NTP - Zeitserver unter CentOS 7 einrichten und nutzen
Zum Abgleichen der Systemuhren unserer Clients, Netzwerkgeräten und realen Servern wie auch virtuellen Maschinen nutzen wird das NTP1). NTP wurde 1985 von David L. Mills entwickelt und wurde als RFC 958 definiert um eine zuverlässige Zeitgabe über Netzwerke mit variabler Paketlaufzeit über das verbindungslose protokolls UDP zu ermöglichen und bekam von der Internet Assigned Numbers Authority den UDP-Ports 123 zugewiesen.
Weitere Hinweise findet man im sehr guten und ausführlichem WIKIPEDIA-Artikel.
NTPD versus Chronyd
Seit CentOS 7 wird neben dem altbekanntem NTP-Daemon ntp ein weiterer Daemon Namens chrony zur Verfügung gestellt. In Adminkreisen wurde dazu oft spekuliert und argumentiert, warum RedHat einen Daemon als Default zur Verfügung gestellt wird, der vom Entwickler hauptsächlich für mobile Geräte oder nur unregelmäßig laufenden Systemen gebaut hat.
Im Kapitel 15.1.1. Differences Between ntpd and chronyd finden sich detailierte Angaben, welche Vor- und Nachteile der Daemon chronyd gegenüber dem NTP Daemon ntphat. Im gleich anschließendem Kapitel 15.1.2. Choosing Between NTP Daemons finden sich dann auch noch weitere Informationen, welcher Daemon wann eingesetzt werden soll.
Eine detailierte Gegenüberstellung von chronyd, ntpd und openntpd ist auf der Seite Comparison of NTP implementations zu finden.
Vor allem folgende Punkte können im Virtualisierungsumfeld erhebliche stabilere synchronisierte Zeiten erreicht werden:
- chronyd can usually synchronize the clock faster and with better time accuracy.
- chronyd quickly adapts to sudden changes in the rate of the clock.
- chronyd can adjust the rate of the clock on a Linux system in a larger range, which allows it to operate even on machines with a broken or unstable clock. For example, on some virtual machines.
Die nachfolgende Graphik zeigt exemplarisch den Offset mehrerer virtueller CentOS-Systeme. Der Offset wird dabei von einem Icinga2-Monitoring-Server laufend überwacht.
Die Server vml000010 bis vml000050 benutzen für den Abgleich der Zeiten das Paket ntp; die Server vml000052 bis vml000117 hingegen nutzen den Daemon chrony. Bemerkenswert bei diesem Vergleich ist, dass der Offset der einzelnen virtuellen Maschinen bei der Verwendung von chronyd um den Faktor 10 - 100 geringer ist, als bei den vergleichbaren ntp bestückten Systemen.
Ähnliche Ergebnisse kann man auch beim direkten Vergleich der zur Verfügung stehenden Zeitquellen an einem Host mit Hilfe von ntpq.
# watch -d -n 1 "ntpq -pn4"
remote refid st t when poll reach delay offset jitter ============================================================================== +10.0.0.20 85.10.200.230 2 u 127 128 377 0.184 1.495 0.113 *10.0.0.57 193.175.73.151 2 u 128 128 377 0.166 0.233 0.124 +10.0.0.127 78.111.224.11 2 u 79 128 377 0.150 1.992 1.517
In dem gezeigtem Beispiel wurde der Test auf einem CentOS 6 Host vorgenommen, wobei die Hosts folgender Natur waren:
- 10.0.0.20 = CentOS 6 NTP-Server mit Hilfe von ntpd,
- 10.0.0.57 = CentOS 7 NTP-Server mit Hilfe von chrony und
- 10.0.0.127 = CentOS 7 NTP-Server mit Hilfe von ntpd.
Diese beiden Beispiele und die Konfigurationsempfehlung von RedHat finden daher bei den Installation Rund um Djangos WIKI entsprechend Berücksichtigung.
chronyd
Installation
Falls nicht schon bei der Erstinstallation geschehen, installieren wir erst ein mal das benötige RPM chrony für den Abgleich mit unserem Zeitserver.
# yum install chrony
Dokumentation
Was uns das Paket alles mitgebracht hat, zeigt uns der Aufruf vom Befehl rpm mit der Option -qil.
# rpm -qil chrony
Name : chrony Version : 1.29.1 Release : 1.el7.centos Architecture: x86_64 Install Date: Thu 12 Mar 2015 09:40:10 AM CET Group : System Environment/Daemons Size : 567017 License : GPLv2 Signature : RSA/SHA256, Fri 04 Jul 2014 02:57:41 AM CEST, Key ID 24c6a8a7f4a80eb5 Source RPM : chrony-1.29.1-1.el7.centos.src.rpm Build Date : Wed 18 Jun 2014 11:18:41 PM CEST Build Host : worker1.bsys.centos.org Relocations : (not relocatable) Packager : CentOS BuildSystem <http://bugs.centos.org> Vendor : CentOS URL : http://chrony.tuxfamily.org Summary : An NTP client/server Description : A client/server for the Network Time Protocol, this program keeps your computer's clock accurate. It was specially designed to support systems with intermittent internet connections, but it also works well in permanently connected environments. It can use also hardware reference clocks, system real-time clock or manual input as time references. /etc/NetworkManager/dispatcher.d/20-chrony /etc/chrony.conf /etc/chrony.keys /etc/dhcp/dhclient.d/chrony.sh /etc/logrotate.d/chrony /usr/bin/chronyc /usr/lib/systemd/ntp-units.d/50-chronyd.list /usr/lib/systemd/system/chrony-wait.service /usr/lib/systemd/system/chronyd.service /usr/libexec/chrony-helper /usr/sbin/chronyd /usr/share/doc/chrony-1.29.1 /usr/share/doc/chrony-1.29.1/COPYING /usr/share/doc/chrony-1.29.1/NEWS /usr/share/doc/chrony-1.29.1/README /usr/share/doc/chrony-1.29.1/chrony.conf.example /usr/share/doc/chrony-1.29.1/chrony.conf.example2 /usr/share/doc/chrony-1.29.1/chrony.keys.example /usr/share/doc/chrony-1.29.1/chrony.txt /usr/share/doc/chrony-1.29.1/faq.txt /usr/share/info/chrony.info.gz /usr/share/man/man1/chrony.1.gz /usr/share/man/man1/chronyc.1.gz /usr/share/man/man5/chrony.conf.5.gz /usr/share/man/man8/chronyd.8.gz /var/lib/chrony /var/lib/chrony/drift /var/lib/chrony/rtc /var/log/chrony
Im Verzeichnis /usr/share/doc/chrony-*/ finden sich sowohl Konfigurationsbeispiele wie auch eine ausführliche Programm- und Konfigurationsbeschreibungen.
Userguid der chrony suite
Eine genaue Beschreibung zur Konfiguration unterschiedlichster Einsatzszenarien wie auch der Konfigurations-Optionen von chrony finden sich in der Datei chrony.txt aus dem Verzeichnis /usr/share/doc/chrony-*/.
# less /usr/share/doc/chrony-*/chrony.txt
User guide for the chrony suite
*******************************
1 Introduction
**************
1.1 Overview
============
Chrony is a software package for maintaining the accuracy of computer
system clocks. It consists of a pair of programs :
* 'chronyd'. This is a daemon which runs in background on the
system. It obtains measurements (e.g. via the network) of the
system's offset relative to other systems, and adjusts the system
time accordingly. For isolated systems, the user can periodically
enter the correct time by hand (using 'chronyc'). In either case,
'chronyd' determines the rate at which the computer gains or loses
time, and compensates for this.
'chronyd' can also act as an NTP server, and provide a time-of-day
service to other computers. A typical set-up is to run 'chronyd'
on a gateway computer that has a dial-up link to the Internet, and
use it to serve time to computers on a private LAN sitting behind
the gateway. The IP addresses that can act as clients of 'chronyd'
can be tightly controlled. The default is no client access.
* 'chronyc'. This is a command-line driven control and monitoring
program. An administrator can use this to fine-tune various
parameters within the daemon, add or delete servers etc whilst the
daemon is running.
The IP addresses from which 'chronyc' clients may connect can be
tightly controlled. The default is just the computer that
'chronyd' itself is running on.
1.2 Acknowledgements
====================
The 'chrony' suite makes use of the algorithm known as _RSA Data
Security, Inc. MD5 Message-Digest Algorithm_ for authenticating
messages between different machines on the network.
In writing the 'chronyd' program, extensive use has been made of
RFC1305, written by David Mills. The 'ntp' suite's source code has been
occasionally used to check details of the protocol that the RFC did not
make absolutely clear. The core algorithms in 'chronyd' are all
completely distinct from 'ntp', however.
1.3 Availability
================
1.3.1 Getting the software
--------------------------
Links on the chrony home page (http://chrony.tuxfamily.org) describe how
to obtain the software.
1.3.2 Platforms
---------------
Although most of the program is portable between Unix-like systems,
there are parts that have to be tailored to each specific vendor's
system. These are the parts that interface with the operating system's
facilities for adjusting the system clock; different operating systems
may provide different function calls to achieve this, and even where the
same function is used it may have different quirks in its behaviour.
The software is known to work in the following environments:
* Linux 2.2 and newer
* NetBSD
* BSD/386
* Solaris 2.3/2.5/2.5.1/2.6/2.7/2.8 on Sparc (Sparc 20, Ultrasparc)
and i386
* SunOS 4.1.4 on Sparc 2 and Sparc20.
Closely related systems may work too, but they have not been tested.
Porting the software to other system (particularly to those
supporting an 'adjtime' system call) should not be difficult, however it
requires access to such systems to test out the driver.
1.4 Relationship to other software packages
===========================================
1.4.1 ntpd
----------
The 'reference' implementation of the Network Time Protocol is the
program 'ntpd', available via The NTP home page (http://www.ntp.org/).
One of the main differences between 'ntpd' and 'chronyd' is in the
algorithms used to control the computer's clock. Things 'chronyd' can
do better than 'ntpd':
* 'chronyd' can perform usefully in an environment where access to
the time reference is intermittent. 'ntpd' needs regular polling
of the reference to work well.
* 'chronyd' can usually synchronise the clock faster and with better
time accuracy.
* 'chronyd' quickly adapts to sudden changes in the rate of the clock
(e.g. due to changes in the temperature of the crystal
oscillator). 'ntpd' may need a long time to settle down again.
* 'chronyd' can perform well even when the network is congested for
longer periods of time.
* 'chronyd' in the default configuration never steps the time to not
upset other running programs. 'ntpd' can be configured to never
step the time too, but it has to use a different means of adjusting
the clock, which has some disadvantages.
* 'chronyd' can adjust the rate of the clock on Linux in a larger
range, which allows it to operate even on machines with broken or
unstable clock (e.g. in some virtual machines).
Things 'chronyd' can do that 'ntpd' can't:
* 'chronyd' provides support for isolated networks whether the only
method of time correction is manual entry (e.g. by the
administrator looking at a clock). 'chronyd' can look at the
errors corrected at different updates to work out the rate at which
the computer gains or loses time, and use this estimate to trim the
computer clock subsequently.
* 'chronyd' provides support to work out the gain or loss rate of the
'real-time clock', i.e. the clock that maintains the time when the
computer is turned off. It can use this data when the system boots
to set the system time from a corrected version of the real-time
clock. These real-time clock facilities are only available on
Linux, so far.
Things 'ntpd' can do that 'chronyd' can't:
* 'ntpd' fully supports NTP version 4 (RFC5905), including broadcast,
multicast, manycast clients / servers and the orphan mode. It also
supports extra authentication schemes based on public-key
cryptography (RFC5906). 'chronyd' uses NTP version 3 (RFC1305),
which is compatible with version 4.
* 'ntpd' has been ported to more types of computer / operating
system.
* 'ntpd' includes drivers for many reference clocks. 'chronyd'
relies on other programs (e.g. gpsd) to access the data from the
reference clocks.
1.4.2 timed
-----------
'timed' is a program that is part of the BSD networking suite. It uses
broadcast packets to find all machines running the daemon within a
subnet. The machines elect a master which periodically measures the
system clock offsets of the other computers using ICMP timestamps.
Corrections are sent to each member as a result of this process.
Problems that may arise with 'timed' are :
* Because it uses broadcasts, it is not possible to isolate its
functionality to a particular group of computers; there is a risk
of upsetting other computers on the same network (e.g. where a
whole company is on the same subnet but different departments are
independent from the point of view of administering their
computers.)
* The update period appears to be 10 minutes. Computers can build up
significant offsets relative to each other in that time. If a
computer can estimate its rate of drift it can keep itself closer
to the other computers between updates by adjusting its clock every
few seconds. 'timed' does not seem to do this.
* 'timed' does not have any integrated capability for feeding
real-time into its estimates, or for estimating the average rate of
time loss/gain of the machines relative to real-time (unless one of
the computers in the group has access to an external reference and
is always appointed as the 'master').
'timed' does have the benefit over 'chronyd' that for isolated
networks of computers, they will track the 'majority vote' time. For
such isolated networks, 'chronyd' requires one computer to be the
'master' with the others slaved to it. If the master has a particular
defective clock, the whole set of computers will tend to slip relative
to real time (but they _will_ stay accurate relative to one another).
1.5 Distribution rights and (lack of) warranty
==============================================
Chrony may be distributed in accordance with the GNU General Public
License version 2, reproduced in *Note GPL::.
1.6 Bug reporting and suggestions
=================================
If you think you've found a bug in chrony, or have a suggestion, please
let us know. You can join chrony users mailing list by sending a
message with the subject subscribe to
<chrony-users-request@chrony.tuxfamily.org>. Only subscribers can post
to the list.
When you are reporting a bug, please send us all the information you
can. Unfortunately, chrony has proven to be one of those programs where
it is very difficult to reproduce bugs in a different environment. So
we may have to interact with you quite a lot to obtain enough extra
logging and tracing to pin-point the problem in some cases. Please be
patient and plan for this!
Of course, if you can debug the problem yourself and send us a source
code patch to fix it, we will be very grateful!
1.7 Contributions
=================
Although chrony is now a fairly mature and established project, there
are still areas that could be improved. If you can program in C and
have some expertise in these areas, you might be able to fill the gaps.
Particular areas that need addressing are :
1. Porting to other Unices
This involves creating equivalents of sys_solaris.c, sys_linux.c
etc for the new system. Note, the Linux driver has been reported
as working on a range of different architectures (Alpha, Sparc,
MIPS as well as x86 of course).
2. Porting to Windows NT
A small amount of work on this was done under Cygwin. Only the
sorting out of the include files has really been achieved so far.
The two main areas still to address are
1. The system clock driver.
2. How to make chronyd into an NT service (i.e. what to replace
fork(), setsid() etc with so that chronyd can be automatically
started in the system bootstrap.
3. More drivers for reference clock support
4. Automation of the trimrtc and writertc mechanisms
Currently, the RTC trimming mechanism is a manual operation,
because there has to be a reasonable guarantee that the system will
stay up for a reasonable length of time afterwards. (If it is shut
down too soon, a poor characterisation of the RTC drift rate will
be stored on disc, giving a bad system clock error when the system
is next booted.)
To make chrony more automated for the non-expert user, it would be
useful if this problem could be avoided so that trimrtc could be
done automatically (e.g. in a crontab, or as part of the ip-up or
ip-down scripts.)
2 Installation
**************
The software is distributed as source code which has to be compiled.
The source code is supplied in the form of a gzipped tar file, which
unpacks to a subdirectory identifying the name and version of the
program.
After unpacking the source code, change directory into it, and type
./configure
This is a shell script that automatically determines the system type.
There is a single optional parameter, '--prefix' which indicates the
directory tree where the software should be installed. For example,
./configure --prefix=/opt/free
will install the 'chronyd' daemon into /opt/free/sbin and the chronyc
control program into /opt/free/bin. The default value for the prefix is
/usr/local.
The configure script assumes you want to use gcc as your compiler.
If you want to use a different compiler, you can configure this way:
CC=cc CFLAGS=-O ./configure --prefix=/opt/free
for Bourne-family shells, or
setenv CC cc
setenv CFLAGS -O
./configure --prefix=/opt/free
for C-family shells.
If the software cannot (yet) be built on your system, an error
message will be shown. Otherwise, 'Makefile' will be generated.
If editline or readline library is available, chronyc will be built
with line editing support. If you don't want this, specify the
-disable-readline flag to configure. Please refer to *note line editing
support:: for more information.
If a 'timepps.h' header is available, chronyd will be built with PPS
API reference clock driver. If the header is installed in a location
that isn't normally searched by the compiler, you can add it to the
searched locations by setting 'CPPFLAGS' variable to
'-I/path/to/timepps'.
Now type
make
to build the programs.
If you want to build the manual in plain text, HTML and info
versions, type
make docs
Once the programs have been successfully compiled, they need to be
installed in their target locations. This step normally needs to be
performed by the superuser, and requires the following command to be
entered.
make install
This will install the binaries, plain text manual and manpages.
To install the HTML and info versions of the manual as well, enter
the command
make install-docs
If you want chrony to appear in the top level info directory listing,
you need to run the 'install-info' command manually after this step.
'install-info' takes 2 arguments. The first is the path to the
'chrony.info' file you have just installed. This will be the argument
you gave to -prefix when you configured ('/usr/local' by default), with
'/share/info/chrony.info' on the end. The second argument is the
location of the file called 'dir'. This will typically be
'/usr/share/info/dir'. So the typical command line would be
install-info /usr/local/share/info/chrony.info /usr/share/info/dir
Now that the software is successfully installed, the next step is to
set up a configuration file. The contents of this depend on the network
environment in which the computer operates. Typical scenarios are
described in the following section of the document.
2.1 Support for line editing libraries
======================================
Chronyc can be built with support for line editing, this allows you to
use the cursor keys to replay and edit old commands. Two libraries are
supported which provide such functionality, editline and GNU readline.
