NTP - Zeitserver unter CentOS 7 einrichten und nutzen
Zum Abgleichen der Systemuhren unserer Clients, Netzwerkgeräten und realen Servern wie auch virtuellen Maschinen nutzen wird das NTP1). NTP wurde 1985 von David L. Mills entwickelt und wurde als RFC 958 definiert um eine zuverlässige Zeitgabe über Netzwerke mit variabler Paketlaufzeit über das verbindungslose protokolls UDP zu ermöglichen und bekam von der Internet Assigned Numbers Authority den UDP-Ports 123 zugewiesen.
Weitere Hinweise findet man im sehr guten und ausführlichem WIKIPEDIA-Artikel.
NTPD versus Chronyd
Seit CentOS 7 wird neben dem altbekanntem NTP-Daemon ntp ein weiterer Daemon Namens chrony zur Verfügung gestellt. In Adminkreisen wurde dazu oft spekuliert und argumentiert, warum RedHat einen Daemon als Default zur Verfügung gestellt wird, der vom Entwickler hauptsächlich für mobile Geräte oder nur unregelmäßig laufenden Systemen gebaut hat.
Im Kapitel 15.1.1. Differences Between ntpd and chronyd finden sich detailierte Angaben, welche Vor- und Nachteile der Daemon chronyd gegenüber dem NTP Daemon ntphat. Im gleich anschließendem Kapitel 15.1.2. Choosing Between NTP Daemons finden sich dann auch noch weitere Informationen, welcher Daemon wann eingesetzt werden soll.
Eine detailierte Gegenüberstellung von chronyd, ntpd und openntpd ist auf der Seite Comparison of NTP implementations zu finden.
Vor allem folgende Punkte können im Virtualisierungsumfeld erhebliche stabilere synchronisierte Zeiten erreicht werden:
- chronyd can usually synchronize the clock faster and with better time accuracy.
- chronyd quickly adapts to sudden changes in the rate of the clock.
- chronyd can adjust the rate of the clock on a Linux system in a larger range, which allows it to operate even on machines with a broken or unstable clock. For example, on some virtual machines.
Die nachfolgende Graphik zeigt exemplarisch den Offset mehrerer virtueller CentOS-Systeme. Der Offset wird dabei von einem Icinga2-Monitoring-Server laufend überwacht.
Die Server vml000010 bis vml000050 benutzen für den Abgleich der Zeiten das Paket ntp; die Server vml000052 bis vml000117 hingegen nutzen den Daemon chrony. Bemerkenswert bei diesem Vergleich ist, dass der Offset der einzelnen virtuellen Maschinen bei der Verwendung von chronyd um den Faktor 10 - 100 geringer ist, als bei den vergleichbaren ntp bestückten Systemen.
Ähnliche Ergebnisse kann man auch beim direkten Vergleich der zur Verfügung stehenden Zeitquellen an einem Host mit Hilfe von ntpq.
# watch -d -n 1 "ntpq -pn4"
remote refid st t when poll reach delay offset jitter ============================================================================== +10.0.0.20 85.10.200.230 2 u 127 128 377 0.184 1.495 0.113 *10.0.0.57 193.175.73.151 2 u 128 128 377 0.166 0.233 0.124 +10.0.0.127 78.111.224.11 2 u 79 128 377 0.150 1.992 1.517
In dem gezeigtem Beispiel wurde der Test auf einem CentOS 6 Host vorgenommen, wobei die Hosts folgender Natur waren:
- 10.0.0.20 = CentOS 6 NTP-Server mit Hilfe von ntpd,
- 10.0.0.57 = CentOS 7 NTP-Server mit Hilfe von chrony und
- 10.0.0.127 = CentOS 7 NTP-Server mit Hilfe von ntpd.
Diese beiden Beispiele und die Konfigurationsempfehlung von RedHat finden daher bei den Installation Rund um Djangos WIKI entsprechend Berücksichtigung.
chronyd
Installation
Falls nicht schon bei der Erstinstallation geschehen, installieren wir erst ein mal das benötige RPM chrony für den Abgleich mit unserem Zeitserver.
# yum install chrony
Dokumentation
Was uns das Paket alles mitgebracht hat, zeigt uns der Aufruf vom Befehl rpm mit der Option -qil.
# rpm -qil chrony
Name : chrony Version : 1.29.1 Release : 1.el7.centos Architecture: x86_64 Install Date: Thu 12 Mar 2015 09:40:10 AM CET Group : System Environment/Daemons Size : 567017 License : GPLv2 Signature : RSA/SHA256, Fri 04 Jul 2014 02:57:41 AM CEST, Key ID 24c6a8a7f4a80eb5 Source RPM : chrony-1.29.1-1.el7.centos.src.rpm Build Date : Wed 18 Jun 2014 11:18:41 PM CEST Build Host : worker1.bsys.centos.org Relocations : (not relocatable) Packager : CentOS BuildSystem <http://bugs.centos.org> Vendor : CentOS URL : http://chrony.tuxfamily.org Summary : An NTP client/server Description : A client/server for the Network Time Protocol, this program keeps your computer's clock accurate. It was specially designed to support systems with intermittent internet connections, but it also works well in permanently connected environments. It can use also hardware reference clocks, system real-time clock or manual input as time references. /etc/NetworkManager/dispatcher.d/20-chrony /etc/chrony.conf /etc/chrony.keys /etc/dhcp/dhclient.d/chrony.sh /etc/logrotate.d/chrony /usr/bin/chronyc /usr/lib/systemd/ntp-units.d/50-chronyd.list /usr/lib/systemd/system/chrony-wait.service /usr/lib/systemd/system/chronyd.service /usr/libexec/chrony-helper /usr/sbin/chronyd /usr/share/doc/chrony-1.29.1 /usr/share/doc/chrony-1.29.1/COPYING /usr/share/doc/chrony-1.29.1/NEWS /usr/share/doc/chrony-1.29.1/README /usr/share/doc/chrony-1.29.1/chrony.conf.example /usr/share/doc/chrony-1.29.1/chrony.conf.example2 /usr/share/doc/chrony-1.29.1/chrony.keys.example /usr/share/doc/chrony-1.29.1/chrony.txt /usr/share/doc/chrony-1.29.1/faq.txt /usr/share/info/chrony.info.gz /usr/share/man/man1/chrony.1.gz /usr/share/man/man1/chronyc.1.gz /usr/share/man/man5/chrony.conf.5.gz /usr/share/man/man8/chronyd.8.gz /var/lib/chrony /var/lib/chrony/drift /var/lib/chrony/rtc /var/log/chrony
Im Verzeichnis /usr/share/doc/chrony-*/ finden sich sowohl Konfigurationsbeispiele wie auch eine ausführliche Programm- und Konfigurationsbeschreibungen.
Userguid der chrony suite
Eine genaue Beschreibung zur Konfiguration unterschiedlichster Einsatzszenarien wie auch der Konfigurations-Optionen von chrony finden sich in der Datei chrony.txt aus dem Verzeichnis /usr/share/doc/chrony-*/.
# less /usr/share/doc/chrony-*/chrony.txt
User guide for the chrony suite ******************************* 1 Introduction ************** 1.1 Overview ============ Chrony is a software package for maintaining the accuracy of computer system clocks. It consists of a pair of programs : * 'chronyd'. This is a daemon which runs in background on the system. It obtains measurements (e.g. via the network) of the system's offset relative to other systems, and adjusts the system time accordingly. For isolated systems, the user can periodically enter the correct time by hand (using 'chronyc'). In either case, 'chronyd' determines the rate at which the computer gains or loses time, and compensates for this. 'chronyd' can also act as an NTP server, and provide a time-of-day service to other computers. A typical set-up is to run 'chronyd' on a gateway computer that has a dial-up link to the Internet, and use it to serve time to computers on a private LAN sitting behind the gateway. The IP addresses that can act as clients of 'chronyd' can be tightly controlled. The default is no client access. * 'chronyc'. This is a command-line driven control and monitoring program. An administrator can use this to fine-tune various parameters within the daemon, add or delete servers etc whilst the daemon is running. The IP addresses from which 'chronyc' clients may connect can be tightly controlled. The default is just the computer that 'chronyd' itself is running on. 1.2 Acknowledgements ==================== The 'chrony' suite makes use of the algorithm known as _RSA Data Security, Inc. MD5 Message-Digest Algorithm_ for authenticating messages between different machines on the network. In writing the 'chronyd' program, extensive use has been made of RFC1305, written by David Mills. The 'ntp' suite's source code has been occasionally used to check details of the protocol that the RFC did not make absolutely clear. The core algorithms in 'chronyd' are all completely distinct from 'ntp', however. 1.3 Availability ================ 1.3.1 Getting the software -------------------------- Links on the chrony home page (http://chrony.tuxfamily.org) describe how to obtain the software. 1.3.2 Platforms --------------- Although most of the program is portable between Unix-like systems, there are parts that have to be tailored to each specific vendor's system. These are the parts that interface with the operating system's facilities for adjusting the system clock; different operating systems may provide different function calls to achieve this, and even where the same function is used it may have different quirks in its behaviour. The software is known to work in the following environments: * Linux 2.2 and newer * NetBSD * BSD/386 * Solaris 2.3/2.5/2.5.1/2.6/2.7/2.8 on Sparc (Sparc 20, Ultrasparc) and i386 * SunOS 4.1.4 on Sparc 2 and Sparc20. Closely related systems may work too, but they have not been tested. Porting the software to other system (particularly to those supporting an 'adjtime' system call) should not be difficult, however it requires access to such systems to test out the driver. 1.4 Relationship to other software packages =========================================== 1.4.1 ntpd ---------- The 'reference' implementation of the Network Time Protocol is the program 'ntpd', available via The NTP home page (http://www.ntp.org/). One of the main differences between 'ntpd' and 'chronyd' is in the algorithms used to control the computer's clock. Things 'chronyd' can do better than 'ntpd': * 'chronyd' can perform usefully in an environment where access to the time reference is intermittent. 'ntpd' needs regular polling of the reference to work well. * 'chronyd' can usually synchronise the clock faster and with better time accuracy. * 'chronyd' quickly adapts to sudden changes in the rate of the clock (e.g. due to changes in the temperature of the crystal oscillator). 'ntpd' may need a long time to settle down again. * 'chronyd' can perform well even when the network is congested for longer periods of time. * 'chronyd' in the default configuration never steps the time to not upset other running programs. 'ntpd' can be configured to never step the time too, but it has to use a different means of adjusting the clock, which has some disadvantages. * 'chronyd' can adjust the rate of the clock on Linux in a larger range, which allows it to operate even on machines with broken or unstable clock (e.g. in some virtual machines). Things 'chronyd' can do that 'ntpd' can't: * 'chronyd' provides support for isolated networks whether the only method of time correction is manual entry (e.g. by the administrator looking at a clock). 'chronyd' can look at the errors corrected at different updates to work out the rate at which the computer gains or loses time, and use this estimate to trim the computer clock subsequently. * 'chronyd' provides support to work out the gain or loss rate of the 'real-time clock', i.e. the clock that maintains the time when the computer is turned off. It can use this data when the system boots to set the system time from a corrected version of the real-time clock. These real-time clock facilities are only available on Linux, so far. Things 'ntpd' can do that 'chronyd' can't: * 'ntpd' fully supports NTP version 4 (RFC5905), including broadcast, multicast, manycast clients / servers and the orphan mode. It also supports extra authentication schemes based on public-key cryptography (RFC5906). 'chronyd' uses NTP version 3 (RFC1305), which is compatible with version 4. * 'ntpd' has been ported to more types of computer / operating system. * 'ntpd' includes drivers for many reference clocks. 'chronyd' relies on other programs (e.g. gpsd) to access the data from the reference clocks. 1.4.2 timed ----------- 'timed' is a program that is part of the BSD networking suite. It uses broadcast packets to find all machines running the daemon within a subnet. The machines elect a master which periodically measures the system clock offsets of the other computers using ICMP timestamps. Corrections are sent to each member as a result of this process. Problems that may arise with 'timed' are : * Because it uses broadcasts, it is not possible to isolate its functionality to a particular group of computers; there is a risk of upsetting other computers on the same network (e.g. where a whole company is on the same subnet but different departments are independent from the point of view of administering their computers.) * The update period appears to be 10 minutes. Computers can build up significant offsets relative to each other in that time. If a computer can estimate its rate of drift it can keep itself closer to the other computers between updates by adjusting its clock every few seconds. 'timed' does not seem to do this. * 'timed' does not have any integrated capability for feeding real-time into its estimates, or for estimating the average rate of time loss/gain of the machines relative to real-time (unless one of the computers in the group has access to an external reference and is always appointed as the 'master'). 'timed' does have the benefit over 'chronyd' that for isolated networks of computers, they will track the 'majority vote' time. For such isolated networks, 'chronyd' requires one computer to be the 'master' with the others slaved to it. If the master has a particular defective clock, the whole set of computers will tend to slip relative to real time (but they _will_ stay accurate relative to one another). 1.5 Distribution rights and (lack of) warranty ============================================== Chrony may be distributed in accordance with the GNU General Public License version 2, reproduced in *Note GPL::. 1.6 Bug reporting and suggestions ================================= If you think you've found a bug in chrony, or have a suggestion, please let us know. You can join chrony users mailing list by sending a message with the subject subscribe to <chrony-users-request@chrony.tuxfamily.org>. Only subscribers can post to the list. When you are reporting a bug, please send us all the information you can. Unfortunately, chrony has proven to be one of those programs where it is very difficult to reproduce bugs in a different environment. So we may have to interact with you quite a lot to obtain enough extra logging and tracing to pin-point the problem in some cases. Please be patient and plan for this! Of course, if you can debug the problem yourself and send us a source code patch to fix it, we will be very grateful! 1.7 Contributions ================= Although chrony is now a fairly mature and established project, there are still areas that could be improved. If you can program in C and have some expertise in these areas, you might be able to fill the gaps. Particular areas that need addressing are : 1. Porting to other Unices This involves creating equivalents of sys_solaris.c, sys_linux.c etc for the new system. Note, the Linux driver has been reported as working on a range of different architectures (Alpha, Sparc, MIPS as well as x86 of course). 2. Porting to Windows NT A small amount of work on this was done under Cygwin. Only the sorting out of the include files has really been achieved so far. The two main areas still to address are 1. The system clock driver. 2. How to make chronyd into an NT service (i.e. what to replace fork(), setsid() etc with so that chronyd can be automatically started in the system bootstrap. 3. More drivers for reference clock support 4. Automation of the trimrtc and writertc mechanisms Currently, the RTC trimming mechanism is a manual operation, because there has to be a reasonable guarantee that the system will stay up for a reasonable length of time afterwards. (If it is shut down too soon, a poor characterisation of the RTC drift rate will be stored on disc, giving a bad system clock error when the system is next booted.) To make chrony more automated for the non-expert user, it would be useful if this problem could be avoided so that trimrtc could be done automatically (e.g. in a crontab, or as part of the ip-up or ip-down scripts.) 2 Installation ************** The software is distributed as source code which has to be compiled. The source code is supplied in the form of a gzipped tar file, which unpacks to a subdirectory identifying the name and version of the program. After unpacking the source code, change directory into it, and type ./configure This is a shell script that automatically determines the system type. There is a single optional parameter, '--prefix' which indicates the directory tree where the software should be installed. For example, ./configure --prefix=/opt/free will install the 'chronyd' daemon into /opt/free/sbin and the chronyc control program into /opt/free/bin. The default value for the prefix is /usr/local. The configure script assumes you want to use gcc as your compiler. If you want to use a different compiler, you can configure this way: CC=cc CFLAGS=-O ./configure --prefix=/opt/free for Bourne-family shells, or setenv CC cc setenv CFLAGS -O ./configure --prefix=/opt/free for C-family shells. If the software cannot (yet) be built on your system, an error message will be shown. Otherwise, 'Makefile' will be generated. If editline or readline library is available, chronyc will be built with line editing support. If you don't want this, specify the -disable-readline flag to configure. Please refer to *note line editing support:: for more information. If a 'timepps.h' header is available, chronyd will be built with PPS API reference clock driver. If the header is installed in a location that isn't normally searched by the compiler, you can add it to the searched locations by setting 'CPPFLAGS' variable to '-I/path/to/timepps'. Now type make to build the programs. If you want to build the manual in plain text, HTML and info versions, type make docs Once the programs have been successfully compiled, they need to be installed in their target locations. This step normally needs to be performed by the superuser, and requires the following command to be entered. make install This will install the binaries, plain text manual and manpages. To install the HTML and info versions of the manual as well, enter the command make install-docs If you want chrony to appear in the top level info directory listing, you need to run the 'install-info' command manually after this step. 'install-info' takes 2 arguments. The first is the path to the 'chrony.info' file you have just installed. This will be the argument you gave to -prefix when you configured ('/usr/local' by default), with '/share/info/chrony.info' on the end. The second argument is the location of the file called 'dir'. This will typically be '/usr/share/info/dir'. So the typical command line would be install-info /usr/local/share/info/chrony.info /usr/share/info/dir Now that the software is successfully installed, the next step is to set up a configuration file. The contents of this depend on the network environment in which the computer operates. Typical scenarios are described in the following section of the document. 2.1 Support for line editing libraries ====================================== Chronyc can be built with support for line editing, this allows you to use the cursor keys to replay and edit old commands. Two libraries are supported which provide such functionality, editline and GNU readline. Please note that readline since version 6.0 is licensed under GPLv3+ which is incompatible with chrony's license GPLv2. You should use editline instead if you don't want to use older readline versions. The configure script will automatically enable the line editing support if one of the supported libraries is available. If they are both available, the editline library will be used. If you don't want to use it (in which case chronyc will use a minimal command line interface), invoke configure like this: ./configure --disable-readline other-options... If you have editline, readline or ncurses installed in locations that aren't normally searched by the compiler and linker, you need to use extra options: '--with-readline-includes=directory_name' This defines the name of the directory above the one where 'readline.h' is. 'readline.h' is assumed to be in 'editline' or 'readline' subdirectory of the named directory. '--with-readline-library=directory_name' This defines the directory containing the 'libedit.a' or 'libedit.so' file, or 'libreadline.a' or 'libreadline.so' file. '--with-ncurses-library=directory_name' This defines the directory containing the 'libncurses.a' or 'libncurses.so' file. 2.2 Extra options for package builders ====================================== The configure and make procedures have some extra options that may be useful if you are building a distribution package for chrony. The -infodir=DIR option to configure specifies an install directory for the info files. This overrides the 'info' subdirectory of the argument to the -prefix option. For example, you might use ./configure --prefix=/usr --infodir=/usr/share/info The -mandir=DIR option to configure specifies an install directory for the man pages. This overrides the 'man' subdirectory of the argument to the -prefix option. ./configure --prefix=/usr --infodir=/usr/share/info --mandir=/usr/share/man to set both options together. The final option is the DESTDIR option to the make command. For example, you could use the commands ./configure --prefix=/usr --infodir=/usr/share/info --mandir=/usr/share/man make all docs make install DESTDIR=./tmp cd tmp tar cvf - . | gzip -9 > chrony.tar.gz to build a package. When untarred within the root directory, this will install the files to the intended final locations. 3 Typical operating scenarios ***************************** 3.1 Computers connected to the internet ======================================= In this section we discuss how to configure chrony for computers that have permanent connections to the internet (or to any network containing true NTP servers which ultimately derive their time from a reference clock). To operate in this mode, you will need to know the names of the NTP server machines you wish to use. You may be able to find names of suitable servers by one of the following methods: * Your institution may already operate servers on its network. Contact your system administrator to find out. * Your ISP probably has one or more NTP servers available for its customers. * Somewhere under the NTP homepage there is a list of public stratum 1 and stratum 2 servers. You should find one or more servers that are near to you -- check that their access policy allows you to use their facilities. * Use public servers from the pool.ntp.org project (http://www.pool.ntp.org/). Assuming that you have found some servers, you need to set up a configuration file to run chrony. The (compiled-in) default location for this file is '/etc/chrony.conf'. Assuming that your ntp servers are called 'a.b.c' and 'd.e.f', your 'chrony.conf' file could contain as a minimum server a.b.c server d.e.f server g.h.i However, you will probably want to include some of the other directives described later. The following directives will be particularly useful : 'driftfile', 'commandkey', 'keyfile'. The smallest useful configuration file would look something like server a.b.c server d.e.f server g.h.i keyfile /etc/chrony.keys commandkey 1 driftfile /var/lib/chrony/drift 3.2 Infrequent connection to true NTP servers ============================================= In this section we discuss how to configure chrony for computers that have occasional connections to the internet. 3.2.1 Setting up the configuration file for infrequent connections ------------------------------------------------------------------ As in the previous section, you will need access to NTP servers on the internet. The same remarks apply for how to find them. In this case, you will need some additional configuration to tell 'chronyd' when the connection to the internet goes up and down. This saves the program from continuously trying to poll the servers when they are inaccessible. Again, assuming that your ntp servers are called 'a.b.c' and 'd.e.f', your 'chrony.conf' file would need to contain something like server a.b.c server d.e.f server g.h.i However, your computer will keep trying to contact the servers to obtain timestamps, even whilst offline. If you operate a dial-on-demand system, things are even worse, because the link to the internet will keep getting established. For this reason, it would be better to specify this part of your configuration file in the following way: server a.b.c offline server d.e.f offline server g.h.i offline The 'offline' keyword indicates that the servers start in an offline state, and that they should not be contacted until 'chronyd' receives notification that the link to the internet is present. In order to notify 'chronyd' of the presence of the link, you will need to be able to log in to it with the program chronyc. To do this, 'chronyd' needs to be configured with an administrator password. To set up an administrator password, you can create a file '/etc/chrony.keys' containing a single line 1 ALongAndRandomPassword and add the following line to '/etc/chrony.conf' (the order of the lines does not matter) commandkey 1 The smallest useful configuration file would look something like server a.b.c offline server d.e.f offline server g.h.i offline keyfile /etc/chrony.keys commandkey 1 driftfile /var/lib/chrony/drift The next section describes how to tell 'chronyd' when the internet link goes up and down. 3.2.2 How to tell chronyd when the internet link is available. -------------------------------------------------------------- To use this option, you will need to configure a command key in 'chronyd's' configuration file '/etc/chrony.conf', as described in the previous section. To tell 'chronyd' when to start and finish sampling the servers, the 'online' and 'offline' commands of chronyc need to be used. To give an example of their use, we assume that 'pppd' is the program being used to connect to the internet, and that chronyc has been installed at its default location '/usr/bin/chronyc'. We also assume that the command key has been set up as described in the previous section. In the file '/etc/ppp/ip-up' we add the command sequence /usr/bin/chronyc -a online and in the file '/etc/ppp/ip-down' we add the sequence /usr/bin/chronyc -a offline 'chronyd's' polling of the servers will now only occur whilst the machine is actually connected to the Internet. 3.3 Isolated networks ===================== In this section we discuss how to configure chrony for computers that never have network conectivity to any computer which ultimately derives its time from a reference clock. In this situation, one computer is selected to be the master timeserver. The other computers are either direct clients of the master, or clients of clients. The rate value in the master's drift file needs to be set to the average rate at which the master gains or loses time. 'chronyd' includes support for this, in the form of the 'manual' directive in the configuration file and the 'settime' command in the 'chronyc' program. If the master is rebooted, 'chronyd' can re-read the drift rate from the drift file. However, the master has no accurate estimate of the current time. To get around this, the system can be configured so that the master can initially set itself to a 'majority-vote' of selected clients' times; this allows the clients to 'flywheel' the master across its outage. A typical configuration file for the master (called 'master') might be (assuming the clients are in the 192.168.165.x subnet and that the master's address is 192.168.169.170) driftfile /var/lib/chrony/drift commandkey 25 keyfile /etc/chrony.keys initstepslew 10 client1 client3 client6 local stratum 8 manual allow 192.168.165 For the clients that have to resynchronise the master when it restarts, the configuration file might be server master driftfile /var/lib/chrony/drift logdir /var/log/chrony log measurements statistics tracking keyfile /etc/chrony.keys commandkey 24 local stratum 10 initstepslew 20 master allow 192.168.169.170 The rest of the clients would be the same, except that the 'local' and 'allow' directives are not required. 