration to tell
'chronyd' when the connection to the internet goes up and down.  This
saves the program from continuously trying to poll the servers when they
are inaccessible.                                                       

   Again, assuming that your ntp servers are called 'a.b.c' and 'd.e.f',
your 'chrony.conf' file would need to contain something like            

     server a.b.c
     server d.e.f
     server g.h.i

   However, your computer will keep trying to contact the servers to
obtain timestamps, even whilst offline.  If you operate a dial-on-demand
system, things are even worse, because the link to the internet will    
keep getting established.                                               

   For this reason, it would be better to specify this part of your
configuration file in the following way:                           

     server a.b.c offline
     server d.e.f offline
     server g.h.i offline

   The 'offline' keyword indicates that the servers start in an offline
state, and that they should not be contacted until 'chronyd' receives  
notification that the link to the internet is present.                 

   In order to notify 'chronyd' of the presence of the link, you will
need to be able to log in to it with the program chronyc.  To do this,
'chronyd' needs to be configured with an administrator password.  To set
up an administrator password, you can create a file '/etc/chrony.keys'  
containing a single line                                                

     1 ALongAndRandomPassword

   and add the following line to '/etc/chrony.conf' (the order of the
lines does not matter)                                               

     commandkey 1

   The smallest useful configuration file would look something like

     server a.b.c offline
     server d.e.f offline
     server g.h.i offline
     keyfile /etc/chrony.keys
     commandkey 1            
     driftfile /var/lib/chrony/drift

   The next section describes how to tell 'chronyd' when the internet
link goes up and down.                                               

3.2.2 How to tell chronyd when the internet link is available.
--------------------------------------------------------------

To use this option, you will need to configure a command key in
'chronyd's' configuration file '/etc/chrony.conf', as described in the
previous section.                                                     

   To tell 'chronyd' when to start and finish sampling the servers, the
'online' and 'offline' commands of chronyc need to be used.  To give an
example of their use, we assume that 'pppd' is the program being used to
connect to the internet, and that chronyc has been installed at its     
default location '/usr/bin/chronyc'.  We also assume that the command   
key has been set up as described in the previous section.               

   In the file '/etc/ppp/ip-up' we add the command sequence

     /usr/bin/chronyc -a online

   and in the file '/etc/ppp/ip-down' we add the sequence

     /usr/bin/chronyc -a offline

   'chronyd's' polling of the servers will now only occur whilst the
machine is actually connected to the Internet.                      

3.3 Isolated networks
=====================

In this section we discuss how to configure chrony for computers that
never have network conectivity to any computer which ultimately derives
its time from a reference clock.                                       

   In this situation, one computer is selected to be the master
timeserver.  The other computers are either direct clients of the
master, or clients of clients.                                   

   The rate value in the master's drift file needs to be set to the
average rate at which the master gains or loses time.  'chronyd'   
includes support for this, in the form of the 'manual' directive in the
configuration file and the 'settime' command in the 'chronyc' program. 

   If the master is rebooted, 'chronyd' can re-read the drift rate from
the drift file.  However, the master has no accurate estimate of the   
current time.  To get around this, the system can be configured so that
the master can initially set itself to a 'majority-vote' of selected   
clients' times; this allows the clients to 'flywheel' the master across
its outage.                                                            

   A typical configuration file for the master (called 'master') might
be (assuming the clients are in the 192.168.165.x subnet and that the 
master's address is 192.168.169.170)                                  

     driftfile /var/lib/chrony/drift
     commandkey 25                  
     keyfile /etc/chrony.keys       
     initstepslew 10 client1 client3 client6
     local stratum 8                        
     manual                                 
     allow 192.168.165                      

   For the clients that have to resynchronise the master when it
restarts, the configuration file might be                       

     server master
     driftfile /var/lib/chrony/drift
     logdir /var/log/chrony         
     log measurements statistics tracking
     keyfile /etc/chrony.keys            
     commandkey 24                       
     local stratum 10                    
     initstepslew 20 master              
     allow 192.168.169.170               

   The rest of the clients would be the same, except that the 'local'
and 'allow' directives are not required.                             

3.4 The home PC with a dial-up connection
=========================================

3.4.1 Assumptions/how the software works
----------------------------------------

This section considers the home computer which has a dial-up connection.
It assumes that Linux is run exclusively on the computer.  Dual-boot    
systems may work; it depends what (if anything) the other system does to
the system's real-time clock.                                           

   Much of the configuration for this case is discussed earlier (*note
Infrequent connection::).  This section addresses specifically the case
of a computer which is turned off between 'sessions'.                  

   In this case, 'chronyd' relies on the computer's real-time clock
(RTC) to maintain the time between the periods when it is powered up.
The arrangement is shown in the figure below.                        

                 trim if required                          PSTN
           +---------------------------+               +----------+
           |                           |               |          |
           v                           |               |          |
     +---------+                    +-------+       +-----+     +---+
     | System's|  measure error/    |chronyd|       |modem|     |ISP|
     |real-time|------------------->|       |-------|     |     |   |
     |  clock  |   drift rate       +-------+       +-----+     +---+
     +---------+                       ^                          |  
           |                           |                          |  
           +---------------------------+                  --o-----o---
              set time at boot up                           |         
                                                       +----------+   
                                                       |NTP server|   
                                                       +----------+   

   When the computer is connected to the Internet (via the modem),
'chronyd' has access to external NTP servers which it makes measurements
from.  These measurements are saved, and straight-line fits are         
performed on them to provide an estimate of the computer's time error   
and rate of gaining/losing time.                                        

   When the computer is taken offline from the Internet, the best
estimate of the gain/loss rate is used to free-run the computer until it
next goes online.                                                       

   Whilst the computer is running, 'chronyd' makes measurements of the
real-time clock (RTC) (via the '/dev/rtc' interface, which must be    
compiled into the kernel).  An estimate is made of the RTC error at a 
particular RTC second, and the rate at which the RTC gains or loses time
relative to true time.                                                  

   On 2.6 and later kernels, if your motherboard has a HPET, you need to
enable the 'HPET_EMULATE_RTC' option in your kernel configuration.      
Otherwise, chrony will not be able to interact with the RTC device and  
will give up using it.                                                  

   When the computer is powered down, the measurement histories for all
the NTP servers are saved to files (if the 'dumponexit' directive is   
specified in the configuration file), and the RTC tracking information 
is also saved to a file (if the 'rtcfile' directive has been specified).
These pieces of information are also saved if the 'dump' and 'writertc' 
commands respectively are issued through 'chronyc'.                     

   When the computer is rebooted, 'chronyd' reads the current RTC time
and the RTC information saved at the last shutdown.  This information is
used to set the system clock to the best estimate of what its time would
have been now, had it been left running continuously.  The measurement  
histories for the servers are then reloaded.                            

   The next time the computer goes online, the previous sessions'
measurements can contribute to the line-fitting process, which gives a
much better estimate of the computer's gain/loss rate.                

   One problem with saving the measurements and RTC data when the
machine is shut down is what happens if there is a power failure; the
most recent data will not be saved.  Although 'chronyd' is robust enough
to cope with this, some performance may be lost.  (The main danger      
arises if the RTC has been changed during the session, with the         
'trimrtc' command in 'chronyc'.  Because of this, 'trimrtc' will make   
sure that a meaningful RTC file is saved out after the change is        
completed).                                                             

   The easiest protection against power failure is to put the 'dump' and
'writertc' commands in the same place as the 'offline' command is issued
to take 'chronyd' offline; because 'chronyd' free-runs between online   
sessions, no parameters will change significantly between going offline 
from the Internet and any power failure.                                

   A final point regards home computers which are left running for
extended periods and where it is desired to spin down the hard disc when
it is not in use (e.g.  when not accessed for 15 minutes).  'chronyd'   
has been planned so it supports such operation; this is the reason why  
the RTC tracking parameters are not saved to disc after every update,   
but only when the user requests such a write, or during the shutdown    
sequence.  The only other facility that will generate periodic writes to
the disc is the 'log rtc' facility in the configuration file; this      
option should not be used if you want your disc to spin down.           

3.4.2 Typical configuration files.
----------------------------------

To illustrate how a dial-up home computer might be configured, example
configuration files are shown in this section.                        

   For the '/etc/chrony.conf' file, the following can be used as an
example.                                                           

     server 0.pool.ntp.org minpoll 5 maxpoll 10 maxdelay 0.4 offline
     server 1.pool.ntp.org minpoll 5 maxpoll 10 maxdelay 0.4 offline
     server 2.pool.ntp.org minpoll 5 maxpoll 10 maxdelay 0.4 offline
     logdir /var/log/chrony                                         
     log statistics measurements tracking                           
     driftfile /var/lib/chrony/drift                                
     keyfile /etc/chrony.keys                                       
     commandkey 25                                                  
     maxupdateskew 100.0                                            
     dumponexit                                                     
     dumpdir /var/lib/chrony                                        
     rtcfile /var/lib/chrony/rtc                                    

   'pppd' is used for connecting to the internet.  This runs two scripts
'/etc/ppp/ip-up' and '/etc/ppp/ip-down' when the link goes online and   
offline respectively.                                                   

   The relevant part of the '/etc/ppp/ip-up' file is

     /usr/bin/chronyc -a online

   and the relevant part of the '/etc/ppp/ip-down' script is

     /usr/bin/chronyc -a -m offline dump writertc

   To start 'chronyd' during the boot sequence, the following is in
'/etc/rc.d/rc.local' (this is a Slackware system)                  

     if [ -f /usr/sbin/chronyd -a -f /etc/chrony.conf ]; then
       /usr/sbin/chronyd -r -s                               
       echo "Start chronyd"                                  
     fi                                                      

   The placement of this command may be important on some systems.  In
particular, 'chronyd' may need to be started before any software that 
depends on the system clock not jumping or moving backwards, depending
on the directives in 'chronyd's' configuration file.                  

   For the system shutdown, 'chronyd' should receive a SIGTERM several
seconds before the final SIGKILL; the SIGTERM causes the measurement  
histories and RTC information to be saved out.                        

3.5 Other important configuration options
=========================================

The most common option to include in the configuration file is the
'driftfile' option.  One of the major tasks of 'chronyd' is to work out
how fast or how slow the system clock runs relative to real time - e.g.
in terms of seconds gained or lost per day.  Measurements over a long  
period are usually required to refine this estimate to an acceptable   
degree of accuracy.  Therefore, it would be bad if 'chronyd' had to work
the value out each time it is restarted, because the system clock would 
not run so accurately whilst the determination is taking place.         

   To avoid this problem, 'chronyd' allows the gain or loss rate to be
stored in a file, which can be read back in when the program is       
restarted.  This file is called the drift file, and might typically be
stored in '/var/lib/chrony/drift'.  By specifying an option like the  
following                                                             

     driftfile /var/lib/chrony/drift

   in the configuration file ('/etc/chrony.conf'), the drift file
facility will be activated.                                      

4 Usage reference
*****************

4.1 Starting chronyd
====================

If 'chronyd' has been installed to its default location
'/usr/sbin/chronyd', starting it is simply a matter of entering the
command                                                            

     /usr/sbin/chronyd

   Information messages and warnings will be logged to syslog.

   The command line options supported are as follows:

'-n'
     When run in this mode, the program will not detach itself from the
     terminal.                                                         
'-d'                                                                   
     When run in this mode, the program will not detach itself from the
     terminal, and all messages will be sent to the terminal instead of
     to syslog.                                                        
'-f <conf-file>'                                                       
     This option can be used to specify an alternate location for the  
     configuration file (default '/etc/chrony.conf').                  
'-r'                                                                   
     This option will reload sample histories for each of the servers  
     being used.  These histories are created by using the 'dump'      
     command in 'chronyc', or by setting the 'dumponexit' directive in 
     the configuration file.  This option is useful if you want to stop
     and restart 'chronyd' briefly for any reason, e.g.  to install a  
     new version.  However, it only makes sense on systems where the   
     kernel can maintain clock compensation whilst not under 'chronyd's'
     control.  The only version where this happens so far is Linux.  On 
     systems where this is not the case, e.g.  Solaris and SunOS the    
     option should not be used.                                         
'-R'                                                                    
     When this option is used, the 'initstepslew' directive and the     
     'makestep' directive used with a positive limit will be ignored.   
     This option is useful when restarting 'chronyd' and can be used in 
     conjuction with the '-r' option.                                   

'-s'
     This option will set the system clock from the computer's real-time
     clock.  This is analogous to supplying the '-s' flag to the        
     '/sbin/clock' program during the Linux boot sequence.              

     Support for real-time clocks is limited at present - the criteria
     are described in the section on the 'rtcfile' directive (*note   
     rtcfile directive::).                                            

     If 'chronyd' cannot support the real time clock on your computer,
     this option cannot be used and a warning message will be logged to
     the syslog.                                                       

     If used in conjunction with the '-r' flag, 'chronyd' will attempt
     to preserve the old samples after setting the system clock from the
     real time clock.  This can be used to allow 'chronyd' to perform   
     long term averaging of the gain or loss rate across system reboots,
     and is useful for dial-up systems that are shut down when not in   
     use.  For this to work well, it relies on 'chronyd' having been    
     able to determine accurate statistics for the difference between   
     the real time clock and system clock last time the computer was on.
'-u <user>'                                                             
     When this option is used, chronyd will drop root privileges to the 
     specified user.  So far, it works only on Linux when compiled with 
     capabilities support.                                              
'-v'                                                                    
     This option displays 'chronyd's' version number to the terminal and
     exits.                                                             
'-P <priority>'                                                         
     This option will select the SCHED_FIFO real-time scheduler at the  
     specified priority (which must be between 0 and 100).  This mode is
     supported only on Linux.                                           
'-m'                                                                    
     This option will lock chronyd into RAM so that it will never be    
     paged out.  This mode is only supported on Linux.                  
'-4'                                                                    
     With this option hostnames will be resolved only to IPv4 addresses 
     and only IPv4 sockets will be created.                             
'-6'                                                                    
     With this option hostnames will be resolved only to IPv6 addresses 
     and only IPv6 sockets will be created.                             

   On systems that support an '/etc/rc.local' file for starting programs
at boot time, 'chronyd' can be started from there.                      

   On systems with a System V style initialisation, a suitable
start/stop script might be as shown below.  This might be placed in the
file '/etc/rc2.d/S83chrony'.                                           

     #!/bin/sh
     # This file should have uid root, gid sys and chmod 744
     #                                                      

     killproc() {            # kill the named process(es)
             pid=`/usr/bin/ps -e |                       
                  /usr/bin/grep -w $1 |                  
                  /usr/bin/sed -e 's/^  *//' -e 's/ .*//'`
             [ "$pid" != "" ] && kill $pid                
     }                                                    

     case "$1" in

     'start')
        if [ -f /opt/free/sbin/chronyd -a -f /etc/chrony.conf ]; then
          /opt/free/sbin/chronyd                                     
        fi                                                           
        ;;                                                           
     'stop')                                                         
        killproc chronyd                                             
        ;;                                                           
     *)                                                              
        echo "Usage: /etc/rc2.d/S83chrony { start | stop }"          
        ;;                                                           
     esac                                                            

   (In both cases, you may want to bear in mind that 'chronyd' can step
the time when it starts.  There may be other programs started at boot  
time that could be upset by this, so you may need to consider the      
ordering carefully.  However, 'chronyd' will need to start after daemons
providing services that it may require, e.g.  the domain name service.) 

4.2 The chronyd configuration file
==================================

The configuration file is normally called '/etc/chrony.conf'; in fact,
this is the compiled-in default.  However, other locations can be     
specified with a command line option.                                 

   Each command in the configuration file is placed on a separate line.
The following sections describe each of the commands in turn.  The     
directives can occur in any order in the file.                         

4.2.1 Comments in the configuration file
----------------------------------------

The configuration file may contain comment lines.  A comment line is any
line that starts with zero or more spaces followed by any one of the    
following characters:                                                   
   * !                                                                  
   * ;                                                                  
   * #                                                                  
   * %                                                                  
   Any line with this format will be ignored.                           

4.2.2 acquisitionport
---------------------

'chronyd' uses a separate client-side port for the rapid-fire
measurements requested with the 'initstepslew' directive (*note
initstepslew directive::).  Normally, that port is chosen arbitrarily by
the operating system.  However, you can use 'acquisitionport' to        
explicitly specify a port.  This may be useful for getting through      
firewalls.                                                              

   Do not make acquisition and regular NTP service (*note port
directive::) use the same port.                               

   An example of the 'acquisitionport' command is

     acquisitionport 1123

   This would change the port used for rapid queries to udp/1123.  You
could then persuade the firewall administrator to let that port through.

4.2.3 allow
-----------

The 'allow' command is used to designate a particular subnet from which
NTP clients are allowed to access the computer as an NTP server.       

   The default is that no clients are allowed access, i.e.  'chronyd'
operates purely as an NTP client.  If the 'allow' directive is used, 
'chronyd' will be both a client of its servers, and a server to other
clients.                                                             

   Examples of use of the command are as follows:

     allow foo.bar.com
     allow 1.2        
     allow 3.4.5      
     allow 6.7.8/22   
     allow 6.7.8.9/22 
     allow 2001:db8::/32
     allow 0/0          
     allow ::/0         
     allow              

   The first command allows the named node to be an NTP client of this
computer.  The second command allows any node with an IPv4 address of 
the form 1.2.x.y (with x and y arbitrary) to be an NTP client of this 
computer.  Likewise, the third command allows any node with an IPv4   
address of the form 3.4.5.x to have client NTP access.  The fourth and
fifth forms allow access from any node with an IPv4 address of the form
6.7.8.x, 6.7.9.x, 6.7.10.x or 6.7.11.x (with x arbitrary), i.e.  the   
value 22 is the number of bits defining the specified subnet.  (In the 
fifth form, the final byte is ignored).  The sixth form is used for IPv6
addresses.  The seventh and eighth forms allow access by any IPv4 and   
IPv6 node respectively.  The ninth forms allows access by any node (IPv4
or IPv6).                                                               

   A second form of the directive, 'allow all', has a greater effect,
depending on the ordering of directives in the configuration file.  To
illustrate the effect, consider the two examples                      

     allow 1.2.3.4
     deny 1.2.3   
     allow 1.2    

   and

     allow 1.2.3.4
     deny 1.2.3   
     allow all 1.2

   In the first example, the effect is the same regardles of what order
the three directives are given in.  So the 1.2.x.y subnet is allowed   
access, except for the 1.2.3.x subnet, which is denied access, however 
the host 1.2.3.4 is allowed access.                                    

   In the second example, the 'allow all 1.2' directives overrides the
effect of _any_ previous directive relating to a subnet within the    
specified subnet.  Within a configuration file this capability is     
probably rather moot; however, it is of greater use for reconfiguration
at run-time via 'chronyc' (*note allow all command::).                 

   Note, if the 'initstepslew' directive (*note initstepslew
directive::) is used in the configuration file, each of the computers
listed in that directive must allow client access by this computer for
it to work.                                                           

4.2.4 bindaddress
-----------------

The bindaddress allows you to restrict the network interface to which
chronyd will listen for NTP packets.  This provides an additional level
of access restriction above that available through the 'deny' mechanism.

   Suppose you have a local ethernet with addresses in the 192.168.1.0
subnet together with a dial-up connection.  The ethernet interface's IP
address is 192.168.1.1.  Suppose (for some reason) you want to block all
access through the dialup connection (note, this will even block replies
from servers on the dialup side, so you will not be able to synchronise 
to an external source).  You could add the line                         

     bindaddress 192.168.1.1

   to the configuration file.

   This directive affects NTP (UDP port 123) packets.  If no
'bindcmdaddress' directive is present, the address supplied by
'bindaddress' will be used to control binding of the command socket (UDP
port 323) as well.                                                      

   The 'bindaddress' directive has been found to cause problems when
used on computers that need to pass NTP traffic over multiple network
interfaces (e.g.  firewalls).  It is, therefore, not particularly    
useful.  Use of the 'allow' and 'deny' directives together with a    
network firewall is more likely to be successful.                    

   For each of IPv4 and IPv6 protocols, only one 'bindaddress' directive
can be specified.                                                       

4.2.5 bindcmdaddress
--------------------

The bindcmdaddress allows you to restrict the network interface to which
chronyd will listen for command packets (issued by chronyc).            

   Suppose you have a local ethernet with addresses in the 192.168.1.0
subnet together with a dial-up connection.  The ethernet interface's IP
address is 192.168.1.1.  Suppose you want to block all access through  
the dialup connection.  You could add the line                         

     bindcmdaddress 192.168.1.1

   to the configuration file.

   The 'bindcmdaddress' directive has been found to cause problems when
used on computers that need to pass command traffic over multiple      
network interfaces.  It is, therefore, not particularly useful.  Use of
the 'cmdallow' and 'cmddeny' directives together with a network firewall
is more likely to be successful.                                        

   For each of IPv4 and IPv6 protocols, only one 'bindcmdaddress'
directive can be specified.                                      

4.2.6 broadcast
---------------

The 'broadcast' directive is used to declare a broadcast address to
which chronyd should send packets in NTP broadcast mode (i.e.  make
chronyd act as a broadcast server).  Broadcast clients on that subnet
will be able to synchronise.                                         

   The syntax is as follows

     broadcast 30 192.168.1.255
     broadcast 60 192.168.2.255 12123
     broadcast 60 ff02::101          

   In the first example, the destination port defaults to 123/udp (the
normal NTP port).  In the second example, the destionation port is    
specified as 12123.  The first parameter in each case (30 or 60       
respectively) is the interval in seconds between broadcast packets being
sent.  The second parameter in each case is the broadcast address to    
send the packet to.  This should correspond to the broadcast address of 
one of the network interfaces on the computer where chronyd is running. 

   You can have more than 1 'broadcast' directive if you have more than
1 network interface onto which you wish to send NTP broadcast packets. 

   'chronyd' itself cannot currently act as a broadcast client; it must
always be configured as a point-to-point client by defining specific NTP
servers and peers.  This broadcast server feature is intended for       
providing a time source to other NTP software (e.g.  various MS Windows 
clients).                                                               

   If ntpd is used as the broadcast client, it will try to use a
point-to-point client/server NTP access to measure the round-trip delay.
Thus, the broadcast subnet should also be the subject of an 'allow'     
directive (*note allow directive::).                                    

4.2.7 cmdallow
--------------

This is similar to the 'allow' directive (*note allow directive::),
except that it allows control access (rather than NTP client access) to
a particular subnet or host.  (By 'control access' is meant that chronyc
can be run on those hosts and successfully connect to chronyd on this   
computer.)                                                              

   The syntax is identical to the 'allow' directive.

   There is also a 'cmdallow all' directive with similar behaviour to
the 'allow all' directive (but applying to control access in this case,
of course).                                                            

4.2.8 cmddeny
-------------

This is similar to the 'cmdallow' directive (*note cmdallow
directive::), except that it denies control access to a particular
subnet or host, rather than allowing it.                          

   The syntax is identical.

   There is also a 'cmddeny all' directive with similar behaviour to the
'cmdallow all' directive.                                               

4.2.9 combinelimit
------------------

When 'chronyd' has multiple sources available for synchronization, it
has to select one source as the synchronization source.  The measured
offsets and frequencies of the system clock relative to the other    
sources, however, can be combined with the selected source to improve
the accuracy of the system clock.                                    

   The 'combinelimit' directive limits which sources are included in the
combining algorithm.  Their synchronization distance has to be shorter  
than the distance of the selected source multiplied by the value of the 
limit.  Also, their measured frequencies have to be close to the        
frequency of the selected source.                                       

   By default, the limit is 3.  Setting the limit to 0 effectively
disables the source combining algorithm and only the selected source
will be used to control the system clock.                           

   The syntax is

     combinelimit <limit>

4.2.10 commandkey
-----------------

The commandkey command is used to set the key number used for
authenticating user commands via the chronyc program at run time.  This
allows certain actions of the chronyc program to be restricted to      
administrators.                                                        

   An example of the commandkey command is

     commandkey 20

   By default, the key number is 0.