Please note that readline since version 6.0 is licensed under GPLv3+
which is incompatible with chrony's license GPLv2. You should use
editline instead if you don't want to use older readline versions.
The configure script will automatically enable the line editing
support if one of the supported libraries is available. If they are
both available, the editline library will be used.
If you don't want to use it (in which case chronyc will use a minimal
command line interface), invoke configure like this:
./configure --disable-readline other-options...
If you have editline, readline or ncurses installed in locations that
aren't normally searched by the compiler and linker, you need to use
extra options:
'--with-readline-includes=directory_name'
This defines the name of the directory above the one where
'readline.h' is. 'readline.h' is assumed to be in 'editline' or
'readline' subdirectory of the named directory.
'--with-readline-library=directory_name'
This defines the directory containing the 'libedit.a' or
'libedit.so' file, or 'libreadline.a' or 'libreadline.so' file.
'--with-ncurses-library=directory_name'
This defines the directory containing the 'libncurses.a' or
'libncurses.so' file.
2.2 Extra options for package builders
======================================
The configure and make procedures have some extra options that may be
useful if you are building a distribution package for chrony.
The -infodir=DIR option to configure specifies an install directory
for the info files. This overrides the 'info' subdirectory of the
argument to the -prefix option. For example, you might use
./configure --prefix=/usr --infodir=/usr/share/info
The -mandir=DIR option to configure specifies an install directory
for the man pages. This overrides the 'man' subdirectory of the
argument to the -prefix option.
./configure --prefix=/usr --infodir=/usr/share/info --mandir=/usr/share/man
to set both options together.
The final option is the DESTDIR option to the make command. For
example, you could use the commands
./configure --prefix=/usr --infodir=/usr/share/info --mandir=/usr/share/man
make all docs
make install DESTDIR=./tmp
cd tmp
tar cvf - . | gzip -9 > chrony.tar.gz
to build a package. When untarred within the root directory, this
will install the files to the intended final locations.
3 Typical operating scenarios
*****************************
3.1 Computers connected to the internet
=======================================
In this section we discuss how to configure chrony for computers that
have permanent connections to the internet (or to any network containing
true NTP servers which ultimately derive their time from a reference
clock).
To operate in this mode, you will need to know the names of the NTP
server machines you wish to use. You may be able to find names of
suitable servers by one of the following methods:
* Your institution may already operate servers on its network.
Contact your system administrator to find out.
* Your ISP probably has one or more NTP servers available for its
customers.
* Somewhere under the NTP homepage there is a list of public stratum
1 and stratum 2 servers. You should find one or more servers that
are near to you -- check that their access policy allows you to use
their facilities.
* Use public servers from the pool.ntp.org project
(http://www.pool.ntp.org/).
Assuming that you have found some servers, you need to set up a
configuration file to run chrony. The (compiled-in) default location
for this file is '/etc/chrony.conf'. Assuming that your ntp servers are
called 'a.b.c' and 'd.e.f', your 'chrony.conf' file could contain as a
minimum
server a.b.c
server d.e.f
server g.h.i
However, you will probably want to include some of the other
directives described later. The following directives will be
particularly useful : 'driftfile', 'commandkey', 'keyfile'. The
smallest useful configuration file would look something like
server a.b.c
server d.e.f
server g.h.i
keyfile /etc/chrony.keys
commandkey 1
driftfile /var/lib/chrony/drift
3.2 Infrequent connection to true NTP servers
=============================================
In this section we discuss how to configure chrony for computers that
have occasional connections to the internet.
3.2.1 Setting up the configuration file for infrequent connections
------------------------------------------------------------------
As in the previous section, you will need access to NTP servers on the
internet. The same remarks apply for how to find them.
In this case, you will need some additional configuration to tell
'chronyd' when the connection to the internet goes up and down. This
saves the program from continuously trying to poll the servers when they
are inaccessible.
Again, assuming that your ntp servers are called 'a.b.c' and 'd.e.f',
your 'chrony.conf' file would need to contain something like
server a.b.c
server d.e.f
server g.h.i
However, your computer will keep trying to contact the servers to
obtain timestamps, even whilst offline. If you operate a dial-on-demand
system, things are even worse, because the link to the internet will
keep getting established.
For this reason, it would be better to specify this part of your
configuration file in the following way:
server a.b.c offline
server d.e.f offline
server g.h.i offline
The 'offline' keyword indicates that the servers start in an offline
state, and that they should not be contacted until 'chronyd' receives
notification that the link to the internet is present.
In order to notify 'chronyd' of the presence of the link, you will
need to be able to log in to it with the program chronyc. To do this,
'chronyd' needs to be configured with an administrator password. To set
up an administrator password, you can create a file '/etc/chrony.keys'
containing a single line
1 ALongAndRandomPassword
and add the following line to '/etc/chrony.conf' (the order of the
lines does not matter)
commandkey 1
The smallest useful configuration file would look something like
server a.b.c offline
server d.e.f offline
server g.h.i offline
keyfile /etc/chrony.keys
commandkey 1
driftfile /var/lib/chrony/drift
The next section describes how to tell 'chronyd' when the internet
link goes up and down.
3.2.2 How to tell chronyd when the internet link is available.
--------------------------------------------------------------
To use this option, you will need to configure a command key in
'chronyd's' configuration file '/etc/chrony.conf', as described in the
previous section.
To tell 'chronyd' when to start and finish sampling the servers, the
'online' and 'offline' commands of chronyc need to be used. To give an
example of their use, we assume that 'pppd' is the program being used to
connect to the internet, and that chronyc has been installed at its
default location '/usr/bin/chronyc'. We also assume that the command
key has been set up as described in the previous section.
In the file '/etc/ppp/ip-up' we add the command sequence
/usr/bin/chronyc -a online
and in the file '/etc/ppp/ip-down' we add the sequence
/usr/bin/chronyc -a offline
'chronyd's' polling of the servers will now only occur whilst the
machine is actually connected to the Internet.
3.3 Isolated networks
=====================
In this section we discuss how to configure chrony for computers that
never have network conectivity to any computer which ultimately derives
its time from a reference clock.
In this situation, one computer is selected to be the master
timeserver. The other computers are either direct clients of the
master, or clients of clients.
The rate value in the master's drift file needs to be set to the
average rate at which the master gains or loses time. 'chronyd'
includes support for this, in the form of the 'manual' directive in the
configuration file and the 'settime' command in the 'chronyc' program.
If the master is rebooted, 'chronyd' can re-read the drift rate from
the drift file. However, the master has no accurate estimate of the
current time. To get around this, the system can be configured so that
the master can initially set itself to a 'majority-vote' of selected
clients' times; this allows the clients to 'flywheel' the master across
its outage.
A typical configuration file for the master (called 'master') might
be (assuming the clients are in the 192.168.165.x subnet and that the
master's address is 192.168.169.170)
driftfile /var/lib/chrony/drift
commandkey 25
keyfile /etc/chrony.keys
initstepslew 10 client1 client3 client6
local stratum 8
manual
allow 192.168.165
For the clients that have to resynchronise the master when it
restarts, the configuration file might be
server master
driftfile /var/lib/chrony/drift
logdir /var/log/chrony
log measurements statistics tracking
keyfile /etc/chrony.keys
commandkey 24
local stratum 10
initstepslew 20 master
allow 192.168.169.170
The rest of the clients would be the same, except that the 'local'
and 'allow' directives are not required.
3.4 The home PC with a dial-up connection
=========================================
3.4.1 Assumptions/how the software works
----------------------------------------
This section considers the home computer which has a dial-up connection.
It assumes that Linux is run exclusively on the computer. Dual-boot
systems may work; it depends what (if anything) the other system does to
the system's real-time clock.
Much of the configuration for this case is discussed earlier (*note
Infrequent connection::). This section addresses specifically the case
of a computer which is turned off between 'sessions'.
In this case, 'chronyd' relies on the computer's real-time clock
(RTC) to maintain the time between the periods when it is powered up.
The arrangement is shown in the figure below.
trim if required PSTN
+---------------------------+ +----------+
| | | |
v | | |
+---------+ +-------+ +-----+ +---+
| System's| measure error/ |chronyd| |modem| |ISP|
|real-time|------------------->| |-------| | | |
| clock | drift rate +-------+ +-----+ +---+
+---------+ ^ |
| | |
+---------------------------+ --o-----o---
set time at boot up |
+----------+
|NTP server|
+----------+
When the computer is connected to the Internet (via the modem),
'chronyd' has access to external NTP servers which it makes measurements
from. These measurements are saved, and straight-line fits are
performed on them to provide an estimate of the computer's time error
and rate of gaining/losing time.
When the computer is taken offline from the Internet, the best
estimate of the gain/loss rate is used to free-run the computer until it
next goes online.
Whilst the computer is running, 'chronyd' makes measurements of the
real-time clock (RTC) (via the '/dev/rtc' interface, which must be
compiled into the kernel). An estimate is made of the RTC error at a
particular RTC second, and the rate at which the RTC gains or loses time
relative to true time.
On 2.6 and later kernels, if your motherboard has a HPET, you need to
enable the 'HPET_EMULATE_RTC' option in your kernel configuration.
Otherwise, chrony will not be able to interact with the RTC device and
will give up using it.
When the computer is powered down, the measurement histories for all
the NTP servers are saved to files (if the 'dumponexit' directive is
specified in the configuration file), and the RTC tracking information
is also saved to a file (if the 'rtcfile' directive has been specified).
These pieces of information are also saved if the 'dump' and 'writertc'
commands respectively are issued through 'chronyc'.
When the computer is rebooted, 'chronyd' reads the current RTC time
and the RTC information saved at the last shutdown. This information is
used to set the system clock to the best estimate of what its time would
have been now, had it been left running continuously. The measurement
histories for the servers are then reloaded.
The next time the computer goes online, the previous sessions'
measurements can contribute to the line-fitting process, which gives a
much better estimate of the computer's gain/loss rate.
One problem with saving the measurements and RTC data when the
machine is shut down is what happens if there is a power failure; the
most recent data will not be saved. Although 'chronyd' is robust enough
to cope with this, some performance may be lost. (The main danger
arises if the RTC has been changed during the session, with the
'trimrtc' command in 'chronyc'. Because of this, 'trimrtc' will make
sure that a meaningful RTC file is saved out after the change is
completed).
The easiest protection against power failure is to put the 'dump' and
'writertc' commands in the same place as the 'offline' command is issued
to take 'chronyd' offline; because 'chronyd' free-runs between online
sessions, no parameters will change significantly between going offline
from the Internet and any power failure.
A final point regards home computers which are left running for
extended periods and where it is desired to spin down the hard disc when
it is not in use (e.g. when not accessed for 15 minutes). 'chronyd'
has been planned so it supports such operation; this is the reason why
the RTC tracking parameters are not saved to disc after every update,
but only when the user requests such a write, or during the shutdown
sequence. The only other facility that will generate periodic writes to
the disc is the 'log rtc' facility in the configuration file; this
option should not be used if you want your disc to spin down.
3.4.2 Typical configuration files.
----------------------------------
To illustrate how a dial-up home computer might be configured, example
configuration files are shown in this section.
For the '/etc/chrony.conf' file, the following can be used as an
example.
server 0.pool.ntp.org minpoll 5 maxpoll 10 maxdelay 0.4 offline
server 1.pool.ntp.org minpoll 5 maxpoll 10 maxdelay 0.4 offline
server 2.pool.ntp.org minpoll 5 maxpoll 10 maxdelay 0.4 offline
logdir /var/log/chrony
log statistics measurements tracking
driftfile /var/lib/chrony/drift
keyfile /etc/chrony.keys
commandkey 25
maxupdateskew 100.0
dumponexit
dumpdir /var/lib/chrony
rtcfile /var/lib/chrony/rtc
'pppd' is used for connecting to the internet. This runs two scripts
'/etc/ppp/ip-up' and '/etc/ppp/ip-down' when the link goes online and
offline respectively.
The relevant part of the '/etc/ppp/ip-up' file is
/usr/bin/chronyc -a online
and the relevant part of the '/etc/ppp/ip-down' script is
/usr/bin/chronyc -a -m offline dump writertc
To start 'chronyd' during the boot sequence, the following is in
'/etc/rc.d/rc.local' (this is a Slackware system)
if [ -f /usr/sbin/chronyd -a -f /etc/chrony.conf ]; then
/usr/sbin/chronyd -r -s
echo "Start chronyd"
fi
The placement of this command may be important on some systems. In
particular, 'chronyd' may need to be started before any software that
depends on the system clock not jumping or moving backwards, depending
on the directives in 'chronyd's' configuration file.
For the system shutdown, 'chronyd' should receive a SIGTERM several
seconds before the final SIGKILL; the SIGTERM causes the measurement
histories and RTC information to be saved out.
3.5 Other important configuration options
=========================================
The most common option to include in the configuration file is the
'driftfile' option. One of the major tasks of 'chronyd' is to work out
how fast or how slow the system clock runs relative to real time - e.g.
in terms of seconds gained or lost per day. Measurements over a long
period are usually required to refine this estimate to an acceptable
degree of accuracy. Therefore, it would be bad if 'chronyd' had to work
the value out each time it is restarted, because the system clock would
not run so accurately whilst the determination is taking place.
To avoid this problem, 'chronyd' allows the gain or loss rate to be
stored in a file, which can be read back in when the program is
restarted. This file is called the drift file, and might typically be
stored in '/var/lib/chrony/drift'. By specifying an option like the
following
driftfile /var/lib/chrony/drift
in the configuration file ('/etc/chrony.conf'), the drift file
facility will be activated.
4 Usage reference
*****************
4.1 Starting chronyd
====================
If 'chronyd' has been installed to its default location
'/usr/sbin/chronyd', starting it is simply a matter of entering the
command
/usr/sbin/chronyd
Information messages and warnings will be logged to syslog.
The command line options supported are as follows:
'-n'
When run in this mode, the program will not detach itself from the
terminal.
'-d'
When run in this mode, the program will not detach itself from the
terminal, and all messages will be sent to the terminal instead of
to syslog.
'-f <conf-file>'
This option can be used to specify an alternate location for the
configuration file (default '/etc/chrony.conf').
'-r'
This option will reload sample histories for each of the servers
being used. These histories are created by using the 'dump'
command in 'chronyc', or by setting the 'dumponexit' directive in
the configuration file. This option is useful if you want to stop
and restart 'chronyd' briefly for any reason, e.g. to install a
new version. However, it only makes sense on systems where the
kernel can maintain clock compensation whilst not under 'chronyd's'
control. The only version where this happens so far is Linux. On
systems where this is not the case, e.g. Solaris and SunOS the
option should not be used.
'-R'
When this option is used, the 'initstepslew' directive and the
'makestep' directive used with a positive limit will be ignored.
This option is useful when restarting 'chronyd' and can be used in
conjuction with the '-r' option.
'-s'
This option will set the system clock from the computer's real-time
clock. This is analogous to supplying the '-s' flag to the
'/sbin/clock' program during the Linux boot sequence.
Support for real-time clocks is limited at present - the criteria
are described in the section on the 'rtcfile' directive (*note
rtcfile directive::).
If 'chronyd' cannot support the real time clock on your computer,
this option cannot be used and a warning message will be logged to
the syslog.
If used in conjunction with the '-r' flag, 'chronyd' will attempt
to preserve the old samples after setting the system clock from the
real time clock. This can be used to allow 'chronyd' to perform
long term averaging of the gain or loss rate across system reboots,
and is useful for dial-up systems that are shut down when not in
use. For this to work well, it relies on 'chronyd' having been
able to determine accurate statistics for the difference between
the real time clock and system clock last time the computer was on.
'-u <user>'
When this option is used, chronyd will drop root privileges to the
specified user. So far, it works only on Linux when compiled with
capabilities support.
'-v'
This option displays 'chronyd's' version number to the terminal and
exits.
'-P <priority>'
This option will select the SCHED_FIFO real-time scheduler at the
specified priority (which must be between 0 and 100). This mode is
supported only on Linux.
'-m'
This option will lock chronyd into RAM so that it will never be
paged out. This mode is only supported on Linux.
'-4'
With this option hostnames will be resolved only to IPv4 addresses
and only IPv4 sockets will be created.
'-6'
With this option hostnames will be resolved only to IPv6 addresses
and only IPv6 sockets will be created.
On systems that support an '/etc/rc.local' file for starting programs
at boot time, 'chronyd' can be started from there.
On systems with a System V style initialisation, a suitable
start/stop script might be as shown below. This might be placed in the
file '/etc/rc2.d/S83chrony'.
#!/bin/sh
# This file should have uid root, gid sys and chmod 744
#
killproc() { # kill the named process(es)
pid=`/usr/bin/ps -e |
/usr/bin/grep -w $1 |
/usr/bin/sed -e 's/^ *//' -e 's/ .*//'`
[ "$pid" != "" ] && kill $pid
}
case "$1" in
'start')
if [ -f /opt/free/sbin/chronyd -a -f /etc/chrony.conf ]; then
/opt/free/sbin/chronyd
fi
;;
'stop')
killproc chronyd
;;
*)
echo "Usage: /etc/rc2.d/S83chrony { start | stop }"
;;
esac
(In both cases, you may want to bear in mind that 'chronyd' can step
the time when it starts. There may be other programs started at boot
time that could be upset by this, so you may need to consider the
ordering carefully. However, 'chronyd' will need to start after daemons
providing services that it may require, e.g. the domain name service.)
4.2 The chronyd configuration file
==================================
The configuration file is normally called '/etc/chrony.conf'; in fact,
this is the compiled-in default. However, other locations can be
specified with a command line option.
Each command in the configuration file is placed on a separate line.
The following sections describe each of the commands in turn. The
directives can occur in any order in the file.
4.2.1 Comments in the configuration file
----------------------------------------
The configuration file may contain comment lines. A comment line is any
line that starts with zero or more spaces followed by any one of the
following characters:
* !
* ;
* #
* %
Any line with this format will be ignored.