3.4 The home PC with a dial-up connection ========================================= 3.4.1 Assumptions/how the software works ---------------------------------------- This section considers the home computer which has a dial-up connection. It assumes that Linux is run exclusively on the computer. Dual-boot systems may work; it depends what (if anything) the other system does to the system's real-time clock. Much of the configuration for this case is discussed earlier (*note Infrequent connection::). This section addresses specifically the case of a computer which is turned off between 'sessions'. In this case, 'chronyd' relies on the computer's real-time clock (RTC) to maintain the time between the periods when it is powered up. The arrangement is shown in the figure below. trim if required PSTN +---------------------------+ +----------+ | | | | v | | | +---------+ +-------+ +-----+ +---+ | System's| measure error/ |chronyd| |modem| |ISP| |real-time|------------------->| |-------| | | | | clock | drift rate +-------+ +-----+ +---+ +---------+ ^ | | | | +---------------------------+ --o-----o--- set time at boot up | +----------+ |NTP server| +----------+ When the computer is connected to the Internet (via the modem), 'chronyd' has access to external NTP servers which it makes measurements from. These measurements are saved, and straight-line fits are performed on them to provide an estimate of the computer's time error and rate of gaining/losing time. When the computer is taken offline from the Internet, the best estimate of the gain/loss rate is used to free-run the computer until it next goes online. Whilst the computer is running, 'chronyd' makes measurements of the real-time clock (RTC) (via the '/dev/rtc' interface, which must be compiled into the kernel). An estimate is made of the RTC error at a particular RTC second, and the rate at which the RTC gains or loses time relative to true time. On 2.6 and later kernels, if your motherboard has a HPET, you need to enable the 'HPET_EMULATE_RTC' option in your kernel configuration. Otherwise, chrony will not be able to interact with the RTC device and will give up using it. When the computer is powered down, the measurement histories for all the NTP servers are saved to files (if the 'dumponexit' directive is specified in the configuration file), and the RTC tracking information is also saved to a file (if the 'rtcfile' directive has been specified). These pieces of information are also saved if the 'dump' and 'writertc' commands respectively are issued through 'chronyc'. When the computer is rebooted, 'chronyd' reads the current RTC time and the RTC information saved at the last shutdown. This information is used to set the system clock to the best estimate of what its time would have been now, had it been left running continuously. The measurement histories for the servers are then reloaded. The next time the computer goes online, the previous sessions' measurements can contribute to the line-fitting process, which gives a much better estimate of the computer's gain/loss rate. One problem with saving the measurements and RTC data when the machine is shut down is what happens if there is a power failure; the most recent data will not be saved. Although 'chronyd' is robust enough to cope with this, some performance may be lost. (The main danger arises if the RTC has been changed during the session, with the 'trimrtc' command in 'chronyc'. Because of this, 'trimrtc' will make sure that a meaningful RTC file is saved out after the change is completed). The easiest protection against power failure is to put the 'dump' and 'writertc' commands in the same place as the 'offline' command is issued to take 'chronyd' offline; because 'chronyd' free-runs between online sessions, no parameters will change significantly between going offline from the Internet and any power failure. A final point regards home computers which are left running for extended periods and where it is desired to spin down the hard disc when it is not in use (e.g. when not accessed for 15 minutes). 'chronyd' has been planned so it supports such operation; this is the reason why the RTC tracking parameters are not saved to disc after every update, but only when the user requests such a write, or during the shutdown sequence. The only other facility that will generate periodic writes to the disc is the 'log rtc' facility in the configuration file; this option should not be used if you want your disc to spin down. 3.4.2 Typical configuration files. ---------------------------------- To illustrate how a dial-up home computer might be configured, example configuration files are shown in this section. For the '/etc/chrony.conf' file, the following can be used as an example. server 0.pool.ntp.org minpoll 5 maxpoll 10 maxdelay 0.4 offline server 1.pool.ntp.org minpoll 5 maxpoll 10 maxdelay 0.4 offline server 2.pool.ntp.org minpoll 5 maxpoll 10 maxdelay 0.4 offline logdir /var/log/chrony log statistics measurements tracking driftfile /var/lib/chrony/drift keyfile /etc/chrony.keys commandkey 25 maxupdateskew 100.0 dumponexit dumpdir /var/lib/chrony rtcfile /var/lib/chrony/rtc 'pppd' is used for connecting to the internet. This runs two scripts '/etc/ppp/ip-up' and '/etc/ppp/ip-down' when the link goes online and offline respectively. The relevant part of the '/etc/ppp/ip-up' file is /usr/bin/chronyc -a online and the relevant part of the '/etc/ppp/ip-down' script is /usr/bin/chronyc -a -m offline dump writertc To start 'chronyd' during the boot sequence, the following is in '/etc/rc.d/rc.local' (this is a Slackware system) if [ -f /usr/sbin/chronyd -a -f /etc/chrony.conf ]; then /usr/sbin/chronyd -r -s echo "Start chronyd" fi The placement of this command may be important on some systems. In particular, 'chronyd' may need to be started before any software that depends on the system clock not jumping or moving backwards, depending on the directives in 'chronyd's' configuration file. For the system shutdown, 'chronyd' should receive a SIGTERM several seconds before the final SIGKILL; the SIGTERM causes the measurement histories and RTC information to be saved out. 3.5 Other important configuration options ========================================= The most common option to include in the configuration file is the 'driftfile' option. One of the major tasks of 'chronyd' is to work out how fast or how slow the system clock runs relative to real time - e.g. in terms of seconds gained or lost per day. Measurements over a long period are usually required to refine this estimate to an acceptable degree of accuracy. Therefore, it would be bad if 'chronyd' had to work the value out each time it is restarted, because the system clock would not run so accurately whilst the determination is taking place. To avoid this problem, 'chronyd' allows the gain or loss rate to be stored in a file, which can be read back in when the program is restarted. This file is called the drift file, and might typically be stored in '/var/lib/chrony/drift'. By specifying an option like the following driftfile /var/lib/chrony/drift in the configuration file ('/etc/chrony.conf'), the drift file facility will be activated. 4 Usage reference ***************** 4.1 Starting chronyd ==================== If 'chronyd' has been installed to its default location '/usr/sbin/chronyd', starting it is simply a matter of entering the command /usr/sbin/chronyd Information messages and warnings will be logged to syslog. The command line options supported are as follows: '-n' When run in this mode, the program will not detach itself from the terminal. '-d' When run in this mode, the program will not detach itself from the terminal, and all messages will be sent to the terminal instead of to syslog. '-f <conf-file>' This option can be used to specify an alternate location for the configuration file (default '/etc/chrony.conf'). '-r' This option will reload sample histories for each of the servers being used. These histories are created by using the 'dump' command in 'chronyc', or by setting the 'dumponexit' directive in the configuration file. This option is useful if you want to stop and restart 'chronyd' briefly for any reason, e.g. to install a new version. However, it only makes sense on systems where the kernel can maintain clock compensation whilst not under 'chronyd's' control. The only version where this happens so far is Linux. On systems where this is not the case, e.g. Solaris and SunOS the option should not be used. '-R' When this option is used, the 'initstepslew' directive and the 'makestep' directive used with a positive limit will be ignored. This option is useful when restarting 'chronyd' and can be used in conjuction with the '-r' option. '-s' This option will set the system clock from the computer's real-time clock. This is analogous to supplying the '-s' flag to the '/sbin/clock' program during the Linux boot sequence. Support for real-time clocks is limited at present - the criteria are described in the section on the 'rtcfile' directive (*note rtcfile directive::). If 'chronyd' cannot support the real time clock on your computer, this option cannot be used and a warning message will be logged to the syslog. If used in conjunction with the '-r' flag, 'chronyd' will attempt to preserve the old samples after setting the system clock from the real time clock. This can be used to allow 'chronyd' to perform long term averaging of the gain or loss rate across system reboots, and is useful for dial-up systems that are shut down when not in use. For this to work well, it relies on 'chronyd' having been able to determine accurate statistics for the difference between the real time clock and system clock last time the computer was on. '-u <user>' When this option is used, chronyd will drop root privileges to the specified user. So far, it works only on Linux when compiled with capabilities support. '-v' This option displays 'chronyd's' version number to the terminal and exits. '-P <priority>' This option will select the SCHED_FIFO real-time scheduler at the specified priority (which must be between 0 and 100). This mode is supported only on Linux. '-m' This option will lock chronyd into RAM so that it will never be paged out. This mode is only supported on Linux. '-4' With this option hostnames will be resolved only to IPv4 addresses and only IPv4 sockets will be created. '-6' With this option hostnames will be resolved only to IPv6 addresses and only IPv6 sockets will be created. On systems that support an '/etc/rc.local' file for starting programs at boot time, 'chronyd' can be started from there. On systems with a System V style initialisation, a suitable start/stop script might be as shown below. This might be placed in the file '/etc/rc2.d/S83chrony'. #!/bin/sh # This file should have uid root, gid sys and chmod 744 # killproc() { # kill the named process(es) pid=`/usr/bin/ps -e | /usr/bin/grep -w $1 | /usr/bin/sed -e 's/^ *//' -e 's/ .*//'` [ "$pid" != "" ] && kill $pid } case "$1" in 'start') if [ -f /opt/free/sbin/chronyd -a -f /etc/chrony.conf ]; then /opt/free/sbin/chronyd fi ;; 'stop') killproc chronyd ;; *) echo "Usage: /etc/rc2.d/S83chrony { start | stop }" ;; esac (In both cases, you may want to bear in mind that 'chronyd' can step the time when it starts. There may be other programs started at boot time that could be upset by this, so you may need to consider the ordering carefully. However, 'chronyd' will need to start after daemons providing services that it may require, e.g. the domain name service.) 4.2 The chronyd configuration file ================================== The configuration file is normally called '/etc/chrony.conf'; in fact, this is the compiled-in default. However, other locations can be specified with a command line option. Each command in the configuration file is placed on a separate line. The following sections describe each of the commands in turn. The directives can occur in any order in the file. 4.2.1 Comments in the configuration file ---------------------------------------- The configuration file may contain comment lines. A comment line is any line that starts with zero or more spaces followed by any one of the following characters: * ! * ; * # * % Any line with this format will be ignored. 4.2.2 acquisitionport --------------------- 'chronyd' uses a separate client-side port for the rapid-fire measurements requested with the 'initstepslew' directive (*note initstepslew directive::). Normally, that port is chosen arbitrarily by the operating system. However, you can use 'acquisitionport' to explicitly specify a port. This may be useful for getting through firewalls. Do not make acquisition and regular NTP service (*note port directive::) use the same port. An example of the 'acquisitionport' command is acquisitionport 1123 This would change the port used for rapid queries to udp/1123. You could then persuade the firewall administrator to let that port through. 4.2.3 allow ----------- The 'allow' command is used to designate a particular subnet from which NTP clients are allowed to access the computer as an NTP server. The default is that no clients are allowed access, i.e. 'chronyd' operates purely as an NTP client. If the 'allow' directive is used, 'chronyd' will be both a client of its servers, and a server to other clients. Examples of use of the command are as follows: allow foo.bar.com allow 1.2 allow 3.4.5 allow 6.7.8/22 allow 6.7.8.9/22 allow 2001:db8::/32 allow 0/0 allow ::/0 allow The first command allows the named node to be an NTP client of this computer. The second command allows any node with an IPv4 address of the form 1.2.x.y (with x and y arbitrary) to be an NTP client of this computer. Likewise, the third command allows any node with an IPv4 address of the form 3.4.5.x to have client NTP access. The fourth and fifth forms allow access from any node with an IPv4 address of the form 6.7.8.x, 6.7.9.x, 6.7.10.x or 6.7.11.x (with x arbitrary), i.e. the value 22 is the number of bits defining the specified subnet. (In the fifth form, the final byte is ignored). The sixth form is used for IPv6 addresses. The seventh and eighth forms allow access by any IPv4 and IPv6 node respectively. The ninth forms allows access by any node (IPv4 or IPv6). A second form of the directive, 'allow all', has a greater effect, depending on the ordering of directives in the configuration file. To illustrate the effect, consider the two examples allow 1.2.3.4 deny 1.2.3 allow 1.2 and allow 1.2.3.4 deny 1.2.3 allow all 1.2 In the first example, the effect is the same regardles of what order the three directives are given in. So the 1.2.x.y subnet is allowed access, except for the 1.2.3.x subnet, which is denied access, however the host 1.2.3.4 is allowed access. In the second example, the 'allow all 1.2' directives overrides the effect of _any_ previous directive relating to a subnet within the specified subnet. Within a configuration file this capability is probably rather moot; however, it is of greater use for reconfiguration at run-time via 'chronyc' (*note allow all command::). Note, if the 'initstepslew' directive (*note initstepslew directive::) is used in the configuration file, each of the computers listed in that directive must allow client access by this computer for it to work. 4.2.4 bindaddress ----------------- The bindaddress allows you to restrict the network interface to which chronyd will listen for NTP packets. This provides an additional level of access restriction above that available through the 'deny' mechanism. Suppose you have a local ethernet with addresses in the 192.168.1.0 subnet together with a dial-up connection. The ethernet interface's IP address is 192.168.1.1. Suppose (for some reason) you want to block all access through the dialup connection (note, this will even block replies from servers on the dialup side, so you will not be able to synchronise to an external source). You could add the line bindaddress 192.168.1.1 to the configuration file. This directive affects NTP (UDP port 123) packets. If no 'bindcmdaddress' directive is present, the address supplied by 'bindaddress' will be used to control binding of the command socket (UDP port 323) as well. The 'bindaddress' directive has been found to cause problems when used on computers that need to pass NTP traffic over multiple network interfaces (e.g. firewalls). It is, therefore, not particularly useful. Use of the 'allow' and 'deny' directives together with a network firewall is more likely to be successful. For each of IPv4 and IPv6 protocols, only one 'bindaddress' directive can be specified. 4.2.5 bindcmdaddress -------------------- The bindcmdaddress allows you to restrict the network interface to which chronyd will listen for command packets (issued by chronyc). Suppose you have a local ethernet with addresses in the 192.168.1.0 subnet together with a dial-up connection. The ethernet interface's IP address is 192.168.1.1. Suppose you want to block all access through the dialup connection. You could add the line bindcmdaddress 192.168.1.1 to the configuration file. The 'bindcmdaddress' directive has been found to cause problems when used on computers that need to pass command traffic over multiple network interfaces. It is, therefore, not particularly useful. Use of the 'cmdallow' and 'cmddeny' directives together with a network firewall is more likely to be successful. For each of IPv4 and IPv6 protocols, only one 'bindcmdaddress' directive can be specified. 4.2.6 broadcast --------------- The 'broadcast' directive is used to declare a broadcast address to which chronyd should send packets in NTP broadcast mode (i.e. make chronyd act as a broadcast server). Broadcast clients on that subnet will be able to synchronise. The syntax is as follows broadcast 30 192.168.1.255 broadcast 60 192.168.2.255 12123 broadcast 60 ff02::101 In the first example, the destination port defaults to 123/udp (the normal NTP port). In the second example, the destionation port is specified as 12123. The first parameter in each case (30 or 60 respectively) is the interval in seconds between broadcast packets being sent. The second parameter in each case is the broadcast address to send the packet to. This should correspond to the broadcast address of one of the network interfaces on the computer where chronyd is running. You can have more than 1 'broadcast' directive if you have more than 1 network interface onto which you wish to send NTP broadcast packets. 'chronyd' itself cannot currently act as a broadcast client; it must always be configured as a point-to-point client by defining specific NTP servers and peers. This broadcast server feature is intended for providing a time source to other NTP software (e.g. various MS Windows clients). If ntpd is used as the broadcast client, it will try to use a point-to-point client/server NTP access to measure the round-trip delay. Thus, the broadcast subnet should also be the subject of an 'allow' directive (*note allow directive::). 4.2.7 cmdallow -------------- This is similar to the 'allow' directive (*note allow directive::), except that it allows control access (rather than NTP client access) to a particular subnet or host. (By 'control access' is meant that chronyc can be run on those hosts and successfully connect to chronyd on this computer.) The syntax is identical to the 'allow' directive. There is also a 'cmdallow all' directive with similar behaviour to the 'allow all' directive (but applying to control access in this case, of course). 4.2.8 cmddeny ------------- This is similar to the 'cmdallow' directive (*note cmdallow directive::), except that it denies control access to a particular subnet or host, rather than allowing it. The syntax is identical. There is also a 'cmddeny all' directive with similar behaviour to the 'cmdallow all' directive. 4.2.9 combinelimit ------------------ When 'chronyd' has multiple sources available for synchronization, it has to select one source as the synchronization source. The measured offsets and frequencies of the system clock relative to the other sources, however, can be combined with the selected source to improve the accuracy of the system clock. The 'combinelimit' directive limits which sources are included in the combining algorithm. Their synchronization distance has to be shorter than the distance of the selected source multiplied by the value of the limit. Also, their measured frequencies have to be close to the frequency of the selected source. By default, the limit is 3. Setting the limit to 0 effectively disables the source combining algorithm and only the selected source will be used to control the system clock. The syntax is combinelimit <limit> 4.2.10 commandkey ----------------- The commandkey command is used to set the key number used for authenticating user commands via the chronyc program at run time. This allows certain actions of the chronyc program to be restricted to administrators. An example of the commandkey command is commandkey 20 By default, the key number is 0. In the key file (see the keyfile command) there should be a line of the form 20 MD5 HEX:B028F91EA5C38D06C2E140B26C7F41EC When running the chronyc program to perform run-time configuration, the command password foobar must be entered before any commands affecting the operation of the daemon can be entered, or chronyc must be started with the '-a' option to run the password command automatically. 4.2.11 cmdport -------------- The 'cmdport' directive allows the port that is used for run-time command and monitoring (via the program 'chronyc') to be altered from its default (323/udp). An example shows the syntax cmdport 257 This would make 'chronyd' use 257/udp as its command port. ('chronyc' would need to be run with the '-p 257' switch to inter-operate correctly). 4.2.12 corrtimeratio -------------------- When 'chronyd' makes a time correction, it controls how quickly the system clock is slewed (so far only on Linux). This rate temporarily affects the frequency error of the system clock. The 'corrtimeratio' directive controls the ratio between the duration in which the clock is slewed for an average correction according to the source history and the interval in which the corrections are done (usually the NTP polling interval). Corrections larger than the average take less time and smaller corrections take more time, the amount of the correction and the correction time are inversely proportional. Increasing 'corrtimeratio' makes the overall frequency error of the system clock smaller, but increases the overall time error as the corrections will take longer. By default, the ratio is 1, which means the duration of an average correction will be close to the update interval. The syntax is corrtimeratio 10 The current remaining correction is shown in the 'tracking' report (*note tracking command::) as the 'System time' value. 4.2.13 deny ----------- This is similar to the 'allow' directive (*note allow directive::), except that it denies NTP client access to a particular subnet or host, rather than allowing it. The syntax is identical. There is also a 'deny all' directive with similar behaviour to the 'allow all' directive. 4.2.14 driftfile ---------------- One of the main activities of the 'chronyd' program is to work out the rate at which the system clock gains or loses time relative to real time. Whenever 'chronyd' computes a new value of the gain/loss rate, it is desirable to record it somewhere. This allows 'chronyd' to begin compensating the system clock at that rate whenever it is restarted, even before it has had a chance to obtain an equally good estimate of the rate during the new run. (This process may take many minutes, at least). The driftfile command allows a file to be specified into which 'chronyd' can store the rate information. Two parameters are recorded in the file. The first is the rate at which the system clock gains or loses time, expressed in parts per million, with gains positive. Therefore, a value of 100.0 indicates that when the system clock has advanced by a second, it has gained 100 microseconds on reality (so the true time has only advanced by 999900 microseconds). The second is an estimate of the error bound around the first value in which the true rate actually lies. An example of the driftfile command is driftfile /var/lib/chrony/drift 4.2.15 dumpdir -------------- To compute the rate of gain or loss of time, 'chronyd' has to store a measurement history for each of the time sources it uses. Certain systems (so far only Linux) have operating system support for setting the rate of gain or loss to compensate for known errors. (On other systems, 'chronyd' must simulate such a capability by periodically slewing the system clock forwards or backwards by a suitable amount to compensate for the error built up since the previous slew). For such systems, it is possible to save the measurement history across restarts of 'chronyd' (assuming no changes are made to the system clock behaviour whilst it is not running). If this capability is to be used (via the dumponexit command in the configuration file, or the dump command in chronyc), the dumpdir command should be used to define the directory where the measurement histories are saved. An example of the command is dumpdir /var/lib/chrony A source whose reference id (the IP address for IPv4 sources) is 1.2.3.4 would have its measurement history saved in the file '/var/lib/chrony/1.2.3.4.dat'. 4.2.16 dumponexit ----------------- If this command is present, it indicates that 'chronyd' should save the measurement history for each of its time sources recorded whenever the program exits. (See the dumpdir command above). 4.2.17 fallbackdrift -------------------- Fallback drifts are long-term averages of the system clock drift calculated over exponentially increasing intervals. They are used when the clock is unsynchronised to avoid quickly drifting away from true time if there was a short-term deviation in drift before the synchronisation was lost. The directive specifies the minimum and maximum interval for how long the system clock has to be unsynchronised to switch between fallback drifts. They are defined as a power of 2 (in seconds). The syntax is as follows fallbackdrift 16 19 In this example, the minimum interval is 16 (18 hours) and maximum interval is 19 (6 days). The system clock frequency will be set to the first fallback 18 hours after the synchronisation was lost, to the second after 36 hours, etc. This might be a good setting to cover daily and weekly temperature fluctuations. By default (or if the specified maximum or minimum is 0), no fallbacks will be used and the clock frequency will stay at the last value calculated before synchronisation was lost. 4.2.18 generatecommandkey ------------------------- With this directive, if the command key is not found on start in the file specified by the 'keyfile' directive, 'chronyd' will generate a new command key from the /dev/urandom file and write it to the key file. The generated key will use SHA1 if 'chronyd' is compiled with the support, otherwise MD5 will be used. 4.2.19 include -------------- The 'include' directive includes a specified configuration file. This is useful when maintaining configuration on multiple hosts to keep the differences in a separate file. include /etc/chrony/local.conf 4.2.20 initstepslew ------------------- In normal operation, 'chronyd' always slews the time when it needs to adjust the system clock. For example, to correct a system clock which is 1 second slow, 'chronyd' slightly increases the amount by which the system clock is advanced on each clock interrupt, until the error is removed. (Actually, this is done by calling the 'adjtime()' or similar system function which does it for us.) Note that at no time does time run backwards with this method. On most Unix systems it is not desirable to step the system clock, because many programs rely on time advancing monotonically forwards. When the 'chronyd' daemon is initially started, it is possible that the system clock is considerably in error. Attempting to correct such an error by slewing may not be sensible, since it may take several hours to correct the error by this means. The purpose of the 'initstepslew' directive is to allow 'chronyd' to make a rapid measurement of the system clock error at boot time, and to correct the system clock by stepping before normal operation begins. Since this would normally be performed only at an appropriate point in the system boot sequence, no other software should be adversely affected by the step. If the correction required is less than a specified threshold, a slew is used instead. This makes it easier to restart 'chronyd' whilst the system is in normal operation. The 'initstepslew' directive takes a threshold and a list of NTP servers as arguments. A maximum of 8 will be used. Each of the servers is rapidly polled several times, and a majority voting mechanism used to find the most likely range of system clock error that is present. A step (or slew) is applied to the system clock to correct this error. 'chronyd' then enters its normal operating mode (where only slews are used). An example of use of the command is initstepslew 30 foo.bar.com baz.quz.com where 2 NTP servers are used to make the measurement. The '30' indicates that if the system's error is found to be 30 seconds or less, a slew will be used to correct it; if the error is above 30 seconds, a step will be used. The 'initstepslew' directive can also be used in an isolated LAN environment, where the clocks are set manually. The most stable computer is chosen as the master, and the other computers are slaved to it. If each of the slaves is configured with the local option (see below), the master can be set up with an 'initstepslew' directive which references some or all of the slaves. Then, if the master machine has to be rebooted, the slaves can be relied on to 'flywheel' the time for the master. 4.2.21 keyfile -------------- This command is used to specify the location of the file containing ID/key pairs for the following 2 uses: * Authentication of NTP packets. * Authentication of administrator commands entered via chronyc. The format of the command is shown in the example below keyfile /etc/chrony.keys The argument is simply the name of the file containing the ID/key pairs. The format of the file is shown below 10 tulip 11 hyacinth 20 MD5 ASCII:crocus 25 SHA1 HEX:1dc764e0791b11fa67efc7ecbc4b0d73f68a070c ... Each line consists of an ID, a name of authentication hash function (optional) and a password. The ID can be any unsigned integer in the range 0 through 2**32-1. The hash function is MD5 by default, depending on how was 'chronyd' compiled other allowed hash functions may be SHA1, SHA256, SHA384, SHA512, RMD128, RMD160, RMD256, RMD320, TIGER and WHIRLPOOL. The password can be encoded as a string of characters not containing a space with optional 'ASCII:' prefix or as a hexadecimal number with 'HEX:' prefix. For maximum security, it's recommended to use SHA1 or stronger hash function. The passwords should be random and they should be as long as the output size of the configured hash function, e.g. 160 bits with SHA1. The ID for the chronyc authentication key is specified with the commandkey command (see earlier). The command key can be generated automatically on start with the 'generatecommandkey' directive. 