   In the key file (see the keyfile command) there should be a line of
the form                                                              

     20 MD5 HEX:B028F91EA5C38D06C2E140B26C7F41EC

   When running the chronyc program to perform run-time configuration,
the command                                                           

     password foobar

   must be entered before any commands affecting the operation of the
daemon can be entered, or chronyc must be started with the '-a' option
to run the password command automatically.                            

4.2.11 cmdport
--------------

The 'cmdport' directive allows the port that is used for run-time
command and monitoring (via the program 'chronyc') to be altered from
its default (323/udp).                                               

   An example shows the syntax

     cmdport 257

   This would make 'chronyd' use 257/udp as its command port.
('chronyc' would need to be run with the '-p 257' switch to  
inter-operate correctly).                                    

4.2.12 corrtimeratio
--------------------

When 'chronyd' makes a time correction, it controls how quickly the
system clock is slewed (so far only on Linux).  This rate temporarily
affects the frequency error of the system clock.                     

   The 'corrtimeratio' directive controls the ratio between the duration
in which the clock is slewed for an average correction according to the 
source history and the interval in which the corrections are done       
(usually the NTP polling interval).  Corrections larger than the average
take less time and smaller corrections take more time, the amount of the
correction and the correction time are inversely proportional.          

   Increasing 'corrtimeratio' makes the overall frequency error of the
system clock smaller, but increases the overall time error as the     
corrections will take longer.                                         

   By default, the ratio is 1, which means the duration of an average
correction will be close to the update interval.                     

   The syntax is

     corrtimeratio 10

   The current remaining correction is shown in the 'tracking' report
(*note tracking command::) as the 'System time' value.               

4.2.13 deny
-----------

This is similar to the 'allow' directive (*note allow directive::),
except that it denies NTP client access to a particular subnet or host,
rather than allowing it.                                               

   The syntax is identical.

   There is also a 'deny all' directive with similar behaviour to the
'allow all' directive.                                               

4.2.14 driftfile
----------------

One of the main activities of the 'chronyd' program is to work out the
rate at which the system clock gains or loses time relative to real   
time.                                                                 

   Whenever 'chronyd' computes a new value of the gain/loss rate, it is
desirable to record it somewhere.  This allows 'chronyd' to begin      
compensating the system clock at that rate whenever it is restarted,   
even before it has had a chance to obtain an equally good estimate of  
the rate during the new run.  (This process may take many minutes, at  
least).                                                                

   The driftfile command allows a file to be specified into which
'chronyd' can store the rate information.  Two parameters are recorded
in the file.  The first is the rate at which the system clock gains or
loses time, expressed in parts per million, with gains positive.      
Therefore, a value of 100.0 indicates that when the system clock has  
advanced by a second, it has gained 100 microseconds on reality (so the
true time has only advanced by 999900 microseconds).  The second is an 
estimate of the error bound around the first value in which the true   
rate actually lies.                                                    

   An example of the driftfile command is

     driftfile /var/lib/chrony/drift

4.2.15 dumpdir
--------------

To compute the rate of gain or loss of time, 'chronyd' has to store a
measurement history for each of the time sources it uses.            

   Certain systems (so far only Linux) have operating system support for
setting the rate of gain or loss to compensate for known errors.  (On   
other systems, 'chronyd' must simulate such a capability by periodically
slewing the system clock forwards or backwards by a suitable amount to  
compensate for the error built up since the previous slew).             

   For such systems, it is possible to save the measurement history
across restarts of 'chronyd' (assuming no changes are made to the system
clock behaviour whilst it is not running).  If this capability is to be 
used (via the dumponexit command in the configuration file, or the dump 
command in chronyc), the dumpdir command should be used to define the   
directory where the measurement histories are saved.                    

   An example of the command is

     dumpdir /var/lib/chrony

   A source whose reference id (the IP address for IPv4 sources) is
1.2.3.4 would have its measurement history saved in the file       
'/var/lib/chrony/1.2.3.4.dat'.                                     

4.2.16 dumponexit
-----------------

If this command is present, it indicates that 'chronyd' should save the
measurement history for each of its time sources recorded whenever the 
program exits.  (See the dumpdir command above).                       

4.2.17 fallbackdrift
--------------------

Fallback drifts are long-term averages of the system clock drift
calculated over exponentially increasing intervals.  They are used when
the clock is unsynchronised to avoid quickly drifting away from true   
time if there was a short-term deviation in drift before the           
synchronisation was lost.                                              

   The directive specifies the minimum and maximum interval for how long
the system clock has to be unsynchronised to switch between fallback    
drifts.  They are defined as a power of 2 (in seconds).  The syntax is  
as follows                                                              

     fallbackdrift 16 19

   In this example, the minimum interval is 16 (18 hours) and maximum
interval is 19 (6 days).  The system clock frequency will be set to the
first fallback 18 hours after the synchronisation was lost, to the     
second after 36 hours, etc.  This might be a good setting to cover daily
and weekly temperature fluctuations.                                    

   By default (or if the specified maximum or minimum is 0), no
fallbacks will be used and the clock frequency will stay at the last
value calculated before synchronisation was lost.                   

4.2.18 generatecommandkey
-------------------------

With this directive, if the command key is not found on start in the
file specified by the 'keyfile' directive, 'chronyd' will generate a new
command key from the /dev/urandom file and write it to the key file.    

   The generated key will use SHA1 if 'chronyd' is compiled with the
support, otherwise MD5 will be used.                                

4.2.19 include
--------------

The 'include' directive includes a specified configuration file.  This
is useful when maintaining configuration on multiple hosts to keep the
differences in a separate file.                                       

     include /etc/chrony/local.conf

4.2.20 initstepslew
-------------------

In normal operation, 'chronyd' always slews the time when it needs to
adjust the system clock.  For example, to correct a system clock which
is 1 second slow, 'chronyd' slightly increases the amount by which the
system clock is advanced on each clock interrupt, until the error is  
removed.  (Actually, this is done by calling the 'adjtime()' or similar
system function which does it for us.)  Note that at no time does time 
run backwards with this method.                                        

   On most Unix systems it is not desirable to step the system clock,
because many programs rely on time advancing monotonically forwards. 

   When the 'chronyd' daemon is initially started, it is possible that
the system clock is considerably in error.  Attempting to correct such
an error by slewing may not be sensible, since it may take several hours
to correct the error by this means.                                     

   The purpose of the 'initstepslew' directive is to allow 'chronyd' to
make a rapid measurement of the system clock error at boot time, and to
correct the system clock by stepping before normal operation begins.   
Since this would normally be performed only at an appropriate point in 
the system boot sequence, no other software should be adversely affected
by the step.                                                            

   If the correction required is less than a specified threshold, a slew
is used instead.  This makes it easier to restart 'chronyd' whilst the  
system is in normal operation.                                          

   The 'initstepslew' directive takes a threshold and a list of NTP
servers as arguments.  A maximum of 8 will be used.  Each of the servers
is rapidly polled several times, and a majority voting mechanism used to
find the most likely range of system clock error that is present.  A    
step (or slew) is applied to the system clock to correct this error.    
'chronyd' then enters its normal operating mode (where only slews are   
used).                                                                  

   An example of use of the command is

     initstepslew 30 foo.bar.com baz.quz.com

   where 2 NTP servers are used to make the measurement.  The '30'
indicates that if the system's error is found to be 30 seconds or less,
a slew will be used to correct it; if the error is above 30 seconds, a 
step will be used.                                                     

   The 'initstepslew' directive can also be used in an isolated LAN
environment, where the clocks are set manually.  The most stable   
computer is chosen as the master, and the other computers are slaved to
it.  If each of the slaves is configured with the local option (see    
below), the master can be set up with an 'initstepslew' directive which
references some or all of the slaves.  Then, if the master machine has 
to be rebooted, the slaves can be relied on to 'flywheel' the time for 
the master.                                                            

4.2.21 keyfile
--------------

This command is used to specify the location of the file containing
ID/key pairs for the following 2 uses:                             

   * Authentication of NTP packets.
   * Authentication of administrator commands entered via chronyc.

   The format of the command is shown in the example below

     keyfile /etc/chrony.keys

   The argument is simply the name of the file containing the ID/key
pairs.  The format of the file is shown below                       

     10 tulip
     11 hyacinth
     20 MD5 ASCII:crocus
     25 SHA1 HEX:1dc764e0791b11fa67efc7ecbc4b0d73f68a070c
      ...                                                

   Each line consists of an ID, a name of authentication hash function
(optional) and a password.  The ID can be any unsigned integer in the 
range 0 through 2**32-1.  The hash function is MD5 by default, depending
on how was 'chronyd' compiled other allowed hash functions may be SHA1, 
SHA256, SHA384, SHA512, RMD128, RMD160, RMD256, RMD320, TIGER and       
WHIRLPOOL. The password can be encoded as a string of characters not    
containing a space with optional 'ASCII:' prefix or as a hexadecimal    
number with 'HEX:' prefix.                                              

   For maximum security, it's recommended to use SHA1 or stronger hash
function.  The passwords should be random and they should be as long as
the output size of the configured hash function, e.g.  160 bits with   
SHA1.                                                                  

   The ID for the chronyc authentication key is specified with the
commandkey command (see earlier).  The command key can be generated
automatically on start with the 'generatecommandkey' directive.    

4.2.22 leapsectz
----------------

This directive is used to set the name of the timezone in the system tz
database which 'chronyd' can use to find out when will the next leap   
second occur.  It will periodically check if the times 23:59:59 and    
23:59:60 are valid on Jun 30 and Dec 31 in the timezone.  A useful     
timezone is 'right/UTC'.  This is mainly useful with reference clocks  
which don't provide the leap second information.  It is not necessary to
restart 'chronyd' if the tz database is updated with a new leap second  
at least 12 hours before the event.                                     

   An example of the command is

     leapsectz right/UTC

   The following shell command verifies that the timezone contains leap
seconds and can be used with this directive                            

     $ TZ=right/UTC date -d 'Dec 31 2008 23:59:60'
     Wed Dec 31 23:59:60 UTC 2008                 

4.2.23 local
------------

The local keyword is used to allow 'chronyd' to appear synchronised to
real time (from the viewpoint of clients polling it), even if it has no
current synchronisation source.                                        

   This option is normally used on computers in an isolated network,
where several computers are required to synchronise to one other, this
being the "master" which is kept vaguely in line with real time by    
manual input.                                                         

   An example of the command is

     local stratum 10

   The value 10 may be substituted with other values in the range 1
through 15.  Stratum 1 indicates a computer that has a true real-time
reference directly connected to it (e.g.  GPS, atomic clock etc) &ndash;
such computers are expected to be very close to real time.  Stratum 2   
computers are those which have a stratum 1 server; stratum 3 computers  
have a stratum 2 server and so on.                                      

   A large value of 10 indicates that the clock is so many hops away
from a reference clock that its time is fairly unreliable.  Put another
way, if the computer ever has access to another computer which is      
ultimately synchronised to a reference clock, it will almost certainly 
be at a stratum less than 10.  Therefore, the choice of a high value   
like 10 for the local command prevents the machine's own time from ever
being confused with real time, were it ever to leak out to clients that
have visibility of real servers.                                       

4.2.24 linux_hz
---------------

(This option only applies to Linux).

   By default, chronyd will find the value of 'HZ' from a kernel header
file at compile time.  'HZ' is the nominal number of timer interrupts  
per second.  If you're running chronyd on the system where it was built,
the value it has should be right, and you don't need to worry about this
option.                                                                 

   This option is provided for people who move a pre-built chronyd onto
a system where the value of HZ in the kernel headers has been changed  
from the default value.                                                

   An example of the command is

     linux_hz 100

4.2.25 linux_freq_scale
-----------------------

(This option only applies to Linux).

   By default, chronyd will find the value of 'HZ' and 'SHIFT_HZ' from
kernel header files at compile time.  An internal value called        
'freq_scale' is calculated from this.  By default it is               
(1<<SHIFT_HZ)/HZ, except for the case HZ=100, when special case code is
used which leads to the value 128/128.125.  If you're running chronyd on
the system where it was built, the value it has should be right, and you
don't need to worry about this option.                                  

   This option is provided for people who move a pre-built chronyd onto
a system where the method by which the kernel computes the reciprocal of
this value has been changed or where the HZ and SHIFT_HZ constants      
differ from those on the system where chronyd was built.                

   An example of the command is

     linux_freq_scale 0.99902439

4.2.26 log
----------

The log command indicates that certain information is to be logged.

'measurements'
     This option logs the raw NTP measurements and related information
     to a file called measurements.log.                               

'statistics'
     This option logs information about the regression processing to a
     file called statistics.log.                                      

'tracking'
     This option logs changes to the estimate of the system's gain or
     loss rate, and any slews made, to a file called tracking.log.   

'rtc'
     This option logs information about the system's real-time clock.

'refclocks'
     This option logs the raw and filtered reference clock measurements
     to a file called refclocks.log.                                   
'tempcomp'                                                             
     This option logs the temperature measurements and system rate     
     compensations to a file called tempcomp.log.                      

   The files are written to the directory specified by the logdir
command.                                                         

   An example of the command is

     log measurements statistics tracking

4.2.26.1 Measurements log file format
.....................................

An example line (which actually appears as a single line in the file)
from the measurements log file is shown below.                       

     2010-12-22 05:40:50 158.152.1.76    N  8 1111 111 1111 10 10 1.0 \
        -4.966e-03  2.296e-01  1.577e-05  1.615e-01  7.446e-03         

   The columns are as follows (the quantities in square brackets are the
values from the example line above) :                                   

  1. Date [2010-12-22]
  2. Hour:Minute:Second [05:40:50].  Note that the date/time pair is
     expressed in UTC, not the local time zone.                     
  3. IP address of server/peer from which measurement comes         
     [158.152.1.76]                                                 
  4. Leap status ('N' means normal, '+' means that the last minute of
     the current month has 61 seconds, '-' means that the last minute of
     the month has 59 seconds, '?' means the remote computer is not     
     currently synchronised.)  [N]                                      
  5. Stratum of remote computer.  [2]                                   
  6. RFC1305 tests 1 through 4 (1=pass, 0=fail) [1111]                  
  7. Tests for maximum delay, maximum delay ratio and maximum delay dev 
     ratio, against defined parameters (1=pass, 0=fail) [111]           
  8. RFC1305 tests 5 through 8 (1=pass, 0=fail) [1111]                  
  9. Local poll [10]                                                    
  10. Remote poll [10]                                                  
  11. 'Score' (an internal score within each polling level used to      
     decide when to increase or decrease the polling level.  This is    
     adjusted based on number of measurements currently being used for  
     the regression algorithm).  [1.0]                                  
  12. The estimated local clock error ('theta' in RFC1305).  Positive   
     indicates that the local clock is slow.  [-4.966e-03].             
  13. The peer delay ('delta' in RFC1305).  [2.296e-01]                 
  14. The peer dispersion ('epsilon' in RFC1305).  [1.577e-05]          
  15. The root delay ('Delta' in RFC1305).  [1.615e-01]                 
  16. The root dispersion ('E' in RFC1305).  [7.446e-03]                

   A banner is periodically written to the log file to indicate the
meanings of the columns.                                           

4.2.26.2 Statistics log file format
...................................

An example line (which actually appears as a single line in the file)
from the statistics log file is shown below.                         

     1998-07-22 05:40:50 158.152.1.76     6.261e-03 -3.247e-03 \
          2.220e-03  1.874e-06  1.080e-06 7.8e-02  16   0   8   

   The columns are as follows (the quantities in square brackets are the
values from the example line above) :                                   

  1. Date [1998-07-22]
  2. Hour:Minute:Second [05:40:50].  Note that the date/time pair is
     expressed in UTC, not the local time zone.                     
  3. IP address of server/peer from which measurement comes         
     [158.152.1.76]                                                 
  4. The estimated standard deviation of the measurements from the  
     source (in seconds).  [6.261e-03]                              
  5. The estimated offset of the source (in seconds, positive means the
     local clock is estimated to be fast, in this case).  [-3.247e-03] 
  6. The estimated standard deviation of the offset estimate (in       
     seconds).  [2.220e-03]                                            
  7. The estimated rate at which the local clock is gaining or losing  
     time relative to the source (in seconds per second, positive means
     the local clock is gaining).  This is relative to the compensation
     currently being applied to the local clock, _not_ to the local    
     clock without any compensation.  [1.874e-06]                      
  8. The estimated error in the rate value (in seconds per second).    
     [1.080e-06].                                                      
  9. The ration of |old_rate - new_rate| / old_rate_error.  Large values
     indicate the statistics are not modelling the source very well.    
     [7.8e-02]                                                          
  10. The number of measurements currently being used for the regression
     algorithm.  [16]                                                   
  11. The new starting index (the oldest sample has index 0; this is the
     method used to prune old samples when it no longer looks like the  
     measurements fit a linear model).  [0, i.e.  no samples discarded  
     this time]                                                         
  12. The number of runs.  The number of runs of regression residuals   
     with the same sign is computed.  If this is too small it indicates 
     that the measurements are no longer represented well by a linear   
     model and that some older samples need to be discarded.  The number
     of runs for the data that is being retained is tabulated.  Values  
     of approximately half the number of samples are expected.  [8]     

   A banner is periodically written to the log file to indicate the
meanings of the columns.                                           

4.2.26.3 Tracking log file format
.................................

An example line (which actually appears as a single line in the file)
from the tracking log file is shown below.                           

     2012-02-23 05:40:50 158.152.1.76     3    340.529      1.606  1.046e-03 N \
                 4  6.849e-03 -4.670e-04                                        

   The columns are as follows (the quantities in square brackets are the
values from the example line above) :                                   

  1. Date [2012-02-03]
  2. Hour:Minute:Second [05:40:50].  Note that the date/time pair is
     expressed in UTC, not the local time zone.                     
  3. The IP address of the server/peer to which the local system is 
     synchronised.  [158.152.1.76]                                  
  4. The stratum of the local system.  [3]                          
  5. The local system frequency (in ppm, positive means the local system
     runs fast of UTC). [340.529]                                       
  6. The error bounds on the frequency (in ppm) [1.606]                 
  7. The estimated local offset at the epoch (which is rapidly corrected
     by slewing the local clock.  (In seconds, positive indicates the   
     local system is fast of UTC). [1.046e-3]                           
  8. Leap status ('N' means normal, '+' means that the last minute of   
     this month has 61 seconds, '-' means that the last minute of the   
     month has 59 seconds, '?' means the clock is not currently         
     synchronised.)  [N]                                                
  9. The number of combined sources.  [4]                               
  10. The estimated standard deviation of the combined offset (in       
     seconds).  [6.849e-03]                                             
  11. The remaining offset correction from the previous update (in      
     seconds, positive means the system clock is slow of UTC).          
     [-4.670e-04]                                                       

   A banner is periodically written to the log file to indicate the
meanings of the columns.                                           

4.2.26.4 Real-time clock log file format
........................................

An example line (which actually appears as a single line in the file)
from the measurements log file is shown below.                       

     1998-07-22 05:40:50     -0.037360 1       -0.037434\
               -37.948  12   5  120                      

   The columns are as follows (the quantities in square brackets are the
values from the example line above) :                                   

  1. Date [1998-07-22]
  2. Hour:Minute:Second [05:40:50].  Note that the date/time pair is
     expressed in UTC, not the local time zone.                     
  3. The measured offset between the system's real time clock and the
     system ('gettimeofday()') time.  In seconds, positive indicates 
     that the RTC is fast of the system time.  [-0.037360].          
  4. Flag indicating whether the regression has produced valid       
     coefficients.  (1 for yes, 0 for no).  [1]                      
  5. Offset at the current time predicted by the regression process.  A
     large difference between this value and the measured offset tends 
     to indicate that the measurement is an outlier with a serious     
     measurement error.  [-0.037434].                                  
  6. The rate at which the RTC is losing or gaining time relative to the
     system clock.  In ppm, with positive indicating that the RTC is    
     gaining time.  [-37.948]                                           
  7. The number of measurements used in the regression.  [12]           
  8. The number of runs of regression residuals of the same sign.  Low  
     values indicate that a straight line is no longer a good model of  
     the measured data and that older measurements should be discarded. 
     [5]                                                                
  9. The measurement interval used prior to the measurement being made  
     (in seconds).  [120]                                               

   A banner is periodically written to the log file to indicate the
meanings of the columns.                                           

4.2.26.5 Refclocks log file format
..................................

An example line (which actually appears as a single line in the file)
from the refclocks log file is shown below.                          

     2009-11-30 14:33:27.000000 PPS2    7 N 1  4.900000e-07 -6.741777e-07  1.000e-06

   The columns are as follows (the quantities in square brackets are the
values from the example line above) :                                   

  1. Date [2009-11-30]
  2. Hour:Minute:Second.Microsecond [14:33:27.000000].  Note that the
     date/time pair is expressed in UTC, not the local time zone.    
  3. Reference ID of refclock from which measurement comes.  [PPS2]  
  4. Sequence number of driver poll within one polling interval for raw
     samples, or '-' for filtered samples.  [7]                        
  5. Leap status ('N' means normal, '+' means that the last minute of  
     the current month has 61 seconds, '-' means that the last minute of
     the month has 59 seconds).  [N]                                    
  6. Flag indicating whether the sample comes from PPS source.  (1 for  
     yes, 0 for no, or '-' for filtered sample).  [1]                   
  7. Local clock error measured by refclock driver, or '-' for filtered 
     sample.  [4.900000e-07]                                            
  8. Local clock error with applied corrections.  Positive indicates    
     that the local clock is slow.  [-6.741777e-07]                     
  9. Assumed dispersion of the sample.  [1.000e-06]                     

   A banner is periodically written to the log file to indicate the
meanings of the columns.                                           

4.2.26.6 Tempcomp log file format
.................................

An example line (which actually appears as a single line in the file)
from the tempcomp log file is shown below.                           

     2010-04-19 10:39:48  2.8000e+04  3.6600e-01

   The columns are as follows (the quantities in square brackets are the
values from the example line above) :                                   

  1. Date [2010-04-19]
  2. Hour:Minute:Second [10:39:48].  Note that the date/time pair is
     expressed in UTC, not the local time zone.                     
  3. Temperature read from tempcomp file.  [2.8000e+04]             
  4. Applied compensation in ppm, positive means the system clock is
     running faster than it would be without the compensation.      
     [3.6600e-01]                                                   

   A banner is periodically written to the log file to indicate the
meanings of the columns.                                           

4.2.27 logbanner
----------------

A banner is periodically written to the log files enabled by the 'log'
directive to indicate the meanings of the columns.                    

   The 'logbanner' directive specifies after how many entries in the log
file should be the banner written.  The default is 32, and 0 can be used
to disable it entirely.                                                 

4.2.28 logchange
----------------

This directive forces 'chronyd' to send a message to syslog if it makes
a system clock adjustment larger than a threshold value.  An example of
use is                                                                 

     logchange 0.5

   which would cause a syslog message to be generated a system clock
error of over 0.5 seconds starts to be compensated.                 

   Clock errors detected either via NTP packets or via timestamps
entered via the 'settime' command of 'chronyc' are logged.       

   This directive assumes that syslog messages are appearing where
somebody can see them.  This allows that person to see if a large error
has arisen, e.g.  because of a fault, or because of faulty timezone    
handling, for example when summer time (daylight saving) starts or ends.

4.2.29 logdir
-------------

This directive allows the directory where log files are written to be
specified.                                                           

   An example of the use of this directive is

     logdir /var/log/chrony

4.2.30 mailonchange
-------------------

This directive defines an email address to which mail should be sent if
chronyd applies a correction exceeding a particular threshold to the   
system clock.                                                          

   An example of use of this directive is

     mailonchange root@localhost 0.5

   This would send a mail message to root if a change of more than 0.5
seconds were applied to the system clock.                             