4.2.2 acquisitionport
---------------------
'chronyd' uses a separate client-side port for the rapid-fire
measurements requested with the 'initstepslew' directive (*note
initstepslew directive::). Normally, that port is chosen arbitrarily by
the operating system. However, you can use 'acquisitionport' to
explicitly specify a port. This may be useful for getting through
firewalls.
Do not make acquisition and regular NTP service (*note port
directive::) use the same port.
An example of the 'acquisitionport' command is
acquisitionport 1123
This would change the port used for rapid queries to udp/1123. You
could then persuade the firewall administrator to let that port through.
4.2.3 allow
-----------
The 'allow' command is used to designate a particular subnet from which
NTP clients are allowed to access the computer as an NTP server.
The default is that no clients are allowed access, i.e. 'chronyd'
operates purely as an NTP client. If the 'allow' directive is used,
'chronyd' will be both a client of its servers, and a server to other
clients.
Examples of use of the command are as follows:
allow foo.bar.com
allow 1.2
allow 3.4.5
allow 6.7.8/22
allow 6.7.8.9/22
allow 2001:db8::/32
allow 0/0
allow ::/0
allow
The first command allows the named node to be an NTP client of this
computer. The second command allows any node with an IPv4 address of
the form 1.2.x.y (with x and y arbitrary) to be an NTP client of this
computer. Likewise, the third command allows any node with an IPv4
address of the form 3.4.5.x to have client NTP access. The fourth and
fifth forms allow access from any node with an IPv4 address of the form
6.7.8.x, 6.7.9.x, 6.7.10.x or 6.7.11.x (with x arbitrary), i.e. the
value 22 is the number of bits defining the specified subnet. (In the
fifth form, the final byte is ignored). The sixth form is used for IPv6
addresses. The seventh and eighth forms allow access by any IPv4 and
IPv6 node respectively. The ninth forms allows access by any node (IPv4
or IPv6).
A second form of the directive, 'allow all', has a greater effect,
depending on the ordering of directives in the configuration file. To
illustrate the effect, consider the two examples
allow 1.2.3.4
deny 1.2.3
allow 1.2
and
allow 1.2.3.4
deny 1.2.3
allow all 1.2
In the first example, the effect is the same regardles of what order
the three directives are given in. So the 1.2.x.y subnet is allowed
access, except for the 1.2.3.x subnet, which is denied access, however
the host 1.2.3.4 is allowed access.
In the second example, the 'allow all 1.2' directives overrides the
effect of _any_ previous directive relating to a subnet within the
specified subnet. Within a configuration file this capability is
probably rather moot; however, it is of greater use for reconfiguration
at run-time via 'chronyc' (*note allow all command::).
Note, if the 'initstepslew' directive (*note initstepslew
directive::) is used in the configuration file, each of the computers
listed in that directive must allow client access by this computer for
it to work.
4.2.4 bindaddress
-----------------
The bindaddress allows you to restrict the network interface to which
chronyd will listen for NTP packets. This provides an additional level
of access restriction above that available through the 'deny' mechanism.
Suppose you have a local ethernet with addresses in the 192.168.1.0
subnet together with a dial-up connection. The ethernet interface's IP
address is 192.168.1.1. Suppose (for some reason) you want to block all
access through the dialup connection (note, this will even block replies
from servers on the dialup side, so you will not be able to synchronise
to an external source). You could add the line
bindaddress 192.168.1.1
to the configuration file.
This directive affects NTP (UDP port 123) packets. If no
'bindcmdaddress' directive is present, the address supplied by
'bindaddress' will be used to control binding of the command socket (UDP
port 323) as well.
The 'bindaddress' directive has been found to cause problems when
used on computers that need to pass NTP traffic over multiple network
interfaces (e.g. firewalls). It is, therefore, not particularly
useful. Use of the 'allow' and 'deny' directives together with a
network firewall is more likely to be successful.
For each of IPv4 and IPv6 protocols, only one 'bindaddress' directive
can be specified.
4.2.5 bindcmdaddress
--------------------
The bindcmdaddress allows you to restrict the network interface to which
chronyd will listen for command packets (issued by chronyc).
Suppose you have a local ethernet with addresses in the 192.168.1.0
subnet together with a dial-up connection. The ethernet interface's IP
address is 192.168.1.1. Suppose you want to block all access through
the dialup connection. You could add the line
bindcmdaddress 192.168.1.1
to the configuration file.
The 'bindcmdaddress' directive has been found to cause problems when
used on computers that need to pass command traffic over multiple
network interfaces. It is, therefore, not particularly useful. Use of
the 'cmdallow' and 'cmddeny' directives together with a network firewall
is more likely to be successful.
For each of IPv4 and IPv6 protocols, only one 'bindcmdaddress'
directive can be specified.
4.2.6 broadcast
---------------
The 'broadcast' directive is used to declare a broadcast address to
which chronyd should send packets in NTP broadcast mode (i.e. make
chronyd act as a broadcast server). Broadcast clients on that subnet
will be able to synchronise.
The syntax is as follows
broadcast 30 192.168.1.255
broadcast 60 192.168.2.255 12123
broadcast 60 ff02::101
In the first example, the destination port defaults to 123/udp (the
normal NTP port). In the second example, the destionation port is
specified as 12123. The first parameter in each case (30 or 60
respectively) is the interval in seconds between broadcast packets being
sent. The second parameter in each case is the broadcast address to
send the packet to. This should correspond to the broadcast address of
one of the network interfaces on the computer where chronyd is running.
You can have more than 1 'broadcast' directive if you have more than
1 network interface onto which you wish to send NTP broadcast packets.
'chronyd' itself cannot currently act as a broadcast client; it must
always be configured as a point-to-point client by defining specific NTP
servers and peers. This broadcast server feature is intended for
providing a time source to other NTP software (e.g. various MS Windows
clients).
If ntpd is used as the broadcast client, it will try to use a
point-to-point client/server NTP access to measure the round-trip delay.
Thus, the broadcast subnet should also be the subject of an 'allow'
directive (*note allow directive::).
4.2.7 cmdallow
--------------
This is similar to the 'allow' directive (*note allow directive::),
except that it allows control access (rather than NTP client access) to
a particular subnet or host. (By 'control access' is meant that chronyc
can be run on those hosts and successfully connect to chronyd on this
computer.)
The syntax is identical to the 'allow' directive.
There is also a 'cmdallow all' directive with similar behaviour to
the 'allow all' directive (but applying to control access in this case,
of course).
4.2.8 cmddeny
-------------
This is similar to the 'cmdallow' directive (*note cmdallow
directive::), except that it denies control access to a particular
subnet or host, rather than allowing it.
The syntax is identical.
There is also a 'cmddeny all' directive with similar behaviour to the
'cmdallow all' directive.
4.2.9 combinelimit
------------------
When 'chronyd' has multiple sources available for synchronization, it
has to select one source as the synchronization source. The measured
offsets and frequencies of the system clock relative to the other
sources, however, can be combined with the selected source to improve
the accuracy of the system clock.
The 'combinelimit' directive limits which sources are included in the
combining algorithm. Their synchronization distance has to be shorter
than the distance of the selected source multiplied by the value of the
limit. Also, their measured frequencies have to be close to the
frequency of the selected source.
By default, the limit is 3. Setting the limit to 0 effectively
disables the source combining algorithm and only the selected source
will be used to control the system clock.
The syntax is
combinelimit <limit>
4.2.10 commandkey
-----------------
The commandkey command is used to set the key number used for
authenticating user commands via the chronyc program at run time. This
allows certain actions of the chronyc program to be restricted to
administrators.
An example of the commandkey command is
commandkey 20
By default, the key number is 0.
In the key file (see the keyfile command) there should be a line of
the form
20 MD5 HEX:B028F91EA5C38D06C2E140B26C7F41EC
When running the chronyc program to perform run-time configuration,
the command
password foobar
must be entered before any commands affecting the operation of the
daemon can be entered, or chronyc must be started with the '-a' option
to run the password command automatically.
4.2.11 cmdport
--------------
The 'cmdport' directive allows the port that is used for run-time
command and monitoring (via the program 'chronyc') to be altered from
its default (323/udp).
An example shows the syntax
cmdport 257
This would make 'chronyd' use 257/udp as its command port.
('chronyc' would need to be run with the '-p 257' switch to
inter-operate correctly).
4.2.12 corrtimeratio
--------------------
When 'chronyd' makes a time correction, it controls how quickly the
system clock is slewed (so far only on Linux). This rate temporarily
affects the frequency error of the system clock.
The 'corrtimeratio' directive controls the ratio between the duration
in which the clock is slewed for an average correction according to the
source history and the interval in which the corrections are done
(usually the NTP polling interval). Corrections larger than the average
take less time and smaller corrections take more time, the amount of the
correction and the correction time are inversely proportional.
Increasing 'corrtimeratio' makes the overall frequency error of the
system clock smaller, but increases the overall time error as the
corrections will take longer.
By default, the ratio is 1, which means the duration of an average
correction will be close to the update interval.
The syntax is
corrtimeratio 10
The current remaining correction is shown in the 'tracking' report
(*note tracking command::) as the 'System time' value.
4.2.13 deny
-----------
This is similar to the 'allow' directive (*note allow directive::),
except that it denies NTP client access to a particular subnet or host,
rather than allowing it.
The syntax is identical.
There is also a 'deny all' directive with similar behaviour to the
'allow all' directive.
4.2.14 driftfile
----------------
One of the main activities of the 'chronyd' program is to work out the
rate at which the system clock gains or loses time relative to real
time.
Whenever 'chronyd' computes a new value of the gain/loss rate, it is
desirable to record it somewhere. This allows 'chronyd' to begin
compensating the system clock at that rate whenever it is restarted,
even before it has had a chance to obtain an equally good estimate of
the rate during the new run. (This process may take many minutes, at
least).
The driftfile command allows a file to be specified into which
'chronyd' can store the rate information. Two parameters are recorded
in the file. The first is the rate at which the system clock gains or
loses time, expressed in parts per million, with gains positive.
Therefore, a value of 100.0 indicates that when the system clock has
advanced by a second, it has gained 100 microseconds on reality (so the
true time has only advanced by 999900 microseconds). The second is an
estimate of the error bound around the first value in which the true
rate actually lies.
An example of the driftfile command is
driftfile /var/lib/chrony/drift
4.2.15 dumpdir
--------------
To compute the rate of gain or loss of time, 'chronyd' has to store a
measurement history for each of the time sources it uses.
Certain systems (so far only Linux) have operating system support for
setting the rate of gain or loss to compensate for known errors. (On
other systems, 'chronyd' must simulate such a capability by periodically
slewing the system clock forwards or backwards by a suitable amount to
compensate for the error built up since the previous slew).
For such systems, it is possible to save the measurement history
across restarts of 'chronyd' (assuming no changes are made to the system
clock behaviour whilst it is not running). If this capability is to be
used (via the dumponexit command in the configuration file, or the dump
command in chronyc), the dumpdir command should be used to define the
directory where the measurement histories are saved.
An example of the command is
dumpdir /var/lib/chrony
A source whose reference id (the IP address for IPv4 sources) is
1.2.3.4 would have its measurement history saved in the file
'/var/lib/chrony/1.2.3.4.dat'.
4.2.16 dumponexit
-----------------
If this command is present, it indicates that 'chronyd' should save the
measurement history for each of its time sources recorded whenever the
program exits. (See the dumpdir command above).
4.2.17 fallbackdrift
--------------------
Fallback drifts are long-term averages of the system clock drift
calculated over exponentially increasing intervals. They are used when
the clock is unsynchronised to avoid quickly drifting away from true
time if there was a short-term deviation in drift before the
synchronisation was lost.
The directive specifies the minimum and maximum interval for how long
the system clock has to be unsynchronised to switch between fallback
drifts. They are defined as a power of 2 (in seconds). The syntax is
as follows
fallbackdrift 16 19
In this example, the minimum interval is 16 (18 hours) and maximum
interval is 19 (6 days). The system clock frequency will be set to the
first fallback 18 hours after the synchronisation was lost, to the
second after 36 hours, etc. This might be a good setting to cover daily
and weekly temperature fluctuations.
By default (or if the specified maximum or minimum is 0), no
fallbacks will be used and the clock frequency will stay at the last
value calculated before synchronisation was lost.
4.2.18 generatecommandkey
-------------------------
With this directive, if the command key is not found on start in the
file specified by the 'keyfile' directive, 'chronyd' will generate a new
command key from the /dev/urandom file and write it to the key file.
The generated key will use SHA1 if 'chronyd' is compiled with the
support, otherwise MD5 will be used.
4.2.19 include
--------------
The 'include' directive includes a specified configuration file. This
is useful when maintaining configuration on multiple hosts to keep the
differences in a separate file.
include /etc/chrony/local.conf
4.2.20 initstepslew
-------------------
In normal operation, 'chronyd' always slews the time when it needs to
adjust the system clock. For example, to correct a system clock which
is 1 second slow, 'chronyd' slightly increases the amount by which the
system clock is advanced on each clock interrupt, until the error is
removed. (Actually, this is done by calling the 'adjtime()' or similar
system function which does it for us.) Note that at no time does time
run backwards with this method.
On most Unix systems it is not desirable to step the system clock,
because many programs rely on time advancing monotonically forwards.
When the 'chronyd' daemon is initially started, it is possible that
the system clock is considerably in error. Attempting to correct such
an error by slewing may not be sensible, since it may take several hours
to correct the error by this means.
The purpose of the 'initstepslew' directive is to allow 'chronyd' to
make a rapid measurement of the system clock error at boot time, and to
correct the system clock by stepping before normal operation begins.
Since this would normally be performed only at an appropriate point in
the system boot sequence, no other software should be adversely affected
by the step.
If the correction required is less than a specified threshold, a slew
is used instead. This makes it easier to restart 'chronyd' whilst the
system is in normal operation.
The 'initstepslew' directive takes a threshold and a list of NTP
servers as arguments. A maximum of 8 will be used. Each of the servers
is rapidly polled several times, and a majority voting mechanism used to
find the most likely range of system clock error that is present. A
step (or slew) is applied to the system clock to correct this error.
'chronyd' then enters its normal operating mode (where only slews are
used).
An example of use of the command is
initstepslew 30 foo.bar.com baz.quz.com
where 2 NTP servers are used to make the measurement. The '30'
indicates that if the system's error is found to be 30 seconds or less,
a slew will be used to correct it; if the error is above 30 seconds, a
step will be used.
The 'initstepslew' directive can also be used in an isolated LAN
environment, where the clocks are set manually. The most stable
computer is chosen as the master, and the other computers are slaved to
it. If each of the slaves is configured with the local option (see
below), the master can be set up with an 'initstepslew' directive which
references some or all of the slaves. Then, if the master machine has
to be rebooted, the slaves can be relied on to 'flywheel' the time for
the master.
4.2.21 keyfile
--------------
This command is used to specify the location of the file containing
ID/key pairs for the following 2 uses:
* Authentication of NTP packets.
* Authentication of administrator commands entered via chronyc.
The format of the command is shown in the example below
keyfile /etc/chrony.keys
The argument is simply the name of the file containing the ID/key
pairs. The format of the file is shown below
10 tulip
11 hyacinth
20 MD5 ASCII:crocus
25 SHA1 HEX:1dc764e0791b11fa67efc7ecbc4b0d73f68a070c
...
Each line consists of an ID, a name of authentication hash function
(optional) and a password. The ID can be any unsigned integer in the
range 0 through 2**32-1. The hash function is MD5 by default, depending
on how was 'chronyd' compiled other allowed hash functions may be SHA1,
SHA256, SHA384, SHA512, RMD128, RMD160, RMD256, RMD320, TIGER and
WHIRLPOOL. The password can be encoded as a string of characters not
containing a space with optional 'ASCII:' prefix or as a hexadecimal
number with 'HEX:' prefix.
For maximum security, it's recommended to use SHA1 or stronger hash
function. The passwords should be random and they should be as long as
the output size of the configured hash function, e.g. 160 bits with
SHA1.
The ID for the chronyc authentication key is specified with the
commandkey command (see earlier). The command key can be generated
automatically on start with the 'generatecommandkey' directive.
4.2.22 leapsectz
----------------
This directive is used to set the name of the timezone in the system tz
database which 'chronyd' can use to find out when will the next leap
second occur. It will periodically check if the times 23:59:59 and
23:59:60 are valid on Jun 30 and Dec 31 in the timezone. A useful
timezone is 'right/UTC'. This is mainly useful with reference clocks
which don't provide the leap second information. It is not necessary to
restart 'chronyd' if the tz database is updated with a new leap second
at least 12 hours before the event.
An example of the command is
leapsectz right/UTC
The following shell command verifies that the timezone contains leap
seconds and can be used with this directive
$ TZ=right/UTC date -d 'Dec 31 2008 23:59:60'
Wed Dec 31 23:59:60 UTC 2008
4.2.23 local
------------
The local keyword is used to allow 'chronyd' to appear synchronised to
real time (from the viewpoint of clients polling it), even if it has no
current synchronisation source.
This option is normally used on computers in an isolated network,
where several computers are required to synchronise to one other, this
being the "master" which is kept vaguely in line with real time by
manual input.
An example of the command is
local stratum 10
The value 10 may be substituted with other values in the range 1
through 15. Stratum 1 indicates a computer that has a true real-time
reference directly connected to it (e.g. GPS, atomic clock etc) –
such computers are expected to be very close to real time. Stratum 2
computers are those which have a stratum 1 server; stratum 3 computers
have a stratum 2 server and so on.
A large value of 10 indicates that the clock is so many hops away
from a reference clock that its time is fairly unreliable. Put another
way, if the computer ever has access to another computer which is
ultimately synchronised to a reference clock, it will almost certainly
be at a stratum less than 10. Therefore, the choice of a high value
like 10 for the local command prevents the machine's own time from ever
being confused with real time, were it ever to leak out to clients that
have visibility of real servers.
4.2.24 linux_hz
---------------
(This option only applies to Linux).