4.2.22 leapsectz ---------------- This directive is used to set the name of the timezone in the system tz database which 'chronyd' can use to find out when will the next leap second occur. It will periodically check if the times 23:59:59 and 23:59:60 are valid on Jun 30 and Dec 31 in the timezone. A useful timezone is 'right/UTC'. This is mainly useful with reference clocks which don't provide the leap second information. It is not necessary to restart 'chronyd' if the tz database is updated with a new leap second at least 12 hours before the event. An example of the command is leapsectz right/UTC The following shell command verifies that the timezone contains leap seconds and can be used with this directive $ TZ=right/UTC date -d 'Dec 31 2008 23:59:60' Wed Dec 31 23:59:60 UTC 2008 4.2.23 local ------------ The local keyword is used to allow 'chronyd' to appear synchronised to real time (from the viewpoint of clients polling it), even if it has no current synchronisation source. This option is normally used on computers in an isolated network, where several computers are required to synchronise to one other, this being the "master" which is kept vaguely in line with real time by manual input. An example of the command is local stratum 10 The value 10 may be substituted with other values in the range 1 through 15. Stratum 1 indicates a computer that has a true real-time reference directly connected to it (e.g. GPS, atomic clock etc) – such computers are expected to be very close to real time. Stratum 2 computers are those which have a stratum 1 server; stratum 3 computers have a stratum 2 server and so on. A large value of 10 indicates that the clock is so many hops away from a reference clock that its time is fairly unreliable. Put another way, if the computer ever has access to another computer which is ultimately synchronised to a reference clock, it will almost certainly be at a stratum less than 10. Therefore, the choice of a high value like 10 for the local command prevents the machine's own time from ever being confused with real time, were it ever to leak out to clients that have visibility of real servers. 4.2.24 linux_hz --------------- (This option only applies to Linux). By default, chronyd will find the value of 'HZ' from a kernel header file at compile time. 'HZ' is the nominal number of timer interrupts per second. If you're running chronyd on the system where it was built, the value it has should be right, and you don't need to worry about this option. This option is provided for people who move a pre-built chronyd onto a system where the value of HZ in the kernel headers has been changed from the default value. An example of the command is linux_hz 100 4.2.25 linux_freq_scale ----------------------- (This option only applies to Linux). By default, chronyd will find the value of 'HZ' and 'SHIFT_HZ' from kernel header files at compile time. An internal value called 'freq_scale' is calculated from this. By default it is (1<<SHIFT_HZ)/HZ, except for the case HZ=100, when special case code is used which leads to the value 128/128.125. If you're running chronyd on the system where it was built, the value it has should be right, and you don't need to worry about this option. This option is provided for people who move a pre-built chronyd onto a system where the method by which the kernel computes the reciprocal of this value has been changed or where the HZ and SHIFT_HZ constants differ from those on the system where chronyd was built. An example of the command is linux_freq_scale 0.99902439 4.2.26 log ---------- The log command indicates that certain information is to be logged. 'measurements' This option logs the raw NTP measurements and related information to a file called measurements.log. 'statistics' This option logs information about the regression processing to a file called statistics.log. 'tracking' This option logs changes to the estimate of the system's gain or loss rate, and any slews made, to a file called tracking.log. 'rtc' This option logs information about the system's real-time clock. 'refclocks' This option logs the raw and filtered reference clock measurements to a file called refclocks.log. 'tempcomp' This option logs the temperature measurements and system rate compensations to a file called tempcomp.log. The files are written to the directory specified by the logdir command. An example of the command is log measurements statistics tracking 4.2.26.1 Measurements log file format ..................................... An example line (which actually appears as a single line in the file) from the measurements log file is shown below. 2010-12-22 05:40:50 158.152.1.76 N 8 1111 111 1111 10 10 1.0 \ -4.966e-03 2.296e-01 1.577e-05 1.615e-01 7.446e-03 The columns are as follows (the quantities in square brackets are the values from the example line above) : 1. Date [2010-12-22] 2. Hour:Minute:Second [05:40:50]. Note that the date/time pair is expressed in UTC, not the local time zone. 3. IP address of server/peer from which measurement comes [158.152.1.76] 4. Leap status ('N' means normal, '+' means that the last minute of the current month has 61 seconds, '-' means that the last minute of the month has 59 seconds, '?' means the remote computer is not currently synchronised.) [N] 5. Stratum of remote computer. [2] 6. RFC1305 tests 1 through 4 (1=pass, 0=fail) [1111] 7. Tests for maximum delay, maximum delay ratio and maximum delay dev ratio, against defined parameters (1=pass, 0=fail) [111] 8. RFC1305 tests 5 through 8 (1=pass, 0=fail) [1111] 9. Local poll [10] 10. Remote poll [10] 11. 'Score' (an internal score within each polling level used to decide when to increase or decrease the polling level. This is adjusted based on number of measurements currently being used for the regression algorithm). [1.0] 12. The estimated local clock error ('theta' in RFC1305). Positive indicates that the local clock is slow. [-4.966e-03]. 13. The peer delay ('delta' in RFC1305). [2.296e-01] 14. The peer dispersion ('epsilon' in RFC1305). [1.577e-05] 15. The root delay ('Delta' in RFC1305). [1.615e-01] 16. The root dispersion ('E' in RFC1305). [7.446e-03] A banner is periodically written to the log file to indicate the meanings of the columns. 4.2.26.2 Statistics log file format ................................... An example line (which actually appears as a single line in the file) from the statistics log file is shown below. 1998-07-22 05:40:50 158.152.1.76 6.261e-03 -3.247e-03 \ 2.220e-03 1.874e-06 1.080e-06 7.8e-02 16 0 8 The columns are as follows (the quantities in square brackets are the values from the example line above) : 1. Date [1998-07-22] 2. Hour:Minute:Second [05:40:50]. Note that the date/time pair is expressed in UTC, not the local time zone. 3. IP address of server/peer from which measurement comes [158.152.1.76] 4. The estimated standard deviation of the measurements from the source (in seconds). [6.261e-03] 5. The estimated offset of the source (in seconds, positive means the local clock is estimated to be fast, in this case). [-3.247e-03] 6. The estimated standard deviation of the offset estimate (in seconds). [2.220e-03] 7. The estimated rate at which the local clock is gaining or losing time relative to the source (in seconds per second, positive means the local clock is gaining). This is relative to the compensation currently being applied to the local clock, _not_ to the local clock without any compensation. [1.874e-06] 8. The estimated error in the rate value (in seconds per second). [1.080e-06]. 9. The ration of |old_rate - new_rate| / old_rate_error. Large values indicate the statistics are not modelling the source very well. [7.8e-02] 10. The number of measurements currently being used for the regression algorithm. [16] 11. The new starting index (the oldest sample has index 0; this is the method used to prune old samples when it no longer looks like the measurements fit a linear model). [0, i.e. no samples discarded this time] 12. The number of runs. The number of runs of regression residuals with the same sign is computed. If this is too small it indicates that the measurements are no longer represented well by a linear model and that some older samples need to be discarded. The number of runs for the data that is being retained is tabulated. Values of approximately half the number of samples are expected. [8] A banner is periodically written to the log file to indicate the meanings of the columns. 4.2.26.3 Tracking log file format ................................. An example line (which actually appears as a single line in the file) from the tracking log file is shown below. 2012-02-23 05:40:50 158.152.1.76 3 340.529 1.606 1.046e-03 N \ 4 6.849e-03 -4.670e-04 The columns are as follows (the quantities in square brackets are the values from the example line above) : 1. Date [2012-02-03] 2. Hour:Minute:Second [05:40:50]. Note that the date/time pair is expressed in UTC, not the local time zone. 3. The IP address of the server/peer to which the local system is synchronised. [158.152.1.76] 4. The stratum of the local system. [3] 5. The local system frequency (in ppm, positive means the local system runs fast of UTC). [340.529] 6. The error bounds on the frequency (in ppm) [1.606] 7. The estimated local offset at the epoch (which is rapidly corrected by slewing the local clock. (In seconds, positive indicates the local system is fast of UTC). [1.046e-3] 8. Leap status ('N' means normal, '+' means that the last minute of this month has 61 seconds, '-' means that the last minute of the month has 59 seconds, '?' means the clock is not currently synchronised.) [N] 9. The number of combined sources. [4] 10. The estimated standard deviation of the combined offset (in seconds). [6.849e-03] 11. The remaining offset correction from the previous update (in seconds, positive means the system clock is slow of UTC). [-4.670e-04] A banner is periodically written to the log file to indicate the meanings of the columns. 4.2.26.4 Real-time clock log file format ........................................ An example line (which actually appears as a single line in the file) from the measurements log file is shown below. 1998-07-22 05:40:50 -0.037360 1 -0.037434\ -37.948 12 5 120 The columns are as follows (the quantities in square brackets are the values from the example line above) : 1. Date [1998-07-22] 2. Hour:Minute:Second [05:40:50]. Note that the date/time pair is expressed in UTC, not the local time zone. 3. The measured offset between the system's real time clock and the system ('gettimeofday()') time. In seconds, positive indicates that the RTC is fast of the system time. [-0.037360]. 4. Flag indicating whether the regression has produced valid coefficients. (1 for yes, 0 for no). [1] 5. Offset at the current time predicted by the regression process. A large difference between this value and the measured offset tends to indicate that the measurement is an outlier with a serious measurement error. [-0.037434]. 6. The rate at which the RTC is losing or gaining time relative to the system clock. In ppm, with positive indicating that the RTC is gaining time. [-37.948] 7. The number of measurements used in the regression. [12] 8. The number of runs of regression residuals of the same sign. Low values indicate that a straight line is no longer a good model of the measured data and that older measurements should be discarded. [5] 9. The measurement interval used prior to the measurement being made (in seconds). [120] A banner is periodically written to the log file to indicate the meanings of the columns. 4.2.26.5 Refclocks log file format .................................. An example line (which actually appears as a single line in the file) from the refclocks log file is shown below. 2009-11-30 14:33:27.000000 PPS2 7 N 1 4.900000e-07 -6.741777e-07 1.000e-06 The columns are as follows (the quantities in square brackets are the values from the example line above) : 1. Date [2009-11-30] 2. Hour:Minute:Second.Microsecond [14:33:27.000000]. Note that the date/time pair is expressed in UTC, not the local time zone. 3. Reference ID of refclock from which measurement comes. [PPS2] 4. Sequence number of driver poll within one polling interval for raw samples, or '-' for filtered samples. [7] 5. Leap status ('N' means normal, '+' means that the last minute of the current month has 61 seconds, '-' means that the last minute of the month has 59 seconds). [N] 6. Flag indicating whether the sample comes from PPS source. (1 for yes, 0 for no, or '-' for filtered sample). [1] 7. Local clock error measured by refclock driver, or '-' for filtered sample. [4.900000e-07] 8. Local clock error with applied corrections. Positive indicates that the local clock is slow. [-6.741777e-07] 9. Assumed dispersion of the sample. [1.000e-06] A banner is periodically written to the log file to indicate the meanings of the columns. 4.2.26.6 Tempcomp log file format ................................. An example line (which actually appears as a single line in the file) from the tempcomp log file is shown below. 2010-04-19 10:39:48 2.8000e+04 3.6600e-01 The columns are as follows (the quantities in square brackets are the values from the example line above) : 1. Date [2010-04-19] 2. Hour:Minute:Second [10:39:48]. Note that the date/time pair is expressed in UTC, not the local time zone. 3. Temperature read from tempcomp file. [2.8000e+04] 4. Applied compensation in ppm, positive means the system clock is running faster than it would be without the compensation. [3.6600e-01] A banner is periodically written to the log file to indicate the meanings of the columns. 4.2.27 logbanner ---------------- A banner is periodically written to the log files enabled by the 'log' directive to indicate the meanings of the columns. The 'logbanner' directive specifies after how many entries in the log file should be the banner written. The default is 32, and 0 can be used to disable it entirely. 4.2.28 logchange ---------------- This directive forces 'chronyd' to send a message to syslog if it makes a system clock adjustment larger than a threshold value. An example of use is logchange 0.5 which would cause a syslog message to be generated a system clock error of over 0.5 seconds starts to be compensated. Clock errors detected either via NTP packets or via timestamps entered via the 'settime' command of 'chronyc' are logged. This directive assumes that syslog messages are appearing where somebody can see them. This allows that person to see if a large error has arisen, e.g. because of a fault, or because of faulty timezone handling, for example when summer time (daylight saving) starts or ends. 4.2.29 logdir ------------- This directive allows the directory where log files are written to be specified. An example of the use of this directive is logdir /var/log/chrony 4.2.30 mailonchange ------------------- This directive defines an email address to which mail should be sent if chronyd applies a correction exceeding a particular threshold to the system clock. An example of use of this directive is mailonchange root@localhost 0.5 This would send a mail message to root if a change of more than 0.5 seconds were applied to the system clock. 4.2.31 makestep --------------- Normally chronyd will cause the system to gradually correct any time offset, by slowing down or speeding up the clock as required. In certain situations, the system clock may be so far adrift that this slewing process would take a very long time to correct the system clock. This directive forces 'chronyd' to step system clock if the adjustment is larger than a threshold value, but only if there were no more clock updates since 'chronyd' was started than a specified limit (a negative value can be used to disable the limit). This is particularly useful when using reference clocks, because the 'initstepslew' directive (*note initstepslew directive::) works only with NTP sources. An example of the use of this directive is makestep 1000 10 This would step system clock if the adjustment is larger than 1000 seconds, but only in the first ten clock updates. 4.2.32 maxchange ---------------- This directive sets the maximum allowed offset corrected on a clock update. The check is performed only after the specified number of updates to allow a large initial adjustment of the system clock. When an offset larger than the specified maximum occurs, it will be ignored for the specified number of times and then 'chronyd' will give up and exit (a negative value can be used to never exit). In both cases a message is sent to syslog. An example of the use of this directive is maxchange 1000 1 2 After the first clock update, 'chronyd' will check the offset on every clock update, it will ignore two adjustments larger than 1000 seconds and exit on another one. 4.2.33 manual ------------- The 'manual' directive enables support at run-time for the 'settime' command in chronyc (*note settime command::). If no 'manual' directive is included, any attempt to use the 'settime' command in chronyc will be met with an error message. Note that the 'settime' command can be enabled at run-time using the 'manual' command in chronyc (*note manual command::). (The idea of the two commands is that the 'manual' command controls the manual clock driver's behaviour, whereas the 'settime' command allows samples of manually entered time to be provided). 4.2.34 maxclockerror -------------------- The 'maxclockerror' directive sets the maximum assumed frequency error of the local clock. This is a frequency stability of the clock, not an absolute frequency error. By default, the maximum assumed error is set to 1 ppm. The syntax is maxclockerror <error-in-ppm> Typical values for <error-in-ppm> might be 10 for a low quality clock to 0.1 for a high quality clock using a temperature compensated crystal oscillator. 4.2.35 maxsamples ----------------- The 'maxsamples' directive sets the maximum number of samples 'chronyd' should keep for each source. The default is 0, which disables the configurable limit, and the useful range is 4 to 64. The syntax is maxsamples <samples> 4.2.36 maxupdateskew -------------------- One of 'chronyd's' tasks is to work out how fast or slow the computer's clock runs relative to its reference sources. In addition, it computes an estimate of the error bounds around the estimated value. If the range of error is too large, it probably indicates that the measurements have not settled down yet, and that the estimated gain or loss rate is not very reliable. The 'maxupdateskew' parameter allows the threshold for determining whether an estimate may be so unreliable that it should not be used. By default, the threshold is 1000 ppm. The syntax is maxupdateskew <skew-in-ppm> Typical values for <skew-in-ppm> might be 100 for a dial-up connection to servers over a phone line, and 5 or 10 for a computer on a LAN. It should be noted that this is not the only means of protection against using unreliable estimates. At all times, 'chronyd' keeps track of both the estimated gain or loss rate, and the error bound on the estimate. When a new estimate is generated following another measurement from one of the sources, a weighted combination algorithm is used to update the master estimate. So if 'chronyd' has an existing highly-reliable master estimate and a new estimate is generated which has large error bounds, the existing master estimate will dominate in the new master estimate. 4.2.37 minsamples ----------------- The 'minsamples' directive sets the minimum number of samples 'chronyd' should try to keep for each source. The default is 0 and the useful range is 4 to 64. The syntax is minsamples <samples> 4.2.38 noclientlog ------------------ This directive, which takes no arguments, specifies that client accesses are not to be logged. Normally they are logged, allowing statistics to be reported using the 'clients' command in 'chronyc'. 4.2.39 clientloglimit --------------------- This directive specifies the maximum size of the memory allocated to log client accesses. When the limit is reached, only information for clients that have already been logged will be updated. If 0 is specified, the memory size will be unlimited. The default is 524288 bytes. An example of the use of this directive is clientloglimit 1048576 4.2.40 peer ----------- The syntax of this directive is identical to that for the 'server' directive (*note server directive::), except that it is used to specify an NTP peer rather than an NTP server. 4.2.41 pidfile -------------- chronyd always writes its process ID (pid) to a file, and checks this file on startup to see if another chronyd may already be running on the system. By default, the file used is '/var/run/chronyd.pid'. The 'pidfile' directive allows the name to be changed, e.g. pidfile /var/tmp/chronyd.pid 4.2.42 port ----------- This option allows you to configure the port used for the NTP service on your machine. The compiled in default is udp/123, the standard NTP port. It is unlikely that you would ever need to change this value. A possible exception would be if you wanted to operate strictly in client-only mode and never be available as a server to ntpd clients. If set to 0, the kernel will assign a random port. An example of the port command is port 11123 This would change the NTP port served by chronyd on the computer to udp/11123. 4.2.43 refclock --------------- Reference clocks allows very accurate synchronisation and 'chronyd' can function as a stratum 1 server. They are specified by the 'refclock' directive. It has two mandatory parameters, a refclock driver name and a driver specific parameter. There are currently three drivers included: 'PPS' PPSAPI (pulse per second) driver. The parameter is the path to a PPS device. Assert events are used by default. Driver option ':clear' can be appended to the path if clear events should be used instead. As PPS refclock gets only sub-second time information, it needs another source (NTP or non-PPS refclock) or local directive (*note local directive::) enabled to work. For example: refclock PPS /dev/pps0 lock NMEA refclock SHM 0 offset 0.5 delay 0.1 refid NMEA noselect 'SHM' NTP shared memory driver. This driver uses a shared memory segment to receive data from another daemon which communicates with an actual reference clock. The parameter is the number of a shared memory segment, usually 0, 1, 2 or 3. For example: refclock SHM 1 poll 3 refid GPS1 A driver option in form ':perm=NNN' can be appended to the segment number to create the segment with permissions other than the default '0600'. Some examples of applications that can be used as SHM sources are 'gpsd', 'shmpps' and 'radioclk'. 'SOCK' Unix domain socket driver. It is similar to the SHM driver, but uses a different format and uses a socket instead of shared memory. It does not require polling and it supports transmitting of PPS data. The parameter is a path to the socket which will be created by 'chronyd' and used to receive the messages. The format of messages sent over the socket is described in the 'refclock_sock.c' file. Recent versions of the 'gpsd' daemon include support for the SOCK protocol. The path where the socket should be created is described in the 'gpsd(8)' man page. For example: refclock SOCK /var/run/chrony.ttyS0.sock The 'refclock' command also supports a number of subfields (which may be defined in any order): 'poll' Timestamps produced by refclock drivers are not used immediately, but they are stored and processed by a median filter in intervals specified by this option. This is defined as a power of 2. The default is 4 (16 seconds). A shorter interval allows 'chronyd' to react faster to changes in clock frequency, but it may decrease the accuracy if the source is too noisy. 'dpoll' Some drivers are not controlled by external events and thus require polling. Again this is defined as a power of 2 and can be negative for sub-second intervals. The default is 0 (1 second). 'refid' This option is used to specify a reference id of the refclock, as up to four ASCII characters. By default, first three characters from driver name and the number of the refclock are used as refid. Each refclock must have an unique refid. 'filter' This option sets the length of the median filter which is used to reduce noise. With each poll about 40 percent of the stored samples is discarded and one final sample is calculated as average of the remaining samples. If the length is 4 or above, at least 4 samples have to be collected between polls. For lengths below 4, the filter has to be full. The default is 64. 'rate' PPS signal frequency (in Hz). This option only controls how the received pulses are aligned. To actually receive more than one pulse per second, a negative 'dpoll' has to be specified (-3 for 5Hz signal). The default is 1. 'lock' This option can be used to lock a PPS refclock to another refclock whose reference id is specified by this option. In this mode received pulses are aligned directly to unfiltered samples from the refclock. By default, pulses are aligned to local clock, but only when it is well synchronised. 'offset' This option can be used to compensate a constant error. The specified offset (in seconds) is applied to all samples produced by the refclock. The default is 0.0. 'delay' This option is used to specify how the refclock is assumed to be inaccurate (in seconds). Increasing the value is useful to avoid having no majority in the source selection algorithm or to make the algorithm prefer other refclocks. The default is 1e-9 (1 nanosecond). 'precision' Refclock precision (in seconds). The default is 1e-6 (1 microsecond) for SHM refclock, and 1e-9 (1 nanosecond) for SOCK and PPS refclocks. 'prefer' Prefer this source over sources without prefer option. 'noselect' Never select this source. This is useful for monitoring or with sources which are not very accurate, but are locked with a PPS refclock. 4.2.44 reselectdist ------------------- When 'chronyd' selects synchronisation source from available sources, it will prefer the one with minimum synchronisation distance. However, to avoid frequent reselecting when there are sources with similar distance, a fixed distance is added to the distance for sources that are currently not selected. This can be set with the 'reselectdist' option. By default, the distance is 100 microseconds. The syntax is reselectdist <dist-in-seconds> 4.2.45 rtcdevice ---------------- The 'rtcdevice' directive defines the name of the device file for accessing the real time clock. By default this is '/dev/rtc/', unless the directive is used to set a different value. This applies to Linux systems with devfs. An example of use is rtcdevice /dev/misc/rtc 4.2.46 rtcfile -------------- The 'rtcfile' directive defines the name of the file in which 'chronyd' can save parameters associated with tracking the accuracy of the system's real-time clock (RTC). The syntax is illustrated in the following example rtcfile /var/lib/chrony/rtc 'chronyd' saves information in this file when it exits and when the 'writertc' command is issued in 'chronyc'. The information saved is the RTC's error at some epoch, that epoch (in seconds since January 1 1970), and the rate at which the RTC gains or loses time. So far, the support for real-time clocks is limited - their code is even more system-specific than the rest of the software. You can only use the real time clock facilities (the 'rtcfile' directive and the '-s' command line option to 'chronyd') if the following three conditions apply: 1. You are running Linux version 2.2.x or later. 2. You have compiled the kernel with extended real-time clock support (i.e. the '/dev/rtc' device is capable of doing useful things). 3. You don't have other applications that need to make use of '/dev/rtc' at all. 4.2.47 rtconutc --------------- 'chronyd' assumes by default that the real time clock (RTC) keeps local time (including any daylight saving changes). This is convenient on PCs running Linux which are dual-booted with DOS or Windows. NOTE : IF YOU KEEP THE REAL TIME CLOCK ON LOCAL TIME AND YOUR COMPUTER IS OFF WHEN DAYLIGHT SAVING (SUMMER TIME) STARTS OR ENDS, THE COMPUTER'S SYSTEM TIME WILL BE ONE HOUR IN ERROR WHEN YOU NEXT BOOT AND START CHRONYD. An alternative is for the RTC to keep Universal Coordinated Time (UTC). This does not suffer from the 1 hour problem when daylight saving starts or ends. If the 'rtconutc' directive appears, it means the RTC is required to keep UTC. The directive takes no arguments. It is equivalent to specifying the '-u' switch to the Linux '/sbin/clock' program. 4.2.48 rtcsync -------------- The 'rtcsync' directive will enable a kernel mode where the system time is copied to the real time clock (RTC) every 11 minutes. This directive is supported only on Linux and cannot be used when the normal RTC tracking is enabled, i.e. when the 'rtcfile' directive is used. 4.2.49 sched_priority --------------------- The 'sched_priority' directive will select the SCHED_FIFO real-time scheduler at the specified priority (which must be between 0 and 100). This mode is supported only on Linux. This directive uses the Linux sched_setscheduler() system call to instruct the kernel to use the SCHED_FIFO first-in, first-out real-time scheduling policy for 'chronyd' with the specified priority. This means that whenever 'chronyd' is ready to run it will run, interrupting whatever else is running unless it is a higher priority real-time process. This should not impact performance as 'chronyd's' resource requirements are modest, but it should result in lower and more consistent latency since 'chronyd' will not need to wait for the scheduler to get around to running it. You should not use this unless you really need it. The sched_setscheduler man page has more details. 4.2.50 stratumweight -------------------- The 'stratumweight' directive sets how much distance should be added per stratum to the synchronisation distance when 'chronyd' selects the synchronisation source from available sources. The syntax is stratumweight <dist-in-seconds> By default, it is 1 second. This usually means that sources with lower stratum will be preferred to sources with higher stratum even when their distance is significantly worse. Setting 'stratumweight' to 0 makes 'chronyd' ignore stratum when selecting the source. 4.2.51 lock_all --------------- The 'lock_all' directive will lock chronyd into RAM so that it will never be paged out. This mode is only supported on Linux. This directive uses the Linux mlockall() system call to prevent 'chronyd' from ever being swapped out. This should result in lower and more consistent latency. It should not have significant impact on performance as 'chronyd's' memory usage is modest. The mlockall man page has more details. 