4.2.31 makestep
---------------

Normally chronyd will cause the system to gradually correct any time
offset, by slowing down or speeding up the clock as required.  In   
certain situations, the system clock may be so far adrift that this 
slewing process would take a very long time to correct the system clock.

   This directive forces 'chronyd' to step system clock if the
adjustment is larger than a threshold value, but only if there were no
more clock updates since 'chronyd' was started than a specified limit (a
negative value can be used to disable the limit).                       

   This is particularly useful when using reference clocks, because the
'initstepslew' directive (*note initstepslew directive::) works only   
with NTP sources.                                                      

   An example of the use of this directive is

     makestep 1000 10

   This would step system clock if the adjustment is larger than 1000
seconds, but only in the first ten clock updates.                    

4.2.32 maxchange
----------------

This directive sets the maximum allowed offset corrected on a clock
update.  The check is performed only after the specified number of 
updates to allow a large initial adjustment of the system clock.  When
an offset larger than the specified maximum occurs, it will be ignored
for the specified number of times and then 'chronyd' will give up and 
exit (a negative value can be used to never exit).  In both cases a   
message is sent to syslog.                                            

   An example of the use of this directive is

     maxchange 1000 1 2

   After the first clock update, 'chronyd' will check the offset on
every clock update, it will ignore two adjustments larger than 1000
seconds and exit on another one.                                   

4.2.33 manual
-------------

The 'manual' directive enables support at run-time for the 'settime'
command in chronyc (*note settime command::).  If no 'manual' directive
is included, any attempt to use the 'settime' command in chronyc will be
met with an error message.                                              

   Note that the 'settime' command can be enabled at run-time using the
'manual' command in chronyc (*note manual command::).  (The idea of the
two commands is that the 'manual' command controls the manual clock    
driver's behaviour, whereas the 'settime' command allows samples of    
manually entered time to be provided).                                 

4.2.34 maxclockerror
--------------------

The 'maxclockerror' directive sets the maximum assumed frequency error
of the local clock.  This is a frequency stability of the clock, not an
absolute frequency error.                                              

   By default, the maximum assumed error is set to 1 ppm.

   The syntax is

     maxclockerror <error-in-ppm>

   Typical values for <error-in-ppm> might be 10 for a low quality clock
to 0.1 for a high quality clock using a temperature compensated crystal 
oscillator.                                                             

4.2.35 maxsamples
-----------------

The 'maxsamples' directive sets the maximum number of samples 'chronyd'
should keep for each source.  The default is 0, which disables the     
configurable limit, and the useful range is 4 to 64.                   

   The syntax is

     maxsamples <samples>

4.2.36 maxupdateskew
--------------------

One of 'chronyd's' tasks is to work out how fast or slow the computer's
clock runs relative to its reference sources.  In addition, it computes
an estimate of the error bounds around the estimated value.            

   If the range of error is too large, it probably indicates that the
measurements have not settled down yet, and that the estimated gain or
loss rate is not very reliable.                                       

   The 'maxupdateskew' parameter allows the threshold for determining
whether an estimate may be so unreliable that it should not be used.  By
default, the threshold is 1000 ppm.                                     

   The syntax is

     maxupdateskew <skew-in-ppm>

   Typical values for <skew-in-ppm> might be 100 for a dial-up
connection to servers over a phone line, and 5 or 10 for a computer on a
LAN.                                                                    

   It should be noted that this is not the only means of protection
against using unreliable estimates.  At all times, 'chronyd' keeps track
of both the estimated gain or loss rate, and the error bound on the     
estimate.  When a new estimate is generated following another           
measurement from one of the sources, a weighted combination algorithm is
used to update the master estimate.  So if 'chronyd' has an existing    
highly-reliable master estimate and a new estimate is generated which   
has large error bounds, the existing master estimate will dominate in   
the new master estimate.                                                

4.2.37 minsamples
-----------------

The 'minsamples' directive sets the minimum number of samples 'chronyd'
should try to keep for each source.  The default is 0 and the useful   
range is 4 to 64.                                                      

   The syntax is

     minsamples <samples>

4.2.38 noclientlog
------------------

This directive, which takes no arguments, specifies that client accesses
are not to be logged.  Normally they are logged, allowing statistics to 
be reported using the 'clients' command in 'chronyc'.                   

4.2.39 clientloglimit
---------------------

This directive specifies the maximum size of the memory allocated to log
client accesses.  When the limit is reached, only information for       
clients that have already been logged will be updated.  If 0 is         
specified, the memory size will be unlimited.  The default is 524288    
bytes.                                                                  

   An example of the use of this directive is

     clientloglimit 1048576

4.2.40 peer
-----------

The syntax of this directive is identical to that for the 'server'
directive (*note server directive::), except that it is used to specify
an NTP peer rather than an NTP server.                                 

4.2.41 pidfile
--------------

chronyd always writes its process ID (pid) to a file, and checks this
file on startup to see if another chronyd may already be running on the
system.  By default, the file used is '/var/run/chronyd.pid'.  The     
'pidfile' directive allows the name to be changed, e.g.                

     pidfile /var/tmp/chronyd.pid

4.2.42 port
-----------

This option allows you to configure the port used for the NTP service on
your machine.                                                           

   The compiled in default is udp/123, the standard NTP port.  It is
unlikely that you would ever need to change this value.  A possible 
exception would be if you wanted to operate strictly in client-only mode
and never be available as a server to ntpd clients.  If set to 0, the   
kernel will assign a random port.                                       

   An example of the port command is

     port 11123

   This would change the NTP port served by chronyd on the computer to
udp/11123.                                                            

4.2.43 refclock
---------------

Reference clocks allows very accurate synchronisation and 'chronyd' can
function as a stratum 1 server.  They are specified by the 'refclock'  
directive.  It has two mandatory parameters, a refclock driver name and
a driver specific parameter.                                           

   There are currently three drivers included:

'PPS'
     PPSAPI (pulse per second) driver.  The parameter is the path to a
     PPS device.  Assert events are used by default.  Driver option   
     ':clear' can be appended to the path if clear events should be used
     instead.                                                           

     As PPS refclock gets only sub-second time information, it needs
     another source (NTP or non-PPS refclock) or local directive (*note
     local directive::) enabled to work.  For example:                 

          refclock PPS /dev/pps0 lock NMEA
          refclock SHM 0 offset 0.5 delay 0.1 refid NMEA noselect

'SHM'
     NTP shared memory driver.  This driver uses a shared memory segment
     to receive data from another daemon which communicates with an     
     actual reference clock.  The parameter is the number of a shared   
     memory segment, usually 0, 1, 2 or 3.  For example:                

          refclock SHM 1 poll 3 refid GPS1

     A driver option in form ':perm=NNN' can be appended to the segment
     number to create the segment with permissions other than the      
     default '0600'.                                                   

     Some examples of applications that can be used as SHM sources are
     'gpsd', 'shmpps' and 'radioclk'.                                 
'SOCK'                                                                
     Unix domain socket driver.  It is similar to the SHM driver, but 
     uses a different format and uses a socket instead of shared memory.
     It does not require polling and it supports transmitting of PPS    
     data.  The parameter is a path to the socket which will be created 
     by 'chronyd' and used to receive the messages.  The format of      
     messages sent over the socket is described in the 'refclock_sock.c'
     file.                                                              

     Recent versions of the 'gpsd' daemon include support for the SOCK
     protocol.  The path where the socket should be created is described
     in the 'gpsd(8)' man page.  For example:                           

          refclock SOCK /var/run/chrony.ttyS0.sock

   The 'refclock' command also supports a number of subfields (which may
be defined in any order):                                               

'poll'
     Timestamps produced by refclock drivers are not used immediately,
     but they are stored and processed by a median filter in intervals
     specified by this option.  This is defined as a power of 2.  The 
     default is 4 (16 seconds).  A shorter interval allows 'chronyd' to
     react faster to changes in clock frequency, but it may decrease the
     accuracy if the source is too noisy.                               
'dpoll'                                                                 
     Some drivers are not controlled by external events and thus require
     polling.  Again this is defined as a power of 2 and can be negative
     for sub-second intervals.  The default is 0 (1 second).            
'refid'                                                                 
     This option is used to specify a reference id of the refclock, as  
     up to four ASCII characters.  By default, first three characters   
     from driver name and the number of the refclock are used as refid. 
     Each refclock must have an unique refid.                           
'filter'                                                                
     This option sets the length of the median filter which is used to  
     reduce noise.  With each poll about 40 percent of the stored       
     samples is discarded and one final sample is calculated as average 
     of the remaining samples.  If the length is 4 or above, at least 4 
     samples have to be collected between polls.  For lengths below 4,  
     the filter has to be full.  The default is 64.                     
'rate'                                                                  
     PPS signal frequency (in Hz).  This option only controls how the   
     received pulses are aligned.  To actually receive more than one    
     pulse per second, a negative 'dpoll' has to be specified (-3 for   
     5Hz signal).  The default is 1.                                    
'lock'                                                                  
     This option can be used to lock a PPS refclock to another refclock 
     whose reference id is specified by this option.  In this mode      
     received pulses are aligned directly to unfiltered samples from the
     refclock.  By default, pulses are aligned to local clock, but only 
     when it is well synchronised.                                      
'offset'                                                                
     This option can be used to compensate a constant error.  The       
     specified offset (in seconds) is applied to all samples produced by
     the refclock.  The default is 0.0.                                 
'delay'                                                                 
     This option is used to specify how the refclock is assumed to be   
     inaccurate (in seconds).  Increasing the value is useful to avoid  
     having no majority in the source selection algorithm or to make the
     algorithm prefer other refclocks.  The default is 1e-9 (1          
     nanosecond).                                                       
'precision'                                                             
     Refclock precision (in seconds).  The default is 1e-6 (1           
     microsecond) for SHM refclock, and 1e-9 (1 nanosecond) for SOCK and
     PPS refclocks.                                                     
'prefer'                                                                
     Prefer this source over sources without prefer option.             
'noselect'                                                              
     Never select this source.  This is useful for monitoring or with   
     sources which are not very accurate, but are locked with a PPS     
     refclock.                                                          

4.2.44 reselectdist
-------------------

When 'chronyd' selects synchronisation source from available sources, it
will prefer the one with minimum synchronisation distance.  However, to 
avoid frequent reselecting when there are sources with similar distance,
a fixed distance is added to the distance for sources that are currently
not selected.  This can be set with the 'reselectdist' option.  By      
default, the distance is 100 microseconds.                              

   The syntax is

     reselectdist <dist-in-seconds>

4.2.45 rtcdevice
----------------

The 'rtcdevice' directive defines the name of the device file for
accessing the real time clock.  By default this is '/dev/rtc/', unless
the directive is used to set a different value.  This applies to Linux
systems with devfs.  An example of use is                             

     rtcdevice /dev/misc/rtc

4.2.46 rtcfile
--------------

The 'rtcfile' directive defines the name of the file in which 'chronyd'
can save parameters associated with tracking the accuracy of the       
system's real-time clock (RTC).                                        

   The syntax is illustrated in the following example

     rtcfile /var/lib/chrony/rtc

   'chronyd' saves information in this file when it exits and when the
'writertc' command is issued in 'chronyc'.  The information saved is the
RTC's error at some epoch, that epoch (in seconds since January 1 1970),
and the rate at which the RTC gains or loses time.                      

   So far, the support for real-time clocks is limited - their code is
even more system-specific than the rest of the software.  You can only
use the real time clock facilities (the 'rtcfile' directive and the '-s'
command line option to 'chronyd') if the following three conditions     
apply:                                                                  

  1. You are running Linux version 2.2.x or later.

  2. You have compiled the kernel with extended real-time clock support
     (i.e.  the '/dev/rtc' device is capable of doing useful things).  

  3. You don't have other applications that need to make use of
     '/dev/rtc' at all.                                        

4.2.47 rtconutc
---------------

'chronyd' assumes by default that the real time clock (RTC) keeps local
time (including any daylight saving changes).  This is convenient on PCs
running Linux which are dual-booted with DOS or Windows.                

   NOTE : IF YOU KEEP THE REAL TIME CLOCK ON LOCAL TIME AND YOUR
COMPUTER IS OFF WHEN DAYLIGHT SAVING (SUMMER TIME) STARTS OR ENDS, THE
COMPUTER'S SYSTEM TIME WILL BE ONE HOUR IN ERROR WHEN YOU NEXT BOOT AND
START CHRONYD.                                                         

   An alternative is for the RTC to keep Universal Coordinated Time
(UTC). This does not suffer from the 1 hour problem when daylight saving
starts or ends.                                                         

   If the 'rtconutc' directive appears, it means the RTC is required to
keep UTC. The directive takes no arguments.  It is equivalent to       
specifying the '-u' switch to the Linux '/sbin/clock' program.         

4.2.48 rtcsync
--------------

The 'rtcsync' directive will enable a kernel mode where the system time
is copied to the real time clock (RTC) every 11 minutes.               

   This directive is supported only on Linux and cannot be used when the
normal RTC tracking is enabled, i.e.  when the 'rtcfile' directive is   
used.                                                                   

4.2.49 sched_priority
---------------------

The 'sched_priority' directive will select the SCHED_FIFO real-time
scheduler at the specified priority (which must be between 0 and 100).
This mode is supported only on Linux.                                 

   This directive uses the Linux sched_setscheduler() system call to
instruct the kernel to use the SCHED_FIFO first-in, first-out real-time
scheduling policy for 'chronyd' with the specified priority.  This means
that whenever 'chronyd' is ready to run it will run, interrupting       
whatever else is running unless it is a higher priority real-time       
process.  This should not impact performance as 'chronyd's' resource    
requirements are modest, but it should result in lower and more         
consistent latency since 'chronyd' will not need to wait for the        
scheduler to get around to running it.  You should not use this unless  
you really need it.  The sched_setscheduler man page has more details.  

4.2.50 stratumweight
--------------------

The 'stratumweight' directive sets how much distance should be added per
stratum to the synchronisation distance when 'chronyd' selects the      
synchronisation source from available sources.                          

   The syntax is

     stratumweight <dist-in-seconds>

   By default, it is 1 second.  This usually means that sources with
lower stratum will be preferred to sources with higher stratum even when
their distance is significantly worse.  Setting 'stratumweight' to 0    
makes 'chronyd' ignore stratum when selecting the source.               

4.2.51 lock_all
---------------

The 'lock_all' directive will lock chronyd into RAM so that it will
never be paged out.  This mode is only supported on Linux.  This   
directive uses the Linux mlockall() system call to prevent 'chronyd'
from ever being swapped out.  This should result in lower and more  
consistent latency.  It should not have significant impact on       
performance as 'chronyd's' memory usage is modest.  The mlockall man
page has more details.                                              

4.2.52 server
-------------

The 'server' directive allows NTP servers to be specified.  The
client/server relationship is strictly hierarchical : a client may
synchronise its system time to that of the server, but the server's
system time will never be influenced by that of a client.          

   The 'server' directive is immediately followed by either the name of
the server, or its IP address.  The server command also supports a     
number of subfields (which may be defined in any order):               

'port'
     This option allows the UDP port on which the server understands NTP
     requests to be specified.  For normal servers this option should   
     not be required (the default is 123, the standard NTP port).       
'minpoll'                                                               
     Although 'chronyd' will trim the rate at which it samples the      
     server during normal operation, the user may wish to constrain the 
     minimum polling interval.  This is always defined as a power of 2, 
     so <tt/minpoll 5/ would mean that the polling interval cannot drop 
     below 32 seconds.  The default is 6 (64 seconds).                  
'maxpoll'                                                               
     In a similar way, the user may wish to constrain the maximum       
     polling interval.  Again this is specified as a power of 2, so     
     <tt/maxpoll 9/ indicates that the polling interval must stay at or 
     below 512 seconds.  The default is 10 (1024 seconds).              
'maxdelay'                                                              
     'chronyd' uses the network round-trip delay to the server to       
     determine how accurate a particular measurement is likely to be.   
     Long round-trip delays indicate that the request, or the response, 
     or both were delayed.  If only one of the messages was delayed the 
     measurement error is likely to be substantial.                     

     For small variations in round trip delay, 'chronyd' uses a
     weighting scheme when processing the measurements.  However, beyond
     a certain level of delay the measurements are likely to be so      
     corrupted as to be useless.  (This is particularly so on dial-up or
     other slow links, where a long delay probably indicates a highly   
     asymmetric delay caused by the response waiting behind a lot of    
     packets related to a download of some sort).                       

     If the user knows that round trip delays above a certain level
     should cause the measurement to be ignored, this level can be 
     defined with the maxdelay command.  For example, <tt/maxdelay 0.3/
     would indicate that measurements with a round-trip delay of 0.3   
     seconds or more should be ignored.                                

'maxdelayratio'
     This option is similar to the maxdelay option above.  'chronyd'
     keeps a record of the minimum round-trip delay amongst the previous
     measurements that it has buffered.  If a measurement has a round   
     trip delay that is greater than the maxdelayratio times the minimum
     delay, it will be rejected.                                        

'maxdelaydevratio'
     If a measurement has ratio of the increase in round-trip delay from
     the minimum delay amongst the previous measurements to the standard
     deviation of the previous measurements that is greater than        
     maxdelaydevratio, it will be rejected.  The default is 10.0.       

'presend'
     If the timing measurements being made by 'chronyd' are the only
     network data passing between two computers, you may find that some
     measurements are badly skewed due to either the client or the     
     server having to do an ARP lookup on the other party prior to     
     transmitting a packet.  This is more of a problem with long       
     sampling intervals, which may be similar in duration to the       
     lifetime of entries in the ARP caches of the machines.            

     In order to avoid this problem, the 'presend' option may be used.
     It takes a single integer argument, which is the smallest polling
     interval for which a pair of packets will be exchanged between the
     client and the server prior to the actual measurement being       
     initiated by the client.  For example, with the following option  
     included in a 'server' directive :                                

          presend 9

     when the polling interval is 512 seconds or more, a UDP echo
     datagram will be sent to the server a short time (currently 4
     seconds) before the NTP client mode datagram.                

'key'
     The NTP protocol supports the inclusion of checksums in the
     packets, to prevent computers having their system time upset by
     rogue packets being sent to them.  The checksums are generated as a
     function of a password, using the cryptographic hash function set  
     in the key file.                                                   

     The association between key numbers and passwords is contained in
     the keys file, defined by the keyfile command.                   

     If the key option is present, 'chronyd' will attempt to use
     authenticated packets when communicating with this server.  The key
     number used will be the single argument to the key option.  The    
     server must have the same password for this key number configured, 
     otherwise no relationship between the computers will be possible.  

'offline'
     If the server will not be reachable when 'chronyd' is started, the
     offline option may be specified.  'chronyd' will not try to poll  
     the server until it is enabled to do so (by using the online option
     of 'chronyc').                                                     

'auto_offline'
     If this option is set, the server will be assumed to have gone
     offline when 2 requests have been sent to it without receiving a
     response.  This option avoids the need to run the 'offline' (*note
     offline command::) command from chrony when disconnecting the     
     dial-up link.  (It will still be necessary to use chronyc's       
     'online' (*note online command::) command when the link has been  
     established, to enable measurements to start.)                    

'iburst'
     On start, make four measurements over a short duration (rather than
     the usual periodic measurements).                                  

'minstratum'
     When the synchronisation source is selected from available sources,
     sources with lower stratum are normally preferred.  This option can
     be used to increase stratum of the source to the specified minimum,
     so 'chronyd' will avoid selecting that source.  This is useful with
     low stratum sources that are known to be unrealiable or inaccurate 
     and which should be used only when other sources are unreachable.  

'polltarget'
     Target number of measurements to use for the regression algorithm
     which 'chronyd' will try to maintain by adjusting polling interval
     between 'minpoll' and 'maxpoll'.  A higher target makes 'chronyd' 
     prefer shorter polling intervals.  The default is 6 and a useful  
     range is 6 to 60.                                                 

'prefer'
     Prefer this source over sources without prefer option.

'noselect'
     Never select this source.  This is particularly useful for
     monitoring.                                               

4.2.53 tempcomp
---------------

Normally, changes in rate of drift of the system clock are caused mainly
by changes in temperature of the crystal oscillator on the mainboard.   

   If there are available temperature measurements from a sensor close
to the oscillator, 'tempcomp' directive can be used to compensate for 
the changes in rate and possibly improve clock accuracy.              

   Whether it will really help depends on many factors, including
resolution of the sensor, noise in measurements, time source polling
interval, compensation update interval, how good are the temperature
coefficients, and how close is the sensor to the oscillator.  The   
frequency reported in tracking.log should be more stable and the offsets
should be smaller.                                                      

   The directive has six parameters: path to the file which contains
current temperature in text format, update interval (in seconds), and
temperature coefficients T0, k0, k1, k2.                             

   The frequency compensation is calculated (in ppm) as

   'k0 + (T - T0) * k1 + (T - T0)^2 * k2'

   The result has to be between -10 ppm and 10 ppm, otherwise the
measurement is considered to be faulty and will be ignored.  The k0
coefficient can be used to get the results in that range.          

   Valid measurements and calculated corrections are logged to
tempcomp.log file if enabled with 'log tempcomp' directive.   

   An example of use is

     tempcomp /sys/class/hwmon/hwmon1/device/temp2_input 30 26000 0.0 0.000183 0.0

   The measured temperature will be read from the file in Linux sysfs
filesystem every 30 seconds.  When the temperature is 26 degress     
(26000), the system clock frequency will not be adjusted.  When it is 27
degrees (27000), the clock will be set to run 0.183ppm faster than it   
would be without the compensation, etc.                                 

4.2.54 user
-----------

The 'user' directive sets the name of the user to which will 'chronyd'
drop root privileges after the initialisation.  So far, it works only on
Linux when compiled with capabilities support.                          

   By default, root privileges are not dropped.

4.3 Running chronyc
===================

Chronyc is the program that can be used to reconfigure options within
the 'chronyd' program whilst it is running.  Chronyc can also be used to
generate status reports about the operation of 'chronyd'.               

4.3.1 Basic use
---------------

The program chronyc is run by entering

     chronyc

   at the command line.  The prompt 'chronyc' is displayed whilst
chronyc is expecting input from the user, when it is being run from a
terminal.  If chronyc's input or output are redirected from/to a file,
the prompt is now shown.                                              

   When you are finished entering commands, the commands 'exit' or
'quit' will terminate the program.  (Entering <Control-D> will also
terminate the program.)                                            

4.3.2 Command line options
--------------------------

Chronyc supports the following command line options.

'-v'
     Displays the version number of chronyc on the terminal, and exists.
'-h <host>'                                                             
     This option allows the user to specify which host running the      
     'chronyd' program is to be contacted.  This allows for remote      
     configuration, without having to telnet or rlogin to the other host
     first.                                                             

     The default is to contact 'chronyd' running on the same host as
     that where chronyc is being run.                               
'-p <port>'                                                         
     This option allows the user to specify the UDP port number which
     the target 'chronyd' is using for its command & monitoring      
     connections.  This defaults to the compiled-in default; there would
     rarely be a need to change this.                                   
'-n'                                                                    
     This option disables resolving IP addresses to hostnames.          
'-4'                                                                    
     With this option hostnames will be resolved only to IPv4 addresses.
'-6'                                                                    
     With this option hostnames will be resolved only to IPv6 addresses.
'-m'                                                                    
     With this option multiple commands can be specified on the command 
     line.  Each argument will be interpreted as a whole command.       
'-f <conf-file>'                                                        
     This option can be used to specify an alternate location of the    
     'chronyd' configuration file (default '/etc/chrony.conf').  The    
     configuration file is needed for the '-a' option.                  
'-a'                                                                    
     With this option 'chronyc' will try to authenticate automatically  
     on start.  It will read the configuration file, read the command   
     key from the keyfile and run the authhash and password commands.   

4.3.3 Security with chronyc
---------------------------

Many of the commands available through chronyc have a fair amount of
power to reconfigure the run-time behaviour of 'chronyd'.  Consequently,
'chronyc' is quite dangerous for the integrity of the target system's   
clock performance.  Having access to 'chronyd' via chronyc is more or   
less equivalent to being able to modify 'chronyd's' configuration file  
(typically '/etc/chrony.conf') and to restart 'chronyd'.                