By default, chronyd will find the value of 'HZ' from a kernel header
file at compile time. 'HZ' is the nominal number of timer interrupts
per second. If you're running chronyd on the system where it was built,
the value it has should be right, and you don't need to worry about this
option.
This option is provided for people who move a pre-built chronyd onto
a system where the value of HZ in the kernel headers has been changed
from the default value.
An example of the command is
linux_hz 100
4.2.25 linux_freq_scale
-----------------------
(This option only applies to Linux).
By default, chronyd will find the value of 'HZ' and 'SHIFT_HZ' from
kernel header files at compile time. An internal value called
'freq_scale' is calculated from this. By default it is
(1<<SHIFT_HZ)/HZ, except for the case HZ=100, when special case code is
used which leads to the value 128/128.125. If you're running chronyd on
the system where it was built, the value it has should be right, and you
don't need to worry about this option.
This option is provided for people who move a pre-built chronyd onto
a system where the method by which the kernel computes the reciprocal of
this value has been changed or where the HZ and SHIFT_HZ constants
differ from those on the system where chronyd was built.
An example of the command is
linux_freq_scale 0.99902439
4.2.26 log
----------
The log command indicates that certain information is to be logged.
'measurements'
This option logs the raw NTP measurements and related information
to a file called measurements.log.
'statistics'
This option logs information about the regression processing to a
file called statistics.log.
'tracking'
This option logs changes to the estimate of the system's gain or
loss rate, and any slews made, to a file called tracking.log.
'rtc'
This option logs information about the system's real-time clock.
'refclocks'
This option logs the raw and filtered reference clock measurements
to a file called refclocks.log.
'tempcomp'
This option logs the temperature measurements and system rate
compensations to a file called tempcomp.log.
The files are written to the directory specified by the logdir
command.
An example of the command is
log measurements statistics tracking
4.2.26.1 Measurements log file format
.....................................
An example line (which actually appears as a single line in the file)
from the measurements log file is shown below.
2010-12-22 05:40:50 158.152.1.76 N 8 1111 111 1111 10 10 1.0 \
-4.966e-03 2.296e-01 1.577e-05 1.615e-01 7.446e-03
The columns are as follows (the quantities in square brackets are the
values from the example line above) :
1. Date [2010-12-22]
2. Hour:Minute:Second [05:40:50]. Note that the date/time pair is
expressed in UTC, not the local time zone.
3. IP address of server/peer from which measurement comes
[158.152.1.76]
4. Leap status ('N' means normal, '+' means that the last minute of
the current month has 61 seconds, '-' means that the last minute of
the month has 59 seconds, '?' means the remote computer is not
currently synchronised.) [N]
5. Stratum of remote computer. [2]
6. RFC1305 tests 1 through 4 (1=pass, 0=fail) [1111]
7. Tests for maximum delay, maximum delay ratio and maximum delay dev
ratio, against defined parameters (1=pass, 0=fail) [111]
8. RFC1305 tests 5 through 8 (1=pass, 0=fail) [1111]
9. Local poll [10]
10. Remote poll [10]
11. 'Score' (an internal score within each polling level used to
decide when to increase or decrease the polling level. This is
adjusted based on number of measurements currently being used for
the regression algorithm). [1.0]
12. The estimated local clock error ('theta' in RFC1305). Positive
indicates that the local clock is slow. [-4.966e-03].
13. The peer delay ('delta' in RFC1305). [2.296e-01]
14. The peer dispersion ('epsilon' in RFC1305). [1.577e-05]
15. The root delay ('Delta' in RFC1305). [1.615e-01]
16. The root dispersion ('E' in RFC1305). [7.446e-03]
A banner is periodically written to the log file to indicate the
meanings of the columns.
4.2.26.2 Statistics log file format
...................................
An example line (which actually appears as a single line in the file)
from the statistics log file is shown below.
1998-07-22 05:40:50 158.152.1.76 6.261e-03 -3.247e-03 \
2.220e-03 1.874e-06 1.080e-06 7.8e-02 16 0 8
The columns are as follows (the quantities in square brackets are the
values from the example line above) :
1. Date [1998-07-22]
2. Hour:Minute:Second [05:40:50]. Note that the date/time pair is
expressed in UTC, not the local time zone.
3. IP address of server/peer from which measurement comes
[158.152.1.76]
4. The estimated standard deviation of the measurements from the
source (in seconds). [6.261e-03]
5. The estimated offset of the source (in seconds, positive means the
local clock is estimated to be fast, in this case). [-3.247e-03]
6. The estimated standard deviation of the offset estimate (in
seconds). [2.220e-03]
7. The estimated rate at which the local clock is gaining or losing
time relative to the source (in seconds per second, positive means
the local clock is gaining). This is relative to the compensation
currently being applied to the local clock, _not_ to the local
clock without any compensation. [1.874e-06]
8. The estimated error in the rate value (in seconds per second).
[1.080e-06].
9. The ration of |old_rate - new_rate| / old_rate_error. Large values
indicate the statistics are not modelling the source very well.
[7.8e-02]
10. The number of measurements currently being used for the regression
algorithm. [16]
11. The new starting index (the oldest sample has index 0; this is the
method used to prune old samples when it no longer looks like the
measurements fit a linear model). [0, i.e. no samples discarded
this time]
12. The number of runs. The number of runs of regression residuals
with the same sign is computed. If this is too small it indicates
that the measurements are no longer represented well by a linear
model and that some older samples need to be discarded. The number
of runs for the data that is being retained is tabulated. Values
of approximately half the number of samples are expected. [8]
A banner is periodically written to the log file to indicate the
meanings of the columns.
4.2.26.3 Tracking log file format
.................................
An example line (which actually appears as a single line in the file)
from the tracking log file is shown below.
2012-02-23 05:40:50 158.152.1.76 3 340.529 1.606 1.046e-03 N \
4 6.849e-03 -4.670e-04
The columns are as follows (the quantities in square brackets are the
values from the example line above) :
1. Date [2012-02-03]
2. Hour:Minute:Second [05:40:50]. Note that the date/time pair is
expressed in UTC, not the local time zone.
3. The IP address of the server/peer to which the local system is
synchronised. [158.152.1.76]
4. The stratum of the local system. [3]
5. The local system frequency (in ppm, positive means the local system
runs fast of UTC). [340.529]
6. The error bounds on the frequency (in ppm) [1.606]
7. The estimated local offset at the epoch (which is rapidly corrected
by slewing the local clock. (In seconds, positive indicates the
local system is fast of UTC). [1.046e-3]
8. Leap status ('N' means normal, '+' means that the last minute of
this month has 61 seconds, '-' means that the last minute of the
month has 59 seconds, '?' means the clock is not currently
synchronised.) [N]
9. The number of combined sources. [4]
10. The estimated standard deviation of the combined offset (in
seconds). [6.849e-03]
11. The remaining offset correction from the previous update (in
seconds, positive means the system clock is slow of UTC).
[-4.670e-04]
A banner is periodically written to the log file to indicate the
meanings of the columns.
4.2.26.4 Real-time clock log file format
........................................
An example line (which actually appears as a single line in the file)
from the measurements log file is shown below.
1998-07-22 05:40:50 -0.037360 1 -0.037434\
-37.948 12 5 120
The columns are as follows (the quantities in square brackets are the
values from the example line above) :
1. Date [1998-07-22]
2. Hour:Minute:Second [05:40:50]. Note that the date/time pair is
expressed in UTC, not the local time zone.
3. The measured offset between the system's real time clock and the
system ('gettimeofday()') time. In seconds, positive indicates
that the RTC is fast of the system time. [-0.037360].
4. Flag indicating whether the regression has produced valid
coefficients. (1 for yes, 0 for no). [1]
5. Offset at the current time predicted by the regression process. A
large difference between this value and the measured offset tends
to indicate that the measurement is an outlier with a serious
measurement error. [-0.037434].
6. The rate at which the RTC is losing or gaining time relative to the
system clock. In ppm, with positive indicating that the RTC is
gaining time. [-37.948]
7. The number of measurements used in the regression. [12]
8. The number of runs of regression residuals of the same sign. Low
values indicate that a straight line is no longer a good model of
the measured data and that older measurements should be discarded.
[5]
9. The measurement interval used prior to the measurement being made
(in seconds). [120]
A banner is periodically written to the log file to indicate the
meanings of the columns.
4.2.26.5 Refclocks log file format
..................................
An example line (which actually appears as a single line in the file)
from the refclocks log file is shown below.
2009-11-30 14:33:27.000000 PPS2 7 N 1 4.900000e-07 -6.741777e-07 1.000e-06
The columns are as follows (the quantities in square brackets are the
values from the example line above) :
1. Date [2009-11-30]
2. Hour:Minute:Second.Microsecond [14:33:27.000000]. Note that the
date/time pair is expressed in UTC, not the local time zone.
3. Reference ID of refclock from which measurement comes. [PPS2]
4. Sequence number of driver poll within one polling interval for raw
samples, or '-' for filtered samples. [7]
5. Leap status ('N' means normal, '+' means that the last minute of
the current month has 61 seconds, '-' means that the last minute of
the month has 59 seconds). [N]
6. Flag indicating whether the sample comes from PPS source. (1 for
yes, 0 for no, or '-' for filtered sample). [1]
7. Local clock error measured by refclock driver, or '-' for filtered
sample. [4.900000e-07]
8. Local clock error with applied corrections. Positive indicates
that the local clock is slow. [-6.741777e-07]
9. Assumed dispersion of the sample. [1.000e-06]
A banner is periodically written to the log file to indicate the
meanings of the columns.
4.2.26.6 Tempcomp log file format
.................................
An example line (which actually appears as a single line in the file)
from the tempcomp log file is shown below.
2010-04-19 10:39:48 2.8000e+04 3.6600e-01
The columns are as follows (the quantities in square brackets are the
values from the example line above) :
1. Date [2010-04-19]
2. Hour:Minute:Second [10:39:48]. Note that the date/time pair is
expressed in UTC, not the local time zone.
3. Temperature read from tempcomp file. [2.8000e+04]
4. Applied compensation in ppm, positive means the system clock is
running faster than it would be without the compensation.
[3.6600e-01]
A banner is periodically written to the log file to indicate the
meanings of the columns.
4.2.27 logbanner
----------------
A banner is periodically written to the log files enabled by the 'log'
directive to indicate the meanings of the columns.
The 'logbanner' directive specifies after how many entries in the log
file should be the banner written. The default is 32, and 0 can be used
to disable it entirely.
4.2.28 logchange
----------------
This directive forces 'chronyd' to send a message to syslog if it makes
a system clock adjustment larger than a threshold value. An example of
use is
logchange 0.5
which would cause a syslog message to be generated a system clock
error of over 0.5 seconds starts to be compensated.
Clock errors detected either via NTP packets or via timestamps
entered via the 'settime' command of 'chronyc' are logged.
This directive assumes that syslog messages are appearing where
somebody can see them. This allows that person to see if a large error
has arisen, e.g. because of a fault, or because of faulty timezone
handling, for example when summer time (daylight saving) starts or ends.
4.2.29 logdir
-------------
This directive allows the directory where log files are written to be
specified.
An example of the use of this directive is
logdir /var/log/chrony
4.2.30 mailonchange
-------------------
This directive defines an email address to which mail should be sent if
chronyd applies a correction exceeding a particular threshold to the
system clock.
An example of use of this directive is
mailonchange root@localhost 0.5
This would send a mail message to root if a change of more than 0.5
seconds were applied to the system clock.
4.2.31 makestep
---------------
Normally chronyd will cause the system to gradually correct any time
offset, by slowing down or speeding up the clock as required. In
certain situations, the system clock may be so far adrift that this
slewing process would take a very long time to correct the system clock.
This directive forces 'chronyd' to step system clock if the
adjustment is larger than a threshold value, but only if there were no
more clock updates since 'chronyd' was started than a specified limit (a
negative value can be used to disable the limit).
This is particularly useful when using reference clocks, because the
'initstepslew' directive (*note initstepslew directive::) works only
with NTP sources.
An example of the use of this directive is
makestep 1000 10
This would step system clock if the adjustment is larger than 1000
seconds, but only in the first ten clock updates.
4.2.32 maxchange
----------------
This directive sets the maximum allowed offset corrected on a clock
update. The check is performed only after the specified number of
updates to allow a large initial adjustment of the system clock. When
an offset larger than the specified maximum occurs, it will be ignored
for the specified number of times and then 'chronyd' will give up and
exit (a negative value can be used to never exit). In both cases a
message is sent to syslog.
An example of the use of this directive is
maxchange 1000 1 2
After the first clock update, 'chronyd' will check the offset on
every clock update, it will ignore two adjustments larger than 1000
seconds and exit on another one.
4.2.33 manual
-------------
The 'manual' directive enables support at run-time for the 'settime'
command in chronyc (*note settime command::). If no 'manual' directive
is included, any attempt to use the 'settime' command in chronyc will be
met with an error message.
Note that the 'settime' command can be enabled at run-time using the
'manual' command in chronyc (*note manual command::). (The idea of the
two commands is that the 'manual' command controls the manual clock
driver's behaviour, whereas the 'settime' command allows samples of
manually entered time to be provided).
4.2.34 maxclockerror
--------------------
The 'maxclockerror' directive sets the maximum assumed frequency error
of the local clock. This is a frequency stability of the clock, not an
absolute frequency error.
By default, the maximum assumed error is set to 1 ppm.
The syntax is
maxclockerror <error-in-ppm>
Typical values for <error-in-ppm> might be 10 for a low quality clock
to 0.1 for a high quality clock using a temperature compensated crystal
oscillator.
4.2.35 maxsamples
-----------------
The 'maxsamples' directive sets the maximum number of samples 'chronyd'
should keep for each source. The default is 0, which disables the
configurable limit, and the useful range is 4 to 64.
The syntax is
maxsamples <samples>
4.2.36 maxupdateskew
--------------------
One of 'chronyd's' tasks is to work out how fast or slow the computer's
clock runs relative to its reference sources. In addition, it computes
an estimate of the error bounds around the estimated value.
If the range of error is too large, it probably indicates that the
measurements have not settled down yet, and that the estimated gain or
loss rate is not very reliable.
The 'maxupdateskew' parameter allows the threshold for determining
whether an estimate may be so unreliable that it should not be used. By
default, the threshold is 1000 ppm.
The syntax is
maxupdateskew <skew-in-ppm>
Typical values for <skew-in-ppm> might be 100 for a dial-up
connection to servers over a phone line, and 5 or 10 for a computer on a
LAN.
It should be noted that this is not the only means of protection
against using unreliable estimates. At all times, 'chronyd' keeps track
of both the estimated gain or loss rate, and the error bound on the
estimate. When a new estimate is generated following another
measurement from one of the sources, a weighted combination algorithm is
used to update the master estimate. So if 'chronyd' has an existing
highly-reliable master estimate and a new estimate is generated which
has large error bounds, the existing master estimate will dominate in
the new master estimate.
4.2.37 minsamples
-----------------
The 'minsamples' directive sets the minimum number of samples 'chronyd'
should try to keep for each source. The default is 0 and the useful
range is 4 to 64.
The syntax is
minsamples <samples>
4.2.38 noclientlog
------------------
This directive, which takes no arguments, specifies that client accesses
are not to be logged. Normally they are logged, allowing statistics to
be reported using the 'clients' command in 'chronyc'.
4.2.39 clientloglimit
---------------------
This directive specifies the maximum size of the memory allocated to log
client accesses. When the limit is reached, only information for
clients that have already been logged will be updated. If 0 is
specified, the memory size will be unlimited. The default is 524288
bytes.
An example of the use of this directive is
clientloglimit 1048576
4.2.40 peer
-----------
The syntax of this directive is identical to that for the 'server'
directive (*note server directive::), except that it is used to specify
an NTP peer rather than an NTP server.
4.2.41 pidfile
--------------
chronyd always writes its process ID (pid) to a file, and checks this
file on startup to see if another chronyd may already be running on the
system. By default, the file used is '/var/run/chronyd.pid'. The
'pidfile' directive allows the name to be changed, e.g.
pidfile /var/tmp/chronyd.pid
4.2.42 port
-----------
This option allows you to configure the port used for the NTP service on
your machine.
The compiled in default is udp/123, the standard NTP port. It is
unlikely that you would ever need to change this value. A possible
exception would be if you wanted to operate strictly in client-only mode
and never be available as a server to ntpd clients. If set to 0, the
kernel will assign a random port.
An example of the port command is
port 11123
This would change the NTP port served by chronyd on the computer to
udp/11123.
4.2.43 refclock
---------------
Reference clocks allows very accurate synchronisation and 'chronyd' can
function as a stratum 1 server. They are specified by the 'refclock'
directive. It has two mandatory parameters, a refclock driver name and
a driver specific parameter.
There are currently three drivers included:
'PPS'
PPSAPI (pulse per second) driver. The parameter is the path to a
PPS device. Assert events are used by default. Driver option
':clear' can be appended to the path if clear events should be used
instead.
As PPS refclock gets only sub-second time information, it needs
another source (NTP or non-PPS refclock) or local directive (*note
local directive::) enabled to work. For example:
refclock PPS /dev/pps0 lock NMEA
refclock SHM 0 offset 0.5 delay 0.1 refid NMEA noselect
'SHM'
NTP shared memory driver. This driver uses a shared memory segment
to receive data from another daemon which communicates with an
actual reference clock. The parameter is the number of a shared
memory segment, usually 0, 1, 2 or 3. For example:
refclock SHM 1 poll 3 refid GPS1
A driver option in form ':perm=NNN' can be appended to the segment
number to create the segment with permissions other than the
default '0600'.
Some examples of applications that can be used as SHM sources are
'gpsd', 'shmpps' and 'radioclk'.
'SOCK'
Unix domain socket driver. It is similar to the SHM driver, but
uses a different format and uses a socket instead of shared memory.