4.2.52 server ------------- The 'server' directive allows NTP servers to be specified. The client/server relationship is strictly hierarchical : a client may synchronise its system time to that of the server, but the server's system time will never be influenced by that of a client. The 'server' directive is immediately followed by either the name of the server, or its IP address. The server command also supports a number of subfields (which may be defined in any order): 'port' This option allows the UDP port on which the server understands NTP requests to be specified. For normal servers this option should not be required (the default is 123, the standard NTP port). 'minpoll' Although 'chronyd' will trim the rate at which it samples the server during normal operation, the user may wish to constrain the minimum polling interval. This is always defined as a power of 2, so <tt/minpoll 5/ would mean that the polling interval cannot drop below 32 seconds. The default is 6 (64 seconds). 'maxpoll' In a similar way, the user may wish to constrain the maximum polling interval. Again this is specified as a power of 2, so <tt/maxpoll 9/ indicates that the polling interval must stay at or below 512 seconds. The default is 10 (1024 seconds). 'maxdelay' 'chronyd' uses the network round-trip delay to the server to determine how accurate a particular measurement is likely to be. Long round-trip delays indicate that the request, or the response, or both were delayed. If only one of the messages was delayed the measurement error is likely to be substantial. For small variations in round trip delay, 'chronyd' uses a weighting scheme when processing the measurements. However, beyond a certain level of delay the measurements are likely to be so corrupted as to be useless. (This is particularly so on dial-up or other slow links, where a long delay probably indicates a highly asymmetric delay caused by the response waiting behind a lot of packets related to a download of some sort). If the user knows that round trip delays above a certain level should cause the measurement to be ignored, this level can be defined with the maxdelay command. For example, <tt/maxdelay 0.3/ would indicate that measurements with a round-trip delay of 0.3 seconds or more should be ignored. 'maxdelayratio' This option is similar to the maxdelay option above. 'chronyd' keeps a record of the minimum round-trip delay amongst the previous measurements that it has buffered. If a measurement has a round trip delay that is greater than the maxdelayratio times the minimum delay, it will be rejected. 'maxdelaydevratio' If a measurement has ratio of the increase in round-trip delay from the minimum delay amongst the previous measurements to the standard deviation of the previous measurements that is greater than maxdelaydevratio, it will be rejected. The default is 10.0. 'presend' If the timing measurements being made by 'chronyd' are the only network data passing between two computers, you may find that some measurements are badly skewed due to either the client or the server having to do an ARP lookup on the other party prior to transmitting a packet. This is more of a problem with long sampling intervals, which may be similar in duration to the lifetime of entries in the ARP caches of the machines. In order to avoid this problem, the 'presend' option may be used. It takes a single integer argument, which is the smallest polling interval for which a pair of packets will be exchanged between the client and the server prior to the actual measurement being initiated by the client. For example, with the following option included in a 'server' directive : presend 9 when the polling interval is 512 seconds or more, a UDP echo datagram will be sent to the server a short time (currently 4 seconds) before the NTP client mode datagram. 'key' The NTP protocol supports the inclusion of checksums in the packets, to prevent computers having their system time upset by rogue packets being sent to them. The checksums are generated as a function of a password, using the cryptographic hash function set in the key file. The association between key numbers and passwords is contained in the keys file, defined by the keyfile command. If the key option is present, 'chronyd' will attempt to use authenticated packets when communicating with this server. The key number used will be the single argument to the key option. The server must have the same password for this key number configured, otherwise no relationship between the computers will be possible. 'offline' If the server will not be reachable when 'chronyd' is started, the offline option may be specified. 'chronyd' will not try to poll the server until it is enabled to do so (by using the online option of 'chronyc'). 'auto_offline' If this option is set, the server will be assumed to have gone offline when 2 requests have been sent to it without receiving a response. This option avoids the need to run the 'offline' (*note offline command::) command from chrony when disconnecting the dial-up link. (It will still be necessary to use chronyc's 'online' (*note online command::) command when the link has been established, to enable measurements to start.) 'iburst' On start, make four measurements over a short duration (rather than the usual periodic measurements). 'minstratum' When the synchronisation source is selected from available sources, sources with lower stratum are normally preferred. This option can be used to increase stratum of the source to the specified minimum, so 'chronyd' will avoid selecting that source. This is useful with low stratum sources that are known to be unrealiable or inaccurate and which should be used only when other sources are unreachable. 'polltarget' Target number of measurements to use for the regression algorithm which 'chronyd' will try to maintain by adjusting polling interval between 'minpoll' and 'maxpoll'. A higher target makes 'chronyd' prefer shorter polling intervals. The default is 6 and a useful range is 6 to 60. 'prefer' Prefer this source over sources without prefer option. 'noselect' Never select this source. This is particularly useful for monitoring. 4.2.53 tempcomp --------------- Normally, changes in rate of drift of the system clock are caused mainly by changes in temperature of the crystal oscillator on the mainboard. If there are available temperature measurements from a sensor close to the oscillator, 'tempcomp' directive can be used to compensate for the changes in rate and possibly improve clock accuracy. Whether it will really help depends on many factors, including resolution of the sensor, noise in measurements, time source polling interval, compensation update interval, how good are the temperature coefficients, and how close is the sensor to the oscillator. The frequency reported in tracking.log should be more stable and the offsets should be smaller. The directive has six parameters: path to the file which contains current temperature in text format, update interval (in seconds), and temperature coefficients T0, k0, k1, k2. The frequency compensation is calculated (in ppm) as 'k0 + (T - T0) * k1 + (T - T0)^2 * k2' The result has to be between -10 ppm and 10 ppm, otherwise the measurement is considered to be faulty and will be ignored. The k0 coefficient can be used to get the results in that range. Valid measurements and calculated corrections are logged to tempcomp.log file if enabled with 'log tempcomp' directive. An example of use is tempcomp /sys/class/hwmon/hwmon1/device/temp2_input 30 26000 0.0 0.000183 0.0 The measured temperature will be read from the file in Linux sysfs filesystem every 30 seconds. When the temperature is 26 degress (26000), the system clock frequency will not be adjusted. When it is 27 degrees (27000), the clock will be set to run 0.183ppm faster than it would be without the compensation, etc. 4.2.54 user ----------- The 'user' directive sets the name of the user to which will 'chronyd' drop root privileges after the initialisation. So far, it works only on Linux when compiled with capabilities support. By default, root privileges are not dropped. 4.3 Running chronyc =================== Chronyc is the program that can be used to reconfigure options within the 'chronyd' program whilst it is running. Chronyc can also be used to generate status reports about the operation of 'chronyd'. 4.3.1 Basic use --------------- The program chronyc is run by entering chronyc at the command line. The prompt 'chronyc' is displayed whilst chronyc is expecting input from the user, when it is being run from a terminal. If chronyc's input or output are redirected from/to a file, the prompt is now shown. When you are finished entering commands, the commands 'exit' or 'quit' will terminate the program. (Entering <Control-D> will also terminate the program.) 4.3.2 Command line options -------------------------- Chronyc supports the following command line options. '-v' Displays the version number of chronyc on the terminal, and exists. '-h <host>' This option allows the user to specify which host running the 'chronyd' program is to be contacted. This allows for remote configuration, without having to telnet or rlogin to the other host first. The default is to contact 'chronyd' running on the same host as that where chronyc is being run. '-p <port>' This option allows the user to specify the UDP port number which the target 'chronyd' is using for its command & monitoring connections. This defaults to the compiled-in default; there would rarely be a need to change this. '-n' This option disables resolving IP addresses to hostnames. '-4' With this option hostnames will be resolved only to IPv4 addresses. '-6' With this option hostnames will be resolved only to IPv6 addresses. '-m' With this option multiple commands can be specified on the command line. Each argument will be interpreted as a whole command. '-f <conf-file>' This option can be used to specify an alternate location of the 'chronyd' configuration file (default '/etc/chrony.conf'). The configuration file is needed for the '-a' option. '-a' With this option 'chronyc' will try to authenticate automatically on start. It will read the configuration file, read the command key from the keyfile and run the authhash and password commands. 4.3.3 Security with chronyc --------------------------- Many of the commands available through chronyc have a fair amount of power to reconfigure the run-time behaviour of 'chronyd'. Consequently, 'chronyc' is quite dangerous for the integrity of the target system's clock performance. Having access to 'chronyd' via chronyc is more or less equivalent to being able to modify 'chronyd's' configuration file (typically '/etc/chrony.conf') and to restart 'chronyd'. Chronyc also provides a number of monitoring (as opposed to commanding) commands, which will not affect the behaviour of 'chronyd'. However, you may still want to restrict access to these commands. In view of this, access to some of the capabilities of chronyc will usually be tightly controlled. There are two mechanisms supported: 1. The set of hosts from which 'chronyd' will accept commands can be restricted. By default, commands will only be accepted from the same host that 'chronyd' is running on. 2. Any command that actually reconfigures some aspect of 'chronyd's' behaviour requires the user of chronyc to know a password. This password is specified in 'chronyd's' keys file (*note keyfile directive::) and specified via the commandkey option in its configuration file (*note commandkey directive::). Only the following commands can be used _without_ providing a password: * 'activity' * 'authhash' * 'dns' * 'exit' * 'help' * 'password' * 'quit' * 'rtcdata' * 'sources' * 'sourcestats' * 'tracking' * 'waitsync' All other commands require a password to have been specified previously, because they affect 'chronyd's' operation. 4.3.4 Command reference ----------------------- This section describes each of the commands available within the chronyc program. Chronyc offers the user a simple command-line driven interface. 4.3.4.1 accheck ............... This command allows you to check whether client NTP access is allowed from a particular host. Examples of use, showing a named host and a numeric IP address, are as follows: accheck a.b.c accheck 1.2.3.4 accheck 2001:db8::1 This command can be used to examine the effect of a series of 'allow', 'allow all', 'deny' and 'deny all' commands specified either via chronyc, or in 'chronyd's' configuration file. 4.3.4.2 activity ................ This command reports the number of servers/peers that are online and offline. If the auto_offline option is used in specifying some of the servers/peers, the 'activity' command may be useful for detecting when all of them have entered the offline state after the PPP link has been disconnected. The report shows the number of servers/peers in 5 states: * 'online' : the server/peer is currently online (i.e. assumed by chronyd to be reachable) * 'offline' : the server/peer is currently offline (i.e. assumed by chronyd to be unreachable, and no measurements from it will be attempted.) * 'burst_online' : a burst command has been initiated for the server/peer and is being performed; after the burst is complete, the server/peer will be returned to the online state. * 'burst_offline' : a burst command has been initiated for the server/peer and is being performed; after the burst is complete, the server/peer will be returned to the offline state. * 'unresolved' : the name of the server/peer wasn't resolved to an address yet; this server is not visible in the 'sources' and 'sourcestats' reports. 4.3.4.3 add peer ................ The 'add peer' command allows a new NTP peer to be added whilst 'chronyd' is running. Following the words 'add peer', the syntax of the following parameters and options is identical to that for the 'peer' directive in the configuration file (*note peer directive::). An example of using this command is shown below. add peer foo.bar.com minpoll 6 maxpoll 10 authkey 25 4.3.4.4 add server .................. The 'add server' command allows a new NTP server to be added whilst 'chronyd' is running. Following the words 'add server', the syntax of the following parameters and options is identical to that for the 'server' directive in the configuration file (*note server directive::). An example of using this command is shown below. add server foo.bar.com minpoll 6 maxpoll 10 authkey 25 4.3.4.5 allow ............. The effect of the allow command is identical to the 'allow' directive in the configuration file (*note allow directive::). The syntax is illustrated in the following examples: allow foo.bar.com allow 1.2 allow 3.4.5 allow 6.7.8/22 allow 6.7.8.9/22 allow 2001:db8:789a::/48 allow 0/0 allow ::/0 allow The effect of each of these examples is the same as that of the 'allow' directive in the configuration file. 4.3.4.6 allow all ................. The effect of the allow command is identical to the 'allow all' directive in the configuration file (*note allow directive::). 4.3.4.7 authhash ................ This command sets the hash function used for authenticating user commands. For successful authentication the hash function has to be the same as the one set for the command key in the keys file on the server. It needs to be set before the 'password' command is used. The default hash function is MD5. An example is authhash SHA1 The authhash command is run automatically on start if 'chronyc' was started with the '-a' option. 4.3.4.8 burst ............. The 'burst' command tells 'chronyd' to make a set of measurements to each of its NTP sources over a short duration (rather than the usual periodic measurements that it makes). After such a burst, 'chronyd' will revert to the previous state for each source. This might be either online, if the source was being periodically measured in the normal way, or offline, if the source had been indicated as being offline. (Switching a source between the online and offline states is described in *note online command::, *note offline command::). The syntax of the burst command is as follows burst <n-good-measurements>/<max-measurements> [<mask>/<masked-address>] burst <n-good-measurements>/<max-measurements> [<masked-address>/<masked-bits>] burst <n-good-measurements>/<max-measurements> [<address>] The mask and masked-address arguments are optional, in which case 'chronyd' will initiate a burst for all of its currently defined sources. The arguments have the following meaning and format. 'n-good-measurements' This defines the number of good measurements that 'chronyd' will want to obtain from each source. A measurement is good if it passes certain tests, for example, the round trip time to the source must be acceptable. (This allows 'chronyd' to reject measurements that are likely to be bogus.) 'max-measurements' This defines the maximum number of measurements that 'chronyd' will attempt to make, even if the required number of good measurements has not been obtained. 'mask' This is an IP address with which the IP address of each of 'chronyd''s sources is to be masked. 'masked-address' This is an IP address. If the masked IP address of a source matches this value then the burst command is applied to that source. 'masked-bits' This can be used with 'masked-address' for CIDR notation, which is a shorter alternative to the form with mask. 'address' This is an IP address or a hostname. The burst command is applied only to that source. If no mask or masked address arguments are provided, every source will be matched. An example of the two-argument form of the command is burst 2/10 This will cause 'chronyd' to attempt to get two good measurements from each source, stopping after two have been obtained, but in no event will it try more than ten probes to the source. Examples of the four-argument form of the command are burst 2/10 255.255.0.0/1.2.0.0 burst 2/10 2001:db8:789a::/48 In the first case, the two out of ten sampling will only be applied to sources whose IPv4 addresses are of the form '1.2.x.y', where x and y are arbitrary. In the second case, the sampling will be applied to sources whose IPv6 addresses have first 48 bits equal to '2001:db8:789a'. Example of the three-argument form of the command is burst 2/10 foo.bar.com 4.3.4.9 clients ............... This command shows a list of all clients that have accessed the server, through either the NTP or command/monitoring ports. There are no arguments. An example of the output is Hostname Client Peer CmdAuth CmdNorm CmdBad LstN LstC ========================= ====== ====== ====== ====== ====== ==== ==== localhost 0 0 15 1 0 29y 0 aardvark.xxx 4 0 0 0 0 49 29y badger.xxx 4 0 0 0 0 6 29y Each row shows the data for a single host. Only hosts that have passed the host access checks (set with the 'allow', 'deny', 'cmdallow' and 'cmddeny' commands or configuration file directives) are logged. The columns are as follows: 1. The hostname of the client 2. The number of times the client has accessed the server using an NTP client mode packet. 3. The number of times the client has accessed the server using an NTP symmetric active mode packet. 4. The number of authenticated command packets that have been processed from the client (i.e. those following a successful 'password' command). 5. The number of unauthenticated command packets that have been processed from the client. 6. The number of bad command packets received from the client (not all forms of bad packet are logged). 7. Time since the last NTP packet was received 8. Time since the last command packet was received The last two entries will be shown as the time since 1970 if no packet of that type has ever been received. 4.3.4.10 cmdaccheck ................... This command is similar to the 'accheck' command, except that it is used to check whether command access is permitted from a named host. Examples of use are as follows: cmdaccheck a.b.c cmdaccheck 1.2.3.4 cmdaccheck 2001:db8::1 4.3.4.11 cmdallow ................. This is similar to the 'allow' command, except that it is used to allow particular hosts or subnets to use the chronyc program to interact with 'chronyd' on the current host. 4.3.4.12 cmdallow all ..................... This is similar to the 'allow all' command, except that it is used toallow particular hosts or subnets to use the chronyc program to interactwith 'chronyd' on the current host. 4.3.4.13 cmddeny ................ This is similar to the 'deny' command, except that it is used to allow particular hosts or subnets to use the chronyc program to interact with 'chronyd' on the current host. 4.3.4.14 cmddeny all .................... This is similar to the 'deny all' command, except that it is used to allow particular hosts or subnets to use the chronyc program to interact with 'chronyd' on the current host. 4.3.4.15 cyclelogs .................. The 'cyclelogs' command causes all of 'chronyd's' open log files to be closed and re-opened. This allows them to be renamed so that they can be periodically purged. An example of how to do this is shown below. % mv /var/log/chrony/measurements.log /var/log/chrony/measurements1.log % chronyc -a cyclelogs % ls -l /var/log/chrony -rw-r--r-- 1 root root 0 Jun 8 18:17 measurements.log -rw-r--r-- 1 root root 12345 Jun 8 18:17 measurements1.log % rm -f measurements1.log 4.3.4.16 delete ............... The 'delete' command allows an NTP server or peer to be removed from the current set of sources. The syntax is illustrated in the examples below. delete foo.bar.com delete 1.2.3.4 delete 2001:db8::1 There is one parameter, the name or IP address of the server or peer to be deleted. 4.3.4.17 deny ............. The effect of the allow command is identical to the 'deny' directive in the configuration file (*note deny directive::). The syntax is illustrated in the following examples: deny foo.bar.com deny 1.2 deny 3.4.5 deny 6.7.8/22 deny 6.7.8.9/22 deny 2001:db8:789a::/48 deny 0/0 deny ::/0 deny 4.3.4.18 deny all ................. The effect of the allow command is identical to the 'deny all' directive in the configuration file (*note deny directive::). 4.3.4.19 dns ............ The 'dns' command configures how are hostnames and IP addresses resolved in 'chronyc'. IP addresses can be resolved to hostnames when printing results of 'sources', 'sourcestats', 'tracking' and 'clients' commands. Hostnames are resolved in commands that take an address as argument. There are five forms of the command: 'dns -n' Disables resolving IP addresses to hostnames. Raw IP addresses will be displayed. 'dns +n' Enables resolving IP addresses to hostnames. This is the default unless 'chronyc' was started with '-n' option. 'dns -4' Resolves hostnames only to IPv4 addresses. 'dns -6' Resolves hostnames only to IPv6 addresses. 'dns -46' Resolves hostnames to both address families. This is the default unless 'chronyc' was started with '-4' or '-6' option. 4.3.4.20 dump ............. The 'dump' command causes 'chronyd' to write its current history of measurements for each of its sources to dump files, either for inspection or to support the '-r' option when 'chronyd' is restarted. The 'dump' command is somewhat equivalent to the 'dumponexit' directive in the chrony configuration file. *Note dumponexit directive::. To use the 'dump', you probably want to configure the name of the directory into which the dump files will be written. This can only be done in the configuration file, see *note dumpdir directive::. 4.3.4.21 exit ............. The exit command exits from chronyc and returns the user to the shell (same as the quit command). 4.3.4.22 help ............. The help command displays a summary of the commands and their arguments. 4.3.4.23 local .............. The 'local' command allows 'chronyd' to be told that it is to appear as a reference source, even if it is not itself properly synchronised to an external source. (This can be used on isolated networks, to allow one computer to be a master time server with the other computers slaving to it.) The 'local' command is somewhat equivalent to the 'local' directive in the configuration file, see *note local directive::. The syntax is as shown in the following examples. local stratum 10 local off The first example enables the local reference mode on the host, and sets the stratum at which it should claim to be synchronised. The second example disables the local reference mode. 4.3.4.24 makestep ................. Normally chronyd will cause the system to gradually correct any time offset, by slowing down or speeding up the clock as required. In certain situations, the system clock may be so far adrift that this slewing process would take a very long time to correct the system clock. The 'makestep' command can be used in this situation. It cancels any remaining correction that was being slewed, and jumps the system clock by the equivalent amount, making it correct immediately. BE WARNED - certain software will be seriously affected by such jumps to the system time. (That is the reason why chronyd uses slewing normally.) The 'makestep' directive in the configuration file can be used to step the clock automatically when the adjustment is larger than a specified threshold, see *note makestep directive::. 4.3.4.25 manual ............... The manual command enables and disables use of the 'settime' command (*note settime command::), and is used to modify the behaviour of the manual clock driver. Examples of the command are shown below. manual on manual off manual delete 1 manual list manual reset The 'on' form of the command enables use of the 'settime' command. The 'off' form of the command disables use of the 'settime' command. The 'list' form of the command lists all the samples currently stored in 'chronyd'. The output is illustrated below. 210 n_samples = 1 # Date Time(UTC) Slewed Original Residual ==================================================== 0 27Jan99 22:09:20 0.00 0.97 0.00 The columns as as follows : 1. The sample index (used for the 'manual delete' command) 2. The date and time of the sample 3. The system clock error when the timestamp was entered, adjusted to allow for changes made to the system clock since. 4. The system clock error when the timestamp was entered, as it originally was (without allowing for changes to the system clock since). 5. The regression residual at this point, in seconds. This allows 'outliers' to be easily spotted, so that they can be deleted using the 'manual delete' command. The 'delete' form of the command deletes a single sample. The parameter is the index of the sample, as shown in the first column of the output from 'manual list'. Following deletion of the data point, the current error and drift rate are re-estimated from the remaining data points and the system clock trimmed if necessary. This option is intended to allow 'outliers' to be discarded, i.e. samples where the administrator realises he/she has entered a very poor timestamp. The 'reset' form of the command deletes all samples at once. The system clock is left running as it was before the command was entered. 4.3.4.26 maxdelay ................. This allows the 'maxdelay' option for one of the sources to be modified, in the same way as specifying the 'maxdelay' option for the 'server' directive in the configuration file (*note server directive::). The following examples illustrate the syntax maxdelay foo.bar.com 0.3 maxdelay 1.2.3.4 0.0015 maxdelay 2001:db8::1 0.0015 The first example sets the maximum network delay allowed for a measurement to the host 'foo.bar.com' to 0.3 seconds. The second and third examples set the maximum network delay for a measurement to the host with IPv4 address '1.2.3.4' and the host with IPv6 address '2001:db8::1' to 1.5 milliseconds. (Any measurement whose network delay exceeds the specified value is discarded.) 4.3.4.27 maxdelayratio ...................... This allows the 'maxdelayratio' option for one of the sources to be modified, in the same way as specifying the 'maxdelayratio' option for the 'server' directive in the configuration file (*note server directive::). The following examples illustrate the syntax maxdelayratio foo.bar.com 1.5 maxdelayratio 1.2.3.4 2.0 maxdelayratio 2001:db8::1 2.0 The first example sets the maximum network delay for a measurement to the host 'foo.bar.com' to be 1.5 times the minimum delay found amongst the previous measurements that have been retained. The second and third examples set the maximum network delay for a measurement to the host with IPv4 address '1.2.3.4' and the host with IPv6 address '2001:db8::1' to be double the retained minimum. As for 'maxdelay', any measurement whose network delay is too large will be discarded. 4.3.4.28 maxdelaydevratio ......................... This allows the 'maxdelaydevratio' option for one of the sources to be modified, in the same way as specifying the 'maxdelaydevratio' option for the 'server' directive in the configuration file (*note server directive::). The following examples illustrate the syntax maxdelaydevratio foo.bar.com 0.1 maxdelaydevratio 1.2.3.4 1.0 maxdelaydevratio 2001:db8::1 100.0 4.3.4.29 maxpoll ................ The 'maxpoll' command is used to modify the minimum polling interval for one of the current set of sources. It is equivalent to the 'maxpoll' option in the 'server' directive in the configuration file (*note server directive::). The syntax is as follows maxpoll <host> <new-maxpoll> where the host can be specified as either a machine name or IP address. The new minimum poll is specified as a base-2 logarithm of the number of seconds between polls (e.g. specify 6 for 64 second sampling). An example is maxpoll foo.bar.com 10 which sets the maximum polling interval for the host 'foo.bar.com' to 1024 seconds. Note that the new maximum polling interval only takes effect after the next measurement has been made. 4.3.4.30 maxupdateskew ...................... This command has the same effect as the 'maxupdateskew' directive in the configuration file, see *note maxupdateskew directive::. 4.3.4.31 minpoll ................ The 'minpoll' command is used to modify the minimum polling interval for one of the current set of sources. It is equivalent to the 'minpoll' option in the 'server' directive in the configuration file (*note server directive::). The syntax is as follows minpoll <host> <new-minpoll> where the host can be specified as either a machine name or IP address. The new minimum poll is specified as a base-2 logarithm of the number of seconds between polls (e.g. specify 6 for 64 second sampling). An example is minpoll foo.bar.com 5 which sets the minimum polling interval for the host 'foo.bar.com' to 32 seconds. Note that the new minimum polling interval only takes effect after the next measurement has been made. 4.3.4.32 minstratum ................... The 'minstratum' command is used to modify the minimum stratum for one of the current set of sources. It is equivalent to the 'minstratum' option in the 'server' directive in the configuration file (*note server directive::). The syntax is as follows minstratum <host> <new-min-stratum> where the host can be specified as either a machine name or IP address. An example is minpoll foo.bar.com 5 which sets the minimum stratum for the host 'foo.bar.com' to 5. Note that the new minimum stratum only takes effect after the next measurement has been made. 4.3.4.33 offline ................ The 'offline' command is used to warn 'chronyd' that the network connection to a particular host or hosts is about to be lost. It should be used on computers with a dial-up or similar connection to their time sources, to warn 'chronyd' that the connection is about to be broken. An example of how to use 'offline' in this case is shown in *note Advising chronyd of internet availability::. Another case where 'offline' could be used is where a computer serves time to a local group of computers, and has a permanant connection to true time servers outside the organisation. However, the external connection is heavily loaded at certain times of the day and the measurements obtained are less reliable at those times. In this case, it is probably most useful to determine the gain/loss rate during the quiet periods and let the whole network coast through the loaded periods. The 'offline' and 'online' commands can be used to achieve this. The situation is shown in the figure below. +----------+ |Ext source| +----------+ | | |/| <-- Link with variable | reliability | +-------------------+ |Local master server| +-------------------+ | +---+---+-----+-----+----+----+ | | | | | | | Local clients If the source to which 'chronyd' is currently synchronised is indicated offline in this way, 'chronyd' will continue to treat it as the synchronisation source. If the network connection were broken without the 'offline' command being used, 'chronyd' would assume that the source had failed and would attempt to pick another synchronisation source. There are four forms of the 'offline' command. The first form is a wildcard, meaning all sources. The second form allows an IP address mask and a masked address to be specified. The third form uses the CIDR notation. The fourth form uses an IP address or a hostname. These forms are illustrated below. offline offline 255.255.255.0/1.2.3.0 offline 2001:db8:789a::/48 offline foo.bar.com The second form means that the 'offline' command is to be applied to any source whose IPv4 address is in the '1.2.3' subnet. (The host's address is logically and-ed with the mask, and if the result matches the masked-address the host is processed). The third form means that the command is to be applied to all sources whose IPv6 addresses have first 48 bits equal to '2001:db8:789a'. The fourth form means that the command is to be applied only to that one source. The wildcard form of the address is actually equivalent to offline 0.0.0.0/0.0.0.0 offline ::/0 4.3.4.34 online ............... The 'online' command is opposite in function to the 'offline' command. It is used to advise 'chronyd' that network connectivity to a particular source or sources has been restored. The syntax is identical to that of the 'offline' command, see *note offline command::. 4.3.4.35 password ................. The password command is used to allow chronyc to send privileged commands to 'chronyd'. The password can either be entered on the command line, or can be entered without echoing. The syntax for entering the password on the command line is as follows password xyzzy password ASCII:xyzzy password HEX:78797a7a79 To enter the password without it being echoed, enter password The computer will respond with a 'Password:' prompt, at which you should enter the password and press return. (Note that the no-echo mode is limited to 8 characters on SunOS 4.1 due to limitations in the system library. Other systems do not have this restriction.) The password can be encoded as a string of characters not containing a space with optional 'ASCII:' prefix or as a hexadecimal number with 'HEX:' prefix. It has to match 'chronyd's' currently defined command key (*note commandkey directive::). The password command is run automatically on start if 'chronyc' was started with the '-a' option. 4.3.4.36 polltarget ................... The 'polltarget' command is used to modify the poll target for one of the current set of sources. It is equivalent to the 'polltarget' option in the 'server' directive in the configuration file (*note server directive::). The syntax is as follows polltarget <host> <new-poll-target> where the host can be specified as either a machine name or IP address. An example is polltarget foo.bar.com 12 which sets the poll target for the host 'foo.bar.com' to 12. 4.3.4.37 quit ............. The quit command exits from chronyc and returns the user to the shell (same as the exit command). 4.3.4.38 reselect ................. To avoid excessive switching between sources, 'chronyd' may stay synchronised to a source even when it is not currently the best one among the available sources. The 'reselect' command can be used to force 'chronyd' to reselect the best synchronisation source. 4.3.4.39 reselectdist ..................... The 'reselectdist' command sets the reselect distance. It is equivalent to the 'reselectdist' directive in the configuration file (*note reselectdist directive::). 4.3.4.40 retries ................ The 'retries' command sets the maximum number of retries for 'chronyc' requests before giving up. The response timeout is controlled by 'timeout' command (*note timeout command::). The default is 2. 4.3.4.41 rtcdata ................ The 'rtcdata' command displays the current real time clock RTC parameters. An example output is shown below. RTC ref time (GMT) : Sat May 30 07:25:56 1998 Number of samples : 10 Number of runs : 5 Sample span period : 549 RTC is fast by : -1.632736 seconds RTC gains time at : -107.623 ppm The fields have the following meaning 'RTC ref time (GMT)' This is the RTC reading the last time its error was measured. 'Number of samples' This is the number of previous measurements being used to determine the RTC gain/loss rate. 'Number of runs' This is the number of runs of residuals of the same sign following the regression fit for (RTC error) versus (RTC time). A value which is small indicates that the measurements are not well approximated by a linear model, and that the algorithm will tend to delete the older measurements to improve the fit. 'Sample span period' This is the period that the measurements span (from the oldest to the newest). Without a unit the value is in seconds; suffixes 'm' for minutes, 'h' for hours, 'd' for days or 'y' for years may be used. 'RTC is fast by' This is the estimate of how many seconds fast the RTC when it thought the time was at the reference time (above). If this value is large, you may (or may not) want to use the 'trimrtc' command to bring the RTC into line with the system clock. (Note, a large error will not affect 'chronyd's' operation, unless it becomes so big as to start causing rounding errors. 'RTC gains time at' This is the amount of time gained (positive) or lost (negative) by the real time clock for each second that it ticks. It is measured in parts per million. So if the value shown was +1, suppose the RTC was exactly right when it crosses a particular second boundary. Then it would be 1 microsecond fast when it crosses its next second boundary. 4.3.4.42 settime ................ The 'settime' command allows the current time to be entered manually, if this option has been configured into 'chronyd'. (It may be configured either with the 'manual' directive in the configuration file (*note manual directive::), or with the 'manual' command of chronyc (*note manual command::). It should be noted that the computer's sense of time will only be as accurate as the reference you use for providing this input (e.g. your watch), as well as how well you can time the press of the return key. Providing your computer's time zone is set up properly, you will be able to enter a local time (rather than UTC). The response to a successful 'settime' command indicates the amount that the computer's clock was wrong. It should be apparent from this if you have entered the time wrongly, e.g. with the wrong time zone. The rate of drift of the system clock is estimated by a regression process using the entered measurement and all previous measurements entered during the present run of 'chronyd'. However, the entered measurement is used for adjusting the current clock offset (rather than the estimated intercept from the regression, which is ignored). Contrast what happens with the 'manual delete' command, where the intercept is used to set the current offset (since there is no measurement that has just been typed in in that case). The time is parsed by the public domain 'getdate' algorithm. Consequently, you can only specify time to the nearest second. Examples of inputs that are valid are shown below. settime 16:30 settime 16:30:05 settime Nov 21, 1997 16:30:05 For a full description of 'getdate', get hold of the getdate documentation (bundled, for example, with the source for GNU tar). 4.3.4.43 sources ................ This command displays information about the current time sources that 'chronyd' is accessing. The optional argument '-v' can be specified, meaning _verbose_. In this case, extra caption lines are shown as a reminder of the meanings of the columns. 210 Number of sources = 3 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== #* GPS0 0 4 377 11 -479ns[ -621ns] +/- 134ns ^? a.b.c 2 6 377 23 -923us[ -924us] +/- 43ms ^+ d.e.f 1 6 377 21 -2629us[-2619us] +/- 86ms The columns are as follows: 'M' This indicates the mode of the source. '^' means a server, '=' means a peer and '#' indicates a locally connected reference clock. 'S' This column indicates the state of the sources. '*' indicates the source to which 'chronyd' is currently synchronised. '+' indicates acceptable sources which are combined with the selected source. '-' indicates acceptable sources which are excluded by the combining algorithm. '?' indicates sources to which connectivity has been lost or whose packets don't pass all tests. 'x' indicates a clock which 'chronyd' thinks is is a falseticker (i.e. its time is inconsistent with a majority of other sources). '~' indicates a source whose time appears to have too much variability. The '?' condition is also shown at start-up, until at least 3 samples have been gathered from it. 'Name/IP address' This shows the name or the IP address of the source, or refid for reference clocks. 'Stratum' This shows the stratum of the source, as reported in its most recently received sample. Stratum 1 indicates a computer with a locally attached reference clock. A computer that is synchronised to a stratum 1 computer is at stratum 2. A computer that is synchronised to a stratum 2 computer is at stratum 3, and so on. 'Poll' This shows the rate at which the source is being polled, as a base-2 logarithm of the interval in seconds. Thus, a value of 6 would indicate that a measurement is being made every 64 seconds. 'chronyd' automatically varies the polling rate in response to prevailing conditions. 'Reach' This shows the source's reachability register printed as octal number. The register has 8 bits and is updated on every received or missed packet from the source. A value of 377 indicates that a valid reply was received for all from the last eight transmissions. 'LastRx' This column shows how long ago the last sample was received from the source. This is normally in seconds. The letters 'm', 'h', 'd' or 'y' indicate minutes, hours, days or years. A value of 10 years indicates there were no samples received from this source yet. 'Last sample' This column shows the offset between the local clock and the source at the last measurement. The number in the square brackets shows the actual measured offset. This may be suffixed by 'ns' (indicating nanoseconds), 'us' (indicating microseconds), 'ms' (indicating milliseconds), or 's' (indicating seconds). The number to the left of the square brackets shows the original measurement, adjusted to allow for any slews applied to the local clock since. The number following the '+/-' indicator shows the margin of error in the measurement. Positive offsets indicate that the local clock is fast of the source. 4.3.4.44 sourcestats .................... The 'sourcestats' command displays information about the drift rate and offset estimatation process for each of the sources currently being examined by 'chronyd'. The optional argument '-v' can be specified, meaning _verbose_. In this case, extra caption lines are shown as a reminder of the meanings of the columns. An example report is 210 Number of sources = 1 Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev =============================================================================== abc.def.ghi 11 5 46m -0.001 0.045 1us 25us The columns are as follows 'Name/IP Address' This is the name or IP address of the NTP server (or peer) or refid of the refclock to which the rest of the line relates. 'NP' This is the number of sample points currently being retained for the server. The drift rate and current offset are estimated by performing a linear regression through these points. 'NR' This is the number of runs of residuals having the same sign following the last regression. If this number starts to become too small relative to the number of samples, it indicates that a straight line is no longer a good fit to the data. If the number of runs is too low, 'chronyd' discards older samples and re-runs the regression until the number of runs becomes acceptable. 'Span' This is the interval between the oldest and newest samples. If no unit is shown the value is in seconds. In the example, the interval is 46 minutes. 'Frequency' This is the estimated residual frequency for the server, in parts per million. In this case, the computer's clock is estimated to be running 1 part in 10**9 slow relative to the server. 'Freq Skew' This is the estimated error bounds on 'Freq' (again in parts per million). 'Offset' This is the estimated offset of the source. 'Std Dev' This is the estimated sample standard deviation. 4.3.4.45 timeout ................ The 'timeout' command sets the initial timeout for 'chronyc' requests in milliseconds. If no response is received from 'chronyd', the timeout is doubled and the request is resent. The maximum number of retries is configured with the 'retries' command (*note retries command::). The default is 1000 milliseconds. 4.3.4.46 tracking ................. The 'tracking' command displays parameters about the system's clock performance. An example of the output is shown below. Reference ID : 1.2.3.4 (a.b.c) Stratum : 3 Ref time (UTC) : Fri Feb 3 15:00:29 2012 System time : 0.000001501 seconds slow of NTP time Last offset : -0.000001632 seconds RMS offset : 0.000002360 seconds Frequency : 331.898 ppm fast Residual freq : 0.004 ppm Skew : 0.154 ppm Root delay : 0.373169 seconds Root dispersion : 0.024780 seconds Update interval : 64.2 seconds Leap status : Normal The fields are explained as follows. 'Reference ID' This is the refid and name (or IP address) if available, of the server to which the computer is currently synchronised. If this is '127.127.1.1' it means the computer is not synchronised to any external source and that you have the 'local' mode operating (via the 'local' command in 'chronyc' (*note local command::), or the 'local' directive in the '/etc/chrony.conf' file (*note local directive::)). 'Stratum' The stratum indicates how many hops away from a computer with an attached reference clock we are. Such a computer is a stratum-1 computer, so the computer in the example is two hops away (i.e. 'a.b.c' is a stratum-2 and is synchronised from a stratum-1). 'Ref time' This is the time (UTC) at which the last measurement from the reference source was processed. 'System time' In normal operation, 'chronyd' _never_ steps the system clock, because any jump in the timescale can have adverse consequences for certain application programs. Instead, any error in the system clock is corrected by slightly speeding up or slowing down the system clock until the error has been removed, and then returning to the system clock's normal speed. A consequence of this is that there will be a period when the system clock (as read by other programs using the 'gettimeofday()' system call, or by the 'date' command in the shell) will be different from 'chronyd's' estimate of the current true time (which it reports to NTP clients when it is operating in server mode). The value reported on this line is the difference due to this effect. On systems such as Solaris and SunOS, 'chronyd' has no means to adjust the fundamental rate of the system clock, so keeps the system time correct by periodically making offsets to it as though an error had been measured. The build up of these offsets will be observed in this report. 'Last offset' This is the estimated local offset on the last clock update. 'RMS offset' This is a long-term average of the offset value. 'Frequency' The 'frequency' is the rate by which the system's clock would be would be wrong if 'chronyd' was not correcting it. It is expressed in ppm (parts per million). For example, a value of 1ppm would mean that when the system's clock thinks it has advanced 1 second, it has actually advanced by 1.000001 seconds relative to true time. As you can see in the example, the clock in the computer is not a very good one - it gains about 30 seconds per day! 'Residual freq' This shows the 'residual frequency' for the currently selected reference source. This reflects any difference between what the measurements from the reference source indicate the frequency should be and the frequency currently being used. The reason this is not always zero is that a smoothing procedure is applied to the frequency. Each time a measurement from the reference source is obtained and a new residual frequency computed, the estimated accuracy of this residual is compared with the estimated accuracy (see 'skew' next) of the existing frequency value. A weighted average is computed for the new frequency, with weights depending on these accuracies. If the measurements from the reference source follow a consistent trend, the residual will be driven to zero over time. 'Skew' This is the estimated error bound on the the frequency. 'Root delay' This is the total of the network path delays to the stratum-1 computer from which the computer is ultimately synchronised. In certain extreme situations, this value can be negative. (This can arise in a symmetric peer arrangement where the computers' frequencies are not tracking each other and the network delay is very short relative to the turn-around time at each computer.) 'Root dispersion' This is the total dispersion accumulated through all the computers back to the stratum-1 computer from which the computer is ultimately synchronised. Dispersion is due to system clock resolution, statistical measurement variations etc. An absolute bound on the computer's clock accuracy (assuming the stratum-1 computer is correct) is given by clock_error <= root_dispersion + (0.5 * |root_delay|) 'Update interval' This is the interval between the last two clock updates. 'Leap status' This is the leap status, which can be 'Normal', 'Insert second', 'Delete second' or 'Not synchronised'. 4.3.4.47 trimrtc ................ The 'trimrtc' command is used to correct the system's real time clock (RTC) to the main system clock. It has no effect if the error between the two clocks is currently estimated at less than a second (the resolution of the RTC is only 1 second). The command takes no arguments. It performs the following steps (if the RTC is more than 1 second away from the system clock): 1. Remember the currently estimated gain/loss rate of the RTC and flush the previous measurements. 2. Step the real time clock to bring it within a second of the system clock. 3. Make several measurements to accurately determine the new offset between the RTC and the system clock (i.e. the remaining fraction of a second error) 4. Save the RTC parameters to the RTC file (specified with the 'rtcfile' directive in the configuration file (*note rtcfile directive::). The last step is done as a precaution against the computer suffering a power failure before either the daemon exits or the 'writertc' command is issued. 'chronyd' will still work perfectly well both whilst operating and across machine reboots even if the 'trimrtc' command is never used (and the RTC is allowed to drift away from true time). The 'trimrtc' command is provided as a method by which it can be corrected, in a manner compatible with 'chronyd' using it to maintain accurate time across machine reboots. 4.3.4.48 waitsync ................. The 'waitsync' command waits for 'chronyd' to synchronise. Up to three optional arguments can be specified, the first is the maximum number of tries in 10 second intervals before giving up and returning a non-zero error code. When 0 is specified, or there are no arguments, the number of tries will not be limited. The second and third arguments are the maximum allowed remaining correction of the system clock and the maximum allowed skew (in ppm) as reported by the 'tracking' command (*note tracking command::) in the 'System time' and 'Skew' fields. If not specified or zero, the value will not be checked. An example is waitsync 60 0.01 which will wait up to about 10 minutes for 'chronyd' to synchronise to a source and the remaining correction to be less than 10 milliseconds. 4.3.4.49 writertc ................. The 'writertc' command writes the currently estimated error and gain/loss rate parameters for the RTC to the RTC file (specified with the 'rtcfile' directive (*note rtcfile directive::)). This information is also written automatically when 'chronyd' is killed (with SIGHUP, SIGINT, SIGQUIT or SIGTERM). Appendix A Porting guide ************************ This appendix discusses issues that have arisen in writing the system-specific parts of the existing ports. This will provide useful information for those attempting to write ports to other systems. A.1 System driver files ======================= The system specific parts of the software are contained in files with names like 'sys_linux.c'. The following functions are required in a system driver file: 1. A function to read the current frequency 2. A function to set the current frequency 3. A function to slew the system time by a specified delta 4. A function to step the system time by a specified delta 5. A function to work out the error at a particular time between the system's clock and 'chronyd's' estimate of real time. (This is required because some systems have to track real time by making the system time follow it in a 'sawtooth' fashion). The "frequency" is the rate at which the system gains or loses time, measured relative to the system when running uncompensated. A.2 Quirks of particular systems ================================ These sections describe quirks in each system type that needed to be investigated to port the software to each system type. A.2.1 Linux ----------- The following quirks have been found in developing the Linux port. 1. In order to avoid floating point arithmetic, the kernel uses shifting and adding to approximate a scaling of 100/128. This approximation implies that the frequency set via the 'adjtimex()' system call is not the frequency that is actually obtained. The method of approximation varies between kernel versions and must be determined by examining the kernel source. An inverse factor must be included in the driver to compensate. 2. In some kernel versions, an 'adjtimex()' system call with the flags bits all zeroed will return the amount of offset still to be corrected. In others (e.g. the 2.0 series beyond 2.0.32), the offset must be changed in order to get the old offset returned (similar to 'adjtime()' on other systems). A.2.2 Solaris 2.5 ----------------- The following quirks have been found in developing the Solaris port. 1. The 'adjtime()' system call with a zero argument does not cancel an adjustment that is in progress - it just reports the remaining adjustment. 2. The 'settimeofday()' system call only observes the seconds part of the argument - any fractional seconds part is lost. second. 3. The kernel variable 'dosynctodr' has to be set to zero, otherwise the system clock is periodically reset to the real-time clock. A.2.3 SunOS 4.1.4 ----------------- The following quirks have been found in developing the SunOS port. 1. The 'adjtime()' system call truncates its argument to a multiple of the system's 'tickadj' variable. ('chronyd' sets that to 100, giving a 1 part in 100 slewing capability for correcting offsets.) 2. The kernel variable 'dosynctodr' has to be set to zero, otherwise the system clock is periodically reset to the real-time clock. Appendix B GNU General Public License ************************************* GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software-to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Lesser General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. <one line to give the program's name and a brief idea of what it does.> Copyright (C) <year> <name of author> This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type 'show w'. This is free software, and you are welcome to redistribute it under certain conditions; type 'show c' for details. The hypothetical commands 'show w' and 'show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than 'show w' and 'show c'; they could even be mouse-clicks or menu items-whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program 'Gnomovision' (which makes passes at compilers) written by James Hacker. <signature of Ty Coon>, 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. 1 Introduction 1.1 Overview 1.2 Acknowledgements 1.3 Availability 1.3.1 Getting the software 1.3.2 Platforms 1.4 Relationship to other software packages 1.4.1 ntpd 1.4.2 timed 1.5 Distribution rights and (lack of) warranty 1.6 Bug reporting and suggestions 1.7 Contributions 2 Installation 2.1 Support for line editing libraries 2.2 Extra options for package builders 3 Typical operating scenarios 3.1 Computers connected to the internet 3.2 Infrequent connection to true NTP servers 3.2.1 Setting up the configuration file for infrequent connections 3.2.2 How to tell chronyd when the internet link is available. 3.3 Isolated networks 3.4 The home PC with a dial-up connection 3.4.1 Assumptions/how the software works 3.4.2 Typical configuration files. 3.5 Other important configuration options 4 Usage reference 4.1 Starting chronyd 4.2 The chronyd configuration file 4.2.1 Comments in the configuration file 4.2.2 acquisitionport 4.2.3 allow 4.2.4 bindaddress 4.2.5 bindcmdaddress 4.2.6 broadcast 4.2.7 cmdallow 4.2.8 cmddeny 4.2.9 combinelimit 4.2.10 commandkey 4.2.11 cmdport 4.2.12 corrtimeratio 4.2.13 deny 4.2.14 driftfile 4.2.15 dumpdir 4.2.16 dumponexit 4.2.17 fallbackdrift 4.2.18 generatecommandkey 4.2.19 include 4.2.20 initstepslew 4.2.21 keyfile 4.2.22 leapsectz 4.2.23 local 4.2.24 linux_hz 4.2.25 linux_freq_scale 4.2.26 log 4.2.26.1 Measurements log file format 4.2.26.2 Statistics log file format 4.2.26.3 Tracking log file format 4.2.26.4 Real-time clock log file format 4.2.26.5 Refclocks log file format 4.2.26.6 Tempcomp log file format 4.2.27 logbanner 4.2.28 logchange 4.2.29 logdir 4.2.30 mailonchange 4.2.31 makestep 4.2.32 maxchange 4.2.33 manual 4.2.34 maxclockerror 4.2.35 maxsamples 4.2.36 maxupdateskew 4.2.37 minsamples 4.2.38 noclientlog 4.2.39 clientloglimit 4.2.40 peer 4.2.41 pidfile 4.2.42 port 4.2.43 refclock 4.2.44 reselectdist 4.2.45 rtcdevice 4.2.46 rtcfile 4.2.47 rtconutc 4.2.48 rtcsync 4.2.49 sched_priority 4.2.50 stratumweight 4.2.51 lock_all 4.2.52 server 4.2.53 tempcomp 4.2.54 user 4.3 Running chronyc 4.3.1 Basic use 4.3.2 Command line options 4.3.3 Security with chronyc 4.3.4 Command reference 4.3.4.1 accheck 4.3.4.2 activity 4.3.4.3 add peer 4.3.4.4 add server 4.3.4.5 allow 4.3.4.6 allow all 4.3.4.7 authhash 4.3.4.8 burst 4.3.4.9 clients 4.3.4.10 cmdaccheck 4.3.4.11 cmdallow 4.3.4.12 cmdallow all 4.3.4.13 cmddeny 4.3.4.14 cmddeny all 4.3.4.15 cyclelogs 4.3.4.16 delete 4.3.4.17 deny 4.3.4.18 deny all 4.3.4.19 dns 4.3.4.20 dump 4.3.4.21 exit 4.3.4.22 help 4.3.4.23 local 4.3.4.24 makestep 4.3.4.25 manual 4.3.4.26 maxdelay 4.3.4.27 maxdelayratio 4.3.4.28 maxdelaydevratio 4.3.4.29 maxpoll 4.3.4.30 maxupdateskew 4.3.4.31 minpoll 4.3.4.32 minstratum 4.3.4.33 offline 4.3.4.34 online 4.3.4.35 password 4.3.4.36 polltarget 4.3.4.37 quit 4.3.4.38 reselect 4.3.4.39 reselectdist 4.3.4.40 retries 4.3.4.41 rtcdata 4.3.4.42 settime 4.3.4.43 sources 4.3.4.44 sourcestats 4.3.4.45 timeout 4.3.4.46 tracking 4.3.4.47 trimrtc 4.3.4.48 waitsync 4.3.4.49 writertc Appendix A Porting guide A.1 System driver files A.2 Quirks of particular systems A.2.1 Linux A.2.2 Solaris 2.5 A.2.3 SunOS 4.1.4 Appendix B GNU General Public License
chrony.conf.example
Ein Musterbeispiel zur Konfiguration von chrony finden sich in der Datei chrony.conf.example im Verzeichnis /usr/share/doc/chrony-*/.