   Chronyc also provides a number of monitoring (as opposed to
commanding) commands, which will not affect the behaviour of 'chronyd'.
However, you may still want to restrict access to these commands.      

   In view of this, access to some of the capabilities of chronyc will
usually be tightly controlled.  There are two mechanisms supported:   

  1. The set of hosts from which 'chronyd' will accept commands can be
     restricted.  By default, commands will only be accepted from the 
     same host that 'chronyd' is running on.                          
  2. Any command that actually reconfigures some aspect of 'chronyd's'
     behaviour requires the user of chronyc to know a password.  This 
     password is specified in 'chronyd's' keys file (*note keyfile    
     directive::) and specified via the commandkey option in its      
     configuration file (*note commandkey directive::).               

   Only the following commands can be used _without_ providing a
password:                                                       

   * 'activity'
   * 'authhash'
   * 'dns'     
   * 'exit'    
   * 'help'    
   * 'password'
   * 'quit'    
   * 'rtcdata' 
   * 'sources' 
   * 'sourcestats'
   * 'tracking'   
   * 'waitsync'   

   All other commands require a password to have been specified
previously, because they affect 'chronyd's' operation.         

4.3.4 Command reference
-----------------------

This section describes each of the commands available within the chronyc
program.  Chronyc offers the user a simple command-line driven          
interface.                                                              

4.3.4.1 accheck
...............

This command allows you to check whether client NTP access is allowed
from a particular host.                                              

   Examples of use, showing a named host and a numeric IP address, are
as follows:                                                           

     accheck a.b.c
     accheck 1.2.3.4
     accheck 2001:db8::1

   This command can be used to examine the effect of a series of
'allow', 'allow all', 'deny' and 'deny all' commands specified either
via chronyc, or in 'chronyd's' configuration file.                   

4.3.4.2 activity
................

This command reports the number of servers/peers that are online and
offline.  If the auto_offline option is used in specifying some of the
servers/peers, the 'activity' command may be useful for detecting when
all of them have entered the offline state after the PPP link has been
disconnected.                                                         

   The report shows the number of servers/peers in 5 states:
   * 'online' : the server/peer is currently online (i.e.  assumed by
     chronyd to be reachable)                                        
   * 'offline' : the server/peer is currently offline (i.e.  assumed by
     chronyd to be unreachable, and no measurements from it will be    
     attempted.)                                                       
   * 'burst_online' : a burst command has been initiated for the       
     server/peer and is being performed; after the burst is complete,  
     the server/peer will be returned to the online state.             
   * 'burst_offline' : a burst command has been initiated for the      
     server/peer and is being performed; after the burst is complete,  
     the server/peer will be returned to the offline state.            
   * 'unresolved' : the name of the server/peer wasn't resolved to an  
     address yet; this server is not visible in the 'sources' and      
     'sourcestats' reports.                                            

4.3.4.3 add peer
................

The 'add peer' command allows a new NTP peer to be added whilst
'chronyd' is running.                                          

   Following the words 'add peer', the syntax of the following
parameters and options is identical to that for the 'peer' directive in
the configuration file (*note peer directive::).                       

   An example of using this command is shown below.

     add peer foo.bar.com minpoll 6 maxpoll 10 authkey 25

4.3.4.4 add server
..................

The 'add server' command allows a new NTP server to be added whilst
'chronyd' is running.                                              

   Following the words 'add server', the syntax of the following
parameters and options is identical to that for the 'server' directive
in the configuration file (*note server directive::).                 

   An example of using this command is shown below.

     add server foo.bar.com minpoll 6 maxpoll 10 authkey 25

4.3.4.5 allow
.............

The effect of the allow command is identical to the 'allow' directive in
the configuration file (*note allow directive::).                       

   The syntax is illustrated in the following examples:

     allow foo.bar.com
     allow 1.2        
     allow 3.4.5      
     allow 6.7.8/22   
     allow 6.7.8.9/22 
     allow 2001:db8:789a::/48
     allow 0/0               
     allow ::/0              
     allow                   

   The effect of each of these examples is the same as that of the
'allow' directive in the configuration file.                      

4.3.4.6 allow all
.................

The effect of the allow command is identical to the 'allow all'
directive in the configuration file (*note allow directive::). 

4.3.4.7 authhash
................

This command sets the hash function used for authenticating user
commands.  For successful authentication the hash function has to be the
same as the one set for the command key in the keys file on the server. 
It needs to be set before the 'password' command is used.  The default  
hash function is MD5.                                                   

   An example is

     authhash SHA1

   The authhash command is run automatically on start if 'chronyc' was
started with the '-a' option.                                         

4.3.4.8 burst
.............

The 'burst' command tells 'chronyd' to make a set of measurements to
each of its NTP sources over a short duration (rather than the usual
periodic measurements that it makes).  After such a burst, 'chronyd'
will revert to the previous state for each source.  This might be either
online, if the source was being periodically measured in the normal way,
or offline, if the source had been indicated as being offline.          
(Switching a source between the online and offline states is described  
in *note online command::, *note offline command::).                    

   The syntax of the burst command is as follows

     burst <n-good-measurements>/<max-measurements> [<mask>/<masked-address>]
     burst <n-good-measurements>/<max-measurements> [<masked-address>/<masked-bits>]
     burst <n-good-measurements>/<max-measurements> [<address>]                     

   The mask and masked-address arguments are optional, in which case
'chronyd' will initiate a burst for all of its currently defined    
sources.                                                            

   The arguments have the following meaning and format.

'n-good-measurements'
     This defines the number of good measurements that 'chronyd' will
     want to obtain from each source.  A measurement is good if it   
     passes certain tests, for example, the round trip time to the   
     source must be acceptable.  (This allows 'chronyd' to reject    
     measurements that are likely to be bogus.)                      

'max-measurements'
     This defines the maximum number of measurements that 'chronyd' will
     attempt to make, even if the required number of good measurements  
     has not been obtained.                                             

'mask'
     This is an IP address with which the IP address of each of
     'chronyd''s sources is to be masked.                      

'masked-address'
     This is an IP address.  If the masked IP address of a source
     matches this value then the burst command is applied to that
     source.                                                     

'masked-bits'
     This can be used with 'masked-address' for CIDR notation, which is
     a shorter alternative to the form with mask.                      

'address'
     This is an IP address or a hostname.  The burst command is applied
     only to that source.                                              

   If no mask or masked address arguments are provided, every source
will be matched.                                                    

   An example of the two-argument form of the command is

     burst 2/10

   This will cause 'chronyd' to attempt to get two good measurements
from each source, stopping after two have been obtained, but in no event
will it try more than ten probes to the source.                         

   Examples of the four-argument form of the command are

     burst 2/10 255.255.0.0/1.2.0.0
     burst 2/10 2001:db8:789a::/48 

   In the first case, the two out of ten sampling will only be applied
to sources whose IPv4 addresses are of the form '1.2.x.y', where x and y
are arbitrary.  In the second case, the sampling will be applied to     
sources whose IPv6 addresses have first 48 bits equal to                
'2001:db8:789a'.                                                        

   Example of the three-argument form of the command is

     burst 2/10 foo.bar.com

4.3.4.9 clients
...............

This command shows a list of all clients that have accessed the server,
through either the NTP or command/monitoring ports.  There are no      
arguments.                                                             

   An example of the output is

     Hostname                   Client    Peer CmdAuth CmdNorm  CmdBad  LstN  LstC
     =========================  ======  ======  ======  ======  ======  ====  ====
     localhost                       0       0      15       1       0   29y     0
     aardvark.xxx                    4       0       0       0       0    49   29y
     badger.xxx                      4       0       0       0       0     6   29y

   Each row shows the data for a single host.  Only hosts that have
passed the host access checks (set with the 'allow', 'deny', 'cmdallow'
and 'cmddeny' commands or configuration file directives) are logged.   

   The columns are as follows:

  1. The hostname of the client
  2. The number of times the client has accessed the server using an NTP
     client mode packet.                                                
  3. The number of times the client has accessed the server using an NTP
     symmetric active mode packet.                                      
  4. The number of authenticated command packets that have been         
     processed from the client (i.e.  those following a successful      
     'password' command).                                               
  5. The number of unauthenticated command packets that have been       
     processed from the client.                                         
  6. The number of bad command packets received from the client (not all
     forms of bad packet are logged).                                   
  7. Time since the last NTP packet was received                        
  8. Time since the last command packet was received                    

   The last two entries will be shown as the time since 1970 if no
packet of that type has ever been received.                       

4.3.4.10 cmdaccheck
...................

This command is similar to the 'accheck' command, except that it is used
to check whether command access is permitted from a named host.         

   Examples of use are as follows:

     cmdaccheck a.b.c
     cmdaccheck 1.2.3.4
     cmdaccheck 2001:db8::1

4.3.4.11 cmdallow
.................

This is similar to the 'allow' command, except that it is used to allow
particular hosts or subnets to use the chronyc program to interact with
'chronyd' on the current host.                                         

4.3.4.12 cmdallow all
.....................

This is similar to the 'allow all' command, except that it is used
toallow particular hosts or subnets to use the chronyc program to 
interactwith 'chronyd' on the current host.                       

4.3.4.13 cmddeny
................

This is similar to the 'deny' command, except that it is used to allow
particular hosts or subnets to use the chronyc program to interact with
'chronyd' on the current host.                                         

4.3.4.14 cmddeny all
....................

This is similar to the 'deny all' command, except that it is used to
allow particular hosts or subnets to use the chronyc program to interact
with 'chronyd' on the current host.                                     

4.3.4.15 cyclelogs
..................

The 'cyclelogs' command causes all of 'chronyd's' open log files to be
closed and re-opened.  This allows them to be renamed so that they can
be periodically purged.  An example of how to do this is shown below. 

     % mv /var/log/chrony/measurements.log /var/log/chrony/measurements1.log
     % chronyc -a cyclelogs                                                 
     % ls -l /var/log/chrony                                                
     -rw-r--r--   1 root     root            0 Jun  8 18:17 measurements.log
     -rw-r--r--   1 root     root        12345 Jun  8 18:17 measurements1.log
     % rm -f measurements1.log                                               

4.3.4.16 delete
...............

The 'delete' command allows an NTP server or peer to be removed from the
current set of sources.                                                 

   The syntax is illustrated in the examples below.

     delete foo.bar.com
     delete 1.2.3.4    
     delete 2001:db8::1

   There is one parameter, the name or IP address of the server or peer
to be deleted.                                                         

4.3.4.17 deny
.............

The effect of the allow command is identical to the 'deny' directive in
the configuration file (*note deny directive::).                       

   The syntax is illustrated in the following examples:

     deny foo.bar.com
     deny 1.2        
     deny 3.4.5      
     deny 6.7.8/22   
     deny 6.7.8.9/22 
     deny 2001:db8:789a::/48
     deny 0/0               
     deny ::/0              
     deny                   

4.3.4.18 deny all
.................

The effect of the allow command is identical to the 'deny all' directive
in the configuration file (*note deny directive::).                     

4.3.4.19 dns
............

The 'dns' command configures how are hostnames and IP addresses resolved
in 'chronyc'.  IP addresses can be resolved to hostnames when printing  
results of 'sources', 'sourcestats', 'tracking' and 'clients' commands. 
Hostnames are resolved in commands that take an address as argument.    

   There are five forms of the command:

'dns -n'
     Disables resolving IP addresses to hostnames.  Raw IP addresses
     will be displayed.                                             
'dns +n'                                                            
     Enables resolving IP addresses to hostnames.  This is the default
     unless 'chronyc' was started with '-n' option.                   
'dns -4'                                                              
     Resolves hostnames only to IPv4 addresses.                       
'dns -6'                                                              
     Resolves hostnames only to IPv6 addresses.                       
'dns -46'                                                             
     Resolves hostnames to both address families.  This is the default
     unless 'chronyc' was started with '-4' or '-6' option.           

4.3.4.20 dump
.............

The 'dump' command causes 'chronyd' to write its current history of
measurements for each of its sources to dump files, either for     
inspection or to support the '-r' option when 'chronyd' is restarted.

   The 'dump' command is somewhat equivalent to the 'dumponexit'
directive in the chrony configuration file.  *Note dumponexit   
directive::.                                                    

   To use the 'dump', you probably want to configure the name of the
directory into which the dump files will be written.  This can only be
done in the configuration file, see *note dumpdir directive::.        

4.3.4.21 exit
.............

The exit command exits from chronyc and returns the user to the shell
(same as the quit command).                                          

4.3.4.22 help
.............

The help command displays a summary of the commands and their arguments.

4.3.4.23 local
..............

The 'local' command allows 'chronyd' to be told that it is to appear as
a reference source, even if it is not itself properly synchronised to an
external source.  (This can be used on isolated networks, to allow one  
computer to be a master time server with the other computers slaving to 
it.)  The 'local' command is somewhat equivalent to the 'local'         
directive in the configuration file, see *note local directive::.       

   The syntax is as shown in the following examples.

     local stratum 10
     local off       

   The first example enables the local reference mode on the host, and
sets the stratum at which it should claim to be synchronised.         

   The second example disables the local reference mode.

4.3.4.24 makestep
.................

Normally chronyd will cause the system to gradually correct any time
offset, by slowing down or speeding up the clock as required.  In   
certain situations, the system clock may be so far adrift that this 
slewing process would take a very long time to correct the system clock.

   The 'makestep' command can be used in this situation.  It cancels any
remaining correction that was being slewed, and jumps the system clock  
by the equivalent amount, making it correct immediately.                

   BE WARNED - certain software will be seriously affected by such jumps
to the system time.  (That is the reason why chronyd uses slewing       
normally.)                                                              

   The 'makestep' directive in the configuration file can be used to
step the clock automatically when the adjustment is larger than a   
specified threshold, see *note makestep directive::.                

4.3.4.25 manual
...............

The manual command enables and disables use of the 'settime' command
(*note settime command::), and is used to modify the behaviour of the
manual clock driver.                                                 

   Examples of the command are shown below.

     manual on
     manual off
     manual delete 1
     manual list    
     manual reset   

   The 'on' form of the command enables use of the 'settime' command.

   The 'off' form of the command disables use of the 'settime' command.

   The 'list' form of the command lists all the samples currently stored
in 'chronyd'.  The output is illustrated below.                         

     210 n_samples = 1
     #    Date  Time(UTC)    Slewed   Original   Residual
     ====================================================
      0 27Jan99 22:09:20       0.00       0.97       0.00

   The columns as as follows :

  1. The sample index (used for the 'manual delete' command)
  2. The date and time of the sample                        
  3. The system clock error when the timestamp was entered, adjusted to
     allow for changes made to the system clock since.                 
  4. The system clock error when the timestamp was entered, as it      
     originally was (without allowing for changes to the system clock  
     since).                                                           
  5. The regression residual at this point, in seconds.  This allows   
     'outliers' to be easily spotted, so that they can be deleted using
     the 'manual delete' command.                                      

   The 'delete' form of the command deletes a single sample.  The
parameter is the index of the sample, as shown in the first column of
the output from 'manual list'.  Following deletion of the data point,
the current error and drift rate are re-estimated from the remaining 
data points and the system clock trimmed if necessary.  This option is
intended to allow 'outliers' to be discarded, i.e.  samples where the 
administrator realises he/she has entered a very poor timestamp.      

   The 'reset' form of the command deletes all samples at once.  The
system clock is left running as it was before the command was entered.

4.3.4.26 maxdelay
.................

This allows the 'maxdelay' option for one of the sources to be modified,
in the same way as specifying the 'maxdelay' option for the 'server'    
directive in the configuration file (*note server directive::).         

   The following examples illustrate the syntax

     maxdelay foo.bar.com 0.3
     maxdelay 1.2.3.4 0.0015 
     maxdelay 2001:db8::1 0.0015

   The first example sets the maximum network delay allowed for a
measurement to the host 'foo.bar.com' to 0.3 seconds.  The second and
third examples set the maximum network delay for a measurement to the
host with IPv4 address '1.2.3.4' and the host with IPv6 address      
'2001:db8::1' to 1.5 milliseconds.                                   

   (Any measurement whose network delay exceeds the specified value is
discarded.)                                                           

4.3.4.27 maxdelayratio
......................

This allows the 'maxdelayratio' option for one of the sources to be
modified, in the same way as specifying the 'maxdelayratio' option for
the 'server' directive in the configuration file (*note server        
directive::).                                                         

   The following examples illustrate the syntax

     maxdelayratio foo.bar.com 1.5
     maxdelayratio 1.2.3.4 2.0    
     maxdelayratio 2001:db8::1 2.0

   The first example sets the maximum network delay for a measurement to
the host 'foo.bar.com' to be 1.5 times the minimum delay found amongst  
the previous measurements that have been retained.  The second and third
examples set the maximum network delay for a measurement to the host    
with IPv4 address '1.2.3.4' and the host with IPv6 address '2001:db8::1'
to be double the retained minimum.                                      

   As for 'maxdelay', any measurement whose network delay is too large
will be discarded.                                                    

4.3.4.28 maxdelaydevratio
.........................

This allows the 'maxdelaydevratio' option for one of the sources to be
modified, in the same way as specifying the 'maxdelaydevratio' option 
for the 'server' directive in the configuration file (*note server    
directive::).                                                         

   The following examples illustrate the syntax

     maxdelaydevratio foo.bar.com 0.1
     maxdelaydevratio 1.2.3.4 1.0    
     maxdelaydevratio 2001:db8::1 100.0

4.3.4.29 maxpoll
................

The 'maxpoll' command is used to modify the minimum polling interval for
one of the current set of sources.  It is equivalent to the 'maxpoll'   
option in the 'server' directive in the configuration file (*note server
directive::).                                                           

   The syntax is as follows

     maxpoll <host> <new-maxpoll>

   where the host can be specified as either a machine name or IP
address.  The new minimum poll is specified as a base-2 logarithm of the
number of seconds between polls (e.g.  specify 6 for 64 second          
sampling).                                                              

   An example is

     maxpoll foo.bar.com 10

   which sets the maximum polling interval for the host 'foo.bar.com' to
1024 seconds.                                                           

   Note that the new maximum polling interval only takes effect after
the next measurement has been made.                                  

4.3.4.30 maxupdateskew
......................

This command has the same effect as the 'maxupdateskew' directive in the
configuration file, see *note maxupdateskew directive::.                

4.3.4.31 minpoll
................

The 'minpoll' command is used to modify the minimum polling interval for
one of the current set of sources.  It is equivalent to the 'minpoll'   
option in the 'server' directive in the configuration file (*note server
directive::).                                                           

   The syntax is as follows

     minpoll <host> <new-minpoll>

   where the host can be specified as either a machine name or IP
address.  The new minimum poll is specified as a base-2 logarithm of the
number of seconds between polls (e.g.  specify 6 for 64 second          
sampling).                                                              

   An example is

     minpoll foo.bar.com 5

   which sets the minimum polling interval for the host 'foo.bar.com' to
32 seconds.                                                             

   Note that the new minimum polling interval only takes effect after
the next measurement has been made.                                  

4.3.4.32 minstratum
...................

The 'minstratum' command is used to modify the minimum stratum for one
of the current set of sources.  It is equivalent to the 'minstratum'  
option in the 'server' directive in the configuration file (*note server
directive::).                                                           

   The syntax is as follows

     minstratum <host> <new-min-stratum>

   where the host can be specified as either a machine name or IP
address.                                                         

   An example is

     minpoll foo.bar.com 5

   which sets the minimum stratum for the host 'foo.bar.com' to 5.

   Note that the new minimum stratum only takes effect after the next
measurement has been made.                                           

4.3.4.33 offline
................

The 'offline' command is used to warn 'chronyd' that the network
connection to a particular host or hosts is about to be lost.  It should
be used on computers with a dial-up or similar connection to their time 
sources, to warn 'chronyd' that the connection is about to be broken.   

   An example of how to use 'offline' in this case is shown in *note
Advising chronyd of internet availability::.                        

   Another case where 'offline' could be used is where a computer serves
time to a local group of computers, and has a permanant connection to   
true time servers outside the organisation.  However, the external      
connection is heavily loaded at certain times of the day and the        
measurements obtained are less reliable at those times.  In this case,  
it is probably most useful to determine the gain/loss rate during the   
quiet periods and let the whole network coast through the loaded        
periods.  The 'offline' and 'online' commands can be used to achieve    
this.  The situation is shown in the figure below.                      

               +----------+
               |Ext source|
               +----------+
                   |       
                   |       
                   |/| <-- Link with variable
                     |     reliability       
                     |                       
           +-------------------+             
           |Local master server|             
           +-------------------+             
                     |                       
       +---+---+-----+-----+----+----+       
       |   |   |     |     |    |    |       
                Local clients                

   If the source to which 'chronyd' is currently synchronised is
indicated offline in this way, 'chronyd' will continue to treat it as
the synchronisation source.  If the network connection were broken   
without the 'offline' command being used, 'chronyd' would assume that
the source had failed and would attempt to pick another synchronisation
source.                                                                

   There are four forms of the 'offline' command.  The first form is a
wildcard, meaning all sources.  The second form allows an IP address  
mask and a masked address to be specified.  The third form uses the CIDR
notation.  The fourth form uses an IP address or a hostname.  These     
forms are illustrated below.                                            

     offline
     offline 255.255.255.0/1.2.3.0
     offline 2001:db8:789a::/48   
     offline foo.bar.com          

   The second form means that the 'offline' command is to be applied to
any source whose IPv4 address is in the '1.2.3' subnet.  (The host's   
address is logically and-ed with the mask, and if the result matches the
masked-address the host is processed).  The third form means that the   
command is to be applied to all sources whose IPv6 addresses have first 
48 bits equal to '2001:db8:789a'.  The fourth form means that the       
command is to be applied only to that one source.                       

   The wildcard form of the address is actually equivalent to

     offline 0.0.0.0/0.0.0.0
     offline ::/0           

4.3.4.34 online
...............

The 'online' command is opposite in function to the 'offline' command.
It is used to advise 'chronyd' that network connectivity to a particular
source or sources has been restored.                                    

   The syntax is identical to that of the 'offline' command, see *note
offline command::.                                                    

4.3.4.35 password
.................

The password command is used to allow chronyc to send privileged
commands to 'chronyd'.  The password can either be entered on the
command line, or can be entered without echoing.  The syntax for 
entering the password on the command line is as follows          

     password xyzzy
     password ASCII:xyzzy
     password HEX:78797a7a79

   To enter the password without it being echoed, enter

     password

   The computer will respond with a 'Password:' prompt, at which you
should enter the password and press return.  (Note that the no-echo mode
is limited to 8 characters on SunOS 4.1 due to limitations in the system
library.  Other systems do not have this restriction.)                  

   The password can be encoded as a string of characters not containing
a space with optional 'ASCII:' prefix or as a hexadecimal number with  
'HEX:' prefix.  It has to match 'chronyd's' currently defined command  
key (*note commandkey directive::).                                    

   The password command is run automatically on start if 'chronyc' was
started with the '-a' option.                                         

4.3.4.36 polltarget
...................

The 'polltarget' command is used to modify the poll target for one of
the current set of sources.  It is equivalent to the 'polltarget' option
in the 'server' directive in the configuration file (*note server       
directive::).                                                           

   The syntax is as follows

     polltarget <host> <new-poll-target>

   where the host can be specified as either a machine name or IP
address.                                                         

   An example is

     polltarget foo.bar.com 12

   which sets the poll target for the host 'foo.bar.com' to 12.

4.3.4.37 quit
.............

The quit command exits from chronyc and returns the user to the shell
(same as the exit command).                                          

4.3.4.38 reselect
.................

To avoid excessive switching between sources, 'chronyd' may stay
synchronised to a source even when it is not currently the best one
among the available sources.                                       

   The 'reselect' command can be used to force 'chronyd' to reselect the
best synchronisation source.                                            

4.3.4.39 reselectdist
.....................