It does not require polling and it supports transmitting of PPS
data. The parameter is a path to the socket which will be created
by 'chronyd' and used to receive the messages. The format of
messages sent over the socket is described in the 'refclock_sock.c'
file.
Recent versions of the 'gpsd' daemon include support for the SOCK
protocol. The path where the socket should be created is described
in the 'gpsd(8)' man page. For example:
refclock SOCK /var/run/chrony.ttyS0.sock
The 'refclock' command also supports a number of subfields (which may
be defined in any order):
'poll'
Timestamps produced by refclock drivers are not used immediately,
but they are stored and processed by a median filter in intervals
specified by this option. This is defined as a power of 2. The
default is 4 (16 seconds). A shorter interval allows 'chronyd' to
react faster to changes in clock frequency, but it may decrease the
accuracy if the source is too noisy.
'dpoll'
Some drivers are not controlled by external events and thus require
polling. Again this is defined as a power of 2 and can be negative
for sub-second intervals. The default is 0 (1 second).
'refid'
This option is used to specify a reference id of the refclock, as
up to four ASCII characters. By default, first three characters
from driver name and the number of the refclock are used as refid.
Each refclock must have an unique refid.
'filter'
This option sets the length of the median filter which is used to
reduce noise. With each poll about 40 percent of the stored
samples is discarded and one final sample is calculated as average
of the remaining samples. If the length is 4 or above, at least 4
samples have to be collected between polls. For lengths below 4,
the filter has to be full. The default is 64.
'rate'
PPS signal frequency (in Hz). This option only controls how the
received pulses are aligned. To actually receive more than one
pulse per second, a negative 'dpoll' has to be specified (-3 for
5Hz signal). The default is 1.
'lock'
This option can be used to lock a PPS refclock to another refclock
whose reference id is specified by this option. In this mode
received pulses are aligned directly to unfiltered samples from the
refclock. By default, pulses are aligned to local clock, but only
when it is well synchronised.
'offset'
This option can be used to compensate a constant error. The
specified offset (in seconds) is applied to all samples produced by
the refclock. The default is 0.0.
'delay'
This option is used to specify how the refclock is assumed to be
inaccurate (in seconds). Increasing the value is useful to avoid
having no majority in the source selection algorithm or to make the
algorithm prefer other refclocks. The default is 1e-9 (1
nanosecond).
'precision'
Refclock precision (in seconds). The default is 1e-6 (1
microsecond) for SHM refclock, and 1e-9 (1 nanosecond) for SOCK and
PPS refclocks.
'prefer'
Prefer this source over sources without prefer option.
'noselect'
Never select this source. This is useful for monitoring or with
sources which are not very accurate, but are locked with a PPS
refclock.
4.2.44 reselectdist
-------------------
When 'chronyd' selects synchronisation source from available sources, it
will prefer the one with minimum synchronisation distance. However, to
avoid frequent reselecting when there are sources with similar distance,
a fixed distance is added to the distance for sources that are currently
not selected. This can be set with the 'reselectdist' option. By
default, the distance is 100 microseconds.
The syntax is
reselectdist <dist-in-seconds>
4.2.45 rtcdevice
----------------
The 'rtcdevice' directive defines the name of the device file for
accessing the real time clock. By default this is '/dev/rtc/', unless
the directive is used to set a different value. This applies to Linux
systems with devfs. An example of use is
rtcdevice /dev/misc/rtc
4.2.46 rtcfile
--------------
The 'rtcfile' directive defines the name of the file in which 'chronyd'
can save parameters associated with tracking the accuracy of the
system's real-time clock (RTC).
The syntax is illustrated in the following example
rtcfile /var/lib/chrony/rtc
'chronyd' saves information in this file when it exits and when the
'writertc' command is issued in 'chronyc'. The information saved is the
RTC's error at some epoch, that epoch (in seconds since January 1 1970),
and the rate at which the RTC gains or loses time.
So far, the support for real-time clocks is limited - their code is
even more system-specific than the rest of the software. You can only
use the real time clock facilities (the 'rtcfile' directive and the '-s'
command line option to 'chronyd') if the following three conditions
apply:
1. You are running Linux version 2.2.x or later.
2. You have compiled the kernel with extended real-time clock support
(i.e. the '/dev/rtc' device is capable of doing useful things).
3. You don't have other applications that need to make use of
'/dev/rtc' at all.
4.2.47 rtconutc
---------------
'chronyd' assumes by default that the real time clock (RTC) keeps local
time (including any daylight saving changes). This is convenient on PCs
running Linux which are dual-booted with DOS or Windows.
NOTE : IF YOU KEEP THE REAL TIME CLOCK ON LOCAL TIME AND YOUR
COMPUTER IS OFF WHEN DAYLIGHT SAVING (SUMMER TIME) STARTS OR ENDS, THE
COMPUTER'S SYSTEM TIME WILL BE ONE HOUR IN ERROR WHEN YOU NEXT BOOT AND
START CHRONYD.
An alternative is for the RTC to keep Universal Coordinated Time
(UTC). This does not suffer from the 1 hour problem when daylight saving
starts or ends.
If the 'rtconutc' directive appears, it means the RTC is required to
keep UTC. The directive takes no arguments. It is equivalent to
specifying the '-u' switch to the Linux '/sbin/clock' program.
4.2.48 rtcsync
--------------
The 'rtcsync' directive will enable a kernel mode where the system time
is copied to the real time clock (RTC) every 11 minutes.
This directive is supported only on Linux and cannot be used when the
normal RTC tracking is enabled, i.e. when the 'rtcfile' directive is
used.
4.2.49 sched_priority
---------------------
The 'sched_priority' directive will select the SCHED_FIFO real-time
scheduler at the specified priority (which must be between 0 and 100).
This mode is supported only on Linux.
This directive uses the Linux sched_setscheduler() system call to
instruct the kernel to use the SCHED_FIFO first-in, first-out real-time
scheduling policy for 'chronyd' with the specified priority. This means
that whenever 'chronyd' is ready to run it will run, interrupting
whatever else is running unless it is a higher priority real-time
process. This should not impact performance as 'chronyd's' resource
requirements are modest, but it should result in lower and more
consistent latency since 'chronyd' will not need to wait for the
scheduler to get around to running it. You should not use this unless
you really need it. The sched_setscheduler man page has more details.
4.2.50 stratumweight
--------------------
The 'stratumweight' directive sets how much distance should be added per
stratum to the synchronisation distance when 'chronyd' selects the
synchronisation source from available sources.
The syntax is
stratumweight <dist-in-seconds>
By default, it is 1 second. This usually means that sources with
lower stratum will be preferred to sources with higher stratum even when
their distance is significantly worse. Setting 'stratumweight' to 0
makes 'chronyd' ignore stratum when selecting the source.
4.2.51 lock_all
---------------
The 'lock_all' directive will lock chronyd into RAM so that it will
never be paged out. This mode is only supported on Linux. This
directive uses the Linux mlockall() system call to prevent 'chronyd'
from ever being swapped out. This should result in lower and more
consistent latency. It should not have significant impact on
performance as 'chronyd's' memory usage is modest. The mlockall man
page has more details.
4.2.52 server
-------------
The 'server' directive allows NTP servers to be specified. The
client/server relationship is strictly hierarchical : a client may
synchronise its system time to that of the server, but the server's
system time will never be influenced by that of a client.
The 'server' directive is immediately followed by either the name of
the server, or its IP address. The server command also supports a
number of subfields (which may be defined in any order):
'port'
This option allows the UDP port on which the server understands NTP
requests to be specified. For normal servers this option should
not be required (the default is 123, the standard NTP port).
'minpoll'
Although 'chronyd' will trim the rate at which it samples the
server during normal operation, the user may wish to constrain the
minimum polling interval. This is always defined as a power of 2,
so <tt/minpoll 5/ would mean that the polling interval cannot drop
below 32 seconds. The default is 6 (64 seconds).
'maxpoll'
In a similar way, the user may wish to constrain the maximum
polling interval. Again this is specified as a power of 2, so
<tt/maxpoll 9/ indicates that the polling interval must stay at or
below 512 seconds. The default is 10 (1024 seconds).
'maxdelay'
'chronyd' uses the network round-trip delay to the server to
determine how accurate a particular measurement is likely to be.
Long round-trip delays indicate that the request, or the response,
or both were delayed. If only one of the messages was delayed the
measurement error is likely to be substantial.
For small variations in round trip delay, 'chronyd' uses a
weighting scheme when processing the measurements. However, beyond
a certain level of delay the measurements are likely to be so
corrupted as to be useless. (This is particularly so on dial-up or
other slow links, where a long delay probably indicates a highly
asymmetric delay caused by the response waiting behind a lot of
packets related to a download of some sort).
If the user knows that round trip delays above a certain level
should cause the measurement to be ignored, this level can be
defined with the maxdelay command. For example, <tt/maxdelay 0.3/
would indicate that measurements with a round-trip delay of 0.3
seconds or more should be ignored.
'maxdelayratio'
This option is similar to the maxdelay option above. 'chronyd'
keeps a record of the minimum round-trip delay amongst the previous
measurements that it has buffered. If a measurement has a round
trip delay that is greater than the maxdelayratio times the minimum
delay, it will be rejected.
'maxdelaydevratio'
If a measurement has ratio of the increase in round-trip delay from
the minimum delay amongst the previous measurements to the standard
deviation of the previous measurements that is greater than
maxdelaydevratio, it will be rejected. The default is 10.0.
'presend'
If the timing measurements being made by 'chronyd' are the only
network data passing between two computers, you may find that some
measurements are badly skewed due to either the client or the
server having to do an ARP lookup on the other party prior to
transmitting a packet. This is more of a problem with long
sampling intervals, which may be similar in duration to the
lifetime of entries in the ARP caches of the machines.
In order to avoid this problem, the 'presend' option may be used.
It takes a single integer argument, which is the smallest polling
interval for which a pair of packets will be exchanged between the
client and the server prior to the actual measurement being
initiated by the client. For example, with the following option
included in a 'server' directive :
presend 9
when the polling interval is 512 seconds or more, a UDP echo
datagram will be sent to the server a short time (currently 4
seconds) before the NTP client mode datagram.
'key'
The NTP protocol supports the inclusion of checksums in the
packets, to prevent computers having their system time upset by
rogue packets being sent to them. The checksums are generated as a
function of a password, using the cryptographic hash function set
in the key file.
The association between key numbers and passwords is contained in
the keys file, defined by the keyfile command.
If the key option is present, 'chronyd' will attempt to use
authenticated packets when communicating with this server. The key
number used will be the single argument to the key option. The
server must have the same password for this key number configured,
otherwise no relationship between the computers will be possible.
'offline'
If the server will not be reachable when 'chronyd' is started, the
offline option may be specified. 'chronyd' will not try to poll
the server until it is enabled to do so (by using the online option
of 'chronyc').
'auto_offline'
If this option is set, the server will be assumed to have gone
offline when 2 requests have been sent to it without receiving a
response. This option avoids the need to run the 'offline' (*note
offline command::) command from chrony when disconnecting the
dial-up link. (It will still be necessary to use chronyc's
'online' (*note online command::) command when the link has been
established, to enable measurements to start.)
'iburst'
On start, make four measurements over a short duration (rather than
the usual periodic measurements).
'minstratum'
When the synchronisation source is selected from available sources,
sources with lower stratum are normally preferred. This option can
be used to increase stratum of the source to the specified minimum,
so 'chronyd' will avoid selecting that source. This is useful with
low stratum sources that are known to be unrealiable or inaccurate
and which should be used only when other sources are unreachable.
'polltarget'
Target number of measurements to use for the regression algorithm
which 'chronyd' will try to maintain by adjusting polling interval
between 'minpoll' and 'maxpoll'. A higher target makes 'chronyd'
prefer shorter polling intervals. The default is 6 and a useful
range is 6 to 60.
'prefer'
Prefer this source over sources without prefer option.
'noselect'
Never select this source. This is particularly useful for
monitoring.
4.2.53 tempcomp
---------------
Normally, changes in rate of drift of the system clock are caused mainly
by changes in temperature of the crystal oscillator on the mainboard.
If there are available temperature measurements from a sensor close
to the oscillator, 'tempcomp' directive can be used to compensate for
the changes in rate and possibly improve clock accuracy.
Whether it will really help depends on many factors, including
resolution of the sensor, noise in measurements, time source polling
interval, compensation update interval, how good are the temperature
coefficients, and how close is the sensor to the oscillator. The
frequency reported in tracking.log should be more stable and the offsets
should be smaller.
The directive has six parameters: path to the file which contains
current temperature in text format, update interval (in seconds), and
temperature coefficients T0, k0, k1, k2.
The frequency compensation is calculated (in ppm) as
'k0 + (T - T0) * k1 + (T - T0)^2 * k2'
The result has to be between -10 ppm and 10 ppm, otherwise the
measurement is considered to be faulty and will be ignored. The k0
coefficient can be used to get the results in that range.
Valid measurements and calculated corrections are logged to
tempcomp.log file if enabled with 'log tempcomp' directive.
An example of use is
tempcomp /sys/class/hwmon/hwmon1/device/temp2_input 30 26000 0.0 0.000183 0.0
The measured temperature will be read from the file in Linux sysfs
filesystem every 30 seconds. When the temperature is 26 degress
(26000), the system clock frequency will not be adjusted. When it is 27
degrees (27000), the clock will be set to run 0.183ppm faster than it
would be without the compensation, etc.
4.2.54 user
-----------
The 'user' directive sets the name of the user to which will 'chronyd'
drop root privileges after the initialisation. So far, it works only on
Linux when compiled with capabilities support.
By default, root privileges are not dropped.
4.3 Running chronyc
===================
Chronyc is the program that can be used to reconfigure options within
the 'chronyd' program whilst it is running. Chronyc can also be used to
generate status reports about the operation of 'chronyd'.
4.3.1 Basic use
---------------
The program chronyc is run by entering
chronyc
at the command line. The prompt 'chronyc' is displayed whilst
chronyc is expecting input from the user, when it is being run from a
terminal. If chronyc's input or output are redirected from/to a file,
the prompt is now shown.
When you are finished entering commands, the commands 'exit' or
'quit' will terminate the program. (Entering <Control-D> will also
terminate the program.)
4.3.2 Command line options
--------------------------
Chronyc supports the following command line options.
'-v'
Displays the version number of chronyc on the terminal, and exists.
'-h <host>'
This option allows the user to specify which host running the
'chronyd' program is to be contacted. This allows for remote
configuration, without having to telnet or rlogin to the other host
first.
The default is to contact 'chronyd' running on the same host as
that where chronyc is being run.
'-p <port>'
This option allows the user to specify the UDP port number which
the target 'chronyd' is using for its command & monitoring
connections. This defaults to the compiled-in default; there would
rarely be a need to change this.
'-n'
This option disables resolving IP addresses to hostnames.
'-4'
With this option hostnames will be resolved only to IPv4 addresses.
'-6'
With this option hostnames will be resolved only to IPv6 addresses.
'-m'
With this option multiple commands can be specified on the command
line. Each argument will be interpreted as a whole command.
'-f <conf-file>'
This option can be used to specify an alternate location of the
'chronyd' configuration file (default '/etc/chrony.conf'). The
configuration file is needed for the '-a' option.
'-a'
With this option 'chronyc' will try to authenticate automatically
on start. It will read the configuration file, read the command
key from the keyfile and run the authhash and password commands.
4.3.3 Security with chronyc
---------------------------
Many of the commands available through chronyc have a fair amount of
power to reconfigure the run-time behaviour of 'chronyd'. Consequently,
'chronyc' is quite dangerous for the integrity of the target system's
clock performance. Having access to 'chronyd' via chronyc is more or
less equivalent to being able to modify 'chronyd's' configuration file
(typically '/etc/chrony.conf') and to restart 'chronyd'.
Chronyc also provides a number of monitoring (as opposed to
commanding) commands, which will not affect the behaviour of 'chronyd'.
However, you may still want to restrict access to these commands.
In view of this, access to some of the capabilities of chronyc will
usually be tightly controlled. There are two mechanisms supported:
1. The set of hosts from which 'chronyd' will accept commands can be
restricted. By default, commands will only be accepted from the
same host that 'chronyd' is running on.
2. Any command that actually reconfigures some aspect of 'chronyd's'
behaviour requires the user of chronyc to know a password. This
password is specified in 'chronyd's' keys file (*note keyfile
directive::) and specified via the commandkey option in its
configuration file (*note commandkey directive::).
Only the following commands can be used _without_ providing a
password:
* 'activity'
* 'authhash'
* 'dns'
* 'exit'
* 'help'
* 'password'
* 'quit'
* 'rtcdata'
* 'sources'
* 'sourcestats'
* 'tracking'
* 'waitsync'
All other commands require a password to have been specified
previously, because they affect 'chronyd's' operation.
4.3.4 Command reference
-----------------------
This section describes each of the commands available within the chronyc
program. Chronyc offers the user a simple command-line driven
interface.
4.3.4.1 accheck
...............
This command allows you to check whether client NTP access is allowed
from a particular host.
Examples of use, showing a named host and a numeric IP address, are
as follows:
accheck a.b.c
accheck 1.2.3.4
accheck 2001:db8::1
This command can be used to examine the effect of a series of
'allow', 'allow all', 'deny' and 'deny all' commands specified either
via chronyc, or in 'chronyd's' configuration file.
4.3.4.2 activity
................
This command reports the number of servers/peers that are online and
offline. If the auto_offline option is used in specifying some of the
servers/peers, the 'activity' command may be useful for detecting when
all of them have entered the offline state after the PPP link has been
disconnected.
The report shows the number of servers/peers in 5 states:
* 'online' : the server/peer is currently online (i.e. assumed by
chronyd to be reachable)
* 'offline' : the server/peer is currently offline (i.e. assumed by
chronyd to be unreachable, and no measurements from it will be
attempted.)
* 'burst_online' : a burst command has been initiated for the
server/peer and is being performed; after the burst is complete,
the server/peer will be returned to the online state.