# less /usr/share/doc/chrony-*/chrony.conf.example
####################################################################### # # This is an example chrony configuration file. You should copy it to # /etc/chrony.conf after uncommenting and editing the options that you # want to enable. The more obscure options are not included. Refer # to the documentation for these. # # Copyright 2002 Richard P. Curnow # # This program is free software; you can redistribute it and/or modify # it under the terms of version 2 of the GNU General Public License as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License along # with this program; if not, write to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # # ####################################################################### ### COMMENTS # Any of the following lines are comments (you have a choice of # comment start character): # a comment % a comment ! a comment ; a comment # # Below, the '!' form is used for lines that you might want to # uncomment and edit to make your own chrony.conf file. # ####################################################################### ####################################################################### ### SPECIFY YOUR NTP SERVERS # Most computers using chrony will send measurement requests to one or # more 'NTP servers'. You will probably find that your Internet Service # Provider or company have one or more NTP servers that you can specify. # Failing that, there are a lot of public NTP servers. There is a list # you can access at http://support.ntp.org/bin/view/Servers/WebHome or # you can use servers from the pool.ntp.org project. ! server 0.pool.ntp.org iburst ! server 1.pool.ntp.org iburst ! server 2.pool.ntp.org iburst # However, for dial-up use you probably want these instead. The word # 'offline' means that the server is not visible at boot time. Use # chronyc's 'online' command to tell chronyd that these servers have # become visible after you go on-line. ! server 0.pool.ntp.org offline ! server 1.pool.ntp.org offline ! server 2.pool.ntp.org offline # You may want to specify NTP 'peers' instead. If you run a network # with a lot of computers and want several computers running chrony to # have the 'front-line' interface to the public NTP servers, you can # 'peer' these machines together to increase robustness. ! peer ntp0.my-company.com # There are other options to the 'server' and 'peer' directives that you # might want to use. For example, you can ignore measurements whose # round-trip-time is too large (indicating that the measurement is # probably useless, because you don't know which way the measurement # message got held up.) Consult the full documentation for details. ####################################################################### ### AVOIDING POTENTIALLY BOGUS CHANGES TO YOUR CLOCK # # To avoid changes being made to your computer's gain/loss compensation # when the measurement history is too erratic, you might want to enable # one of the following lines. The first seems good for dial-up (or # other high-latency connections like slow leased lines), the second # seems OK for a LAN environment. ! maxupdateskew 100 ! maxupdateskew 5 ####################################################################### ### FILENAMES ETC # Chrony likes to keep information about your computer's clock in files. # The 'driftfile' stores the computer's clock gain/loss rate in parts # per million. When chronyd starts, the system clock can be tuned # immediately so that it doesn't gain or lose any more time. You # generally want this, so it is uncommented. driftfile /var/lib/chrony/drift # If you want to use the program called chronyc to configure aspects of # chronyd's operation once it is running (e.g. tell it the Internet link # has gone up or down), you need a password. This is stored in the # following keys file. (You also need keys to support authenticated NTP # exchanges between cooperating machines.) Again, this option is # assumed by default. keyfile /etc/chrony.keys # Tell chronyd which numbered key in the file is used as the password # for chronyc. (You can pick any integer up to 2**32-1. '1' is just a # default. Using another value will _NOT_ increase security.) commandkey 1 # chronyd can save the measurement history for the servers to files when # it it exits. This is useful in 2 situations: # # 1. On Linux, if you stop chronyd and restart it with '-r' (e.g. after # an upgrade), the old measurements will still be relevant when chronyd # is restarted. This will reduce the time needed to get accurate # gain/loss measurements, especially with a dial-up link. # # 2. Again on Linux, if you use the RTC support and start chronyd with # '-r -s' on bootup, measurements from the last boot will still be # useful (the real time clock is used to 'flywheel' chronyd between # boots). # # Enable these two options to use this. ! dumponexit ! dumpdir /var/lib/chrony # chronyd writes its process ID to a file. If you try to start a second # copy of chronyd, it will detect that the process named in the file is # still running and bail out. If you want to change the path to the PID # file, uncomment this line and edit it. The default path is shown. ! pidfile /var/run/chronyd.pid ####################################################################### ### INITIAL CLOCK CORRECTION # This option is useful to quickly correct the clock on start if it's # off by a large amount. The value '10' means that if the error is less # than 10 seconds, it will be gradually removed by speeding up or # slowing down your computer's clock until it is correct. If the error # is above 10 seconds, an immediate time jump will be applied to correct # it. The value '1' means the step is allowed only on the first update # of the clock. Some software can get upset if the system clock jumps # (especially backwards), so be careful! ! makestep 10 1 ####################################################################### ### LOGGING # If you want to log information about the time measurements chronyd has # gathered, you might want to enable the following lines. You probably # only need this if you really enjoy looking at the logs, you want to # produce some graphs of your system's timekeeping performance, or you # need help in debugging a problem. ! logdir /var/log/chrony ! log measurements statistics tracking # If you have real time clock support enabled (see below), you might want # this line instead: ! log measurements statistics tracking rtc ####################################################################### ### ACTING AS AN NTP SERVER # You might want the computer to be an NTP server for other computers. # e.g. you might be running chronyd on a dial-up machine that has a LAN # sitting behind it with several 'satellite' computers on it. # # By default, chronyd does not allow any clients to access it. You need # to explicitly enable access using 'allow' and 'deny' directives. # # e.g. to enable client access from the 192.168.*.* class B subnet, ! allow 192.168/16 # .. but disallow the 192.168.100.* subnet of that, ! deny 192.168.100/24 # You can have as many allow and deny directives as you need. The order # is unimportant. # If you want chronyd to act as an NTP broadcast server, enable and edit # (and maybe copy) the following line. This means that a broadcast # packet is sent to the address 192.168.1.255 every 60 seconds. The # address MUST correspond to the broadcast address of one of the network # interfaces on your machine. If you have multiple network interfaces, # add a broadcast line for each. ! broadcast 60 192.168.1.255 # If you want to present your computer's time for others to synchronise # with, even if you don't seem to be synchronised to any NTP servers # yourself, enable the following line. The value 10 may be varied # between 1 and 15. You should avoid small values because you will look # like a real NTP server. The value 10 means that you appear to be 10 # NTP 'hops' away from an authoritative source (atomic clock, GPS # receiver, radio clock etc). ! local stratum 10 # Normally, chronyd will keep track of how many times each client # machine accesses it. The information can be accessed by the 'clients' # command of chronyc. You can disable this facility by uncommenting the # following line. This will save a bit of memory if you have many # clients. ! noclientlog # The clientlog size is limited to 512KB by default. If you have many # clients, especially in many different subnets, you might want to # increase the limit. ! clientloglimit 4194304 ####################################################################### ### REPORTING BIG CLOCK CHANGES # Perhaps you want to know if chronyd suddenly detects any large error # in your computer's clock. This might indicate a fault or a problem # with the server(s) you are using, for example. # # The next option causes a message to be written to syslog when chronyd # has to correct an error above 0.5 seconds (you can use any amount you # like). ! logchange 0.5 # The next option will send email to the named person when chronyd has # to correct an error above 0.5 seconds. (If you need to send mail to # several people, you need to set up a mailing list or sendmail alias # for them and use the address of that.) ! mailonchange wibble@foobar.org 0.5 ####################################################################### ### COMMAND ACCESS # The program chronyc is used to show the current operation of chronyd # and to change parts of its configuration whilst it is running. # Normally, chronyd will only allow connections from chronyc on the same # machine as itself. This is for security. If you have a subnet # 192.168.*.* and you want to be able to use chronyc from any machine on # it, you could uncomment the following line. (Edit this to your own # situation.) ! cmdallow 192.168/16 # You can add as many 'cmdallow' and 'cmddeny' lines as you like. The # syntax and meaning is the same as for 'allow' and 'deny', except that # 'cmdallow' and 'cmddeny' control access to the chronyd's command port. # NOTE, even if the host where you run chronyc is granted access, you # still need a command key set up and you have to know the password to # put into chronyc to allow you to modify chronyd's parameters. By # default all you can do is view information about chronyd's operation. ####################################################################### ### REAL TIME CLOCK # chronyd can characterise the system's real-time clock. This is the # clock that keeps running when the power is turned off, so that the # machine knows the approximate time when it boots again. The error at # a particular epoch and gain/loss rate can be written to a file and # used later by chronyd when it is started with the '-s' option. # # You need to have 'enhanced RTC support' compiled into your Linux # kernel. (Note, these options apply only to Linux.) ! rtcfile /var/lib/chrony/rtc # Your RTC can be set to keep Universal Coordinated Time (UTC) or local # time. (Local time means UTC +/- the effect of your timezone.) If you # use UTC, chronyd will function correctly even if the computer is off # at the epoch when you enter or leave summer time (aka daylight saving # time). However, if you dual boot your system with Microsoft Windows, # that will work better if your RTC maintains local time. You take your # pick! ! rtconutc # By default chronyd assumes that the enhanced RTC device is accessed as # /dev/rtc. If it's accessed somewhere else on your system (e.g. you're # using devfs), uncomment and edit the following line. ! rtcdevice /dev/misc/rtc ####################################################################### ### REAL TIME SCHEDULER # This directive tells chronyd to use the real-time FIFO scheduler with the # specified priority (which must be between 0 and 100). This should result # in reduced latency. You don't need it unless you really have a requirement # for extreme clock stability. Works only on Linux. Note that the "-P" # command-line switch will override this. ! sched_priority 1 ####################################################################### ### LOCKING CHRONYD INTO RAM # This directive tells chronyd to use the mlockall() syscall to lock itself # into RAM so that it will never be paged out. This should result in reduced # latency. You don't need it unless you really have a requirement # for extreme clock stability. Works only on Linux. Note that the "-m" # command-line switch will also enable this feature. ! lock_all
Konfiguration
Client
Daemon
Im ersten Konfigurationsbeispiel widmen wir uns einem CentOS 7 Client, der von einem bekannten NTP-Server die Uhrzeit holen und auch synchron halten soll. Ob ein eigener Zeitserver im eigenen Netzwerk oder ein öffentlicher NTP-Server genutzt werden soll, ist konfigurationstechnisch egal, unterschieden sich beide System i.d.R. nur im Namen oder der zugehörigen IP-Adresse.
Die Konfiguration unseres Chrony-Daemon, oder genauer gesagt eines NTP-Clients mit Hilfe von chrony, erfolgt über die Datei /etc/chrony.conf. Mit dem Editor unserer Wahl bearbeiten wir nun diese Datei.
# vim /etc/chrony.conf
- /etc/chrony.conf
######################################################################### ## # SPECIFY YOUR NTP SERVERS # Most computers using chrony will send measurement requests to one or # more 'NTP servers'. You will probably find that your Internet Service # Provider or company have one or more NTP servers that you can specify. # Failing that, there are a lot of public NTP servers. There is a list # you can access at http://support.ntp.org/bin/view/Servers/WebHome or # you can use servers from the pool.ntp.org project. # server 0.pool.ntp.org iburst # server 1.pool.ntp.org iburst # server 2.pool.ntp.org iburst # However, for dial-up use you probably want these instead. The word # 'offline' means that the server is not visible at boot time. Use # chronyc's 'online' command to tell chronyd that these servers have # become visible after you go on-line. # server 0.pool.ntp.org offline # server 1.pool.ntp.org offline # server 2.pool.ntp.org offline # These servers were defined in the installation: server time.dmz.nausch.org iburst ######################################################################### ## # AVOIDING POTENTIALLY BOGUS CHANGES TO YOUR CLOCK # To avoid changes being made to your computer's gain/loss compensation # when the measurement history is too erratic, you might want to enable # one of the following lines. The first seems good for dial-up (or # other high-latency connections like slow leased lines), the second # seems OK for a LAN environment. # maxupdateskew 100 # maxupdateskew 5 ######################################################################### ## # FILENAMES ETC # Chrony likes to keep information about your computer's clock in files. # The 'driftfile' stores the computer's clock gain/loss rate in parts # per million. When chronyd starts, the system clock can be tuned # immediately so that it doesn't gain or lose any more time. You # generally want this, so it is uncommented. driftfile /var/lib/chrony/drift # If you want to use the program called chronyc to configure aspects of # chronyd's operation once it is running (e.g. tell it the Internet link # has gone up or down), you need a password. This is stored in the # following keys file. (You also need keys to support authenticated NTP # exchanges between cooperating machines.) Again, this option is # assumed by default. keyfile /etc/chrony.keys # Tell chronyd which numbered key in the file is used as the password # for chronyc. (You can pick any integer up to 2**32-1. '1' is just a # default. Using another value will _NOT_ increase security.) commandkey 1 # Generate command key if missing. generatecommandkey # chronyd can save the measurement history for the servers to files when # it it exits. This is useful in 2 situations: # # 1. On Linux, if you stop chronyd and restart it with '-r' (e.g. after # an upgrade), the old measurements will still be relevant when chronyd # is restarted. This will reduce the time needed to get accurate # gain/loss measurements, especially with a dial-up link. # # 2. Again on Linux, if you use the RTC support and start chronyd with # '-r -s' on bootup, measurements from the last boot will still be # useful (the real time clock is used to 'flywheel' chronyd between # boots). # # Enable these two options to use this. # dumponexit # dumpdir /var/lib/chrony # chronyd writes its process ID to a file. If you try to start a second # copy of chronyd, it will detect that the process named in the file is # still running and bail out. If you want to change the path to the PID # file, uncomment this line and edit it. The default path is shown. # pidfile /var/run/chronyd.pid ######################################################################### ## # INITIAL CLOCK CORRECTION # This option is useful to quickly correct the clock on start if it's # off by a large amount. The value '10' means that if the error is less # than 10 seconds, it will be gradually removed by speeding up or # slowing down your computer's clock until it is correct. If the error # is above 10 seconds, an immediate time jump will be applied to correct # it. The value '1' means the step is allowed only on the first update # of the clock. Some software can get upset if the system clock jumps # (especially backwards), so be careful! makestep 10 3 ######################################################################### ## # LOGGING # If you want to log information about the time measurements chronyd has # gathered, you might want to enable the following lines. You probably # only need this if you really enjoy looking at the logs, you want to # produce some graphs of your system's timekeeping performance, or you # need help in debugging a problem. # logdir /var/log/chrony # log measurements statistics tracking # If you have real time clock support enabled, you might want this line # this instead: # log measurements statistics tracking rtc ######################################################################### ## # REPORTING BIG CLOCK CHANGES # Perhaps you want to know if chronyd suddenly detects any large error # in your computer's clock. This might indicate a fault or a problem # with the server(s) you are using, for example. # # The next option causes a message to be written to syslog when chronyd # has to correct an error above 0.5 seconds (you can use any amount you # like). # logchange 0.5 # The next option will send email to the named person when chronyd has # to correct an error above 0.5 seconds. (If you need to send mail to # several people, you need to set up a mailing list or sendmail alias # for them and use the address of that.) # mailonchange wibble@foobar.org 0.5 ######################################################################### ## # COMMAND ACCESS # The program chronyc is used to show the current operation of chronyd # and to change parts of its configuration whilst it is running. # Normally, chronyd will only allow connections from chronyc on the same # machine as itself. This is for security. If you have a subnet # 192.168.*.* and you want to be able to use chronyc from any machine on # it, you could uncomment the following line. (Edit this to your own # situation.) # cmdallow 192.168/16 # You can add as many 'cmdallow' and 'cmddeny' lines as you like. The # syntax and meaning is the same as for 'allow' and 'deny', except that # 'cmdallow' and 'cmddeny' control access to the chronyd's command port. # NOTE, even if the host where you run chronyc is granted access, you # still need a command key set up and you have to know the password to # put into chronyc to allow you to modify chronyd's parameters. By # default all you can do is view information about chronyd's operation. ######################################################################### ## # REAL TIME CLOCK # chronyd can characterise the system's real-time clock. This is the # clock that keeps running when the power is turned off, so that the # machine knows the approximate time when it boots again. The error at # a particular epoch and gain/loss rate can be written to a file and # used later by chronyd when it is started with the '-s' option. # # You need to have 'enhanced RTC support' compiled into your Linux # kernel. (Note, these options apply only to Linux.) # rtcfile /var/lib/chrony/rtc # The 'rtcsync' directive will enable a kernel mode where the system time # is copied to the real time clock (RTC) every 11 minutes. # This directive is supported only on Linux and cannot be used when the # normal RTC tracking is enabled, i.e. when the 'rtcfile' directive is # used. rtcsync # The 'stratumweight' directive sets how much distance should be added per # stratum to the synchronisation distance when 'chronyd' selects the # synchronisation source from available sources. # The syntax is: "stratumweight <dist-in-seconds>". By default, it is one # second. This usually means that sources with lower stratum will be # preferred to sources with higher stratum even when their distance is # significantly worse. Setting 'stratumweight' to 0 makes 'chronyd' # ignore stratum when selecting the source. stratumweight 0 ######################################################################### ## # ACTING AS AN NTP CLIENT # This option allows you to configure the port on which chronyd will # listen for NTP requests. # # The compiled in default is udp/123, the standard NTP port. If set to 0, # chronyd will not open the server socket and will operate strictly in a # client-only mode. The source port used in NTP client requests can be # set by the acquisitionport directive. port 0
IPv6 Deaktivierung
Hat man im eigenen Netz „nur“ IPv4 im Einsatz, möchte man selbstredend den Support für IPv6 deaktivieren.
WICHTIG:
Das Deaktivieren von IPv6 nur vornehmen, wenn auch wirklich keine IPv6-Adresse vorhanden ist. Anderweitig muß beim Aufruf von chronyc immer der Parameter -4 angegeben werden!
Das Deaktivieren erfolgt nun nicht, wie man vermutlich annehmen wird über die Konfigurationsdatei /etc/chrony.conf, sondern über einen anderen Weg! Im Verzeichnis /etc/sysconfig legen wir uns eine Datei mit dem Namen chronyd mit nachfolgendem Inhalt an.
# vim /etc/sysconfig/chronyd
- /etc/sysconfig/chronyd
# Django : 2014-07-22 # disable IPv6 support OPTIONS=-4
Server
Daemon
Im zweiten Konfigurationsbeispiel widmen wir uns einem CentOS 7 Server, der von mehreren vertrauenswürdigen NTP-Server im Internet die Uhrzeit holen und auch synchron halten soll.
Die Konfiguration unseres Chrony-Daemon, oder genauer gesagt unseres NTP-Servers mit Hilfe von chrony, erfolgt über die Datei /etc/chrony.conf. Mit dem Editor unserer Wahl bearbeiten wir nun diese Datei.