The 'reselectdist' command sets the reselect distance.  It is equivalent
to the 'reselectdist' directive in the configuration file (*note        
reselectdist directive::).                                              

4.3.4.40 retries
................

The 'retries' command sets the maximum number of retries for 'chronyc'
requests before giving up.  The response timeout is controlled by     
'timeout' command (*note timeout command::).                          

   The default is 2.

4.3.4.41 rtcdata
................

The 'rtcdata' command displays the current real time clock RTC
parameters.                                                   

   An example output is shown below.

     RTC ref time (GMT) : Sat May 30 07:25:56 1998
     Number of samples  : 10                      
     Number of runs     : 5                       
     Sample span period :  549                    
     RTC is fast by     :    -1.632736 seconds    
     RTC gains time at  :  -107.623 ppm           

   The fields have the following meaning

'RTC ref time (GMT)'
     This is the RTC reading the last time its error was measured.
'Number of samples'                                               
     This is the number of previous measurements being used to determine
     the RTC gain/loss rate.                                            
'Number of runs'                                                        
     This is the number of runs of residuals of the same sign following 
     the regression fit for (RTC error) versus (RTC time).  A value     
     which is small indicates that the measurements are not well        
     approximated by a linear model, and that the algorithm will tend to
     delete the older measurements to improve the fit.                  
'Sample span period'                                                    
     This is the period that the measurements span (from the oldest to  
     the newest).  Without a unit the value is in seconds; suffixes 'm' 
     for minutes, 'h' for hours, 'd' for days or 'y' for years may be   
     used.                                                              
'RTC is fast by'                                                        
     This is the estimate of how many seconds fast the RTC when it      
     thought the time was at the reference time (above).  If this value 
     is large, you may (or may not) want to use the 'trimrtc' command to
     bring the RTC into line with the system clock.  (Note, a large     
     error will not affect 'chronyd's' operation, unless it becomes so  
     big as to start causing rounding errors.                           
'RTC gains time at'                                                     
     This is the amount of time gained (positive) or lost (negative) by 
     the real time clock for each second that it ticks.  It is measured 
     in parts per million.  So if the value shown was +1, suppose the   
     RTC was exactly right when it crosses a particular second boundary.
     Then it would be 1 microsecond fast when it crosses its next second
     boundary.                                                          

4.3.4.42 settime
................

The 'settime' command allows the current time to be entered manually, if
this option has been configured into 'chronyd'.  (It may be configured  
either with the 'manual' directive in the configuration file (*note     
manual directive::), or with the 'manual' command of chronyc (*note     
manual command::).                                                      

   It should be noted that the computer's sense of time will only be as
accurate as the reference you use for providing this input (e.g.  your 
watch), as well as how well you can time the press of the return key.  

   Providing your computer's time zone is set up properly, you will be
able to enter a local time (rather than UTC).                         

   The response to a successful 'settime' command indicates the amount
that the computer's clock was wrong.  It should be apparent from this if
you have entered the time wrongly, e.g.  with the wrong time zone.      

   The rate of drift of the system clock is estimated by a regression
process using the entered measurement and all previous measurements  
entered during the present run of 'chronyd'.  However, the entered   
measurement is used for adjusting the current clock offset (rather than
the estimated intercept from the regression, which is ignored).        
Contrast what happens with the 'manual delete' command, where the      
intercept is used to set the current offset (since there is no         
measurement that has just been typed in in that case).                 

   The time is parsed by the public domain 'getdate' algorithm.
Consequently, you can only specify time to the nearest second. 

   Examples of inputs that are valid are shown below.

     settime 16:30
     settime 16:30:05
     settime Nov 21, 1997 16:30:05

   For a full description of 'getdate', get hold of the getdate
documentation (bundled, for example, with the source for GNU tar).

4.3.4.43 sources
................

This command displays information about the current time sources that
'chronyd' is accessing.                                              

   The optional argument '-v' can be specified, meaning _verbose_.  In
this case, extra caption lines are shown as a reminder of the meanings
of the columns.                                                       

     210 Number of sources = 3
     MS Name/IP address         Stratum Poll Reach LastRx Last sample
     ===============================================================================
     #* GPS0                          0   4   377    11   -479ns[ -621ns] +/-  134ns
     ^? a.b.c                         2   6   377    23   -923us[ -924us] +/-   43ms
     ^+ d.e.f                         1   6   377    21  -2629us[-2619us] +/-   86ms

   The columns are as follows:

'M'
     This indicates the mode of the source.  '^' means a server, '='
     means a peer and '#' indicates a locally connected reference clock.

'S'
     This column indicates the state of the sources.  '*' indicates the
     source to which 'chronyd' is currently synchronised.  '+' indicates
     acceptable sources which are combined with the selected source.    
     '-' indicates acceptable sources which are excluded by the         
     combining algorithm.  '?' indicates sources to which connectivity  
     has been lost or whose packets don't pass all tests.  'x' indicates
     a clock which 'chronyd' thinks is is a falseticker (i.e.  its time 
     is inconsistent with a majority of other sources).  '~' indicates a
     source whose time appears to have too much variability.  The '?'   
     condition is also shown at start-up, until at least 3 samples have 
     been gathered from it.                                             

'Name/IP address'
     This shows the name or the IP address of the source, or refid for
     reference clocks.                                                

'Stratum'
     This shows the stratum of the source, as reported in its most
     recently received sample.  Stratum 1 indicates a computer with a
     locally attached reference clock.  A computer that is synchronised
     to a stratum 1 computer is at stratum 2.  A computer that is      
     synchronised to a stratum 2 computer is at stratum 3, and so on.  

'Poll'
     This shows the rate at which the source is being polled, as a
     base-2 logarithm of the interval in seconds.  Thus, a value of 6
     would indicate that a measurement is being made every 64 seconds.

     'chronyd' automatically varies the polling rate in response to
     prevailing conditions.                                        

'Reach'
     This shows the source's reachability register printed as octal
     number.  The register has 8 bits and is updated on every received
     or missed packet from the source.  A value of 377 indicates that a
     valid reply was received for all from the last eight transmissions.

'LastRx'
     This column shows how long ago the last sample was received from
     the source.  This is normally in seconds.  The letters 'm', 'h',
     'd' or 'y' indicate minutes, hours, days or years.  A value of 10
     years indicates there were no samples received from this source  
     yet.                                                             

'Last sample'
     This column shows the offset between the local clock and the source
     at the last measurement.  The number in the square brackets shows  
     the actual measured offset.  This may be suffixed by 'ns'          
     (indicating nanoseconds), 'us' (indicating microseconds), 'ms'     
     (indicating milliseconds), or 's' (indicating seconds).  The number
     to the left of the square brackets shows the original measurement, 
     adjusted to allow for any slews applied to the local clock since.  
     The number following the '+/-' indicator shows the margin of error 
     in the measurement.                                                

     Positive offsets indicate that the local clock is fast of the
     source.                                                      

4.3.4.44 sourcestats
....................

The 'sourcestats' command displays information about the drift rate and
offset estimatation process for each of the sources currently being    
examined by 'chronyd'.                                                 

   The optional argument '-v' can be specified, meaning _verbose_.  In
this case, extra caption lines are shown as a reminder of the meanings
of the columns.                                                       

   An example report is

     210 Number of sources = 1
     Name/IP Address            NP  NR  Span  Frequency  Freq Skew  Offset  Std Dev
     ===============================================================================
     abc.def.ghi                11   5   46m     -0.001      0.045      1us    25us 

   The columns are as follows

'Name/IP Address'
     This is the name or IP address of the NTP server (or peer) or refid
     of the refclock to which the rest of the line relates.             

'NP'
     This is the number of sample points currently being retained for
     the server.  The drift rate and current offset are estimated by 
     performing a linear regression through these points.            

'NR'
     This is the number of runs of residuals having the same sign
     following the last regression.  If this number starts to become too
     small relative to the number of samples, it indicates that a       
     straight line is no longer a good fit to the data.  If the number  
     of runs is too low, 'chronyd' discards older samples and re-runs   
     the regression until the number of runs becomes acceptable.        

'Span'
     This is the interval between the oldest and newest samples.  If no
     unit is shown the value is in seconds.  In the example, the       
     interval is 46 minutes.                                           

'Frequency'
     This is the estimated residual frequency for the server, in parts
     per million.  In this case, the computer's clock is estimated to be
     running 1 part in 10**9 slow relative to the server.               

'Freq Skew'
     This is the estimated error bounds on 'Freq' (again in parts per
     million).                                                       

'Offset'
     This is the estimated offset of the source.

'Std Dev'
     This is the estimated sample standard deviation.

4.3.4.45 timeout
................

The 'timeout' command sets the initial timeout for 'chronyc' requests in
milliseconds.  If no response is received from 'chronyd', the timeout is
doubled and the request is resent.  The maximum number of retries is    
configured with the 'retries' command (*note retries command::).        

   The default is 1000 milliseconds.

4.3.4.46 tracking
.................

The 'tracking' command displays parameters about the system's clock
performance.  An example of the output is shown below.             

     Reference ID    : 1.2.3.4 (a.b.c)
     Stratum         : 3              
     Ref time (UTC)  : Fri Feb  3 15:00:29 2012
     System time     : 0.000001501 seconds slow of NTP time
     Last offset     : -0.000001632 seconds                
     RMS offset      : 0.000002360 seconds                 
     Frequency       : 331.898 ppm fast                    
     Residual freq   : 0.004 ppm                           
     Skew            : 0.154 ppm                           
     Root delay      : 0.373169 seconds                    
     Root dispersion : 0.024780 seconds                    
     Update interval : 64.2 seconds                        
     Leap status     : Normal                              

   The fields are explained as follows.

'Reference ID'
     This is the refid and name (or IP address) if available, of the
     server to which the computer is currently synchronised.  If this is
     '127.127.1.1' it means the computer is not synchronised to any     
     external source and that you have the 'local' mode operating (via  
     the 'local' command in 'chronyc' (*note local command::), or the   
     'local' directive in the '/etc/chrony.conf' file (*note local      
     directive::)).                                                     

'Stratum'
     The stratum indicates how many hops away from a computer with an
     attached reference clock we are.  Such a computer is a stratum-1
     computer, so the computer in the example is two hops away (i.e. 
     'a.b.c' is a stratum-2 and is synchronised from a stratum-1).   

'Ref time'
     This is the time (UTC) at which the last measurement from the
     reference source was processed.                              

'System time'
     In normal operation, 'chronyd' _never_ steps the system clock,
     because any jump in the timescale can have adverse consequences for
     certain application programs.  Instead, any error in the system    
     clock is corrected by slightly speeding up or slowing down the     
     system clock until the error has been removed, and then returning  
     to the system clock's normal speed.  A consequence of this is that 
     there will be a period when the system clock (as read by other     
     programs using the 'gettimeofday()' system call, or by the 'date'  
     command in the shell) will be different from 'chronyd's' estimate  
     of the current true time (which it reports to NTP clients when it  
     is operating in server mode).  The value reported on this line is  
     the difference due to this effect.                                 

     On systems such as Solaris and SunOS, 'chronyd' has no means to
     adjust the fundamental rate of the system clock, so keeps the  
     system time correct by periodically making offsets to it as though
     an error had been measured.  The build up of these offsets will be
     observed in this report.                                          

'Last offset'
     This is the estimated local offset on the last clock update.

'RMS offset'
     This is a long-term average of the offset value.

'Frequency'
     The 'frequency' is the rate by which the system's clock would be
     would be wrong if 'chronyd' was not correcting it.  It is expressed
     in ppm (parts per million).  For example, a value of 1ppm would    
     mean that when the system's clock thinks it has advanced 1 second, 
     it has actually advanced by 1.000001 seconds relative to true time.

     As you can see in the example, the clock in the computer is not a
     very good one - it gains about 30 seconds per day!               

'Residual freq'
     This shows the 'residual frequency' for the currently selected
     reference source.  This reflects any difference between what the
     measurements from the reference source indicate the frequency   
     should be and the frequency currently being used.               

     The reason this is not always zero is that a smoothing procedure is
     applied to the frequency.  Each time a measurement from the        
     reference source is obtained and a new residual frequency computed,
     the estimated accuracy of this residual is compared with the       
     estimated accuracy (see 'skew' next) of the existing frequency     
     value.  A weighted average is computed for the new frequency, with 
     weights depending on these accuracies.  If the measurements from   
     the reference source follow a consistent trend, the residual will  
     be driven to zero over time.                                       

'Skew'
     This is the estimated error bound on the the frequency.

'Root delay'
     This is the total of the network path delays to the stratum-1
     computer from which the computer is ultimately synchronised. 

     In certain extreme situations, this value can be negative.  (This
     can arise in a symmetric peer arrangement where the computers'   
     frequencies are not tracking each other and the network delay is 
     very short relative to the turn-around time at each computer.)   

'Root dispersion'
     This is the total dispersion accumulated through all the computers
     back to the stratum-1 computer from which the computer is         
     ultimately synchronised.  Dispersion is due to system clock       
     resolution, statistical measurement variations etc.               

     An absolute bound on the computer's clock accuracy (assuming the
     stratum-1 computer is correct) is given by                      

          clock_error <= root_dispersion + (0.5 * |root_delay|)

'Update interval'
     This is the interval between the last two clock updates.

'Leap status'
     This is the leap status, which can be 'Normal', 'Insert second',
     'Delete second' or 'Not synchronised'.                          

4.3.4.47 trimrtc
................

The 'trimrtc' command is used to correct the system's real time clock
(RTC) to the main system clock.  It has no effect if the error between
the two clocks is currently estimated at less than a second (the      
resolution of the RTC is only 1 second).                              

   The command takes no arguments.  It performs the following steps (if
the RTC is more than 1 second away from the system clock):             

  1. Remember the currently estimated gain/loss rate of the RTC and
     flush the previous measurements.                              
  2. Step the real time clock to bring it within a second of the system
     clock.                                                            
  3. Make several measurements to accurately determine the new offset  
     between the RTC and the system clock (i.e.  the remaining fraction
     of a second error)                                                
  4. Save the RTC parameters to the RTC file (specified with the       
     'rtcfile' directive in the configuration file (*note rtcfile      
     directive::).                                                     

   The last step is done as a precaution against the computer suffering
a power failure before either the daemon exits or the 'writertc' command
is issued.                                                              

   'chronyd' will still work perfectly well both whilst operating and
across machine reboots even if the 'trimrtc' command is never used (and
the RTC is allowed to drift away from true time).  The 'trimrtc' command
is provided as a method by which it can be corrected, in a manner       
compatible with 'chronyd' using it to maintain accurate time across     
machine reboots.                                                        

4.3.4.48 waitsync
.................

The 'waitsync' command waits for 'chronyd' to synchronise.

   Up to three optional arguments can be specified, the first is the
maximum number of tries in 10 second intervals before giving up and 
returning a non-zero error code.  When 0 is specified, or there are no
arguments, the number of tries will not be limited.                   

   The second and third arguments are the maximum allowed remaining
correction of the system clock and the maximum allowed skew (in ppm) as
reported by the 'tracking' command (*note tracking command::) in the   
'System time' and 'Skew' fields.  If not specified or zero, the value  
will not be checked.                                                   

   An example is

     waitsync 60 0.01

   which will wait up to about 10 minutes for 'chronyd' to synchronise
to a source and the remaining correction to be less than 10           
milliseconds.                                                         

4.3.4.49 writertc
.................

The 'writertc' command writes the currently estimated error and
gain/loss rate parameters for the RTC to the RTC file (specified with
the 'rtcfile' directive (*note rtcfile directive::)).  This information
is also written automatically when 'chronyd' is killed (with SIGHUP,   
SIGINT, SIGQUIT or SIGTERM).                                           

Appendix A Porting guide
************************

This appendix discusses issues that have arisen in writing the
system-specific parts of the existing ports.  This will provide useful
information for those attempting to write ports to other systems.     

A.1 System driver files
=======================

The system specific parts of the software are contained in files with
names like 'sys_linux.c'.                                            

   The following functions are required in a system driver file:

  1. A function to read the current frequency
  2. A function to set the current frequency 
  3. A function to slew the system time by a specified delta
  4. A function to step the system time by a specified delta
  5. A function to work out the error at a particular time between the
     system's clock and 'chronyd's' estimate of real time.  (This is  
     required because some systems have to track real time by making the
     system time follow it in a 'sawtooth' fashion).                    

   The "frequency" is the rate at which the system gains or loses time,
measured relative to the system when running uncompensated.            

A.2 Quirks of particular systems
================================

These sections describe quirks in each system type that needed to be
investigated to port the software to each system type.              

A.2.1 Linux
-----------

The following quirks have been found in developing the Linux port.

  1. In order to avoid floating point arithmetic, the kernel uses
     shifting and adding to approximate a scaling of 100/128.  This
     approximation implies that the frequency set via the 'adjtimex()'
     system call is not the frequency that is actually obtained.  The 
     method of approximation varies between kernel versions and must be
     determined by examining the kernel source.  An inverse factor must
     be included in the driver to compensate.                          
  2. In some kernel versions, an 'adjtimex()' system call with the flags
     bits all zeroed will return the amount of offset still to be       
     corrected.  In others (e.g.  the 2.0 series beyond 2.0.32), the    
     offset must be changed in order to get the old offset returned     
     (similar to 'adjtime()' on other systems).                         

A.2.2 Solaris 2.5
-----------------

The following quirks have been found in developing the Solaris port.

  1. The 'adjtime()' system call with a zero argument does not cancel an
     adjustment that is in progress - it just reports the remaining     
     adjustment.                                                        
  2. The 'settimeofday()' system call only observes the seconds part of 
     the argument - any fractional seconds part is lost.  second.       
  3. The kernel variable 'dosynctodr' has to be set to zero, otherwise  
     the system clock is periodically reset to the real-time clock.     

A.2.3 SunOS 4.1.4
-----------------

The following quirks have been found in developing the SunOS port.

  1. The 'adjtime()' system call truncates its argument to a multiple of
     the system's 'tickadj' variable.  ('chronyd' sets that to 100,     
     giving a 1 part in 100 slewing capability for correcting offsets.) 
  2. The kernel variable 'dosynctodr' has to be set to zero, otherwise  
     the system clock is periodically reset to the real-time clock.     

Appendix B GNU General Public License
*************************************

                      GNU GENERAL PUBLIC LICENSE
                         Version 2, June 1991   

   Copyright (C) 1989, 1991 Free Software Foundation, Inc., 51 Franklin
Street, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to
copy and distribute verbatim copies of this license document, but      
changing it is not allowed.                                            

   Preamble

   The licenses for most software are designed to take away your freedom
to share and change it.  By contrast, the GNU General Public License is 
intended to guarantee your freedom to share and change free software-to 
make sure the software is free for all its users.  This General Public  
License applies to most of the Free Software Foundation's software and  
to any other program whose authors commit to using it.  (Some other Free
Software Foundation software is covered by the GNU Lesser General Public
License instead.)  You can apply it to your programs, too.              

   When we speak of free software, we are referring to freedom, not
price.  Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it if
you want it, that you can change the software or use pieces of it in new
free programs; and that you know you can do these things.               

   To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.                

   For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have.  You must make sure that they, too, receive or can get the 
source code.  And you must show them these terms so they know their  
rights.                                                              

   We protect your rights with two steps: (1) copyright the software,
and (2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.                                  

   Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free      
software.  If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so 
that any problems introduced by others will not reflect on the original 
authors' reputations.                                                   

   Finally, any free program is threatened constantly by software
patents.  We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary.  To prevent this, we have made it clear that any 
patent must be licensed for everyone's free use or not licensed at all.

   The precise terms and conditions for copying, distribution and
modification follow.                                             

   GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING,
DISTRIBUTION AND MODIFICATION                                  

   0.  This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed   
under the terms of this General Public License.  The "Program", below, 
refers to any such program or work, and a "work based on the Program"  
means either the Program or any derivative work under copyright law:   
that is to say, a work containing the Program or a portion of it, either
verbatim or with modifications and/or translated into another language. 
(Hereinafter, translation is included without limitation in the term    
"modification".)  Each licensee is addressed as "you".                  

   Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope.  The act of running
the Program is not restricted, and the output from the Program is       
covered only if its contents constitute a work based on the Program     
(independent of having been made by running the Program).  Whether that 
is true depends on what the Program does.                               

   1.  You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you    
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the notices
that refer to this License and to the absence of any warranty; and give 
any other recipients of the Program a copy of this License along with   
the Program.                                                            

   You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee. 

   2.  You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and distribute
such modifications or work under the terms of Section 1 above, provided 
that you also meet all of these conditions:                             

   a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.    

   b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any part 
thereof, to be licensed as a whole at no charge to all third parties 
under the terms of this License.                                     

   c) If the modified program normally reads commands interactively when
run, you must cause it, when started running for such interactive use in
the most ordinary way, to print or display an announcement including an 
appropriate copyright notice and a notice that there is no warranty (or 
else, saying that you provide a warranty) and that users may            
redistribute the program under these conditions, and telling the user   
how to view a copy of this License.  (Exception: if the Program itself  
is interactive but does not normally print such an announcement, your   
work based on the Program is not required to print an announcement.)    

   These requirements apply to the modified work as a whole.  If
identifiable sections of that work are not derived from the Program, and
can be reasonably considered independent and separate works in          
themselves, then this License, and its terms, do not apply to those     
sections when you distribute them as separate works.  But when you      
distribute the same sections as part of a whole which is a work based on
the Program, the distribution of the whole must be on the terms of this 
License, whose permissions for other licensees extend to the entire     
whole, and thus to each and every part regardless of who wrote it.      

   Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to   
exercise the right to control the distribution of derivative or         
collective works based on the Program.                                  

   In addition, mere aggregation of another work not based on the
Program with the Program (or with a work based on the Program) on a
volume of a storage or distribution medium does not bring the other work
under the scope of this License.                                        

   3.  You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of 
Sections 1 and 2 above provided that you also do one of the following:

   a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections 1 and
2 above on a medium customarily used for software interchange; or,      

   b) Accompany it with a written offer, valid for at least three years,
to give any third party, for a charge no more than your cost of         
physically performing source distribution, a complete machine-readable  
copy of the corresponding source code, to be distributed under the terms
of Sections 1 and 2 above on a medium customarily used for software     
interchange; or,                                                        

   c) Accompany it with the information you received as to the offer to
distribute corresponding source code.  (This alternative is allowed only
for noncommercial distribution and only if you received the program in  
object code or executable form with such an offer, in accord with       
Subsection b above.)                                                    

   The source code for a work means the preferred form of the work for
making modifications to it.  For an executable work, complete source  
code means all the source code for all modules it contains, plus any  
associated interface definition files, plus the scripts used to control
compilation and installation of the executable.  However, as a special 
exception, the source code distributed need not include anything that is
normally distributed (in either source or binary form) with the major   
components (compiler, kernel, and so on) of the operating system on     
which the executable runs, unless that component itself accompanies the 
executable.                                                             

   If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent access
to copy the source code from the same place counts as distribution of  
the source code, even though third parties are not compelled to copy the
source along with the object code.                                      

   4.  You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License.  Any attempt otherwise
to copy, modify, sublicense or distribute the Program is void, and will
automatically terminate your rights under this License.  However,      
parties who have received copies, or rights, from you under this License
will not have their licenses terminated so long as such parties remain  
in full compliance.                                                     

   5.  You are not required to accept this License, since you have not
signed it.  However, nothing else grants you permission to modify or  
distribute the Program or its derivative works.  These actions are    
prohibited by law if you do not accept this License.  Therefore, by   
modifying or distributing the Program (or any work based on the       
Program), you indicate your acceptance of this License to do so, and all
its terms and conditions for copying, distributing or modifying the     
Program or works based on it.                                           

   6.  Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the      
original licensor to copy, distribute or modify the Program subject to 
these terms and conditions.  You may not impose any further restrictions
on the recipients' exercise of the rights granted herein.  You are not  
responsible for enforcing compliance by third parties to this License.  