* 'burst_offline' : a burst command has been initiated for the
server/peer and is being performed; after the burst is complete,
the server/peer will be returned to the offline state.
* 'unresolved' : the name of the server/peer wasn't resolved to an
address yet; this server is not visible in the 'sources' and
'sourcestats' reports.
4.3.4.3 add peer
................
The 'add peer' command allows a new NTP peer to be added whilst
'chronyd' is running.
Following the words 'add peer', the syntax of the following
parameters and options is identical to that for the 'peer' directive in
the configuration file (*note peer directive::).
An example of using this command is shown below.
add peer foo.bar.com minpoll 6 maxpoll 10 authkey 25
4.3.4.4 add server
..................
The 'add server' command allows a new NTP server to be added whilst
'chronyd' is running.
Following the words 'add server', the syntax of the following
parameters and options is identical to that for the 'server' directive
in the configuration file (*note server directive::).
An example of using this command is shown below.
add server foo.bar.com minpoll 6 maxpoll 10 authkey 25
4.3.4.5 allow
.............
The effect of the allow command is identical to the 'allow' directive in
the configuration file (*note allow directive::).
The syntax is illustrated in the following examples:
allow foo.bar.com
allow 1.2
allow 3.4.5
allow 6.7.8/22
allow 6.7.8.9/22
allow 2001:db8:789a::/48
allow 0/0
allow ::/0
allow
The effect of each of these examples is the same as that of the
'allow' directive in the configuration file.
4.3.4.6 allow all
.................
The effect of the allow command is identical to the 'allow all'
directive in the configuration file (*note allow directive::).
4.3.4.7 authhash
................
This command sets the hash function used for authenticating user
commands. For successful authentication the hash function has to be the
same as the one set for the command key in the keys file on the server.
It needs to be set before the 'password' command is used. The default
hash function is MD5.
An example is
authhash SHA1
The authhash command is run automatically on start if 'chronyc' was
started with the '-a' option.
4.3.4.8 burst
.............
The 'burst' command tells 'chronyd' to make a set of measurements to
each of its NTP sources over a short duration (rather than the usual
periodic measurements that it makes). After such a burst, 'chronyd'
will revert to the previous state for each source. This might be either
online, if the source was being periodically measured in the normal way,
or offline, if the source had been indicated as being offline.
(Switching a source between the online and offline states is described
in *note online command::, *note offline command::).
The syntax of the burst command is as follows
burst <n-good-measurements>/<max-measurements> [<mask>/<masked-address>]
burst <n-good-measurements>/<max-measurements> [<masked-address>/<masked-bits>]
burst <n-good-measurements>/<max-measurements> [<address>]
The mask and masked-address arguments are optional, in which case
'chronyd' will initiate a burst for all of its currently defined
sources.
The arguments have the following meaning and format.
'n-good-measurements'
This defines the number of good measurements that 'chronyd' will
want to obtain from each source. A measurement is good if it
passes certain tests, for example, the round trip time to the
source must be acceptable. (This allows 'chronyd' to reject
measurements that are likely to be bogus.)
'max-measurements'
This defines the maximum number of measurements that 'chronyd' will
attempt to make, even if the required number of good measurements
has not been obtained.
'mask'
This is an IP address with which the IP address of each of
'chronyd''s sources is to be masked.
'masked-address'
This is an IP address. If the masked IP address of a source
matches this value then the burst command is applied to that
source.
'masked-bits'
This can be used with 'masked-address' for CIDR notation, which is
a shorter alternative to the form with mask.
'address'
This is an IP address or a hostname. The burst command is applied
only to that source.
If no mask or masked address arguments are provided, every source
will be matched.
An example of the two-argument form of the command is
burst 2/10
This will cause 'chronyd' to attempt to get two good measurements
from each source, stopping after two have been obtained, but in no event
will it try more than ten probes to the source.
Examples of the four-argument form of the command are
burst 2/10 255.255.0.0/1.2.0.0
burst 2/10 2001:db8:789a::/48
In the first case, the two out of ten sampling will only be applied
to sources whose IPv4 addresses are of the form '1.2.x.y', where x and y
are arbitrary. In the second case, the sampling will be applied to
sources whose IPv6 addresses have first 48 bits equal to
'2001:db8:789a'.
Example of the three-argument form of the command is
burst 2/10 foo.bar.com
4.3.4.9 clients
...............
This command shows a list of all clients that have accessed the server,
through either the NTP or command/monitoring ports. There are no
arguments.
An example of the output is
Hostname Client Peer CmdAuth CmdNorm CmdBad LstN LstC
========================= ====== ====== ====== ====== ====== ==== ====
localhost 0 0 15 1 0 29y 0
aardvark.xxx 4 0 0 0 0 49 29y
badger.xxx 4 0 0 0 0 6 29y
Each row shows the data for a single host. Only hosts that have
passed the host access checks (set with the 'allow', 'deny', 'cmdallow'
and 'cmddeny' commands or configuration file directives) are logged.
The columns are as follows:
1. The hostname of the client
2. The number of times the client has accessed the server using an NTP
client mode packet.
3. The number of times the client has accessed the server using an NTP
symmetric active mode packet.
4. The number of authenticated command packets that have been
processed from the client (i.e. those following a successful
'password' command).
5. The number of unauthenticated command packets that have been
processed from the client.
6. The number of bad command packets received from the client (not all
forms of bad packet are logged).
7. Time since the last NTP packet was received
8. Time since the last command packet was received
The last two entries will be shown as the time since 1970 if no
packet of that type has ever been received.
4.3.4.10 cmdaccheck
...................
This command is similar to the 'accheck' command, except that it is used
to check whether command access is permitted from a named host.
Examples of use are as follows:
cmdaccheck a.b.c
cmdaccheck 1.2.3.4
cmdaccheck 2001:db8::1
4.3.4.11 cmdallow
.................
This is similar to the 'allow' command, except that it is used to allow
particular hosts or subnets to use the chronyc program to interact with
'chronyd' on the current host.
4.3.4.12 cmdallow all
.....................
This is similar to the 'allow all' command, except that it is used
toallow particular hosts or subnets to use the chronyc program to
interactwith 'chronyd' on the current host.
4.3.4.13 cmddeny
................
This is similar to the 'deny' command, except that it is used to allow
particular hosts or subnets to use the chronyc program to interact with
'chronyd' on the current host.
4.3.4.14 cmddeny all
....................
This is similar to the 'deny all' command, except that it is used to
allow particular hosts or subnets to use the chronyc program to interact
with 'chronyd' on the current host.
4.3.4.15 cyclelogs
..................
The 'cyclelogs' command causes all of 'chronyd's' open log files to be
closed and re-opened. This allows them to be renamed so that they can
be periodically purged. An example of how to do this is shown below.
% mv /var/log/chrony/measurements.log /var/log/chrony/measurements1.log
% chronyc -a cyclelogs
% ls -l /var/log/chrony
-rw-r--r-- 1 root root 0 Jun 8 18:17 measurements.log
-rw-r--r-- 1 root root 12345 Jun 8 18:17 measurements1.log
% rm -f measurements1.log
4.3.4.16 delete
...............
The 'delete' command allows an NTP server or peer to be removed from the
current set of sources.
The syntax is illustrated in the examples below.
delete foo.bar.com
delete 1.2.3.4
delete 2001:db8::1
There is one parameter, the name or IP address of the server or peer
to be deleted.
4.3.4.17 deny
.............
The effect of the allow command is identical to the 'deny' directive in
the configuration file (*note deny directive::).
The syntax is illustrated in the following examples:
deny foo.bar.com
deny 1.2
deny 3.4.5
deny 6.7.8/22
deny 6.7.8.9/22
deny 2001:db8:789a::/48
deny 0/0
deny ::/0
deny
4.3.4.18 deny all
.................
The effect of the allow command is identical to the 'deny all' directive
in the configuration file (*note deny directive::).
4.3.4.19 dns
............
The 'dns' command configures how are hostnames and IP addresses resolved
in 'chronyc'. IP addresses can be resolved to hostnames when printing
results of 'sources', 'sourcestats', 'tracking' and 'clients' commands.
Hostnames are resolved in commands that take an address as argument.
There are five forms of the command:
'dns -n'
Disables resolving IP addresses to hostnames. Raw IP addresses
will be displayed.
'dns +n'
Enables resolving IP addresses to hostnames. This is the default
unless 'chronyc' was started with '-n' option.
'dns -4'
Resolves hostnames only to IPv4 addresses.
'dns -6'
Resolves hostnames only to IPv6 addresses.
'dns -46'
Resolves hostnames to both address families. This is the default
unless 'chronyc' was started with '-4' or '-6' option.
4.3.4.20 dump
.............
The 'dump' command causes 'chronyd' to write its current history of
measurements for each of its sources to dump files, either for
inspection or to support the '-r' option when 'chronyd' is restarted.
The 'dump' command is somewhat equivalent to the 'dumponexit'
directive in the chrony configuration file. *Note dumponexit
directive::.
To use the 'dump', you probably want to configure the name of the
directory into which the dump files will be written. This can only be
done in the configuration file, see *note dumpdir directive::.
4.3.4.21 exit
.............
The exit command exits from chronyc and returns the user to the shell
(same as the quit command).
4.3.4.22 help
.............
The help command displays a summary of the commands and their arguments.
4.3.4.23 local
..............
The 'local' command allows 'chronyd' to be told that it is to appear as
a reference source, even if it is not itself properly synchronised to an
external source. (This can be used on isolated networks, to allow one
computer to be a master time server with the other computers slaving to
it.) The 'local' command is somewhat equivalent to the 'local'
directive in the configuration file, see *note local directive::.
The syntax is as shown in the following examples.
local stratum 10
local off
The first example enables the local reference mode on the host, and
sets the stratum at which it should claim to be synchronised.
The second example disables the local reference mode.
4.3.4.24 makestep
.................
Normally chronyd will cause the system to gradually correct any time
offset, by slowing down or speeding up the clock as required. In
certain situations, the system clock may be so far adrift that this
slewing process would take a very long time to correct the system clock.
The 'makestep' command can be used in this situation. It cancels any
remaining correction that was being slewed, and jumps the system clock
by the equivalent amount, making it correct immediately.
BE WARNED - certain software will be seriously affected by such jumps
to the system time. (That is the reason why chronyd uses slewing
normally.)
The 'makestep' directive in the configuration file can be used to
step the clock automatically when the adjustment is larger than a
specified threshold, see *note makestep directive::.
4.3.4.25 manual
...............
The manual command enables and disables use of the 'settime' command
(*note settime command::), and is used to modify the behaviour of the
manual clock driver.
Examples of the command are shown below.
manual on
manual off
manual delete 1
manual list
manual reset
The 'on' form of the command enables use of the 'settime' command.
The 'off' form of the command disables use of the 'settime' command.
The 'list' form of the command lists all the samples currently stored
in 'chronyd'. The output is illustrated below.
210 n_samples = 1
# Date Time(UTC) Slewed Original Residual
====================================================
0 27Jan99 22:09:20 0.00 0.97 0.00
The columns as as follows :
1. The sample index (used for the 'manual delete' command)
2. The date and time of the sample
3. The system clock error when the timestamp was entered, adjusted to
allow for changes made to the system clock since.
4. The system clock error when the timestamp was entered, as it
originally was (without allowing for changes to the system clock
since).
5. The regression residual at this point, in seconds. This allows
'outliers' to be easily spotted, so that they can be deleted using
the 'manual delete' command.
The 'delete' form of the command deletes a single sample. The
parameter is the index of the sample, as shown in the first column of
the output from 'manual list'. Following deletion of the data point,
the current error and drift rate are re-estimated from the remaining
data points and the system clock trimmed if necessary. This option is
intended to allow 'outliers' to be discarded, i.e. samples where the
administrator realises he/she has entered a very poor timestamp.
The 'reset' form of the command deletes all samples at once. The
system clock is left running as it was before the command was entered.
4.3.4.26 maxdelay
.................
This allows the 'maxdelay' option for one of the sources to be modified,
in the same way as specifying the 'maxdelay' option for the 'server'
directive in the configuration file (*note server directive::).
The following examples illustrate the syntax
maxdelay foo.bar.com 0.3
maxdelay 1.2.3.4 0.0015
maxdelay 2001:db8::1 0.0015
The first example sets the maximum network delay allowed for a
measurement to the host 'foo.bar.com' to 0.3 seconds. The second and
third examples set the maximum network delay for a measurement to the
host with IPv4 address '1.2.3.4' and the host with IPv6 address
'2001:db8::1' to 1.5 milliseconds.
(Any measurement whose network delay exceeds the specified value is
discarded.)
4.3.4.27 maxdelayratio
......................
This allows the 'maxdelayratio' option for one of the sources to be
modified, in the same way as specifying the 'maxdelayratio' option for
the 'server' directive in the configuration file (*note server
directive::).
The following examples illustrate the syntax
maxdelayratio foo.bar.com 1.5
maxdelayratio 1.2.3.4 2.0
maxdelayratio 2001:db8::1 2.0
The first example sets the maximum network delay for a measurement to
the host 'foo.bar.com' to be 1.5 times the minimum delay found amongst
the previous measurements that have been retained. The second and third
examples set the maximum network delay for a measurement to the host
with IPv4 address '1.2.3.4' and the host with IPv6 address '2001:db8::1'
to be double the retained minimum.
As for 'maxdelay', any measurement whose network delay is too large
will be discarded.
4.3.4.28 maxdelaydevratio
.........................
This allows the 'maxdelaydevratio' option for one of the sources to be
modified, in the same way as specifying the 'maxdelaydevratio' option
for the 'server' directive in the configuration file (*note server
directive::).
The following examples illustrate the syntax
maxdelaydevratio foo.bar.com 0.1
maxdelaydevratio 1.2.3.4 1.0
maxdelaydevratio 2001:db8::1 100.0
4.3.4.29 maxpoll
................
The 'maxpoll' command is used to modify the minimum polling interval for
one of the current set of sources. It is equivalent to the 'maxpoll'
option in the 'server' directive in the configuration file (*note server
directive::).
The syntax is as follows
maxpoll <host> <new-maxpoll>
where the host can be specified as either a machine name or IP
address. The new minimum poll is specified as a base-2 logarithm of the
number of seconds between polls (e.g. specify 6 for 64 second
sampling).
An example is
maxpoll foo.bar.com 10
which sets the maximum polling interval for the host 'foo.bar.com' to
1024 seconds.
Note that the new maximum polling interval only takes effect after
the next measurement has been made.
4.3.4.30 maxupdateskew
......................
This command has the same effect as the 'maxupdateskew' directive in the
configuration file, see *note maxupdateskew directive::.
4.3.4.31 minpoll
................
The 'minpoll' command is used to modify the minimum polling interval for
one of the current set of sources. It is equivalent to the 'minpoll'
option in the 'server' directive in the configuration file (*note server
directive::).
The syntax is as follows
minpoll <host> <new-minpoll>
where the host can be specified as either a machine name or IP
address. The new minimum poll is specified as a base-2 logarithm of the
number of seconds between polls (e.g. specify 6 for 64 second
sampling).
An example is
minpoll foo.bar.com 5
which sets the minimum polling interval for the host 'foo.bar.com' to
32 seconds.
Note that the new minimum polling interval only takes effect after
the next measurement has been made.
4.3.4.32 minstratum
...................
The 'minstratum' command is used to modify the minimum stratum for one
of the current set of sources. It is equivalent to the 'minstratum'
option in the 'server' directive in the configuration file (*note server
directive::).
The syntax is as follows
minstratum <host> <new-min-stratum>
where the host can be specified as either a machine name or IP
address.
An example is
minpoll foo.bar.com 5
which sets the minimum stratum for the host 'foo.bar.com' to 5.
Note that the new minimum stratum only takes effect after the next
measurement has been made.
4.3.4.33 offline
................
The 'offline' command is used to warn 'chronyd' that the network
connection to a particular host or hosts is about to be lost. It should
be used on computers with a dial-up or similar connection to their time
sources, to warn 'chronyd' that the connection is about to be broken.
An example of how to use 'offline' in this case is shown in *note
Advising chronyd of internet availability::.
Another case where 'offline' could be used is where a computer serves
time to a local group of computers, and has a permanant connection to
true time servers outside the organisation. However, the external
connection is heavily loaded at certain times of the day and the
measurements obtained are less reliable at those times. In this case,
it is probably most useful to determine the gain/loss rate during the
quiet periods and let the whole network coast through the loaded
periods. The 'offline' and 'online' commands can be used to achieve
this. The situation is shown in the figure below.
+----------+
|Ext source|
+----------+
|
|
|/| <-- Link with variable
| reliability
|
+-------------------+
|Local master server|
+-------------------+
|
+---+---+-----+-----+----+----+
| | | | | | |
Local clients
If the source to which 'chronyd' is currently synchronised is
indicated offline in this way, 'chronyd' will continue to treat it as
the synchronisation source. If the network connection were broken
without the 'offline' command being used, 'chronyd' would assume that
the source had failed and would attempt to pick another synchronisation
source.
There are four forms of the 'offline' command. The first form is a
wildcard, meaning all sources. The second form allows an IP address
mask and a masked address to be specified. The third form uses the CIDR
notation. The fourth form uses an IP address or a hostname. These
forms are illustrated below.
offline
offline 255.255.255.0/1.2.3.0
offline 2001:db8:789a::/48
offline foo.bar.com
The second form means that the 'offline' command is to be applied to
any source whose IPv4 address is in the '1.2.3' subnet. (The host's
address is logically and-ed with the mask, and if the result matches the
masked-address the host is processed). The third form means that the
command is to be applied to all sources whose IPv6 addresses have first
48 bits equal to '2001:db8:789a'. The fourth form means that the
command is to be applied only to that one source.
The wildcard form of the address is actually equivalent to
offline 0.0.0.0/0.0.0.0
offline ::/0
4.3.4.34 online
...............
The 'online' command is opposite in function to the 'offline' command.