# vim /etc/chrony.conf
- /etc/chrony.conf
######################################################################### ## # SPECIFY YOUR NTP SERVERS # Most computers using chrony will send measurement requests to one or # more 'NTP servers'. You will probably find that your Internet Service # Provider or company have one or more NTP servers that you can specify. # Failing that, there are a lot of public NTP servers. There is a list # you can access at http://support.ntp.org/bin/view/Servers/WebHome or # you can use servers from the pool.ntp.org project. server 0.pool.ntp.org iburst server 1.pool.ntp.org iburst server 2.pool.ntp.org iburst # However, for dial-up use you probably want these instead. The word # 'offline' means that the server is not visible at boot time. Use # chronyc's 'online' command to tell chronyd that these servers have # become visible after you go on-line. # server 0.pool.ntp.org offline # server 1.pool.ntp.org offline # server 2.pool.ntp.org offline ######################################################################### ## # AVOIDING POTENTIALLY BOGUS CHANGES TO YOUR CLOCK # To avoid changes being made to your computer's gain/loss compensation # when the measurement history is too erratic, you might want to enable # one of the following lines. The first seems good for dial-up (or # other high-latency connections like slow leased lines), the second # seems OK for a LAN environment. # maxupdateskew 100 # maxupdateskew 5 ######################################################################### ## # FILENAMES ETC # Chrony likes to keep information about your computer's clock in files. # The 'driftfile' stores the computer's clock gain/loss rate in parts # per million. When chronyd starts, the system clock can be tuned # immediately so that it doesn't gain or lose any more time. You # generally want this, so it is uncommented. driftfile /var/lib/chrony/drift # If you want to use the program called chronyc to configure aspects of # chronyd's operation once it is running (e.g. tell it the Internet link # has gone up or down), you need a password. This is stored in the # following keys file. (You also need keys to support authenticated NTP # exchanges between cooperating machines.) Again, this option is # assumed by default. keyfile /etc/chrony.keys # Tell chronyd which numbered key in the file is used as the password # for chronyc. (You can pick any integer up to 2**32-1. '1' is just a # default. Using another value will _NOT_ increase security.) commandkey 1 # Generate command key if missing. generatecommandkey # chronyd can save the measurement history for the servers to files when # it it exits. This is useful in 2 situations: # # 1. On Linux, if you stop chronyd and restart it with '-r' (e.g. after # an upgrade), the old measurements will still be relevant when chronyd # is restarted. This will reduce the time needed to get accurate # gain/loss measurements, especially with a dial-up link. # # 2. Again on Linux, if you use the RTC support and start chronyd with # '-r -s' on bootup, measurements from the last boot will still be # useful (the real time clock is used to 'flywheel' chronyd between # boots). # # Enable these two options to use this. # dumponexit # dumpdir /var/lib/chrony # chronyd writes its process ID to a file. If you try to start a second # copy of chronyd, it will detect that the process named in the file is # still running and bail out. If you want to change the path to the PID # file, uncomment this line and edit it. The default path is shown. # pidfile /var/run/chronyd.pid ######################################################################### ## # INITIAL CLOCK CORRECTION # This option is useful to quickly correct the clock on start if it's # off by a large amount. The value '10' means that if the error is less # than 10 seconds, it will be gradually removed by speeding up or # slowing down your computer's clock until it is correct. If the error # is above 10 seconds, an immediate time jump will be applied to correct # it. The value '1' means the step is allowed only on the first update # of the clock. Some software can get upset if the system clock jumps # (especially backwards), so be careful! makestep 10 3 ######################################################################### ## # LOGGING # If you want to log information about the time measurements chronyd has # gathered, you might want to enable the following lines. You probably # only need this if you really enjoy looking at the logs, you want to # produce some graphs of your system's timekeeping performance, or you # need help in debugging a problem. # logdir /var/log/chrony # log measurements statistics tracking # If you have real time clock support enabled, you might want this line # this instead: # log measurements statistics tracking rtc # Normally, chronyd will keep track of how many times each client # machine accesses it. The information can be accessed by the 'clients' # command of chronyc. You can disable this facility by uncommenting the # following line. This will save a bit of memory if you have many # clients. # noclientlog # The clientlog size is limited to 512KB by default. If you have many # clients, especially in many different subnets, you might want to # increase the limit. # clientloglimit 4194304 ######################################################################### ## # REPORTING BIG CLOCK CHANGES # Perhaps you want to know if chronyd suddenly detects any large error # in your computer's clock. This might indicate a fault or a problem # with the server(s) you are using, for example. # # The next option causes a message to be written to syslog when chronyd # has to correct an error above 0.5 seconds (you can use any amount you # like). # logchange 0.5 # The next option will send email to the named person when chronyd has # to correct an error above 0.5 seconds. (If you need to send mail to # several people, you need to set up a mailing list or sendmail alias # for them and use the address of that.) # mailonchange wibble@foobar.org 0.5 ######################################################################### ## # COMMAND ACCESS # The program chronyc is used to show the current operation of chronyd # and to change parts of its configuration whilst it is running. # Normally, chronyd will only allow connections from chronyc on the same # machine as itself. This is for security. If you have a subnet # 192.168.*.* and you want to be able to use chronyc from any machine on # it, you could uncomment the following line. (Edit this to your own # situation.) # cmdallow 192.168/16 # You can add as many 'cmdallow' and 'cmddeny' lines as you like. The # syntax and meaning is the same as for 'allow' and 'deny', except that # 'cmdallow' and 'cmddeny' control access to the chronyd's command port. # NOTE, even if the host where you run chronyc is granted access, you # still need a command key set up and you have to know the password to # put into chronyc to allow you to modify chronyd's parameters. By # default all you can do is view information about chronyd's operation. ######################################################################### ## # REAL TIME CLOCK # chronyd can characterise the system's real-time clock. This is the # clock that keeps running when the power is turned off, so that the # machine knows the approximate time when it boots again. The error at # a particular epoch and gain/loss rate can be written to a file and # used later by chronyd when it is started with the '-s' option. # # You need to have 'enhanced RTC support' compiled into your Linux # kernel. (Note, these options apply only to Linux.) # rtcfile /var/lib/chrony/rtc # The 'rtcsync' directive will enable a kernel mode where the system time # is copied to the real time clock (RTC) every 11 minutes. # This directive is supported only on Linux and cannot be used when the # normal RTC tracking is enabled, i.e. when the 'rtcfile' directive is # used. rtcsync # The 'stratumweight' directive sets how much distance should be added per # stratum to the synchronisation distance when 'chronyd' selects the # synchronisation source from available sources. # The syntax is: "stratumweight <dist-in-seconds>". By default, it is one # second. This usually means that sources with lower stratum will be # preferred to sources with higher stratum even when their distance is # significantly worse. Setting 'stratumweight' to 0 makes 'chronyd' # ignore stratum when selecting the source. stratumweight 0 ######################################################################### ## # ACTING AS AN NTP SERVER # You might want the computer to be an NTP server for other computers. # e.g. you might be running chronyd on a dial-up machine that has a LAN # sitting behind it with several 'satellite' computers on it. # This option allows the UDP port on which the server understands NTP # requests to be specified. For normal servers this option should not # not be required (the default is 123, the standard NTP port). # port 123 # # By default, chronyd does not allow any clients to access it. You need # to explicitly enable access using 'allow' and 'deny' directives. # # e.g. to enable client access from the 192.168.*.* class B subnet, # allow 192.168/16 # .. but disallow the 192.168.100.* subnet of that, # deny 192.168.100/24 # You can have as many allow and deny directives as you need. The order # is unimportant. # If you want chronyd to act as an NTP broadcast server, enable and edit # (and maybe copy) the following line. This means that a broadcast # packet is sent to the address 192.168.1.255 every 60 seconds. The # address MUST correspond to the broadcast address of one of the network # interfaces on your machine. If you have multiple network interfaces, # add a broadcast line for each. # broadcast 60 192.168.1.255 # If you want to present your computer's time for others to synchronise # with, even if you don't seem to be synchronised to any NTP servers # yourself, enable the following line. The value 10 may be varied # between 1 and 15. You should avoid small values because you will look # like a real NTP server. The value 10 means that you appear to be 10 # NTP 'hops' away from an authoritative source (atomic clock, GPS # receiver, radio clock etc). # local stratum 10 # 'chronyd' will trim the rate at which it samples the server during # normal operation, the user may wish to constrain the minimum polling # interval. This is always defined as a power of 2, so <tt/minpoll 5/ # would mean that the polling interval cannot drop below 32 seconds. # The default is 6 (64 seconds). minpoll 6 # In a similar way, the user may wish to constrain the maximum polling # interval. Again this is specified as a power of 2, so <tt/maxpoll 9/ # indicates that the polling interval must stay at or below 512 seconds. # The default is 10 (1024 seconds). maxpoll 10 # Target number of measurements to use for the regression algorithm # which 'chronyd' will try to maintain by adjusting polling interval # between 'minpoll' and 'maxpoll'. A higher target makes 'chronyd' # prefer shorter polling intervals. The default is 6 and a useful # range is 6 to 60. polltarget 6 # 'chronyd' uses the network round-trip delay to the server to determine # how accurate a particular measurement is likely to be. Long round-trip # delays indicate that the request, or the response, or both were delayed. # If only one of the messages was delayed the measurement error is likely # to be substantial. # # For small variations in round trip delay, 'chronyd' uses a weighting # scheme when processing the measurements. However, beyond a certain # level of delay the measurements are likely to be so corrupted as to be # useless. (This is particularly so on dial-up or other slow links, where # a long delay probably indicates a highly asymmetric delay caused by the # response waiting behind a lot of packets related to a download of some # sort). # # If the user knows that round trip delays above a certain level should # cause the measurement to be ignored, this level can be defined with # the maxdelay command. For example, <tt/maxdelay 0.3/ would indicate # that measurements with a round-trip delay of 0.3 seconds or more should # be ignored. # maxdelay 0.3 # Maxdelayratio is similar to the maxdelay option above. 'chronyd' keeps a # record of the minimum round-trip delay amongst the previous measure- # ments that it has buffered. If a measurement has a round trip delay # that is greater than the maxdelayratio times the minimum delay, it # will be rejected. # maxdelayratio 0.5 # If a measurement has ratio of the increase in round-trip delay from # the minimum delay amongst the previous measurements to the standard # deviation of the previous measurements that is greater than # maxdelaydevratio, it will be rejected. The default is 10.0. # maxdelaydevratio
IPv6 Deaktivierung
Hat man im eigenen Netz „nur“ IPv4 im Einsatz, möchte man selbstredend den Support für IPv6 deaktivieren.
WICHTIG:
Das Deaktivieren von IPv6 nur vornehmen, wenn auch wirklich keine IPv6-Adresse vorhanden ist. Anderweitig muß beim Aufruf von chronyc immer der Parameter -4 angegeben werden!
Das Deaktivieren erfolgt nun nicht, wie man vermutlich annehmen wird über die Konfigurationsdatei /etc/chrony.conf, sondern über einen anderen Weg! Im Verzeichnis /etc/sysconfig legen wir uns eine Datei mit dem Namen chronyd mit nachfolgendem Inhalt an.
# vim /etc/sysconfig/chronyd
- /etc/sysconfig/chronyd
# Django : 2014-07-22 # disable IPv6 support OPTIONS=-4
Paketfilter - firewalld
Damit unsere Clients Verbindungen zu dem geöffneten UDP-Port ntp/123 chrony-Daemons aufbauen können müssen wir für diese noch Änderungen am Paketfilter firewalld vornehmen.
Unter CentOS 7 wird als Standard-Firewall die dynamische firewalld verwendet. Ein großer Vorteil der dynamischen Paketfilterregeln ist unter anderem, dass zur Aktivierung der neuen Firewall-Regel(n) nicht der Daemon durchgestartet werden muss und somit alle aktiven Verbindungen kurz getrennt werden. Sondern unsere Änderungen können on-the-fly aktiviert oder auch wieder deaktiviert werden.
Mit Hilfe des Programms firewall-cmd legen wir nun eine permanente Regel in der Zone public, dies entspricht in unserem Beispiel das Netzwerk-Interface eth0 mit der IP 10.0.0.57, an. Als Source-IP geben geben wir das Netz unserer Clients an, was in unserem Fall 10.0.0.0/24 entspricht. Genug der Vorrede, mit nachfolgendem Befehl wird der Port 123 geöffnet.
# firewall-cmd --permanent --zone=public --add-rich-rule="rule family="ipv4" source address="10.0.0.0/24" port protocol="udp" port="123" destination address="10.0.0.57/32" accept"
success
Anschließend können wir den Firewall-Daemon einmal durchstarten und anschließend überprüfen, ob die Regeln auch entsprechend unserer Definition, gezogen haben.
# firewall-cmd --reload
success
Abschließend prüfen wir noch, ob die Erweiterung unseres Paketfilter aktiv ist.
# iptables -nvL IN_public_allow
Chain IN_public_allow (1 references) pkts bytes target prot opt in out source destination 205 15580 ACCEPT udp -- * * 10.0.0.0/24 10.0.0.57 udp dpt:123 ctstate NEW 0 0 ACCEPT tcp -- * * 10.0.0.117 10.0.0.57 tcp dpt:5665 ctstate NEW 2 112 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW
DHCP
Damit unsere Cliens auch von unserem eigenen NTP-Server Gebrauch machen, geben wir die IP-Adresse unseres NTP-Servers via DHCP bekannt.
Wir editieren also unsere /etc/dhcpd.conf.
vim /etc/dhcpd.conf option ntp-servers 192.168.100.1;
Abschließend restarten wir unseren DHCP-Server.
service dhcpd restart
Start des Daemon
manueller Start des Daemon
Möchten wir unseren Daemon starten, benutzen wir den folgenden Befehlsaufruf.
# systemctl start chronyd
Im syslog unseres Servers wird uns der Start unseres NTP-Daemons entsprechend vermerkt.
# tail -f /var/log/messages
Jul 22 22:21:12 vml000070 systemd: Starting NTP client/server... Jul 22 22:21:12 vml000070 chronyd[22344]: chronyd version 1.29.1 starting Jul 22 22:21:12 vml000070 chronyd[22344]: Linux kernel major=3 minor=10 patch=0 Jul 22 22:21:12 vml000070 chronyd[22344]: hz=100 shift_hz=7 freq_scale=1.00000000 nominal_tick=10000 slew_delta_tick=833 max_tick_bias=1000 shift_pll=2 Jul 22 22:21:12 vml000070 chronyd[22344]: Frequency 0.291 +/- 0.119 ppm read from /var/lib/chrony/drift Jul 22 22:21:12 vml000070 systemd: Started NTP client/server. Jul 22 22:21:16 vml000070 chronyd[22344]: Selected source 10.0.0.20
automatischer Start des Daemon
Damit der Daemon chrony automatisch bei jedem Systemstart startet, kann die Einrichtung eines Start-Scriptes über folgenden Befehl erreicht werden:
# systemctl enable chronyd.service
ln -s '/usr/lib/systemd/system/chronyd.service' '/etc/systemd/system/multi-user.target.wants/chronyd.service'
Ein Überprüfung ob der Dienst (Daemon)chrony wirklich bei jedem Systemstart automatisch mit gestartet wird, kann durch folgenden Befehl erreicht werden:
# systemctl is-enabled chronyd.service
enabled
Tests
Daemon
Als ersten Test überprüfen wir, ob der Service chronyd geladen und ausgeführt wird. Hierzu benutzen wir folgenden Befehl.
# systemctl status chronyd.service
chronyd.service - NTP client/server Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled) Active: active (running) since Sat 2015-06-20 15:30:55 CEST; 2 days ago Process: 666 ExecStartPost=/usr/libexec/chrony-helper add-dhclient-servers (code=exited, status=0/SUCCESS) Process: 619 ExecStart=/usr/sbin/chronyd -u chrony $OPTIONS (code=exited, status=0/SUCCESS) Main PID: 638 (chronyd) CGroup: /system.slice/chronyd.service └─638 /usr/sbin/chronyd -u chrony
Da wir chrony im Client-Modus betreiben, wird auch der Port 123 bedient - daher wird bei der nachfolgenden Abfrage auch kein geöffneter Port 123 gemeldet.
# netstat -paunt | grep 123
Betreiben wir unseren chrony Daemon im Servermode wird dann natürlich der Port 123 auf den konfigurierten Netzwerkadressen gebunden.
# netstat -paunt | grep 123
udp 0 0 0.0.0.0:123 0.0.0.0:* 13580/chronyd udp6 0 0 :::123 :::* 13580/chronyd
Checking chrony Sources
Welche Server vom lokalen Daemon benutzt werden kann mit Hilfe des Befehls chronyc sources abgefragt werden.
# chronyc sources
210 Number of sources = 3 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^- liste.cc 2 6 37 9 +2584us[+2584us] +/- 63ms ^* stratum2-3.NTP.TechFak.NE 2 6 37 9 -7053ns[ -230us] +/- 22ms ^- alpha.linux.gq 3 6 37 8 +1006us[+1006us] +/- 68ms
Die einzelnen Spalten haben folgende Bedeutung:
- M
Zeigt den Modus der Angezeigten Quelle,- ^ steht für einen NTP-Server,
- = steht für einen Peer-Rechner und
- # steht für eine lokal am Host angeschlossene Referenzuhr.
- S
Zeigt den Status der Zeitquelle an- * bedeutet, der chrony-Daemon hat sich mit der Quelle synchronisiert.
- + die Quelle wird als akzeptabl gewertet, die mit der ausgewählten Quelle kombiniert wird.
- - steht für eine akzeptable Quelle, die aber durch die Kombinationsalgorithmus ausgeschlossen wird.
- ? bedeutet, dass die Verbindung lückenhaft war bzw. abgebrochen ist oder dessen UDP-Pakete nicht alle Tests bestanden haben.
- x definiert eine fehlerhafte Quelle, deren Zeitangaben nicht mit den anderen Quellen nicht im Einklang gebracht werden können.
- ~ steht für eine Quelle mit großen Schwankungen und
- ? Anzeige, dass der Daemon gerade erst gestartet wurde und weniger als 4 Datenpakete empfangen wurden.
- Name/IP address
Zeigt den Namen bzw. die IP-Adresse der Quelle, Referenz-ID oder der lokalen Referenz-Uhr. - Stratum
Anzeige des Stratum-Wertes von der Quelle an Hand der zuletzt empfangenen Datenpakete.- 1 wird angezeigt, wenn der Server über eine lokal angeschlossene Referenzuhr verfügt.
- 2 wird angezeigt, wenn der Daemon sich mit einer Quelle synchronisiert hat, die den Wert Stratum 1 inne hat.
- n Jede weitere Erhöhung des Stratum-Wertes bedeutet, dass ein weiterer Host zwischen dem chrony-Daemon und dem Zeitnormal mit dem Stratum Wert 1 steht.
- Poll
Angabe in welchen Abständen die Uhrzeit turnusmäßig synchronisiert wird. Die Zeitspanne errechnet sich bei einem polling-Wert n = 6 nach (2n) von 26 = 64. Der Wert kann schwanken, je nach dem wie stabil das Zeitnormal verläuft. - Reach
Registerwert (Oktalzahl) der empfangenen Datenpakete. Das Register hat hat 8 bit und wird jeweils beim Empfang bzw. etwaigen Verlusten von Datenpaketen angepasst. Ein Wert von 377 zeigt z.B. an, das die letzten acht empfangenen Datenpakete gültig waren. - LastRx
In dieser Spalte wird angezeigt, wann zuletzt von der genannten Zeitquelle ein Datenpaket empfangen wurde. Ein reiner Zahlenwert steht für die Angabe in Sekunden, sowie die Buchstaben m, h, d oder y jeweils für Minuten, Stunden, Tage bzw. Jahre. Der Wert 10 Jahre steht dafür, dass noch kein gültiges Datenpaket von der Quelle empfangen wurde. - Last sample
Hier wird der Offset zwischen der lokalen Zeit und dem empfangenen NTP-UDP-Paket des Zeitservers angezeigt. Der Wert in den eckigen Klammern zeigt die tatsächlich gemessene Abweichung (Offset). Die Werte werden in den Einheiten ns für Nanosekunden, us für Mikrosekunden, ms für Millisekunden und s für Sekunden angegeben. Die Zahl auf der linken Seite der eckigen Klammern zeigt die ursprünglichen Messwert an, mit dem die Messwerte bis jetzt korrigiert wurden. Die Zahl nach dem +/- Anzeige zeigt die Fehlerspanne bei der Messung. Positive Offsets anzuzeigen, dass die lokale Zeit der NTP-Serverzeit vorausläuft.
Haben wir uns mit chronyc verbunden, können wir uns auch mit der Option -v eine Beschreibung der Spalten abrufen.
# chronyc -a
chrony version 1.29.1 Copyright (C) 1997-2003, 2007, 2009-2013 Richard P. Curnow and others chrony comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the GNU General Public License version 2 for details. 200 OK chronyc>
chronyc> sources -v
210 Number of sources = 5
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| / xxxx = adjusted offset,
|| Log2(Polling interval) -. | yyyy = measured offset,
|| \ | zzzz = estimated error.
|| | |
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* char-ntp-pool.charite.de 1 10 377 98 -476us[ -433us] +/- 21ms
^? s1.vlns.de 3 10 377 569 +1343us[+1385us] +/- 107ms
^+ funky.fuchsi.de 2 10 377 1017 -1579us[-1537us] +/- 35ms
^- nandus.lf-net.org 2 10 377 765 -1300us[-1258us] +/- 53ms
^+ xen1.hochstaetter.de 2 10 377 1018 +4330us[+4372us] +/- 73ms
chronyc>
Checking chrony Source Statistics
Den Status unserer Zeitserverquellen fragen wir mit dem Befehl chronyc sourcestats ab.
# chronyc sourcestats
210 Number of sources = 3 Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev ============================================================================== liste.cc 8 7 265 -1.024 5.907 +2816us 252us stratum2-3.NTP.TechFak.NE 8 5 265 -1.825 7.580 -110us 411us alpha.linux.gq 8 5 265 -0.776 3.946 +1241us 176us
Die einzelnen Spalten haben folgende Bedeutung:
- Name / IP-Adresse
Name bzw. die IP-Adresse der Quelle, Referenz-ID oder der lokalen Referenz-Uhr auf den/die sich die folgenden Werte beziehen. - NP
Anzahl der Abtastpunkte (sampling points), die derzeit vom Daemon verwendet werden. Die Driftrate und der Offset werden durch eine lineare Regression der Abtastpunkte geschätzt. - NR
Anzahl der Durchläufe der Restwertberechnungen mit dem gleichen Vorzeichen nach der letzten Regression. Sobald dieser wert unter die Anzahl der Abtastpunkte (sampling points) ist dies ein Anzeichen, dass die Werte nicht mehr optimal linear berechnet werden können. Wird die Anzahl der Durchläufe zu klein, führt chronyd basieren auf alte bekannte Daten eine neu Regression durch, bis der wert wieder in einem akzeptablen Bereich liegt. - Span
Abstand zwischen dem ältesten und neuesten Sample. Wird keine Einheit angegeben, werden Sekunden angezeigt; m steht für Minuten. - Frequency
geschätzte Restfrequenz, die dedr Daemon nutzte (10-6) - Freq Skew
geschätzte Fehlergrenzen des Werts Frequency (10-6). - Offset
geschätzter Offset der Quelle. - Std Dev
geschätzte Standardabweichung der Stichprobe.
Haben wir uns mit chronyc verbunden, können wir uns auch mit der Option -v eine Beschreibung der Spalten abrufen.
# chronyc -a
chrony version 1.29.1 Copyright (C) 1997-2003, 2007, 2009-2013 Richard P. Curnow and others chrony comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the GNU General Public License version 2 for details. 200 OK chronyc>
chronyc> sourcestats -v
210 Number of sources = 5
.- Number of sample points in measurement set.
/ .- Number of residual runs with same sign.
| / .- Length of measurement set (time).
| | / .- Est. clock freq error (ppm).
| | | / .- Est. error in freq.
| | | | / .- Est. offset.
| | | | | | On the -.
| | | | | | samples. \
| | | | | | |
Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev
==============================================================================
char-ntp-pool.charite.de 64 27 15h -0.000 0.009 -801us 356us
s1.vlns.de 18 9 293m 0.083 0.047 +1293us 244us
funky.fuchsi.de 9 7 155m 0.026 0.163 -1709us 263us
nandus.lf-net.org 7 6 103m -0.351 0.495 -2348us 422us
xen1.hochstaetter.de 61 29 15h -0.001 0.009 +4265us 372us
Checking chrony Tracking
Die Anzeige der System Zeit Informationen fragen wir mit dem Befehl chronyc tracking ab.
# chronyc tracking
Reference ID : 129.70.132.36 (stratum2-3.NTP.TechFak.NET)
Stratum : 3
Ref time (UTC) : Thu Jun 25 12:11:40 2015
System time : 0.000093731 seconds slow of NTP time
Last offset : -0.000091557 seconds
RMS offset : 0.000051272 seconds
Frequency : 0.381 ppm slow
Residual freq : -0.001 ppm
Skew : 0.006 ppm
Root delay : 0.033234 seconds
Root dispersion : 0.002327 seconds
Update interval : 1043.2 seconds
Leap status : Normal
Die einzelnen Werte haben nachfolgend aufgeführte Bedeutungen:
- Reference ID
Referenz-ID bzw. Name und die IP-Adresse mit dem sich der chrony-Daemon synchronisiert hat. Der Wert 127.127.1.1 zeigt an, dass sich der Daemon nicht mit einer externen NTP-server synchronisiert hat, sondern dass der Daemon im „lokal mode“ befindet, da der Server über eine externe Signalquelle z.B. einer DCF 77 Funkuhr verfügt. - Stratum
Anzeige des Stratum-Wertes von der Quelle an Hand der zuletzt empfangenen Datenpakete.- 1 wird angezeigt, wenn der Server über eine lokal angeschlossene Referenzuhr verfügt.