   7.  If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),   
conditions are imposed on you (whether by court order, agreement or    
otherwise) that contradict the conditions of this License, they do not 
excuse you from the conditions of this License.  If you cannot         
distribute so as to satisfy simultaneously your obligations under this 
License and any other pertinent obligations, then as a consequence you 
may not distribute the Program at all.  For example, if a patent license
would not permit royalty-free redistribution of the Program by all those
who receive copies directly or indirectly through you, then the only way
you could satisfy both it and this License would be to refrain entirely 
from distribution of the Program.                                       

   If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to  
apply and the section as a whole is intended to apply in other          
circumstances.                                                          

   It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any  
such claims; this section has the sole purpose of protecting the      
integrity of the free software distribution system, which is implemented
by public license practices.  Many people have made generous            
contributions to the wide range of software distributed through that    
system in reliance on consistent application of that system; it is up to
the author/donor to decide if he or she is willing to distribute        
software through any other system and a licensee cannot impose that     
choice.                                                                 

   This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.                           

   8.  If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License may
add an explicit geographical distribution limitation excluding those   
countries, so that distribution is permitted only in or among countries
not thus excluded.  In such case, this License incorporates the        
limitation as if written in the body of this License.                  

   9.  The Free Software Foundation may publish revised and/or new
versions of the General Public License from time to time.  Such new
versions will be similar in spirit to the present version, but may 
differ in detail to address new problems or concerns.              

   Each version is given a distinguishing version number.  If the
Program specifies a version number of this License which applies to it
and "any later version", you have the option of following the terms and
conditions either of that version or of any later version published by 
the Free Software Foundation.  If the Program does not specify a version
number of this License, you may choose any version ever published by the
Free Software Foundation.                                               

   10.  If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the     
author to ask for permission.  For software which is copyrighted by the
Free Software Foundation, write to the Free Software Foundation; we    
sometimes make exceptions for this.  Our decision will be guided by the
two goals of preserving the free status of all derivatives of our free 
software and of promoting the sharing and reuse of software generally. 

   NO WARRANTY

   11.  BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO
WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND,
EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE
ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH   
YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL    
NECESSARY SERVICING, REPAIR OR CORRECTION.                             

   12.  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY 
AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR
DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL    
DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM          
(INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED       
INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF  
THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR 
OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.        

   END OF TERMS AND CONDITIONS

   How to Apply These Terms to Your New Programs

   If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these  
terms.                                                                

   To do so, attach the following notices to the program.  It is safest
to attach them to the start of each source file to most effectively    
convey the exclusion of warranty; and each file should have at least the
"copyright" line and a pointer to where the full notice is found.       

   <one line to give the program's name and a brief idea of what it
does.> Copyright (C) <year> <name of author>                       

   This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by the
Free Software Foundation; either version 2 of the License, or (at your  
option) any later version.                                              

   This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of            
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
Public License for more details.                                        

   You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software Foundation,
Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.      

   Also add information on how to contact you by electronic and paper
mail.                                                                

   If the program is interactive, make it output a short notice like
this when it starts in an interactive mode:                         

   Gnomovision version 69, Copyright (C) year name of author Gnomovision
comes with ABSOLUTELY NO WARRANTY; for details type 'show w'.  This is  
free software, and you are welcome to redistribute it under certain     
conditions; type 'show c' for details.                                  

   The hypothetical commands 'show w' and 'show c' should show the
appropriate parts of the General Public License.  Of course, the  
commands you use may be called something other than 'show w' and 'show
c'; they could even be mouse-clicks or menu items-whatever suits your 
program.                                                              

   You should also get your employer (if you work as a programmer) or
your school, if any, to sign a "copyright disclaimer" for the program,
if necessary.  Here is a sample; alter the names:                     

   Yoyodyne, Inc., hereby disclaims all copyright interest in the
program 'Gnomovision' (which makes passes at compilers) written by James
Hacker.                                                                 

   <signature of Ty Coon>, 1 April 1989 Ty Coon, President of Vice

   This General Public License does not permit incorporating your
program into proprietary programs.  If your program is a subroutine
library, you may consider it more useful to permit linking proprietary
applications with the library.  If this is what you want to do, use the
GNU Lesser General Public License instead of this License.             

1 Introduction
  1.1 Overview
  1.2 Acknowledgements
  1.3 Availability    
    1.3.1 Getting the software
    1.3.2 Platforms           
  1.4 Relationship to other software packages
    1.4.1 ntpd                               
    1.4.2 timed                              
  1.5 Distribution rights and (lack of) warranty
  1.6 Bug reporting and suggestions             
  1.7 Contributions                             
2 Installation                                  
  2.1 Support for line editing libraries        
  2.2 Extra options for package builders        
3 Typical operating scenarios                   
  3.1 Computers connected to the internet       
  3.2 Infrequent connection to true NTP servers 
    3.2.1 Setting up the configuration file for infrequent connections
    3.2.2 How to tell chronyd when the internet link is available.    
  3.3 Isolated networks                                               
  3.4 The home PC with a dial-up connection                           
    3.4.1 Assumptions/how the software works                          
    3.4.2 Typical configuration files.                                
  3.5 Other important configuration options                           
4 Usage reference                                                     
  4.1 Starting chronyd                                                
  4.2 The chronyd configuration file                                  
    4.2.1 Comments in the configuration file                          
    4.2.2 acquisitionport                                             
    4.2.3 allow                                                       
    4.2.4 bindaddress                                                 
    4.2.5 bindcmdaddress                                              
    4.2.6 broadcast                                                   
    4.2.7 cmdallow                                                    
    4.2.8 cmddeny                                                     
    4.2.9 combinelimit                                                
    4.2.10 commandkey                                                 
    4.2.11 cmdport                                                    
    4.2.12 corrtimeratio                                              
    4.2.13 deny                                                       
    4.2.14 driftfile                                                  
    4.2.15 dumpdir                                                    
    4.2.16 dumponexit                                                 
    4.2.17 fallbackdrift                                              
    4.2.18 generatecommandkey                                         
    4.2.19 include                                                    
    4.2.20 initstepslew                                               
    4.2.21 keyfile                                                    
    4.2.22 leapsectz                                                  
    4.2.23 local                                                      
    4.2.24 linux_hz                                                   
    4.2.25 linux_freq_scale                                           
    4.2.26 log                                                        
      4.2.26.1 Measurements log file format                           
      4.2.26.2 Statistics log file format                             
      4.2.26.3 Tracking log file format                               
      4.2.26.4 Real-time clock log file format                        
      4.2.26.5 Refclocks log file format                              
      4.2.26.6 Tempcomp log file format                               
    4.2.27 logbanner                                                  
    4.2.28 logchange                                                  
    4.2.29 logdir                                                     
    4.2.30 mailonchange                                               
    4.2.31 makestep                                                   
    4.2.32 maxchange                                                  
    4.2.33 manual                                                     
    4.2.34 maxclockerror                                              
    4.2.35 maxsamples                                                 
    4.2.36 maxupdateskew                                              
    4.2.37 minsamples                                                 
    4.2.38 noclientlog                                                
    4.2.39 clientloglimit                                             
    4.2.40 peer                                                       
    4.2.41 pidfile                                                    
    4.2.42 port                                                       
    4.2.43 refclock                                                   
    4.2.44 reselectdist                                               
    4.2.45 rtcdevice                                                  
    4.2.46 rtcfile                                                    
    4.2.47 rtconutc                                                   
    4.2.48 rtcsync                                                    
    4.2.49 sched_priority                                             
    4.2.50 stratumweight                                              
    4.2.51 lock_all                                                   
    4.2.52 server                                                     
    4.2.53 tempcomp                                                   
    4.2.54 user                                                       
  4.3 Running chronyc                                                 
    4.3.1 Basic use                                                   
    4.3.2 Command line options                                        
    4.3.3 Security with chronyc                                       
    4.3.4 Command reference                                           
      4.3.4.1 accheck                                                 
      4.3.4.2 activity                                                
      4.3.4.3 add peer                                                
      4.3.4.4 add server                                              
      4.3.4.5 allow                                                   
      4.3.4.6 allow all                                               
      4.3.4.7 authhash                                                
      4.3.4.8 burst                                                   
      4.3.4.9 clients                                                 
      4.3.4.10 cmdaccheck                                             
      4.3.4.11 cmdallow                                               
      4.3.4.12 cmdallow all                                           
      4.3.4.13 cmddeny                                                
      4.3.4.14 cmddeny all                                            
      4.3.4.15 cyclelogs                                              
      4.3.4.16 delete                                                 
      4.3.4.17 deny                                                   
      4.3.4.18 deny all                                               
      4.3.4.19 dns                                                    
      4.3.4.20 dump
      4.3.4.21 exit
      4.3.4.22 help
      4.3.4.23 local
      4.3.4.24 makestep
      4.3.4.25 manual
      4.3.4.26 maxdelay
      4.3.4.27 maxdelayratio
      4.3.4.28 maxdelaydevratio
      4.3.4.29 maxpoll
      4.3.4.30 maxupdateskew
      4.3.4.31 minpoll
      4.3.4.32 minstratum
      4.3.4.33 offline
      4.3.4.34 online
      4.3.4.35 password
      4.3.4.36 polltarget
      4.3.4.37 quit
      4.3.4.38 reselect
      4.3.4.39 reselectdist
      4.3.4.40 retries
      4.3.4.41 rtcdata
      4.3.4.42 settime
      4.3.4.43 sources
      4.3.4.44 sourcestats
      4.3.4.45 timeout
      4.3.4.46 tracking
      4.3.4.47 trimrtc
      4.3.4.48 waitsync
      4.3.4.49 writertc
Appendix A Porting guide
  A.1 System driver files
  A.2 Quirks of particular systems
    A.2.1 Linux
    A.2.2 Solaris 2.5
    A.2.3 SunOS 4.1.4
Appendix B GNU General Public License

chrony.conf.example

Ein Musterbeispiel zur Konfiguration von chrony finden sich in der Datei chrony.conf.example im Verzeichnis /usr/share/doc/chrony-*/.

 # less /usr/share/doc/chrony-*/chrony.conf.example
#######################################################################
#                                                                      
# This is an example chrony configuration file.  You should copy it to 
# /etc/chrony.conf after uncommenting and editing the options that you 
# want to enable.  The more obscure options are not included.  Refer   
# to the documentation for these.                                      
#                                                                      
# Copyright 2002 Richard P. Curnow                                     
#                                                                      
# This program is free software; you can redistribute it and/or modify 
# it under the terms of version 2 of the GNU General Public License as 
# published by the Free Software Foundation.                           
#                                                                      
# This program is distributed in the hope that it will be useful, but  
# WITHOUT ANY WARRANTY; without even the implied warranty of           
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU    
# General Public License for more details.                             
#                                                                      
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.          
#                                                                        
#                                                                        
#######################################################################  
### COMMENTS                                                             
# Any of the following lines are comments (you have a choice of          
# comment start character):                                              
# a comment                                                              
% a comment                                                              
! a comment                                                              
; a comment                                                              
#                                                                        
# Below, the '!' form is used for lines that you might want to           
# uncomment and edit to make your own chrony.conf file.                  
#                                                                        
#######################################################################  
#######################################################################  
### SPECIFY YOUR NTP SERVERS                                             
# Most computers using chrony will send measurement requests to one or   
# more 'NTP servers'.  You will probably find that your Internet Service 
# Provider or company have one or more NTP servers that you can specify. 
# Failing that, there are a lot of public NTP servers.  There is a list  
# you can access at http://support.ntp.org/bin/view/Servers/WebHome or   
# you can use servers from the pool.ntp.org project.                     

! server 0.pool.ntp.org iburst
! server 1.pool.ntp.org iburst
! server 2.pool.ntp.org iburst
                              
# However, for dial-up use you probably want these instead.  The word
# 'offline' means that the server is not visible at boot time.  Use  
# chronyc's 'online' command to tell chronyd that these servers have 
# become visible after you go on-line.                               

! server 0.pool.ntp.org offline
! server 1.pool.ntp.org offline
! server 2.pool.ntp.org offline

# You may want to specify NTP 'peers' instead.  If you run a network
# with a lot of computers and want several computers running chrony to
# have the 'front-line' interface to the public NTP servers, you can  
# 'peer' these machines together to increase robustness.              

! peer ntp0.my-company.com

# There are other options to the 'server' and 'peer' directives that you
# might want to use.  For example, you can ignore measurements whose    
# round-trip-time is too large (indicating that the measurement is      
# probably useless, because you don't know which way the measurement    
# message got held up.)  Consult the full documentation for details.    

#######################################################################
### AVOIDING POTENTIALLY BOGUS CHANGES TO YOUR CLOCK                   
#                                                                      
# To avoid changes being made to your computer's gain/loss compensation
# when the measurement history is too erratic, you might want to enable
# one of the following lines.  The first seems good for dial-up (or    
# other high-latency connections like slow leased lines), the second   
# seems OK for a LAN environment.                                      

! maxupdateskew 100
! maxupdateskew 5  

#######################################################################
### FILENAMES ETC                                                      
# Chrony likes to keep information about your computer's clock in files.
# The 'driftfile' stores the computer's clock gain/loss rate in parts   
# per million.  When chronyd starts, the system clock can be tuned      
# immediately so that it doesn't gain or lose any more time.  You       
# generally want this, so it is uncommented.                            

driftfile /var/lib/chrony/drift

# If you want to use the program called chronyc to configure aspects of
# chronyd's operation once it is running (e.g. tell it the Internet link
# has gone up or down), you need a password.  This is stored in the     
# following keys file.  (You also need keys to support authenticated NTP
# exchanges between cooperating machines.)  Again, this option is       
# assumed by default.                                                   

keyfile /etc/chrony.keys

# Tell chronyd which numbered key in the file is used as the password
# for chronyc. (You can pick any integer up to 2**32-1.  '1' is just a
# default.  Using another value will _NOT_ increase security.)        

commandkey 1

# chronyd can save the measurement history for the servers to files when
# it it exits.  This is useful in 2 situations:                         
#                                                                       
# 1. On Linux, if you stop chronyd and restart it with '-r' (e.g. after 
# an upgrade), the old measurements will still be relevant when chronyd 
# is restarted.  This will reduce the time needed to get accurate       
# gain/loss measurements, especially with a dial-up link.               
#                                                                       
# 2. Again on Linux, if you use the RTC support and start chronyd with  
# '-r -s' on bootup, measurements from the last boot will still be      
# useful (the real time clock is used to 'flywheel' chronyd between     
# boots).                                                               
#                                                                       
# Enable these two options to use this.                                 

! dumponexit
! dumpdir /var/lib/chrony

# chronyd writes its process ID to a file.  If you try to start a second
# copy of chronyd, it will detect that the process named in the file is 
# still running and bail out.  If you want to change the path to the PID
# file, uncomment this line and edit it.  The default path is shown.    

! pidfile /var/run/chronyd.pid

#######################################################################
### INITIAL CLOCK CORRECTION                                           
# This option is useful to quickly correct the clock on start if it's  
# off by a large amount.  The value '10' means that if the error is less
# than 10 seconds, it will be gradually removed by speeding up or       
# slowing down your computer's clock until it is correct.  If the error 
# is above 10 seconds, an immediate time jump will be applied to correct
# it.  The value '1' means the step is allowed only on the first update 
# of the clock.  Some software can get upset if the system clock jumps  
# (especially backwards), so be careful!                                

! makestep 10 1

#######################################################################
### LOGGING                                                            
# If you want to log information about the time measurements chronyd has
# gathered, you might want to enable the following lines.  You probably 
# only need this if you really enjoy looking at the logs, you want to   
# produce some graphs of your system's timekeeping performance, or you  
# need help in debugging a problem.                                     

! logdir /var/log/chrony
! log measurements statistics tracking

# If you have real time clock support enabled (see below), you might want
# this line instead:                                                     

! log measurements statistics tracking rtc

#######################################################################
### ACTING AS AN NTP SERVER                                            
# You might want the computer to be an NTP server for other computers. 
# e.g.  you might be running chronyd on a dial-up machine that has a LAN
# sitting behind it with several 'satellite' computers on it.           
#                                                                       
# By default, chronyd does not allow any clients to access it.  You need
# to explicitly enable access using 'allow' and 'deny' directives.      
#                                                                       
# e.g. to enable client access from the 192.168.*.* class B subnet,     

! allow 192.168/16

# .. but disallow the 192.168.100.* subnet of that,

! deny 192.168.100/24

# You can have as many allow and deny directives as you need.  The order
# is unimportant.                                                       

# If you want chronyd to act as an NTP broadcast server, enable and edit
# (and maybe copy) the following line.  This means that a broadcast     
# packet is sent to the address 192.168.1.255 every 60 seconds.  The    
# address MUST correspond to the broadcast address of one of the network
# interfaces on your machine.  If you have multiple network interfaces, 
# add a broadcast line for each.                                        

! broadcast 60 192.168.1.255

# If you want to present your computer's time for others to synchronise
# with, even if you don't seem to be synchronised to any NTP servers   
# yourself, enable the following line.  The value 10 may be varied     
# between 1 and 15.  You should avoid small values because you will look
# like a real NTP server.  The value 10 means that you appear to be 10  
# NTP 'hops' away from an authoritative source (atomic clock, GPS       
# receiver, radio clock etc).                                           

! local stratum 10

# Normally, chronyd will keep track of how many times each client
# machine accesses it.  The information can be accessed by the 'clients'
# command of chronyc.  You can disable this facility by uncommenting the
# following line.  This will save a bit of memory if you have many      
# clients.                                                              

! noclientlog

# The clientlog size is limited to 512KB by default.  If you have many
# clients, especially in many different subnets, you might want to    
# increase the limit.                                                 

! clientloglimit 4194304

#######################################################################
### REPORTING BIG CLOCK CHANGES                                        
# Perhaps you want to know if chronyd suddenly detects any large error 
# in your computer's clock.  This might indicate a fault or a problem  
# with the server(s) you are using, for example.                       
#                                                                      
# The next option causes a message to be written to syslog when chronyd
# has to correct an error above 0.5 seconds (you can use any amount you
# like).                                                               

! logchange 0.5

# The next option will send email to the named person when chronyd has
# to correct an error above 0.5 seconds.  (If you need to send mail to
# several people, you need to set up a mailing list or sendmail alias 
# for them and use the address of that.)                              

! mailonchange wibble@foobar.org 0.5

#######################################################################
### COMMAND ACCESS                                                     
# The program chronyc is used to show the current operation of chronyd 
# and to change parts of its configuration whilst it is running.       

# Normally, chronyd will only allow connections from chronyc on the same
# machine as itself.  This is for security.  If you have a subnet       
# 192.168.*.* and you want to be able to use chronyc from any machine on
# it, you could uncomment the following line.  (Edit this to your own   
# situation.)                                                           

! cmdallow 192.168/16

# You can add as many 'cmdallow' and 'cmddeny' lines as you like.  The
# syntax and meaning is the same as for 'allow' and 'deny', except that
# 'cmdallow' and 'cmddeny' control access to the chronyd's command port.

# NOTE, even if the host where you run chronyc is granted access, you
# still need a command key set up and you have to know the password to
# put into chronyc to allow you to modify chronyd's parameters.  By   
# default all you can do is view information about chronyd's operation.

#######################################################################
### REAL TIME CLOCK                                                    
# chronyd can characterise the system's real-time clock.  This is the  
# clock that keeps running when the power is turned off, so that the   
# machine knows the approximate time when it boots again.  The error at
# a particular epoch and gain/loss rate can be written to a file and   
# used later by chronyd when it is started with the '-s' option.       
#                                                                      
# You need to have 'enhanced RTC support' compiled into your Linux     
# kernel.  (Note, these options apply only to Linux.)                  

! rtcfile /var/lib/chrony/rtc

# Your RTC can be set to keep Universal Coordinated Time (UTC) or local
# time.  (Local time means UTC +/- the effect of your timezone.)  If you
# use UTC, chronyd will function correctly even if the computer is off
# at the epoch when you enter or leave summer time (aka daylight saving
# time).  However, if you dual boot your system with Microsoft Windows,
# that will work better if your RTC maintains local time.  You take your
# pick!

! rtconutc

# By default chronyd assumes that the enhanced RTC device is accessed as
# /dev/rtc.  If it's accessed somewhere else on your system (e.g. you're
# using devfs), uncomment and edit the following line.

! rtcdevice /dev/misc/rtc

#######################################################################
### REAL TIME SCHEDULER
# This directive tells chronyd to use the real-time FIFO scheduler with the
# specified priority (which must be between 0 and 100).  This should result
# in reduced latency.  You don't need it unless you really have a requirement
# for extreme clock stability.  Works only on Linux.  Note that the "-P"
# command-line switch will override this.

! sched_priority 1

#######################################################################
### LOCKING CHRONYD INTO RAM
# This directive tells chronyd to use the mlockall() syscall to lock itself
# into RAM so that it will never be paged out.  This should result in reduced
# latency.  You don't need it unless you really have a requirement
# for extreme clock stability.  Works only on Linux.  Note that the "-m"
# command-line switch will also enable this feature.

! lock_all

Konfiguration

Client

Daemon

Im ersten Konfigurationsbeispiel widmen wir uns einem CentOS 7 Client, der von einem bekannten NTP-Server die Uhrzeit holen und auch synchron halten soll. Ob ein eigener Zeitserver im eigenen Netzwerk oder ein öffentlicher NTP-Server genutzt werden soll, ist konfigurationstechnisch egal, unterschieden sich beide System i.d.R. nur im Namen oder der zugehörigen IP-Adresse.

Die Konfiguration unseres Chrony-Daemon, oder genauer gesagt eines NTP-Clients mit Hilfe von chrony, erfolgt über die Datei /etc/chrony.conf. Mit dem Editor unserer Wahl bearbeiten wir nun diese Datei.

 # vim /etc/chrony.conf
/etc/chrony.conf
#########################################################################
##
# SPECIFY YOUR NTP SERVERS
 
# Most computers using chrony will send measurement requests to one or
# more 'NTP servers'.  You will probably find that your Internet Service
# Provider or company have one or more NTP servers that you can specify.
# Failing that, there are a lot of public NTP servers.  There is a list
# you can access at http://support.ntp.org/bin/view/Servers/WebHome or
# you can use servers from the pool.ntp.org project.
 
# server 0.pool.ntp.org iburst
# server 1.pool.ntp.org iburst
# server 2.pool.ntp.org iburst
 
# However, for dial-up use you probably want these instead.  The word
# 'offline' means that the server is not visible at boot time.  Use
# chronyc's 'online' command to tell chronyd that these servers have
# become visible after you go on-line.
 
# server 0.pool.ntp.org offline
# server 1.pool.ntp.org offline
# server 2.pool.ntp.org offline
 
# These servers were defined in the installation:
server time.dmz.nausch.org iburst
 
 
#########################################################################
##
# AVOIDING POTENTIALLY BOGUS CHANGES TO YOUR CLOCK
 
# To avoid changes being made to your computer's gain/loss compensation
# when the measurement history is too erratic, you might want to enable
# one of the following lines.  The first seems good for dial-up (or
# other high-latency connections like slow leased lines), the second
# seems OK for a LAN environment.
 