It is used to advise 'chronyd' that network connectivity to a particular
source or sources has been restored.
The syntax is identical to that of the 'offline' command, see *note
offline command::.
4.3.4.35 password
.................
The password command is used to allow chronyc to send privileged
commands to 'chronyd'. The password can either be entered on the
command line, or can be entered without echoing. The syntax for
entering the password on the command line is as follows
password xyzzy
password ASCII:xyzzy
password HEX:78797a7a79
To enter the password without it being echoed, enter
password
The computer will respond with a 'Password:' prompt, at which you
should enter the password and press return. (Note that the no-echo mode
is limited to 8 characters on SunOS 4.1 due to limitations in the system
library. Other systems do not have this restriction.)
The password can be encoded as a string of characters not containing
a space with optional 'ASCII:' prefix or as a hexadecimal number with
'HEX:' prefix. It has to match 'chronyd's' currently defined command
key (*note commandkey directive::).
The password command is run automatically on start if 'chronyc' was
started with the '-a' option.
4.3.4.36 polltarget
...................
The 'polltarget' command is used to modify the poll target for one of
the current set of sources. It is equivalent to the 'polltarget' option
in the 'server' directive in the configuration file (*note server
directive::).
The syntax is as follows
polltarget <host> <new-poll-target>
where the host can be specified as either a machine name or IP
address.
An example is
polltarget foo.bar.com 12
which sets the poll target for the host 'foo.bar.com' to 12.
4.3.4.37 quit
.............
The quit command exits from chronyc and returns the user to the shell
(same as the exit command).
4.3.4.38 reselect
.................
To avoid excessive switching between sources, 'chronyd' may stay
synchronised to a source even when it is not currently the best one
among the available sources.
The 'reselect' command can be used to force 'chronyd' to reselect the
best synchronisation source.
4.3.4.39 reselectdist
.....................
The 'reselectdist' command sets the reselect distance. It is equivalent
to the 'reselectdist' directive in the configuration file (*note
reselectdist directive::).
4.3.4.40 retries
................
The 'retries' command sets the maximum number of retries for 'chronyc'
requests before giving up. The response timeout is controlled by
'timeout' command (*note timeout command::).
The default is 2.
4.3.4.41 rtcdata
................
The 'rtcdata' command displays the current real time clock RTC
parameters.
An example output is shown below.
RTC ref time (GMT) : Sat May 30 07:25:56 1998
Number of samples : 10
Number of runs : 5
Sample span period : 549
RTC is fast by : -1.632736 seconds
RTC gains time at : -107.623 ppm
The fields have the following meaning
'RTC ref time (GMT)'
This is the RTC reading the last time its error was measured.
'Number of samples'
This is the number of previous measurements being used to determine
the RTC gain/loss rate.
'Number of runs'
This is the number of runs of residuals of the same sign following
the regression fit for (RTC error) versus (RTC time). A value
which is small indicates that the measurements are not well
approximated by a linear model, and that the algorithm will tend to
delete the older measurements to improve the fit.
'Sample span period'
This is the period that the measurements span (from the oldest to
the newest). Without a unit the value is in seconds; suffixes 'm'
for minutes, 'h' for hours, 'd' for days or 'y' for years may be
used.
'RTC is fast by'
This is the estimate of how many seconds fast the RTC when it
thought the time was at the reference time (above). If this value
is large, you may (or may not) want to use the 'trimrtc' command to
bring the RTC into line with the system clock. (Note, a large
error will not affect 'chronyd's' operation, unless it becomes so
big as to start causing rounding errors.
'RTC gains time at'
This is the amount of time gained (positive) or lost (negative) by
the real time clock for each second that it ticks. It is measured
in parts per million. So if the value shown was +1, suppose the
RTC was exactly right when it crosses a particular second boundary.
Then it would be 1 microsecond fast when it crosses its next second
boundary.
4.3.4.42 settime
................
The 'settime' command allows the current time to be entered manually, if
this option has been configured into 'chronyd'. (It may be configured
either with the 'manual' directive in the configuration file (*note
manual directive::), or with the 'manual' command of chronyc (*note
manual command::).
It should be noted that the computer's sense of time will only be as
accurate as the reference you use for providing this input (e.g. your
watch), as well as how well you can time the press of the return key.
Providing your computer's time zone is set up properly, you will be
able to enter a local time (rather than UTC).
The response to a successful 'settime' command indicates the amount
that the computer's clock was wrong. It should be apparent from this if
you have entered the time wrongly, e.g. with the wrong time zone.
The rate of drift of the system clock is estimated by a regression
process using the entered measurement and all previous measurements
entered during the present run of 'chronyd'. However, the entered
measurement is used for adjusting the current clock offset (rather than
the estimated intercept from the regression, which is ignored).
Contrast what happens with the 'manual delete' command, where the
intercept is used to set the current offset (since there is no
measurement that has just been typed in in that case).
The time is parsed by the public domain 'getdate' algorithm.
Consequently, you can only specify time to the nearest second.
Examples of inputs that are valid are shown below.
settime 16:30
settime 16:30:05
settime Nov 21, 1997 16:30:05
For a full description of 'getdate', get hold of the getdate
documentation (bundled, for example, with the source for GNU tar).
4.3.4.43 sources
................
This command displays information about the current time sources that
'chronyd' is accessing.
The optional argument '-v' can be specified, meaning _verbose_. In
this case, extra caption lines are shown as a reminder of the meanings
of the columns.
210 Number of sources = 3
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
#* GPS0 0 4 377 11 -479ns[ -621ns] +/- 134ns
^? a.b.c 2 6 377 23 -923us[ -924us] +/- 43ms
^+ d.e.f 1 6 377 21 -2629us[-2619us] +/- 86ms
The columns are as follows:
'M'
This indicates the mode of the source. '^' means a server, '='
means a peer and '#' indicates a locally connected reference clock.
'S'
This column indicates the state of the sources. '*' indicates the
source to which 'chronyd' is currently synchronised. '+' indicates
acceptable sources which are combined with the selected source.
'-' indicates acceptable sources which are excluded by the
combining algorithm. '?' indicates sources to which connectivity
has been lost or whose packets don't pass all tests. 'x' indicates
a clock which 'chronyd' thinks is is a falseticker (i.e. its time
is inconsistent with a majority of other sources). '~' indicates a
source whose time appears to have too much variability. The '?'
condition is also shown at start-up, until at least 3 samples have
been gathered from it.
'Name/IP address'
This shows the name or the IP address of the source, or refid for
reference clocks.
'Stratum'
This shows the stratum of the source, as reported in its most
recently received sample. Stratum 1 indicates a computer with a
locally attached reference clock. A computer that is synchronised
to a stratum 1 computer is at stratum 2. A computer that is
synchronised to a stratum 2 computer is at stratum 3, and so on.
'Poll'
This shows the rate at which the source is being polled, as a
base-2 logarithm of the interval in seconds. Thus, a value of 6
would indicate that a measurement is being made every 64 seconds.
'chronyd' automatically varies the polling rate in response to
prevailing conditions.
'Reach'
This shows the source's reachability register printed as octal
number. The register has 8 bits and is updated on every received
or missed packet from the source. A value of 377 indicates that a
valid reply was received for all from the last eight transmissions.
'LastRx'
This column shows how long ago the last sample was received from
the source. This is normally in seconds. The letters 'm', 'h',
'd' or 'y' indicate minutes, hours, days or years. A value of 10
years indicates there were no samples received from this source
yet.
'Last sample'
This column shows the offset between the local clock and the source
at the last measurement. The number in the square brackets shows
the actual measured offset. This may be suffixed by 'ns'
(indicating nanoseconds), 'us' (indicating microseconds), 'ms'
(indicating milliseconds), or 's' (indicating seconds). The number
to the left of the square brackets shows the original measurement,
adjusted to allow for any slews applied to the local clock since.
The number following the '+/-' indicator shows the margin of error
in the measurement.
Positive offsets indicate that the local clock is fast of the
source.
4.3.4.44 sourcestats
....................
The 'sourcestats' command displays information about the drift rate and
offset estimatation process for each of the sources currently being
examined by 'chronyd'.
The optional argument '-v' can be specified, meaning _verbose_. In
this case, extra caption lines are shown as a reminder of the meanings
of the columns.
An example report is
210 Number of sources = 1
Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev
===============================================================================
abc.def.ghi 11 5 46m -0.001 0.045 1us 25us
The columns are as follows
'Name/IP Address'
This is the name or IP address of the NTP server (or peer) or refid
of the refclock to which the rest of the line relates.
'NP'
This is the number of sample points currently being retained for
the server. The drift rate and current offset are estimated by
performing a linear regression through these points.
'NR'
This is the number of runs of residuals having the same sign
following the last regression. If this number starts to become too
small relative to the number of samples, it indicates that a
straight line is no longer a good fit to the data. If the number
of runs is too low, 'chronyd' discards older samples and re-runs
the regression until the number of runs becomes acceptable.
'Span'
This is the interval between the oldest and newest samples. If no
unit is shown the value is in seconds. In the example, the
interval is 46 minutes.
'Frequency'
This is the estimated residual frequency for the server, in parts
per million. In this case, the computer's clock is estimated to be
running 1 part in 10**9 slow relative to the server.
'Freq Skew'
This is the estimated error bounds on 'Freq' (again in parts per
million).
'Offset'
This is the estimated offset of the source.
'Std Dev'
This is the estimated sample standard deviation.
4.3.4.45 timeout
................
The 'timeout' command sets the initial timeout for 'chronyc' requests in
milliseconds. If no response is received from 'chronyd', the timeout is
doubled and the request is resent. The maximum number of retries is
configured with the 'retries' command (*note retries command::).
The default is 1000 milliseconds.
4.3.4.46 tracking
.................
The 'tracking' command displays parameters about the system's clock
performance. An example of the output is shown below.
Reference ID : 1.2.3.4 (a.b.c)
Stratum : 3
Ref time (UTC) : Fri Feb 3 15:00:29 2012
System time : 0.000001501 seconds slow of NTP time
Last offset : -0.000001632 seconds
RMS offset : 0.000002360 seconds
Frequency : 331.898 ppm fast
Residual freq : 0.004 ppm
Skew : 0.154 ppm
Root delay : 0.373169 seconds
Root dispersion : 0.024780 seconds
Update interval : 64.2 seconds
Leap status : Normal
The fields are explained as follows.
'Reference ID'
This is the refid and name (or IP address) if available, of the
server to which the computer is currently synchronised. If this is
'127.127.1.1' it means the computer is not synchronised to any
external source and that you have the 'local' mode operating (via
the 'local' command in 'chronyc' (*note local command::), or the
'local' directive in the '/etc/chrony.conf' file (*note local
directive::)).
'Stratum'
The stratum indicates how many hops away from a computer with an
attached reference clock we are. Such a computer is a stratum-1
computer, so the computer in the example is two hops away (i.e.
'a.b.c' is a stratum-2 and is synchronised from a stratum-1).
'Ref time'
This is the time (UTC) at which the last measurement from the
reference source was processed.
'System time'
In normal operation, 'chronyd' _never_ steps the system clock,
because any jump in the timescale can have adverse consequences for
certain application programs. Instead, any error in the system
clock is corrected by slightly speeding up or slowing down the
system clock until the error has been removed, and then returning
to the system clock's normal speed. A consequence of this is that
there will be a period when the system clock (as read by other
programs using the 'gettimeofday()' system call, or by the 'date'
command in the shell) will be different from 'chronyd's' estimate
of the current true time (which it reports to NTP clients when it
is operating in server mode). The value reported on this line is
the difference due to this effect.
On systems such as Solaris and SunOS, 'chronyd' has no means to
adjust the fundamental rate of the system clock, so keeps the
system time correct by periodically making offsets to it as though
an error had been measured. The build up of these offsets will be
observed in this report.
'Last offset'
This is the estimated local offset on the last clock update.
'RMS offset'
This is a long-term average of the offset value.
'Frequency'
The 'frequency' is the rate by which the system's clock would be
would be wrong if 'chronyd' was not correcting it. It is expressed
in ppm (parts per million). For example, a value of 1ppm would
mean that when the system's clock thinks it has advanced 1 second,
it has actually advanced by 1.000001 seconds relative to true time.
As you can see in the example, the clock in the computer is not a
very good one - it gains about 30 seconds per day!
'Residual freq'
This shows the 'residual frequency' for the currently selected
reference source. This reflects any difference between what the
measurements from the reference source indicate the frequency
should be and the frequency currently being used.
The reason this is not always zero is that a smoothing procedure is
applied to the frequency. Each time a measurement from the
reference source is obtained and a new residual frequency computed,
the estimated accuracy of this residual is compared with the
estimated accuracy (see 'skew' next) of the existing frequency
value. A weighted average is computed for the new frequency, with
weights depending on these accuracies. If the measurements from
the reference source follow a consistent trend, the residual will
be driven to zero over time.
'Skew'
This is the estimated error bound on the the frequency.
'Root delay'
This is the total of the network path delays to the stratum-1
computer from which the computer is ultimately synchronised.
In certain extreme situations, this value can be negative. (This
can arise in a symmetric peer arrangement where the computers'
frequencies are not tracking each other and the network delay is
very short relative to the turn-around time at each computer.)
'Root dispersion'
This is the total dispersion accumulated through all the computers
back to the stratum-1 computer from which the computer is
ultimately synchronised. Dispersion is due to system clock
resolution, statistical measurement variations etc.
An absolute bound on the computer's clock accuracy (assuming the
stratum-1 computer is correct) is given by
clock_error <= root_dispersion + (0.5 * |root_delay|)
'Update interval'
This is the interval between the last two clock updates.
'Leap status'
This is the leap status, which can be 'Normal', 'Insert second',
'Delete second' or 'Not synchronised'.
4.3.4.47 trimrtc
................
The 'trimrtc' command is used to correct the system's real time clock
(RTC) to the main system clock. It has no effect if the error between
the two clocks is currently estimated at less than a second (the
resolution of the RTC is only 1 second).
The command takes no arguments. It performs the following steps (if
the RTC is more than 1 second away from the system clock):
1. Remember the currently estimated gain/loss rate of the RTC and
flush the previous measurements.
2. Step the real time clock to bring it within a second of the system
clock.
3. Make several measurements to accurately determine the new offset
between the RTC and the system clock (i.e. the remaining fraction
of a second error)
4. Save the RTC parameters to the RTC file (specified with the
'rtcfile' directive in the configuration file (*note rtcfile
directive::).
The last step is done as a precaution against the computer suffering
a power failure before either the daemon exits or the 'writertc' command
is issued.
'chronyd' will still work perfectly well both whilst operating and
across machine reboots even if the 'trimrtc' command is never used (and
the RTC is allowed to drift away from true time). The 'trimrtc' command
is provided as a method by which it can be corrected, in a manner
compatible with 'chronyd' using it to maintain accurate time across
machine reboots.
4.3.4.48 waitsync
.................
The 'waitsync' command waits for 'chronyd' to synchronise.
Up to three optional arguments can be specified, the first is the
maximum number of tries in 10 second intervals before giving up and
returning a non-zero error code. When 0 is specified, or there are no
arguments, the number of tries will not be limited.
The second and third arguments are the maximum allowed remaining
correction of the system clock and the maximum allowed skew (in ppm) as
reported by the 'tracking' command (*note tracking command::) in the
'System time' and 'Skew' fields. If not specified or zero, the value
will not be checked.
An example is
waitsync 60 0.01
which will wait up to about 10 minutes for 'chronyd' to synchronise
to a source and the remaining correction to be less than 10
milliseconds.
4.3.4.49 writertc
.................
The 'writertc' command writes the currently estimated error and
gain/loss rate parameters for the RTC to the RTC file (specified with
the 'rtcfile' directive (*note rtcfile directive::)). This information
is also written automatically when 'chronyd' is killed (with SIGHUP,
SIGINT, SIGQUIT or SIGTERM).
Appendix A Porting guide
************************
This appendix discusses issues that have arisen in writing the
system-specific parts of the existing ports. This will provide useful
information for those attempting to write ports to other systems.
A.1 System driver files
=======================
The system specific parts of the software are contained in files with
names like 'sys_linux.c'.
The following functions are required in a system driver file:
1. A function to read the current frequency
2. A function to set the current frequency
3. A function to slew the system time by a specified delta
4. A function to step the system time by a specified delta
5. A function to work out the error at a particular time between the
system's clock and 'chronyd's' estimate of real time. (This is
required because some systems have to track real time by making the
system time follow it in a 'sawtooth' fashion).
The "frequency" is the rate at which the system gains or loses time,
measured relative to the system when running uncompensated.
A.2 Quirks of particular systems
================================
These sections describe quirks in each system type that needed to be
investigated to port the software to each system type.
A.2.1 Linux
-----------
The following quirks have been found in developing the Linux port.
1. In order to avoid floating point arithmetic, the kernel uses
shifting and adding to approximate a scaling of 100/128. This
approximation implies that the frequency set via the 'adjtimex()'
system call is not the frequency that is actually obtained. The
method of approximation varies between kernel versions and must be
determined by examining the kernel source. An inverse factor must
be included in the driver to compensate.
2. In some kernel versions, an 'adjtimex()' system call with the flags
bits all zeroed will return the amount of offset still to be
corrected. In others (e.g. the 2.0 series beyond 2.0.32), the
offset must be changed in order to get the old offset returned
(similar to 'adjtime()' on other systems).
A.2.2 Solaris 2.5
-----------------
The following quirks have been found in developing the Solaris port.
1. The 'adjtime()' system call with a zero argument does not cancel an
adjustment that is in progress - it just reports the remaining
adjustment.
2. The 'settimeofday()' system call only observes the seconds part of
the argument - any fractional seconds part is lost. second.
3. The kernel variable 'dosynctodr' has to be set to zero, otherwise
the system clock is periodically reset to the real-time clock.
A.2.3 SunOS 4.1.4
-----------------
The following quirks have been found in developing the SunOS port.