- 2 wird angezeigt, wenn der Daemon sich mit einer Quelle synchronisiert hat, die den Wert Stratum 1 inne hat.
- n Jede weitere Erhöhung des Stratum-Wertes bedeutet, dass ein weiterer Host zwischen dem chrony-Daemon und dem Zeitnormal mit dem Stratum Wert 1 steht.
- Ref time (UTC)
Uhrzeit (UTC) der Referenz ID, also der Zeit des externen Zeitservers oder der lokalen externen Uhr. - System time
Im normalen Betrieb wird der chrony-Daemon die lokale Zeit nicht in einem Schritt neu stellen, da dies zu ungewollten Effekten führen würde. Chrony word daher zur Anpassung der lokalen Uhrzeit an das externe Ziel durch Veränderungen der Laufgeschwindigkeit der lokalen Uhr anpassen; d.h. die loakel Uhr wird mal schneller oder langsamer als die Uhr des Zeitquelle laufen. Diese Abweichung wird beim Punkt Ref time (UTC) angegeben. - Last offset
Repräsentiert die geschätze Differenz der lokalen Uhr zur externen Quelle. - RMS offset
Dies ist die Anzeige der durchschnittliche Abweichung der lokalen Uhr zur externen Quelle. - Frequency
Abweichung der lokalen Uhrzeit vom Zeitnormal, in der Annahme chronyd würde die Zeit nicht anpassen. Der Wert wird in ppm2) angegeben. - Residual freq
Anzeige der Restfrequenz (residual frequency) für die aktuell ausgewählte Referenzquelle. Der angezeigte Wert spiegelt einen Unterschied zwischen dem, was die Messung von der Referenzquelle vorgibt un der aktuell von chrony-Daemon verwendeten Frequenz wieder. Der Wert wird dabei niemals den Wert 0 anzeigen, da bei der Berechnung der Frequenzwerte Rundungen verwendet werden. Jedes mal wenn der Frequenzwert des Zeitnormals empfangen wurde und die neue Restfrequenz berechnet wurde, wird die geschätzte Genauigkeit dieses neuen Restwertes mit den vorhandenen Werten verglichen und angezeigt. Je genauer die Messungen der Referenzquelle ist und je stabiler die lokale Uhr läuft um so geringer wird der angezeigte Wert und nähert sich im Idealfall dem Wert 0 an. - Skew
Frequenzdrifft in ppm3). - Root delay
Verzögerung durch Laufzeitunterschiede zwischen dem Straum 1 und dem lokalen Server, die durch Laufzeitunterschiede im Netzwerk aufgetreten sind. - Root dispersion
Ungefähre Abweichung (Streuung), bedingt durch statistischen Messschwankungen oder Rundungsdifferenzen, der lokalen Uhrzeit bis hin zur Stratum 1 Quelle. - Update interval
Intervall in Sekunden, in der der Daemon die Uhrzeit spätentens aktualisiert. - Leap status
Sprungstatus der Uhrzeit, die einen der folgenden Werte aufweisen kann:- Normal normaler Betrieb, also alles in Ordnung,
- Insert second Zeit wurde durch Einfügen einer Sekunde verlangsamt,
- Delete second Zeit wurde durch Löschen einer Sekunde beschleunigt, oder
- Not synchronized Zeit konnte noch nicht synchronisiert werden.
Checking chrony Clients
Betreiben wir unseren chrony-Daemon im Server-Mode, können wir uns anzeigen lassen, welcher oder welche Clients sich mit dem Daemon verbunden haben, egal ob via NTP oder zum command/monitoring Port. Hierzu öffnen wir zuerst einmal die chrony-Shell auf unserem Server, auf dem der chrony-Daemon läuft.
# chronyc -a
chrony version 1.29.1 Copyright (C) 1997-2003, 2007, 2009-2013 Richard P. Curnow and others chrony comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the GNU General Public License version 2 for details. 200 OK chronyc>
Anschließend fragen wir mit dem Befehl clients ab, welche Clients sich mit dem Server verbunden haben.
chronyc> clients
Hostname Client Peer CmdAuth CmdNorm CmdBad LstN LstC ========================= ====== ====== ====== ====== ====== ==== ==== localhost 0 0 31 25 0 45y 0 10.0.0.52 228 0 0 0 0 57 45y
Die einzelnen Werte haben nachfolgend aufgeführte Bedeutungen:
- Hostname
Hostname oder IP-Adresse des Clients - Client
Anzahl der Verbindungen des Clients im NTP client mode - Peer
Anzahl der Verbindungen des Clients im NTP symmetric active mode - CmdAuth
Anzahl der authentifizierten Steuerpakete die vom Client bis jetzt erfolgreich, d.h. nach dem password-Befehl, abgesetzt wurden. - CmdNorm
Anzahl der nicht authentifizierten Steuerpakete die vom Client bis jetzt abgesetzt wurden. - CmdBad
Anzahl der erfolglosen Versuche Steuerpakete die vom Client bis jetzt abgesetzt wurden. - LstN
Zeit seit dem das letzte NTP Pakete empfangen wurde - LstC
Zeit seit dem das letzte Steuerpaket/Befehl empfangen wurde
Fazit
Betrachtet man nun abschließend die Konfigurationsmöglichkeiten von chrony, kann man unter anderem folgendes Resümee ziehen:
chronyd eignet sich hervorragend im Virtualisierungsumfeld, die ja bekannter Weise eine große Volatilität bei der lokalen Systemuhr nach sich ziehen kann, eine stabile Synchronisation der Uhrzeiten zu gewährleisten.
ntpd
Als Alternative kann man natürlich auch auf den altbekannten NTP-Daemon ntp zurückgreifen.
Installation
Wurde bei der Erstinstallation der unter CentOS 7 standardmäßig vorgegebene NTP-Daemon noch nicht vom System entfernt, holen wir dies nun kurz nach.
# yum remove chrony -y
Nun installieren wir den NTP-Daemon ntp mit Hilfe des Paketverwaltungsprogramms yum.
# yum install ntp -y
Dokumentation
Was uns das Paket alles mitgebracht hat, zeigt uns der Aufruf vom Befehl rpm mit der Option -qil.
# rpm -qil ntp
Name : ntp
Version : 4.2.6p5
Release : 19.el7.centos
Architecture: x86_64
Install Date: Fri 26 Jun 2015 09:48:07 AM CEST
Group : System Environment/Daemons
Size : 1429916
License : (MIT and BSD and BSD with advertising) and GPLv2
Signature : RSA/SHA256, Sat 20 Dec 2014 03:55:07 AM CET, Key ID 24c6a8a7f4a80eb5
Source RPM : ntp-4.2.6p5-19.el7.centos.src.rpm
Build Date : Sat 20 Dec 2014 03:38:17 AM CET
Build Host : worker1.bsys.centos.org
Relocations : (not relocatable)
Packager : CentOS BuildSystem <http://bugs.centos.org>
Vendor : CentOS
URL : http://www.ntp.org
Summary : The NTP daemon and utilities
Description :
The Network Time Protocol (NTP) is used to synchronize a computer's
time with another reference time source. This package includes ntpd
(a daemon which continuously adjusts system time) and utilities used
to query and configure the ntpd daemon.
Perl scripts ntp-wait and ntptrace are in the ntp-perl package,
ntpdate is in the ntpdate package and sntp is in the sntp package.
The documentation is in the ntp-doc package.
/etc/dhcp/dhclient.d
/etc/dhcp/dhclient.d/ntp.sh
/etc/ntp.conf
/etc/ntp/crypto
/etc/ntp/crypto/pw
/etc/sysconfig/ntpd
/usr/bin/ntpstat
/usr/lib/systemd/ntp-units.d/60-ntpd.list
/usr/lib/systemd/system/ntpd.service
/usr/sbin/ntp-keygen
/usr/sbin/ntpd
/usr/sbin/ntpdc
/usr/sbin/ntpq
/usr/sbin/ntptime
/usr/sbin/tickadj
/usr/share/doc/ntp-4.2.6p5
/usr/share/doc/ntp-4.2.6p5/COPYRIGHT
/usr/share/doc/ntp-4.2.6p5/ChangeLog
/usr/share/doc/ntp-4.2.6p5/NEWS
/usr/share/man/man5/ntp.conf.5.gz
/usr/share/man/man5/ntp_acc.5.gz
/usr/share/man/man5/ntp_auth.5.gz
/usr/share/man/man5/ntp_clock.5.gz
/usr/share/man/man5/ntp_decode.5.gz
/usr/share/man/man5/ntp_misc.5.gz
/usr/share/man/man5/ntp_mon.5.gz
/usr/share/man/man8/ntp-keygen.8.gz
/usr/share/man/man8/ntpd.8.gz
/usr/share/man/man8/ntpdc.8.gz
/usr/share/man/man8/ntpq.8.gz
/usr/share/man/man8/ntpstat.8.gz
/usr/share/man/man8/ntptime.8.gz
/usr/share/man/man8/tickadj.8.gz
/var/lib/ntp
/var/lib/ntp/drift
/var/log/ntpstats
Die Beschreibungen der einzelnen Befehle findet man in deren manpage's.
Konfiguration
Client
In diesem Konfigurationsbeispiel widmen wir uns einem CentOS 7 Client, der von einem bekannten NTP-Server die Uhrzeit holen und auch synchron halten soll. Ob ein eigener Zeitserver im eigenen Netzwerk oder ein öffentlicher NTP-Server genutzt werden soll, ist konfigurationstechnisch egal, unterschieden sich beide System i.d.R. nur im Namen oder der zugehörigen IP-Adresse.
Die Konfiguration unseres NTP-Daemon, oder genauer gesagt eines NTP-Clients ntp, erfolgt über die Datei /etc/ntp.conf. Mit dem Editor unserer Wahl bearbeiten wir nun diese Datei.
# vim /etc/ntp.conf
- /etc/ntp.conf
# For more information about this file, see the man pages # ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5). driftfile /var/lib/ntp/drift # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. restrict default kod nomodify notrap nopeer noquery restrict -6 default kod nomodify notrap nopeer noquery # Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1 restrict -6 ::1 # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). # Django : 2015-06-06 # default: server 0.centos.pool.ntp.org iburst # server 1.centos.pool.ntp.org iburst # server 2.centos.pool.ntp.org iburst # server 3.centos.pool.ntp.org iburst server time.dmz.nausch.org iburst server 10.0.0.57 iburst server 10.0.0.127 iburst #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys # Specify the key identifiers which are trusted. #trustedkey 4 8 42 # Specify the key identifier to use with the ntpdc utility. #requestkey 8 # Specify the key identifier to use with the ntpq utility. #controlkey 8 # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats
In der sehr übersichtlichen Konfigurationsdatei ist für unserem Client hauptsächlich die Zeile server time.dmz.nausch.org iburst von Interesse. Hier haben wir angegeben, mit welchem oder welchen internen Zeitserver(n) sich der Client sich synchronisieren soll.
Server
Daemon
Im zweiten Konfigurationsbeispiel widmen wir uns einem CentOS 7 Server, der von mehreren vertrauenswürdigen NTP-Server im Internet die Uhrzeit holen und auch synchron halten soll.
Die Konfiguration unseres NTP-Daemon, oder genauer gesagt unseres NTP-Servers mit Hilfe von ntüp, erfolgt über die Datei /etc/ntp.conf. Mit dem Editor unserer Wahl bearbeiten wir nun diese Datei.
# vim /etc/ntp.conf
- /etc/ntp.conf
# For more information about this file, see the man pages # ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5). driftfile /var/lib/ntp/drift # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. restrict default nomodify notrap nopeer noquery # Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1 restrict ::1 # Hosts on local network are less restricted. # Django : 2015-06-26 # interne Netze definiert, die den Zeitserver kontaktieren dürfen # default: #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap restrict 10.0.0.0 mask 255.255.255.0 nomodify notrap restrict 10.0.10.0 mask 255.255.255.192 nomodify notrap # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). server 0.centos.pool.ntp.org iburst server 1.centos.pool.ntp.org iburst server 2.centos.pool.ntp.org iburst server 3.centos.pool.ntp.org iburst #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys # Specify the key identifiers which are trusted. #trustedkey 4 8 42 # Specify the key identifier to use with the ntpdc utility. #requestkey 8 # Specify the key identifier to use with the ntpq utility. #controlkey 8 # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor
IPv6 Deaktivierung
Hat man im eigenen Netz „nur“ IPv4 im Einsatz, möchte man selbstredend den Support für IPv6 deaktivieren.
Das Deaktivieren erfolgt nun nicht, wie man vermutlich annehmen wird über die Konfigurationsdatei /etc/ntp.conf, sondern über die Datei /etc/sysconfig/ntpd.
# vim /etc/sysconfig/ntpd
- /etc/sysconfig/ntpd
# Command line options for ntpd # Django : 2015-06-26 # disable IPv6 support # default: OPTIONS="-g" OPTIONS="-g -4"
Paketfilter - firewalld
Damit unsere Clients Verbindungen zu dem geöffneten UDP-Port ntp/123 chrony-Daemons aufbauen können müssen wir für diese noch Änderungen am Paketfilter firewalld vornehmen.
Unter CentOS 7 wird als Standard-Firewall die dynamische firewalld verwendet. Ein großer Vorteil der dynamischen Paketfilterregeln ist unter anderem, dass zur Aktivierung der neuen Firewall-Regel(n) nicht der Daemon durchgestartet werden muss und somit alle aktiven Verbindungen kurz getrennt werden. Sondern unsere Änderungen können on-the-fly aktiviert oder auch wieder deaktiviert werden.
Mit Hilfe des Programms firewall-cmd legen wir nun eine permanente Regel in der Zone public, dies entspricht in unserem Beispiel das Netzwerk-Interface eth0 mit der IP 10.0.0.57, an. Als Source-IP geben geben wir das Netz unserer Clients an, was in unserem Fall 10.0.0.0/24 entspricht. Genug der Vorrede, mit nachfolgendem Befehl wird der Port 123 geöffnet.
# firewall-cmd --permanent --zone=public --add-rich-rule="rule family="ipv4" source address="10.0.0.0/24" port protocol="udp" port="123" destination address="10.0.0.57/32" accept"
success
Anschließend können wir den Firewall-Daemon einmal durchstarten und anschließend überprüfen, ob die Regeln auch entsprechend unserer Definition, gezogen haben.
# firewall-cmd --reload
success
Abschließend prüfen wir noch, ob die Erweiterung unseres Paketfilter aktiv ist.
# iptables -nvL IN_public_allow
Chain IN_public_allow (1 references) pkts bytes target prot opt in out source destination 205 15580 ACCEPT udp -- * * 10.0.0.0/24 10.0.0.57 udp dpt:123 ctstate NEW 0 0 ACCEPT tcp -- * * 10.0.0.117 10.0.0.57 tcp dpt:5665 ctstate NEW 2 112 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW
DHCP
Damit unsere Cliens auch von unserem eigenen NTP-Server Gebrauch machen, geben wir die IP-Adresse unseres NTP-Servers via DHCP bekannt.
Wir editieren also unsere /etc/dhcpd.conf.
vim /etc/dhcpd.conf option ntp-servers 192.168.100.1;
Abschließend restarten wir unseren DHCP-Server.
service dhcpd restart
Start des Daemon
manueller Start des Daemon
Möchten wir unseren Daemon starten, benutzen wir den folgenden Befehlsaufruf.
# systemctl start ntpd
Im syslog unseres Servers wird uns der Start unseres NTP-Daemons entsprechend vermerkt.
# tail -f /var/log/messages
Jun 26 10:53:09 vml000127 systemd: Starting Network Time Service... Jun 26 10:53:09 vml000127 ntpd[28371]: ntpd 4.2.6p5@1.2349-o Sat Dec 20 02:38:09 UTC 2014 (1) Jun 26 10:53:09 vml000127 ntpd[28372]: proto: precision = 0.308 usec Jun 26 10:53:09 vml000127 ntpd[28372]: 0.0.0.0 c01d 0d kern kernel time sync enabled Jun 26 10:53:09 vml000127 ntpd[28372]: Listen and drop on 0 v4wildcard 0.0.0.0 UDP 123 Jun 26 10:53:09 vml000127 ntpd[28372]: Listen and drop on 1 v6wildcard :: UDP 123 Jun 26 10:53:09 vml000127 ntpd[28372]: Listen normally on 2 lo 127.0.0.1 UDP 123 Jun 26 10:53:09 vml000127 ntpd[28372]: Listen normally on 3 eth0 10.0.0.127 UDP 123 Jun 26 10:53:09 vml000127 ntpd[28372]: Listen normally on 4 eth1 10.0.10.4 UDP 123 Jun 26 10:53:09 vml000127 ntpd[28372]: Listen normally on 5 lo ::1 UDP 123 Jun 26 10:53:09 vml000127 ntpd[28372]: Listen normally on 6 eth0 fe80::5054:ff:fe75:64da UDP 123 Jun 26 10:53:09 vml000127 ntpd[28372]: Listen normally on 7 eth1 fe80::5054:ff:fe34:a2fe UDP 123 Jun 26 10:53:09 vml000127 ntpd[28372]: Listening on routing socket on fd #24 for interface updates Jun 26 10:53:09 vml000127 systemd: Started Network Time Service. Jun 26 10:53:10 vml000127 ntpd[28372]: 0.0.0.0 c016 06 restart Jun 26 10:53:10 vml000127 ntpd[28372]: 0.0.0.0 c012 02 freq_set kernel 0.000 PPM Jun 26 10:53:10 vml000127 ntpd[28372]: 0.0.0.0 c011 01 freq_not_set Jun 26 10:53:10 vml000127 ntpd[28372]: 0.0.0.0 c614 04 freq_mode
automatischer Start des Daemon
Damit der Daemon ntpd automatisch bei jedem Systemstart startet, kann die Einrichtung eines Start-Scriptes über folgenden Befehl erreicht werden:
# systemctl enable ntpd.service
ln -s '/usr/lib/systemd/system/ntpd.service' '/etc/systemd/system/multi-user.target.wants/ntpd.service'
Ein Überprüfung ob der Dienst (Daemon)ntpd wirklich bei jedem Systemstart automatisch mit gestartet wird, kann durch folgenden Befehl erreicht werden:
# systemctl is-enabled ntpd.service
enabled
Tests
Daemon
Als ersten Test überprüfen wir, ob der Service ntpd geladen und ausgeführt wird. Hierzu benutzen wir folgenden Befehl.
# systemctl status ntpd.service
ntpd.service - Network Time Service Loaded: loaded (/usr/lib/systemd/system/ntpd.service; enabled) Active: active (running) since Fri 2015-06-26 10:53:09 CEST; 4min 14s ago Main PID: 28372 (ntpd) CGroup: /system.slice/ntpd.service └─28372 /usr/sbin/ntpd -u ntp:ntp -g Jun 26 10:53:09 vml000127.dmz.nausch.org ntpd[28372]: Listen normally on 4 eth1 10.0.10.4 UDP 123 Jun 26 10:53:09 vml000127.dmz.nausch.org ntpd[28372]: Listen normally on 5 lo ::1 UDP 123 Jun 26 10:53:09 vml000127.dmz.nausch.org ntpd[28372]: Listen normally on 6 eth0 fe80::5054:ff:fe75:64da UDP 123 Jun 26 10:53:09 vml000127.dmz.nausch.org ntpd[28372]: Listen normally on 7 eth1 fe80::5054:ff:fe34:a2fe UDP 123 Jun 26 10:53:09 vml000127.dmz.nausch.org ntpd[28372]: Listening on routing socket on fd #24 for interface updates Jun 26 10:53:09 vml000127.dmz.nausch.org systemd[1]: Started Network Time Service. Jun 26 10:53:10 vml000127.dmz.nausch.org ntpd[28372]: 0.0.0.0 c016 06 restart Jun 26 10:53:10 vml000127.dmz.nausch.org ntpd[28372]: 0.0.0.0 c012 02 freq_set kernel 0.000 PPM Jun 26 10:53:10 vml000127.dmz.nausch.org ntpd[28372]: 0.0.0.0 c011 01 freq_not_set Jun 26 10:53:10 vml000127.dmz.nausch.org ntpd[28372]: 0.0.0.0 c614 04 freq_mode
Mit nachfolgendem Befehlsaufruf können wir überprüfen ob und ggf. auf welchen Netzwerkinterfaces der ntpd den UDP Port 123 geöffnet hat.
# netstat -paunt | grep 123
udp 0 0 10.0.10.4:123 0.0.0.0:* 28372/ntpd udp 0 0 10.0.0.127:123 0.0.0.0:* 28372/ntpd udp 0 0 127.0.0.1:123 0.0.0.0:* 28372/ntpd udp 0 0 0.0.0.0:123 0.0.0.0:* 28372/ntpd udp6 0 0 fe80::5054:ff:fe34::123 :::* 28372/ntpd udp6 0 0 fe80::5054:ff:fe75::123 :::* 28372/ntpd udp6 0 0 ::1:123 :::* 28372/ntpd udp6 0 0 :::123 :::* 28372/ntpd
Mit dem Befehl watch ntpq -np können wir uns abschließend den Status unseres Timeservers anzeigen lassen (Die Synchronisation unter Umständen bis zu 30 Minuten dauern - diese Zeit muss ggf. gewartet werden)
watch ntpq -np
zeigt uns an:
Every 2,0s: ntpq -np Fri Jun 26 11:21:42 2015 remote refid st t when poll reach delay offset jitter ============================================================================== +81.169.180.23 78.46.78.10 3 u 2 64 377 28.552 0.764 0.540 +88.198.23.16 192.53.103.104 2 u 64 64 377 12.074 0.461 0.589 +88.198.8.101 192.53.103.104 2 u 62 64 377 42.315 0.422 0.666 *193.175.73.151 DCF77 1 u 62 64 377 12.315 0.552 0.852
An Hand des * am Zeilenanfang ist zu erkennen, dass Synchronisation erfolgt. Die Spalten haben folgende Bedeutung:
- remote
Mit welchen Servern ist mein Zeitserver verbunden? - refid
Von welcher Zeitquelle stammt die Zeit? - st
Anzeige des Stratum-Wertes von der Quelle an Hand der zuletzt empfangenen Datenpakete.- 1 wird angezeigt, wenn der Server über eine lokal angeschlossene Referenzuhr verfügt.
- 2 wird angezeigt, wenn der Daemon sich mit einer Quelle synchronisiert hat, die den Wert Stratum 1 inne hat.
- n Jede weitere Erhöhung des Stratum-Wertes bedeutet, dass ein weiterer Host zwischen dem chrony-Daemon und dem Zeitnormal mit dem Stratum Wert 1 steht.
- t
Welchen Typs ist die Zeitquelle?- u = unicast,
- m = multicast,
- l = lokal,
- - = unbekannt
- when
Vor wieviel Sekunden wurde beim Server zuletzt angefragt ? - poll
Wie oft wird mit diesem Server syncronisiert? ( Intervall in Sekunden ) - reach
Registerwert (Oktalzahl) der empfangenen Datenpakete. Das Register hat hat 8 bit und wird jeweils beim Empfang bzw. etwaigen Verlusten von Datenpaketen angepasst. Ein Wert von 377 zeigt z.B. an, das die letzten acht empfangenen Datenpakete gültig waren und somit alles bestens ist. - delay
Verzögerung durch Laufzeitunterschiede zwischen dem externen Zeitserver und dem lokalen Server. - offset
Repräsentiert die geschätze Differenz der lokalen Uhr zur externen Quelle. - jitter
Abweichung in Millisekunden
Links
- Zurück zu Projekte und Themenkapitel
- Zurück zu LINUX Installation und Konfiguration
- Zurück zur Startseite