# maxupdateskew 100
# maxupdateskew 5
 
 
#########################################################################
##
# FILENAMES ETC
 
# Chrony likes to keep information about your computer's clock in files.
# The 'driftfile' stores the computer's clock gain/loss rate in parts
# per million.  When chronyd starts, the system clock can be tuned
# immediately so that it doesn't gain or lose any more time.  You
# generally want this, so it is uncommented.
 
driftfile /var/lib/chrony/drift
 
# If you want to use the program called chronyc to configure aspects of
# chronyd's operation once it is running (e.g. tell it the Internet link
# has gone up or down), you need a password.  This is stored in the
# following keys file.  (You also need keys to support authenticated NTP
# exchanges between cooperating machines.)  Again, this option is
# assumed by default.
 
keyfile /etc/chrony.keys
 
# Tell chronyd which numbered key in the file is used as the password
# for chronyc. (You can pick any integer up to 2**32-1.  '1' is just a
# default.  Using another value will _NOT_ increase security.)
 
commandkey 1
 
# Generate command key if missing.
generatecommandkey
 
# chronyd can save the measurement history for the servers to files when
# it it exits.  This is useful in 2 situations:
#
# 1. On Linux, if you stop chronyd and restart it with '-r' (e.g. after
# an upgrade), the old measurements will still be relevant when chronyd
# is restarted.  This will reduce the time needed to get accurate
# gain/loss measurements, especially with a dial-up link.
#
# 2. Again on Linux, if you use the RTC support and start chronyd with
# '-r -s' on bootup, measurements from the last boot will still be
# useful (the real time clock is used to 'flywheel' chronyd between
# boots).
#
# Enable these two options to use this.
 
# dumponexit
# dumpdir /var/lib/chrony
 
# chronyd writes its process ID to a file.  If you try to start a second
# copy of chronyd, it will detect that the process named in the file is
# still running and bail out.  If you want to change the path to the PID
# file, uncomment this line and edit it.  The default path is shown.
 
# pidfile /var/run/chronyd.pid
 
 
#########################################################################
##
# INITIAL CLOCK CORRECTION
# This option is useful to quickly correct the clock on start if it's
# off by a large amount.  The value '10' means that if the error is less
# than 10 seconds, it will be gradually removed by speeding up or
# slowing down your computer's clock until it is correct.  If the error
# is above 10 seconds, an immediate time jump will be applied to correct
# it.  The value '1' means the step is allowed only on the first update
# of the clock.  Some software can get upset if the system clock jumps
# (especially backwards), so be careful!
 
makestep 10 3
 
 
#########################################################################
##
# LOGGING
 
# If you want to log information about the time measurements chronyd has
# gathered, you might want to enable the following lines.  You probably
# only need this if you really enjoy looking at the logs, you want to
# produce some graphs of your system's timekeeping performance, or you
# need help in debugging a problem.
 
# logdir /var/log/chrony
# log measurements statistics tracking
 
# If you have real time clock support enabled, you might want this line
# this instead:
 
# log measurements statistics tracking rtc
 
 
#########################################################################
##
# REPORTING BIG CLOCK CHANGES
 
# Perhaps you want to know if chronyd suddenly detects any large error
# in your computer's clock.  This might indicate a fault or a problem
# with the server(s) you are using, for example.
#
# The next option causes a message to be written to syslog when chronyd
# has to correct an error above 0.5 seconds (you can use any amount you
# like).
 
# logchange 0.5
 
# The next option will send email to the named person when chronyd has
# to correct an error above 0.5 seconds.  (If you need to send mail to
# several people, you need to set up a mailing list or sendmail alias
# for them and use the address of that.)
 
# mailonchange wibble@foobar.org 0.5
 
 
#########################################################################
##
# COMMAND ACCESS
 
# The program chronyc is used to show the current operation of chronyd
# and to change parts of its configuration whilst it is running.
 
# Normally, chronyd will only allow connections from chronyc on the same
# machine as itself.  This is for security.  If you have a subnet
# 192.168.*.* and you want to be able to use chronyc from any machine on
# it, you could uncomment the following line.  (Edit this to your own
# situation.)
 
# cmdallow 192.168/16
 
# You can add as many 'cmdallow' and 'cmddeny' lines as you like.  The
# syntax and meaning is the same as for 'allow' and 'deny', except that
# 'cmdallow' and 'cmddeny' control access to the chronyd's command port.
 
# NOTE, even if the host where you run chronyc is granted access, you
# still need a command key set up and you have to know the password to
# put into chronyc to allow you to modify chronyd's parameters.  By
# default all you can do is view information about chronyd's operation.
 
 
#########################################################################
##
# REAL TIME CLOCK
 
# chronyd can characterise the system's real-time clock.  This is the
# clock that keeps running when the power is turned off, so that the
# machine knows the approximate time when it boots again.  The error at
# a particular epoch and gain/loss rate can be written to a file and
# used later by chronyd when it is started with the '-s' option.
#
# You need to have 'enhanced RTC support' compiled into your Linux
# kernel.  (Note, these options apply only to Linux.)
 
# rtcfile /var/lib/chrony/rtc
 
# The 'rtcsync' directive will enable a kernel mode where the system time
# is copied to the real time clock (RTC) every 11 minutes.
# This directive is supported only on Linux and cannot be used when the
# normal RTC tracking is enabled, i.e.  when the 'rtcfile' directive is
# used.
rtcsync
 
# The 'stratumweight' directive sets how much distance should be added per
# stratum to the synchronisation distance when 'chronyd' selects the
# synchronisation source from available sources. 
# The syntax is: "stratumweight <dist-in-seconds>". By default, it is one
# second.  This usually means that sources with lower stratum will be 
# preferred to sources with higher stratum even when their distance is 
# significantly worse.  Setting 'stratumweight' to 0 makes 'chronyd' 
# ignore stratum when selecting the source.
stratumweight 0
 
 
#########################################################################
##
# ACTING AS AN NTP CLIENT
 
# This option allows you to configure the port on which chronyd will 
# listen for NTP requests.
#
# The compiled in default is udp/123, the standard NTP port. If set to 0,
# chronyd will not open the server socket and will operate strictly in a 
# client-only mode. The source port used in NTP client requests can be 
# set by the acquisitionport directive.
port 0
IPv6 Deaktivierung

Hat man im eigenen Netz „nur“ IPv4 im Einsatz, möchte man selbstredend den Support für IPv6 deaktivieren.

WICHTIG:

Das Deaktivieren von IPv6 nur vornehmen, wenn auch wirklich keine IPv6-Adresse vorhanden ist. Anderweitig muß beim Aufruf von chronyc immer der Parameter -4 angegeben werden!

Das Deaktivieren erfolgt nun nicht, wie man vermutlich annehmen wird über die Konfigurationsdatei /etc/chrony.conf, sondern über einen anderen Weg! Im Verzeichnis /etc/sysconfig legen wir uns eine Datei mit dem Namen chronyd mit nachfolgendem Inhalt an.

 # vim /etc/sysconfig/chronyd
/etc/sysconfig/chronyd
# Django : 2014-07-22
# disable IPv6 support
OPTIONS=-4

Server

Daemon

Im zweiten Konfigurationsbeispiel widmen wir uns einem CentOS 7 Server, der von mehreren vertrauenswürdigen NTP-Server im Internet die Uhrzeit holen und auch synchron halten soll.

Die Konfiguration unseres Chrony-Daemon, oder genauer gesagt unseres NTP-Servers mit Hilfe von chrony, erfolgt über die Datei /etc/chrony.conf. Mit dem Editor unserer Wahl bearbeiten wir nun diese Datei.

 # vim /etc/chrony.conf
/etc/chrony.conf
#########################################################################
##
# SPECIFY YOUR NTP SERVERS
 
# Most computers using chrony will send measurement requests to one or
# more 'NTP servers'.  You will probably find that your Internet Service
# Provider or company have one or more NTP servers that you can specify.
# Failing that, there are a lot of public NTP servers.  There is a list
# you can access at http://support.ntp.org/bin/view/Servers/WebHome or
# you can use servers from the pool.ntp.org project.
 
server 0.pool.ntp.org iburst
server 1.pool.ntp.org iburst
server 2.pool.ntp.org iburst
 
# However, for dial-up use you probably want these instead.  The word
# 'offline' means that the server is not visible at boot time.  Use
# chronyc's 'online' command to tell chronyd that these servers have
# become visible after you go on-line.
 
# server 0.pool.ntp.org offline
# server 1.pool.ntp.org offline
# server 2.pool.ntp.org offline
 
 
#########################################################################
##
# AVOIDING POTENTIALLY BOGUS CHANGES TO YOUR CLOCK
 
# To avoid changes being made to your computer's gain/loss compensation
# when the measurement history is too erratic, you might want to enable
# one of the following lines.  The first seems good for dial-up (or
# other high-latency connections like slow leased lines), the second
# seems OK for a LAN environment.
 
# maxupdateskew 100
# maxupdateskew 5
 
 
#########################################################################
##
# FILENAMES ETC
 
# Chrony likes to keep information about your computer's clock in files.
# The 'driftfile' stores the computer's clock gain/loss rate in parts
# per million.  When chronyd starts, the system clock can be tuned
# immediately so that it doesn't gain or lose any more time.  You
# generally want this, so it is uncommented.
 
driftfile /var/lib/chrony/drift
 
# If you want to use the program called chronyc to configure aspects of
# chronyd's operation once it is running (e.g. tell it the Internet link
# has gone up or down), you need a password.  This is stored in the
# following keys file.  (You also need keys to support authenticated NTP
# exchanges between cooperating machines.)  Again, this option is
# assumed by default.
 
keyfile /etc/chrony.keys
 
# Tell chronyd which numbered key in the file is used as the password
# for chronyc. (You can pick any integer up to 2**32-1.  '1' is just a
# default.  Using another value will _NOT_ increase security.)
 
commandkey 1
 
# Generate command key if missing.
generatecommandkey
 
# chronyd can save the measurement history for the servers to files when
# it it exits.  This is useful in 2 situations:
#
# 1. On Linux, if you stop chronyd and restart it with '-r' (e.g. after
# an upgrade), the old measurements will still be relevant when chronyd
# is restarted.  This will reduce the time needed to get accurate
# gain/loss measurements, especially with a dial-up link.
#
# 2. Again on Linux, if you use the RTC support and start chronyd with
# '-r -s' on bootup, measurements from the last boot will still be
# useful (the real time clock is used to 'flywheel' chronyd between
# boots).
#
# Enable these two options to use this.
 
# dumponexit
# dumpdir /var/lib/chrony
 
# chronyd writes its process ID to a file.  If you try to start a second
# copy of chronyd, it will detect that the process named in the file is
# still running and bail out.  If you want to change the path to the PID
# file, uncomment this line and edit it.  The default path is shown.
 
# pidfile /var/run/chronyd.pid
 
 
#########################################################################
##
# INITIAL CLOCK CORRECTION
# This option is useful to quickly correct the clock on start if it's
# off by a large amount.  The value '10' means that if the error is less
# than 10 seconds, it will be gradually removed by speeding up or
# slowing down your computer's clock until it is correct.  If the error
# is above 10 seconds, an immediate time jump will be applied to correct
# it.  The value '1' means the step is allowed only on the first update
# of the clock.  Some software can get upset if the system clock jumps
# (especially backwards), so be careful!
 
makestep 10 3
 
 
#########################################################################
##
# LOGGING
 
# If you want to log information about the time measurements chronyd has
# gathered, you might want to enable the following lines.  You probably
# only need this if you really enjoy looking at the logs, you want to
# produce some graphs of your system's timekeeping performance, or you
# need help in debugging a problem.
 
# logdir /var/log/chrony
# log measurements statistics tracking
 
# If you have real time clock support enabled, you might want this line
# this instead:
 
# log measurements statistics tracking rtc
 
# Normally, chronyd will keep track of how many times each client
# machine accesses it.  The information can be accessed by the 'clients'
# command of chronyc.  You can disable this facility by uncommenting the
# following line.  This will save a bit of memory if you have many
# clients.
 
# noclientlog
 
# The clientlog size is limited to 512KB by default.  If you have many
# clients, especially in many different subnets, you might want to
# increase the limit.
 
# clientloglimit 4194304
 
 
#########################################################################
##
# REPORTING BIG CLOCK CHANGES
 
# Perhaps you want to know if chronyd suddenly detects any large error
# in your computer's clock.  This might indicate a fault or a problem
# with the server(s) you are using, for example.
#
# The next option causes a message to be written to syslog when chronyd
# has to correct an error above 0.5 seconds (you can use any amount you
# like).
 
# logchange 0.5
 
# The next option will send email to the named person when chronyd has
# to correct an error above 0.5 seconds.  (If you need to send mail to
# several people, you need to set up a mailing list or sendmail alias
# for them and use the address of that.)
 
# mailonchange wibble@foobar.org 0.5
 
 
#########################################################################
##
# COMMAND ACCESS
 
# The program chronyc is used to show the current operation of chronyd
# and to change parts of its configuration whilst it is running.
 
# Normally, chronyd will only allow connections from chronyc on the same
# machine as itself.  This is for security.  If you have a subnet
# 192.168.*.* and you want to be able to use chronyc from any machine on
# it, you could uncomment the following line.  (Edit this to your own
# situation.)
 
# cmdallow 192.168/16
 
# You can add as many 'cmdallow' and 'cmddeny' lines as you like.  The
# syntax and meaning is the same as for 'allow' and 'deny', except that
# 'cmdallow' and 'cmddeny' control access to the chronyd's command port.
 
# NOTE, even if the host where you run chronyc is granted access, you
# still need a command key set up and you have to know the password to
# put into chronyc to allow you to modify chronyd's parameters.  By
# default all you can do is view information about chronyd's operation.
 
 
#########################################################################
##
# REAL TIME CLOCK
 
# chronyd can characterise the system's real-time clock.  This is the
# clock that keeps running when the power is turned off, so that the
# machine knows the approximate time when it boots again.  The error at
# a particular epoch and gain/loss rate can be written to a file and
# used later by chronyd when it is started with the '-s' option.
#
# You need to have 'enhanced RTC support' compiled into your Linux
# kernel.  (Note, these options apply only to Linux.)
 
# rtcfile /var/lib/chrony/rtc
 
# The 'rtcsync' directive will enable a kernel mode where the system time
# is copied to the real time clock (RTC) every 11 minutes.
# This directive is supported only on Linux and cannot be used when the
# normal RTC tracking is enabled, i.e.  when the 'rtcfile' directive is
# used.
rtcsync
 
# The 'stratumweight' directive sets how much distance should be added per
# stratum to the synchronisation distance when 'chronyd' selects the
# synchronisation source from available sources. 
# The syntax is: "stratumweight <dist-in-seconds>". By default, it is one
# second.  This usually means that sources with lower stratum will be 
# preferred to sources with higher stratum even when their distance is 
# significantly worse.  Setting 'stratumweight' to 0 makes 'chronyd' 
# ignore stratum when selecting the source.
stratumweight 0
 
 
#########################################################################
##
# ACTING AS AN NTP SERVER
 
# You might want the computer to be an NTP server for other computers.
# e.g.  you might be running chronyd on a dial-up machine that has a LAN
# sitting behind it with several 'satellite' computers on it.
 
# This option allows the UDP port on which the server understands NTP
# requests to be specified.  For normal servers this option should not
# not be required (the default is 123, the standard NTP port).
 
# port 123
 
#
# By default, chronyd does not allow any clients to access it.  You need
# to explicitly enable access using 'allow' and 'deny' directives.
#
# e.g. to enable client access from the 192.168.*.* class B subnet,
 
# allow 192.168/16
 
# .. but disallow the 192.168.100.* subnet of that,
 
# deny 192.168.100/24
 
# You can have as many allow and deny directives as you need.  The order
# is unimportant.
 
# If you want chronyd to act as an NTP broadcast server, enable and edit
# (and maybe copy) the following line.  This means that a broadcast
# packet is sent to the address 192.168.1.255 every 60 seconds.  The
# address MUST correspond to the broadcast address of one of the network
# interfaces on your machine.  If you have multiple network interfaces,
# add a broadcast line for each.
 
# broadcast 60 192.168.1.255
 
# If you want to present your computer's time for others to synchronise
# with, even if you don't seem to be synchronised to any NTP servers
# yourself, enable the following line.  The value 10 may be varied
# between 1 and 15.  You should avoid small values because you will look
# like a real NTP server.  The value 10 means that you appear to be 10
# NTP 'hops' away from an authoritative source (atomic clock, GPS
# receiver, radio clock etc).
 
# local stratum 10
 
# 'chronyd' will trim the rate at which it samples the server during 
# normal operation, the user may wish to constrain the minimum polling 
# interval. This is always defined as a power of 2, so <tt/minpoll 5/ 
# would mean that the polling interval cannot drop below 32 seconds.
# The default is 6 (64 seconds).
 
minpoll 6
 
# In a similar way, the user may wish to constrain the maximum polling
# interval.  Again this is specified as a power of 2, so <tt/maxpoll 9/
# indicates that the polling interval must stay at or below 512 seconds.
# The default is 10 (1024 seconds).
 
maxpoll 10
 
# Target number of measurements to use for the regression algorithm
# which 'chronyd' will try to maintain by adjusting polling interval
# between 'minpoll' and 'maxpoll'.  A higher target makes 'chronyd'
# prefer shorter polling intervals.  The default is 6 and a useful
# range is 6 to 60.
 
polltarget 6
 
# 'chronyd' uses the network round-trip delay to the server to determine
# how accurate a particular measurement is likely to be. Long round-trip 
# delays indicate that the request, or the response, or both were delayed.
# If only one of the messages was delayed the measurement error is likely
#  to be substantial.
# 
# For small variations in round trip delay, 'chronyd' uses a weighting 
# scheme when processing the measurements.  However, beyond a certain 
# level of delay the measurements are likely to be so corrupted as to be
# useless. (This is particularly so on dial-up or other slow links, where 
# a long delay probably indicates a highly asymmetric delay caused by the 
# response waiting behind a lot of packets related to a download of some 
# sort).
#
# If the user knows that round trip delays above a certain level should 
# cause the measurement to be ignored, this level can be defined with 
# the maxdelay command.  For example, <tt/maxdelay 0.3/ would indicate 
# that measurements with a round-trip delay of 0.3 seconds or more should
#  be ignored.
 
# maxdelay 0.3
 
# Maxdelayratio is similar to the maxdelay option above. 'chronyd' keeps a 
# record of the minimum round-trip delay amongst the previous measure-
# ments that it has buffered.  If a measurement has a round trip delay
# that is greater than the maxdelayratio times the minimum delay, it 
# will be rejected.
 
# maxdelayratio 0.5
 
# If a measurement has ratio of the increase in round-trip delay from
# the minimum delay amongst the previous measurements to the standard
# deviation of the previous measurements that is greater than
# maxdelaydevratio, it will be rejected.  The default is 10.0.
 
# maxdelaydevratio
IPv6 Deaktivierung

Hat man im eigenen Netz „nur“ IPv4 im Einsatz, möchte man selbstredend den Support für IPv6 deaktivieren.

WICHTIG:

Das Deaktivieren von IPv6 nur vornehmen, wenn auch wirklich keine IPv6-Adresse vorhanden ist. Anderweitig muß beim Aufruf von chronyc immer der Parameter -4 angegeben werden!

Das Deaktivieren erfolgt nun nicht, wie man vermutlich annehmen wird über die Konfigurationsdatei /etc/chrony.conf, sondern über einen anderen Weg! Im Verzeichnis /etc/sysconfig legen wir uns eine Datei mit dem Namen chronyd mit nachfolgendem Inhalt an.

 # vim /etc/sysconfig/chronyd
/etc/sysconfig/chronyd
# Django : 2014-07-22
# disable IPv6 support
OPTIONS=-4
Paketfilter - firewalld

Damit unsere Clients Verbindungen zu dem geöffneten UDP-Port ntp/123 chrony-Daemons aufbauen können müssen wir für diese noch Änderungen am Paketfilter firewalld vornehmen.

Unter CentOS 7 wird als Standard-Firewall die dynamische firewalld verwendet. Ein großer Vorteil der dynamischen Paketfilterregeln ist unter anderem, dass zur Aktivierung der neuen Firewall-Regel(n) nicht der Daemon durchgestartet werden muss und somit alle aktiven Verbindungen kurz getrennt werden. Sondern unsere Änderungen können on-the-fly aktiviert oder auch wieder deaktiviert werden.

Mit Hilfe des Programms firewall-cmd legen wir nun eine permanente Regel in der Zone public, dies entspricht in unserem Beispiel das Netzwerk-Interface eth0 mit der IP 10.0.0.57, an. Als Source-IP geben geben wir das Netz unserer Clients an, was in unserem Fall 10.0.0.0/24 entspricht. Genug der Vorrede, mit nachfolgendem Befehl wird der Port 123 geöffnet.

 # firewall-cmd --permanent --zone=public --add-rich-rule="rule family="ipv4" source address="10.0.0.0/24" port protocol="udp" port="123" destination address="10.0.0.57/32" accept"
 success

Anschließend können wir den Firewall-Daemon einmal durchstarten und anschließend überprüfen, ob die Regeln auch entsprechend unserer Definition, gezogen haben.

 # firewall-cmd --reload
 success

Abschließend prüfen wir noch, ob die Erweiterung unseres Paketfilter aktiv ist.

 # iptables -nvL IN_public_allow
Chain IN_public_allow (1 references)
 pkts bytes target     prot opt in     out     source               destination
  205 15580 ACCEPT     udp  --  *      *       10.0.0.0/24          10.0.0.57            udp dpt:123 ctstate NEW
    0     0 ACCEPT     tcp  --  *      *       10.0.0.117           10.0.0.57            tcp dpt:5665 ctstate NEW
    2   112 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 ctstate NEW
DHCP

Damit unsere Cliens auch von unserem eigenen NTP-Server Gebrauch machen, geben wir die IP-Adresse unseres NTP-Servers via DHCP bekannt.

Wir editieren also unsere /etc/dhcpd.conf.

 vim  /etc/dhcpd.conf
 
         option ntp-servers              192.168.100.1;

Abschließend restarten wir unseren DHCP-Server.

 service dhcpd restart

Start des Daemon

manueller Start des Daemon

Möchten wir unseren Daemon starten, benutzen wir den folgenden Befehlsaufruf.

 # systemctl start chronyd

Im syslog unseres Servers wird uns der Start unseres NTP-Daemons entsprechend vermerkt.

 # tail -f /var/log/messages
Jul 22 22:21:12 vml000070 systemd: Starting NTP client/server...
Jul 22 22:21:12 vml000070 chronyd[22344]: chronyd version 1.29.1 starting
Jul 22 22:21:12 vml000070 chronyd[22344]: Linux kernel major=3 minor=10 patch=0
Jul 22 22:21:12 vml000070 chronyd[22344]: hz=100 shift_hz=7 freq_scale=1.00000000 nominal_tick=10000 slew_delta_tick=833 max_tick_bias=1000 shift_pll=2
Jul 22 22:21:12 vml000070 chronyd[22344]: Frequency 0.291 +/- 0.119 ppm read from /var/lib/chrony/drift
Jul 22 22:21:12 vml000070 systemd: Started NTP client/server.
Jul 22 22:21:16 vml000070 chronyd[22344]: Selected source 10.0.0.20

automatischer Start des Daemon

Damit der Daemon chrony automatisch bei jedem Systemstart startet, kann die Einrichtung eines Start-Scriptes über folgenden Befehl erreicht werden:

 # systemctl enable chronyd.service
 ln -s '/usr/lib/systemd/system/chronyd.service' '/etc/systemd/system/multi-user.target.wants/chronyd.service'

Ein Überprüfung ob der Dienst (Daemon)chrony wirklich bei jedem Systemstart automatisch mit gestartet wird, kann durch folgenden Befehl erreicht werden:

 # systemctl is-enabled chronyd.service
 enabled

Tests

Daemon

Als ersten Test überprüfen wir, ob der Service chronyd geladen und ausgeführt wird. Hierzu benutzen wir folgenden Befehl.

 # systemctl status chronyd.service
chronyd.service - NTP client/server
   Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled)
   Active: active (running) since Sat 2015-06-20 15:30:55 CEST; 2 days ago
  Process: 666 ExecStartPost=/usr/libexec/chrony-helper add-dhclient-servers (code=exited, status=0/SUCCESS)
  Process: 619 ExecStart=/usr/sbin/chronyd -u chrony $OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 638 (chronyd)
   CGroup: /system.slice/chronyd.service
           └─638 /usr/sbin/chronyd -u chrony

Da wir chrony im Client-Modus betreiben, wird auch der Port 123 bedient - daher wird bei der nachfolgenden Abfrage auch kein geöffneter Port 123 gemeldet.

 # netstat -paunt | grep 123

Betreiben wir unseren chrony Daemon im Servermode wird dann natürlich der Port 123 auf den konfigurierten Netzwerkadressen gebunden.

 # netstat -paunt | grep 123
udp        0      0 0.0.0.0:123             0.0.0.0:*                           13580/chronyd
udp6       0      0 :::123                  :::*                                13580/chronyd

Checking chrony Sources

Welche Server vom lokalen Daemon benutzt werden kann mit Hilfe des Befehls chronyc sources abgefragt werden.

 # chronyc sources
 210 Number of sources = 3
 MS Name/IP address         Stratum Poll Reach LastRx Last sample
 ===============================================================================
 ^- liste.cc                      2   6    37     9  +2584us[+2584us] +/-   63ms
 ^* stratum2-3.NTP.TechFak.NE     2   6    37     9  -7053ns[ -230us] +/-   22ms 
 ^- alpha.linux.gq                3   6    37     8  +1006us[+1006us] +/-   68ms

Die einzelnen Spalten haben folgende Bedeutung:

Haben wir uns mit chronyc verbunden, können wir uns auch mit der Option -v eine Beschreibung der Spalten abrufen.

 # chronyc -a
chrony version 1.29.1
Copyright (C) 1997-2003, 2007, 2009-2013 Richard P. Curnow and others
chrony comes with ABSOLUTELY NO WARRANTY.  This is free software, and
you are welcome to redistribute it under certain conditions.  See the
GNU General Public License version 2 for details.

200 OK
chronyc>
 chronyc> sources -v
210 Number of sources = 5

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| /   '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||                                                /   xxxx = adjusted offset,
||         Log2(Polling interval) -.             |    yyyy = measured offset,
||                                  \            |    zzzz = estimated error.
||                                   |           |
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^* char-ntp-pool.charite.de      1  10   377    98   -476us[ -433us] +/-   21ms
^? s1.vlns.de                    3  10   377   569  +1343us[+1385us] +/-  107ms
^+ funky.fuchsi.de               2  10   377  1017  -1579us[-1537us] +/-   35ms
^- nandus.lf-net.org             2  10   377   765  -1300us[-1258us] +/-   53ms
^+ xen1.hochstaetter.de          2  10   377  1018  +4330us[+4372us] +/-   73ms
chronyc>

Checking chrony Source Statistics

Den Status unserer Zeitserverquellen fragen wir mit dem Befehl chronyc sourcestats ab.

 # chronyc sourcestats
 210 Number of sources = 3
 Name/IP Address            NP  NR  Span  Frequency  Freq Skew  Offset  Std Dev
 ==============================================================================
 liste.cc                    8   7   265     -1.024      5.907  +2816us   252us
 stratum2-3.NTP.TechFak.NE   8   5   265     -1.825      7.580   -110us   411us
 alpha.linux.gq              8   5   265     -0.776      3.946  +1241us   176us

Die einzelnen Spalten haben folgende Bedeutung:

Haben wir uns mit chronyc verbunden, können wir uns auch mit der Option -v eine Beschreibung der Spalten abrufen.

 # chronyc -a
chrony version 1.29.1
Copyright (C) 1997-2003, 2007, 2009-2013 Richard P. Curnow and others
chrony comes with ABSOLUTELY NO WARRANTY.  This is free software, and
you are welcome to redistribute it under certain conditions.  See the
GNU General Public License version 2 for details.

200 OK
chronyc>
 chronyc> sourcestats -v
210 Number of sources = 5
                             .- Number of sample points in measurement set.
                            /    .- Number of residual runs with same sign.
                           |    /    .- Length of measurement set (time).
                           |   |    /      .- Est. clock freq error (ppm).
                           |   |   |      /           .- Est. error in freq.
                           |   |   |     |           /         .- Est. offset.
                           |   |   |     |          |          |   On the -.
                           |   |   |     |          |          |   samples. \
                           |   |   |     |          |          |             |
Name/IP Address            NP  NR  Span  Frequency  Freq Skew  Offset  Std Dev
==============================================================================
char-ntp-pool.charite.de   64  27   15h     -0.000      0.009   -801us   356us
s1.vlns.de                 18   9  293m      0.083      0.047  +1293us   244us
funky.fuchsi.de             9   7  155m      0.026      0.163  -1709us   263us
nandus.lf-net.org           7   6  103m     -0.351      0.495  -2348us   422us
xen1.hochstaetter.de       61  29   15h     -0.001      0.009  +4265us   372us

Checking chrony Tracking

Die Anzeige der System Zeit Informationen fragen wir mit dem Befehl chronyc tracking ab.

 # chronyc tracking
Reference ID    : 129.70.132.36 (stratum2-3.NTP.TechFak.NET)
Stratum         : 3
Ref time (UTC)  : Thu Jun 25 12:11:40 2015
System time     : 0.000093731 seconds slow of NTP time
Last offset     : -0.000091557 seconds
RMS offset      : 0.000051272 seconds
Frequency       : 0.381 ppm slow
Residual freq   : -0.001 ppm
Skew            : 0.006 ppm
Root delay      : 0.033234 seconds
Root dispersion : 0.002327 seconds
Update interval : 1043.2 seconds
Leap status     : Normal

Die einzelnen Werte haben nachfolgend aufgeführte Bedeutungen:

Checking chrony Clients

Betreiben wir unseren chrony-Daemon im Server-Mode, können wir uns anzeigen lassen, welcher oder welche Clients sich mit dem Daemon verbunden haben, egal ob via NTP oder zum command/monitoring Port. Hierzu öffnen wir zuerst einmal die chrony-Shell auf unserem Server, auf dem der chrony-Daemon läuft.

 # chronyc -a
chrony version 1.29.1
Copyright (C) 1997-2003, 2007, 2009-2013 Richard P. Curnow and others
chrony comes with ABSOLUTELY NO WARRANTY.  This is free software, and
you are welcome to redistribute it under certain conditions.  See the
GNU General Public License version 2 for details.

200 OK
chronyc>

Anschließend fragen wir mit dem Befehl clients ab, welche Clients sich mit dem Server verbunden haben.

 chronyc> clients
Hostname                   Client    Peer CmdAuth CmdNorm  CmdBad  LstN  LstC
=========================  ======  ======  ======  ======  ======  ====  ====
localhost                       0       0      31      25       0   45y     0
10.0.0.52                     228       0       0       0       0    57   45y

Die einzelnen Werte haben nachfolgend aufgeführte Bedeutungen:

Fazit

Betrachtet man nun abschließend die Konfigurationsmöglichkeiten von chrony, kann man unter anderem folgendes Re­sü­mee ziehen:

chronyd eignet sich hervorragend im Virtualisierungsumfeld, die ja bekannter Weise eine große Vo­la­ti­li­tät bei der lokalen Systemuhr nach sich ziehen kann, eine stabile Synchronisation der Uhrzeiten zu gewährleisten.

ntpd

Als Alternative kann man natürlich auch auf den altbekannten NTP-Daemon ntp zurückgreifen.

Installation

Wurde bei der Erstinstallation der unter CentOS 7 standardmäßig vorgegebene NTP-Daemon noch nicht vom System entfernt, holen wir dies nun kurz nach.

 # yum remove chrony -y

Nun installieren wir den NTP-Daemon ntp mit Hilfe des Paketverwaltungsprogramms yum.

 # yum install ntp -y

Dokumentation

Was uns das Paket alles mitgebracht hat, zeigt uns der Aufruf vom Befehl rpm mit der Option -qil.

 # rpm -qil ntp
Name        : ntp               
Version     : 4.2.6p5           
Release     : 19.el7.centos
Architecture: x86_64
Install Date: Fri 26 Jun 2015 09:48:07 AM CEST
Group       : System Environment/Daemons
Size        : 1429916
License     : (MIT and BSD and BSD with advertising) and GPLv2
Signature   : RSA/SHA256, Sat 20 Dec 2014 03:55:07 AM CET, Key ID 24c6a8a7f4a80eb5
Source RPM  : ntp-4.2.6p5-19.el7.centos.src.rpm
Build Date  : Sat 20 Dec 2014 03:38:17 AM CET
Build Host  : worker1.bsys.centos.org
Relocations : (not relocatable)
Packager    : CentOS BuildSystem <http://bugs.centos.org>
Vendor      : CentOS
URL         : http://www.ntp.org
Summary     : The NTP daemon and utilities
Description :
The Network Time Protocol (NTP) is used to synchronize a computer's
time with another reference time source. This package includes ntpd
(a daemon which continuously adjusts system time) and utilities used
to query and configure the ntpd daemon.

Perl scripts ntp-wait and ntptrace are in the ntp-perl package,
ntpdate is in the ntpdate package and sntp is in the sntp package.
The documentation is in the ntp-doc package.
/etc/dhcp/dhclient.d
/etc/dhcp/dhclient.d/ntp.sh
/etc/ntp.conf
/etc/ntp/crypto
/etc/ntp/crypto/pw
/etc/sysconfig/ntpd
/usr/bin/ntpstat
/usr/lib/systemd/ntp-units.d/60-ntpd.list
/usr/lib/systemd/system/ntpd.service
/usr/sbin/ntp-keygen
/usr/sbin/ntpd
/usr/sbin/ntpdc
/usr/sbin/ntpq
/usr/sbin/ntptime
/usr/sbin/tickadj
/usr/share/doc/ntp-4.2.6p5
/usr/share/doc/ntp-4.2.6p5/COPYRIGHT
/usr/share/doc/ntp-4.2.6p5/ChangeLog
/usr/share/doc/ntp-4.2.6p5/NEWS
/usr/share/man/man5/ntp.conf.5.gz
/usr/share/man/man5/ntp_acc.5.gz
/usr/share/man/man5/ntp_auth.5.gz
/usr/share/man/man5/ntp_clock.5.gz
/usr/share/man/man5/ntp_decode.5.gz
/usr/share/man/man5/ntp_misc.5.gz
/usr/share/man/man5/ntp_mon.5.gz
/usr/share/man/man8/ntp-keygen.8.gz
/usr/share/man/man8/ntpd.8.gz
/usr/share/man/man8/ntpdc.8.gz
/usr/share/man/man8/ntpq.8.gz
/usr/share/man/man8/ntpstat.8.gz
/usr/share/man/man8/ntptime.8.gz
/usr/share/man/man8/tickadj.8.gz
/var/lib/ntp
/var/lib/ntp/drift
/var/log/ntpstats

Die Beschreibungen der einzelnen Befehle findet man in deren manpage's.

Konfiguration

Client

In diesem Konfigurationsbeispiel widmen wir uns einem CentOS 7 Client, der von einem bekannten NTP-Server die Uhrzeit holen und auch synchron halten soll. Ob ein eigener Zeitserver im eigenen Netzwerk oder ein öffentlicher NTP-Server genutzt werden soll, ist konfigurationstechnisch egal, unterschieden sich beide System i.d.R. nur im Namen oder der zugehörigen IP-Adresse.

Die Konfiguration unseres NTP-Daemon, oder genauer gesagt eines NTP-Clients ntp, erfolgt über die Datei /etc/ntp.conf. Mit dem Editor unserer Wahl bearbeiten wir nun diese Datei.

 # vim /etc/ntp.conf
/etc/ntp.conf
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
 
driftfile /var/lib/ntp/drift
 
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
 
# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict -6 ::1
 
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
 
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
# Django : 2015-06-06
# default: server 0.centos.pool.ntp.org iburst
#          server 1.centos.pool.ntp.org iburst
#          server 2.centos.pool.ntp.org iburst
#          server 3.centos.pool.ntp.org iburst
server time.dmz.nausch.org iburst
server 10.0.0.57 iburst
server 10.0.0.127 iburst
 
#broadcast 192.168.1.255 autokey        # broadcast server
#broadcastclient                        # broadcast client
#broadcast 224.0.1.1 autokey            # multicast server
#multicastclient 224.0.1.1              # multicast client
#manycastserver 239.255.254.254         # manycast server
#manycastclient 239.255.254.254 autokey # manycast client
 
# Enable public key cryptography.
#crypto
 
includefile /etc/ntp/crypto/pw
 
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys
 
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
 
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
 
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
 
# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats

In der sehr übersichtlichen Konfigurationsdatei ist für unserem Client hauptsächlich die Zeile server time.dmz.nausch.org iburst von Interesse. Hier haben wir angegeben, mit welchem oder welchen internen Zeitserver(n) sich der Client sich synchronisieren soll.

Server

Daemon

Im zweiten Konfigurationsbeispiel widmen wir uns einem CentOS 7 Server, der von mehreren vertrauenswürdigen NTP-Server im Internet die Uhrzeit holen und auch synchron halten soll.

Die Konfiguration unseres NTP-Daemon, oder genauer gesagt unseres NTP-Servers mit Hilfe von ntüp, erfolgt über die Datei /etc/ntp.conf. Mit dem Editor unserer Wahl bearbeiten wir nun diese Datei.

 # vim /etc/ntp.conf
/etc/ntp.conf
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
 
driftfile /var/lib/ntp/drift
 
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify notrap nopeer noquery
 
# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict ::1
 
# Hosts on local network are less restricted.
# Django : 2015-06-26
#          interne Netze definiert, die den Zeitserver kontaktieren dürfen
# default: #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
restrict 10.0.0.0 mask 255.255.255.0 nomodify notrap
restrict 10.0.10.0 mask 255.255.255.192 nomodify notrap
 
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
 
#broadcast 192.168.1.255 autokey        # broadcast server
#broadcastclient                        # broadcast client
#broadcast 224.0.1.1 autokey            # multicast server
#multicastclient 224.0.1.1              # multicast client
#manycastserver 239.255.254.254         # manycast server
#manycastclient 239.255.254.254 autokey # manycast client
 
# Enable public key cryptography.
#crypto
 
includefile /etc/ntp/crypto/pw
 
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys
 
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
 
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
 
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
 
# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats
 
# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor
IPv6 Deaktivierung

Hat man im eigenen Netz „nur“ IPv4 im Einsatz, möchte man selbstredend den Support für IPv6 deaktivieren.

Das Deaktivieren erfolgt nun nicht, wie man vermutlich annehmen wird über die Konfigurationsdatei /etc/ntp.conf, sondern über die Datei /etc/sysconfig/ntpd.

 # vim /etc/sysconfig/ntpd
/etc/sysconfig/ntpd
# Command line options for ntpd
# Django : 2015-06-26
#          disable IPv6 support
# default: OPTIONS="-g"
OPTIONS="-g -4"
Paketfilter - firewalld

Damit unsere Clients Verbindungen zu dem geöffneten UDP-Port ntp/123 chrony-Daemons aufbauen können müssen wir für diese noch Änderungen am Paketfilter firewalld vornehmen.

Unter CentOS 7 wird als Standard-Firewall die dynamische firewalld verwendet. Ein großer Vorteil der dynamischen Paketfilterregeln ist unter anderem, dass zur Aktivierung der neuen Firewall-Regel(n) nicht der Daemon durchgestartet werden muss und somit alle aktiven Verbindungen kurz getrennt werden. Sondern unsere Änderungen können on-the-fly aktiviert oder auch wieder deaktiviert werden.

Mit Hilfe des Programms firewall-cmd legen wir nun eine permanente Regel in der Zone public, dies entspricht in unserem Beispiel das Netzwerk-Interface eth0 mit der IP 10.0.0.57, an. Als Source-IP geben geben wir das Netz unserer Clients an, was in unserem Fall 10.0.0.0/24 entspricht. Genug der Vorrede, mit nachfolgendem Befehl wird der Port 123 geöffnet.

 # firewall-cmd --permanent --zone=public --add-rich-rule="rule family="ipv4" source address="10.0.0.0/24" port protocol="udp" port="123" destination address="10.0.0.57/32" accept"
 success

Anschließend können wir den Firewall-Daemon einmal durchstarten und anschließend überprüfen, ob die Regeln auch entsprechend unserer Definition, gezogen haben.

 # firewall-cmd --reload
 success

Abschließend prüfen wir noch, ob die Erweiterung unseres Paketfilter aktiv ist.

 # iptables -nvL IN_public_allow
Chain IN_public_allow (1 references)
 pkts bytes target     prot opt in     out     source               destination
  205 15580 ACCEPT     udp  --  *      *       10.0.0.0/24          10.0.0.57            udp dpt:123 ctstate NEW
    0     0 ACCEPT     tcp  --  *      *       10.0.0.117           10.0.0.57            tcp dpt:5665 ctstate NEW
    2   112 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 ctstate NEW
DHCP

Damit unsere Cliens auch von unserem eigenen NTP-Server Gebrauch machen, geben wir die IP-Adresse unseres NTP-Servers via DHCP bekannt.

Wir editieren also unsere /etc/dhcpd.conf.

 vim  /etc/dhcpd.conf
 
         option ntp-servers              192.168.100.1;

Abschließend restarten wir unseren DHCP-Server.

 service dhcpd restart

Start des Daemon

manueller Start des Daemon

Möchten wir unseren Daemon starten, benutzen wir den folgenden Befehlsaufruf.

 # systemctl start ntpd

Im syslog unseres Servers wird uns der Start unseres NTP-Daemons entsprechend vermerkt.

 # tail -f /var/log/messages
Jun 26 10:53:09 vml000127 systemd: Starting Network Time Service...
Jun 26 10:53:09 vml000127 ntpd[28371]: ntpd 4.2.6p5@1.2349-o Sat Dec 20 02:38:09 UTC 2014 (1)
Jun 26 10:53:09 vml000127 ntpd[28372]: proto: precision = 0.308 usec
Jun 26 10:53:09 vml000127 ntpd[28372]: 0.0.0.0 c01d 0d kern kernel time sync enabled
Jun 26 10:53:09 vml000127 ntpd[28372]: Listen and drop on 0 v4wildcard 0.0.0.0 UDP 123
Jun 26 10:53:09 vml000127 ntpd[28372]: Listen and drop on 1 v6wildcard :: UDP 123
Jun 26 10:53:09 vml000127 ntpd[28372]: Listen normally on 2 lo 127.0.0.1 UDP 123
Jun 26 10:53:09 vml000127 ntpd[28372]: Listen normally on 3 eth0 10.0.0.127 UDP 123
Jun 26 10:53:09 vml000127 ntpd[28372]: Listen normally on 4 eth1 10.0.10.4 UDP 123
Jun 26 10:53:09 vml000127 ntpd[28372]: Listen normally on 5 lo ::1 UDP 123
Jun 26 10:53:09 vml000127 ntpd[28372]: Listen normally on 6 eth0 fe80::5054:ff:fe75:64da UDP 123
Jun 26 10:53:09 vml000127 ntpd[28372]: Listen normally on 7 eth1 fe80::5054:ff:fe34:a2fe UDP 123
Jun 26 10:53:09 vml000127 ntpd[28372]: Listening on routing socket on fd #24 for interface updates
Jun 26 10:53:09 vml000127 systemd: Started Network Time Service.
Jun 26 10:53:10 vml000127 ntpd[28372]: 0.0.0.0 c016 06 restart
Jun 26 10:53:10 vml000127 ntpd[28372]: 0.0.0.0 c012 02 freq_set kernel 0.000 PPM
Jun 26 10:53:10 vml000127 ntpd[28372]: 0.0.0.0 c011 01 freq_not_set
Jun 26 10:53:10 vml000127 ntpd[28372]: 0.0.0.0 c614 04 freq_mode

automatischer Start des Daemon

Damit der Daemon ntpd automatisch bei jedem Systemstart startet, kann die Einrichtung eines Start-Scriptes über folgenden Befehl erreicht werden:

 # systemctl enable ntpd.service
 ln -s '/usr/lib/systemd/system/ntpd.service' '/etc/systemd/system/multi-user.target.wants/ntpd.service'

Ein Überprüfung ob der Dienst (Daemon)ntpd wirklich bei jedem Systemstart automatisch mit gestartet wird, kann durch folgenden Befehl erreicht werden:

 # systemctl is-enabled ntpd.service
 enabled

Tests

Daemon

Als ersten Test überprüfen wir, ob der Service ntpd geladen und ausgeführt wird. Hierzu benutzen wir folgenden Befehl.

 # systemctl status ntpd.service
ntpd.service - Network Time Service
   Loaded: loaded (/usr/lib/systemd/system/ntpd.service; enabled)
   Active: active (running) since Fri 2015-06-26 10:53:09 CEST; 4min 14s ago
 Main PID: 28372 (ntpd)
   CGroup: /system.slice/ntpd.service
           └─28372 /usr/sbin/ntpd -u ntp:ntp -g

Jun 26 10:53:09 vml000127.dmz.nausch.org ntpd[28372]: Listen normally on 4 eth1 10.0.10.4 UDP 123
Jun 26 10:53:09 vml000127.dmz.nausch.org ntpd[28372]: Listen normally on 5 lo ::1 UDP 123
Jun 26 10:53:09 vml000127.dmz.nausch.org ntpd[28372]: Listen normally on 6 eth0 fe80::5054:ff:fe75:64da UDP 123
Jun 26 10:53:09 vml000127.dmz.nausch.org ntpd[28372]: Listen normally on 7 eth1 fe80::5054:ff:fe34:a2fe UDP 123
Jun 26 10:53:09 vml000127.dmz.nausch.org ntpd[28372]: Listening on routing socket on fd #24 for interface updates
Jun 26 10:53:09 vml000127.dmz.nausch.org systemd[1]: Started Network Time Service.
Jun 26 10:53:10 vml000127.dmz.nausch.org ntpd[28372]: 0.0.0.0 c016 06 restart
Jun 26 10:53:10 vml000127.dmz.nausch.org ntpd[28372]: 0.0.0.0 c012 02 freq_set kernel 0.000 PPM
Jun 26 10:53:10 vml000127.dmz.nausch.org ntpd[28372]: 0.0.0.0 c011 01 freq_not_set
Jun 26 10:53:10 vml000127.dmz.nausch.org ntpd[28372]: 0.0.0.0 c614 04 freq_mode

Mit nachfolgendem Befehlsaufruf können wir überprüfen ob und ggf. auf welchen Netzwerkinterfaces der ntpd den UDP Port 123 geöffnet hat.

 # netstat -paunt | grep 123
udp        0      0 10.0.10.4:123           0.0.0.0:*                           28372/ntpd
udp        0      0 10.0.0.127:123          0.0.0.0:*                           28372/ntpd
udp        0      0 127.0.0.1:123           0.0.0.0:*                           28372/ntpd
udp        0      0 0.0.0.0:123             0.0.0.0:*                           28372/ntpd
udp6       0      0 fe80::5054:ff:fe34::123 :::*                                28372/ntpd
udp6       0      0 fe80::5054:ff:fe75::123 :::*                                28372/ntpd
udp6       0      0 ::1:123                 :::*                                28372/ntpd
udp6       0      0 :::123                  :::*                                28372/ntpd

Mit dem Befehl watch ntpq -np können wir uns abschließend den Status unseres Timeservers anzeigen lassen (Die Synchronisation unter Umständen bis zu 30 Minuten dauern - diese Zeit muss ggf. gewartet werden)

watch ntpq -np

zeigt uns an:

Every 2,0s: ntpq -np                                                                                         Fri Jun 26 11:21:42 2015

     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
+81.169.180.23   78.46.78.10      3 u    2   64  377   28.552    0.764   0.540
+88.198.23.16    192.53.103.104   2 u   64   64  377   12.074    0.461   0.589
+88.198.8.101    192.53.103.104   2 u   62   64  377   42.315    0.422   0.666
*193.175.73.151  DCF77            1 u   62   64  377   12.315    0.552   0.852

An Hand des * am Zeilenanfang ist zu erkennen, dass Synchronisation erfolgt. Die Spalten haben folgende Bedeutung:

Links

1)
Network Time Protocol
2) , 3)
parts per million 10-6