1. The 'adjtime()' system call truncates its argument to a multiple of
the system's 'tickadj' variable. ('chronyd' sets that to 100,
giving a 1 part in 100 slewing capability for correcting offsets.)
2. The kernel variable 'dosynctodr' has to be set to zero, otherwise
the system clock is periodically reset to the real-time clock.
Appendix B GNU General Public License
*************************************
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc., 51 Franklin
Street, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to
copy and distribute verbatim copies of this license document, but
changing it is not allowed.
Preamble
The licenses for most software are designed to take away your freedom
to share and change it. By contrast, the GNU General Public License is
intended to guarantee your freedom to share and change free software-to
make sure the software is free for all its users. This General Public
License applies to most of the Free Software Foundation's software and
to any other program whose authors commit to using it. (Some other Free
Software Foundation software is covered by the GNU Lesser General Public
License instead.) You can apply it to your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it if
you want it, that you can change the software or use pieces of it in new
free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software,
and (2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING,
DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it, either
verbatim or with modifications and/or translated into another language.
(Hereinafter, translation is included without limitation in the term
"modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of running
the Program is not restricted, and the output from the Program is
covered only if its contents constitute a work based on the Program
(independent of having been made by running the Program). Whether that
is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the notices
that refer to this License and to the absence of any warranty; and give
any other recipients of the Program a copy of this License along with
the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and distribute
such modifications or work under the terms of Section 1 above, provided
that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any part
thereof, to be licensed as a whole at no charge to all third parties
under the terms of this License.
c) If the modified program normally reads commands interactively when
run, you must cause it, when started running for such interactive use in
the most ordinary way, to print or display an announcement including an
appropriate copyright notice and a notice that there is no warranty (or
else, saying that you provide a warranty) and that users may
redistribute the program under these conditions, and telling the user
how to view a copy of this License. (Exception: if the Program itself
is interactive but does not normally print such an announcement, your
work based on the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program, and
can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based on
the Program, the distribution of the whole must be on the terms of this
License, whose permissions for other licensees extend to the entire
whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the
Program with the Program (or with a work based on the Program) on a
volume of a storage or distribution medium does not bring the other work
under the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections 1 and
2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three years,
to give any third party, for a charge no more than your cost of
physically performing source distribution, a complete machine-readable
copy of the corresponding source code, to be distributed under the terms
of Sections 1 and 2 above on a medium customarily used for software
interchange; or,
c) Accompany it with the information you received as to the offer to
distribute corresponding source code. (This alternative is allowed only
for noncommercial distribution and only if you received the program in
object code or executable form with such an offer, in accord with
Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to control
compilation and installation of the executable. However, as a special
exception, the source code distributed need not include anything that is
normally distributed (in either source or binary form) with the major
components (compiler, kernel, and so on) of the operating system on
which the executable runs, unless that component itself accompanies the
executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent access
to copy the source code from the same place counts as distribution of
the source code, even though third parties are not compelled to copy the
source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt otherwise
to copy, modify, sublicense or distribute the Program is void, and will
automatically terminate your rights under this License. However,
parties who have received copies, or rights, from you under this License
will not have their licenses terminated so long as such parties remain
in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and all
its terms and conditions for copying, distributing or modifying the
Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further restrictions
on the recipients' exercise of the rights granted herein. You are not
responsible for enforcing compliance by third parties to this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent license
would not permit royalty-free redistribution of the Program by all those
who receive copies directly or indirectly through you, then the only way
you could satisfy both it and this License would be to refrain entirely
from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is implemented
by public license practices. Many people have made generous
contributions to the wide range of software distributed through that
system in reliance on consistent application of that system; it is up to
the author/donor to decide if he or she is willing to distribute
software through any other system and a licensee cannot impose that
choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License may
add an explicit geographical distribution limitation excluding those
countries, so that distribution is permitted only in or among countries
not thus excluded. In such case, this License incorporates the
limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new
versions of the General Public License from time to time. Such new
versions will be similar in spirit to the present version, but may
differ in detail to address new problems or concerns.
Each version is given a distinguishing version number. If the
Program specifies a version number of this License which applies to it
and "any later version", you have the option of following the terms and
conditions either of that version or of any later version published by
the Free Software Foundation. If the Program does not specify a version
number of this License, you may choose any version ever published by the
Free Software Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the
author to ask for permission. For software which is copyrighted by the
Free Software Foundation, write to the Free Software Foundation; we
sometimes make exceptions for this. Our decision will be guided by the
two goals of preserving the free status of all derivatives of our free
software and of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO
WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND,
EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE
ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH
YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL
NECESSARY SERVICING, REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY
AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR
DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL
DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM
(INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED
INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF
THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR
OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these
terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least the
"copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it
does.> Copyright (C) <year> <name of author>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by the
Free Software Foundation; either version 2 of the License, or (at your
option) any later version.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software Foundation,
Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Also add information on how to contact you by electronic and paper
mail.
If the program is interactive, make it output a short notice like
this when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) year name of author Gnomovision
comes with ABSOLUTELY NO WARRANTY; for details type 'show w'. This is
free software, and you are welcome to redistribute it under certain
conditions; type 'show c' for details.
The hypothetical commands 'show w' and 'show c' should show the
appropriate parts of the General Public License. Of course, the
commands you use may be called something other than 'show w' and 'show
c'; they could even be mouse-clicks or menu items-whatever suits your
program.
You should also get your employer (if you work as a programmer) or
your school, if any, to sign a "copyright disclaimer" for the program,
if necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the
program 'Gnomovision' (which makes passes at compilers) written by James
Hacker.
<signature of Ty Coon>, 1 April 1989 Ty Coon, President of Vice
This General Public License does not permit incorporating your
program into proprietary programs. If your program is a subroutine
library, you may consider it more useful to permit linking proprietary
applications with the library. If this is what you want to do, use the
GNU Lesser General Public License instead of this License.
1 Introduction
1.1 Overview
1.2 Acknowledgements
1.3 Availability
1.3.1 Getting the software
1.3.2 Platforms
1.4 Relationship to other software packages
1.4.1 ntpd
1.4.2 timed
1.5 Distribution rights and (lack of) warranty
1.6 Bug reporting and suggestions
1.7 Contributions
2 Installation
2.1 Support for line editing libraries
2.2 Extra options for package builders
3 Typical operating scenarios
3.1 Computers connected to the internet
3.2 Infrequent connection to true NTP servers
3.2.1 Setting up the configuration file for infrequent connections
3.2.2 How to tell chronyd when the internet link is available.
3.3 Isolated networks
3.4 The home PC with a dial-up connection
3.4.1 Assumptions/how the software works
3.4.2 Typical configuration files.
3.5 Other important configuration options
4 Usage reference
4.1 Starting chronyd
4.2 The chronyd configuration file
4.2.1 Comments in the configuration file
4.2.2 acquisitionport
4.2.3 allow
4.2.4 bindaddress
4.2.5 bindcmdaddress
4.2.6 broadcast
4.2.7 cmdallow
4.2.8 cmddeny
4.2.9 combinelimit
4.2.10 commandkey
4.2.11 cmdport
4.2.12 corrtimeratio
4.2.13 deny
4.2.14 driftfile
4.2.15 dumpdir
4.2.16 dumponexit
4.2.17 fallbackdrift
4.2.18 generatecommandkey
4.2.19 include
4.2.20 initstepslew
4.2.21 keyfile
4.2.22 leapsectz
4.2.23 local
4.2.24 linux_hz
4.2.25 linux_freq_scale
4.2.26 log
4.2.26.1 Measurements log file format
4.2.26.2 Statistics log file format
4.2.26.3 Tracking log file format
4.2.26.4 Real-time clock log file format
4.2.26.5 Refclocks log file format
4.2.26.6 Tempcomp log file format
4.2.27 logbanner
4.2.28 logchange
4.2.29 logdir
4.2.30 mailonchange
4.2.31 makestep
4.2.32 maxchange
4.2.33 manual
4.2.34 maxclockerror
4.2.35 maxsamples
4.2.36 maxupdateskew
4.2.37 minsamples
4.2.38 noclientlog
4.2.39 clientloglimit
4.2.40 peer
4.2.41 pidfile
4.2.42 port
4.2.43 refclock
4.2.44 reselectdist
4.2.45 rtcdevice
4.2.46 rtcfile
4.2.47 rtconutc
4.2.48 rtcsync
4.2.49 sched_priority
4.2.50 stratumweight
4.2.51 lock_all
4.2.52 server
4.2.53 tempcomp
4.2.54 user
4.3 Running chronyc
4.3.1 Basic use
4.3.2 Command line options
4.3.3 Security with chronyc
4.3.4 Command reference
4.3.4.1 accheck
4.3.4.2 activity
4.3.4.3 add peer
4.3.4.4 add server
4.3.4.5 allow
4.3.4.6 allow all
4.3.4.7 authhash
4.3.4.8 burst
4.3.4.9 clients
4.3.4.10 cmdaccheck
4.3.4.11 cmdallow
4.3.4.12 cmdallow all
4.3.4.13 cmddeny
4.3.4.14 cmddeny all
4.3.4.15 cyclelogs
4.3.4.16 delete
4.3.4.17 deny
4.3.4.18 deny all
4.3.4.19 dns
4.3.4.20 dump
4.3.4.21 exit
4.3.4.22 help
4.3.4.23 local
4.3.4.24 makestep
4.3.4.25 manual
4.3.4.26 maxdelay
4.3.4.27 maxdelayratio
4.3.4.28 maxdelaydevratio
4.3.4.29 maxpoll
4.3.4.30 maxupdateskew
4.3.4.31 minpoll
4.3.4.32 minstratum
4.3.4.33 offline
4.3.4.34 online
4.3.4.35 password
4.3.4.36 polltarget
4.3.4.37 quit
4.3.4.38 reselect
4.3.4.39 reselectdist
4.3.4.40 retries
4.3.4.41 rtcdata
4.3.4.42 settime
4.3.4.43 sources
4.3.4.44 sourcestats
4.3.4.45 timeout
4.3.4.46 tracking
4.3.4.47 trimrtc
4.3.4.48 waitsync
4.3.4.49 writertc
Appendix A Porting guide
A.1 System driver files
A.2 Quirks of particular systems
A.2.1 Linux
A.2.2 Solaris 2.5
A.2.3 SunOS 4.1.4
Appendix B GNU General Public License
chrony.conf.example
Ein Musterbeispiel zur Konfiguration von chrony finden sich in der Datei chrony.conf.example im Verzeichnis /usr/share/doc/chrony-*/.
# less /usr/share/doc/chrony-*/chrony.conf.example
#######################################################################
#
# This is an example chrony configuration file. You should copy it to
# /etc/chrony.conf after uncommenting and editing the options that you
# want to enable. The more obscure options are not included. Refer
# to the documentation for these.
#
# Copyright 2002 Richard P. Curnow
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of version 2 of the GNU General Public License as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
#
#######################################################################
### COMMENTS
# Any of the following lines are comments (you have a choice of
# comment start character):
# a comment
% a comment
! a comment
; a comment
#
# Below, the '!' form is used for lines that you might want to
# uncomment and edit to make your own chrony.conf file.
#
#######################################################################
#######################################################################
### SPECIFY YOUR NTP SERVERS
# Most computers using chrony will send measurement requests to one or
# more 'NTP servers'. You will probably find that your Internet Service
# Provider or company have one or more NTP servers that you can specify.
# Failing that, there are a lot of public NTP servers. There is a list
# you can access at http://support.ntp.org/bin/view/Servers/WebHome or
# you can use servers from the pool.ntp.org project.
! server 0.pool.ntp.org iburst
! server 1.pool.ntp.org iburst
! server 2.pool.ntp.org iburst
# However, for dial-up use you probably want these instead. The word
# 'offline' means that the server is not visible at boot time. Use
# chronyc's 'online' command to tell chronyd that these servers have
# become visible after you go on-line.
! server 0.pool.ntp.org offline
! server 1.pool.ntp.org offline
! server 2.pool.ntp.org offline
# You may want to specify NTP 'peers' instead. If you run a network
# with a lot of computers and want several computers running chrony to
# have the 'front-line' interface to the public NTP servers, you can
# 'peer' these machines together to increase robustness.
! peer ntp0.my-company.com
# There are other options to the 'server' and 'peer' directives that you
# might want to use. For example, you can ignore measurements whose
# round-trip-time is too large (indicating that the measurement is
# probably useless, because you don't know which way the measurement
# message got held up.) Consult the full documentation for details.
#######################################################################
### AVOIDING POTENTIALLY BOGUS CHANGES TO YOUR CLOCK
#
# To avoid changes being made to your computer's gain/loss compensation
# when the measurement history is too erratic, you might want to enable
# one of the following lines. The first seems good for dial-up (or
# other high-latency connections like slow leased lines), the second
# seems OK for a LAN environment.
! maxupdateskew 100
! maxupdateskew 5
#######################################################################
### FILENAMES ETC
# Chrony likes to keep information about your computer's clock in files.
# The 'driftfile' stores the computer's clock gain/loss rate in parts
# per million. When chronyd starts, the system clock can be tuned
# immediately so that it doesn't gain or lose any more time. You
# generally want this, so it is uncommented.
driftfile /var/lib/chrony/drift
# If you want to use the program called chronyc to configure aspects of
# chronyd's operation once it is running (e.g. tell it the Internet link
# has gone up or down), you need a password. This is stored in the
# following keys file. (You also need keys to support authenticated NTP
# exchanges between cooperating machines.) Again, this option is
# assumed by default.
keyfile /etc/chrony.keys
# Tell chronyd which numbered key in the file is used as the password
# for chronyc. (You can pick any integer up to 2**32-1. '1' is just a
# default. Using another value will _NOT_ increase security.)
commandkey 1
# chronyd can save the measurement history for the servers to files when
# it it exits. This is useful in 2 situations:
#
# 1. On Linux, if you stop chronyd and restart it with '-r' (e.g. after
# an upgrade), the old measurements will still be relevant when chronyd
# is restarted. This will reduce the time needed to get accurate
# gain/loss measurements, especially with a dial-up link.
#
# 2. Again on Linux, if you use the RTC support and start chronyd with
# '-r -s' on bootup, measurements from the last boot will still be
# useful (the real time clock is used to 'flywheel' chronyd between
# boots).
#
# Enable these two options to use this.
! dumponexit
! dumpdir /var/lib/chrony
# chronyd writes its process ID to a file. If you try to start a second
# copy of chronyd, it will detect that the process named in the file is
# still running and bail out. If you want to change the path to the PID
# file, uncomment this line and edit it. The default path is shown.
! pidfile /var/run/chronyd.pid
#######################################################################
### INITIAL CLOCK CORRECTION
# This option is useful to quickly correct the clock on start if it's
# off by a large amount. The value '10' means that if the error is less
# than 10 seconds, it will be gradually removed by speeding up or
# slowing down your computer's clock until it is correct. If the error
# is above 10 seconds, an immediate time jump will be applied to correct
# it. The value '1' means the step is allowed only on the first update
# of the clock. Some software can get upset if the system clock jumps
# (especially backwards), so be careful!
! makestep 10 1
#######################################################################
### LOGGING
# If you want to log information about the time measurements chronyd has
# gathered, you might want to enable the following lines. You probably
# only need this if you really enjoy looking at the logs, you want to
# produce some graphs of your system's timekeeping performance, or you
# need help in debugging a problem.
! logdir /var/log/chrony
! log measurements statistics tracking
# If you have real time clock support enabled (see below), you might want
# this line instead:
! log measurements statistics tracking rtc
#######################################################################
### ACTING AS AN NTP SERVER
# You might want the computer to be an NTP server for other computers.
# e.g. you might be running chronyd on a dial-up machine that has a LAN
# sitting behind it with several 'satellite' computers on it.
#
# By default, chronyd does not allow any clients to access it. You need
# to explicitly enable access using 'allow' and 'deny' directives.
#
# e.g. to enable client access from the 192.168.*.* class B subnet,
! allow 192.168/16
# .. but disallow the 192.168.100.* subnet of that,
! deny 192.168.100/24
# You can have as many allow and deny directives as you need. The order
# is unimportant.
# If you want chronyd to act as an NTP broadcast server, enable and edit
# (and maybe copy) the following line. This means that a broadcast
# packet is sent to the address 192.168.1.255 every 60 seconds. The
# address MUST correspond to the broadcast address of one of the network
# interfaces on your machine. If you have multiple network interfaces,
# add a broadcast line for each.
! broadcast 60 192.168.1.255
# If you want to present your computer's time for others to synchronise
# with, even if you don't seem to be synchronised to any NTP servers
# yourself, enable the following line. The value 10 may be varied
# between 1 and 15. You should avoid small values because you will look
# like a real NTP server. The value 10 means that you appear to be 10
# NTP 'hops' away from an authoritative source (atomic clock, GPS
# receiver, radio clock etc).
! local stratum 10
# Normally, chronyd will keep track of how many times each client
# machine accesses it. The information can be accessed by the 'clients'
# command of chronyc. You can disable this facility by uncommenting the
# following line. This will save a bit of memory if you have many
# clients.
! noclientlog
# The clientlog size is limited to 512KB by default. If you have many
# clients, especially in many different subnets, you might want to
# increase the limit.
! clientloglimit 4194304
#######################################################################
### REPORTING BIG CLOCK CHANGES
# Perhaps you want to know if chronyd suddenly detects any large error
# in your computer's clock. This might indicate a fault or a problem
# with the server(s) you are using, for example.
#
# The next option causes a message to be written to syslog when chronyd
# has to correct an error above 0.5 seconds (you can use any amount you
# like).
! logchange 0.5
# The next option will send email to the named person when chronyd has
# to correct an error above 0.5 seconds. (If you need to send mail to
# several people, you need to set up a mailing list or sendmail alias
# for them and use the address of that.)
! mailonchange wibble@foobar.org 0.5
#######################################################################
### COMMAND ACCESS
# The program chronyc is used to show the current operation of chronyd
# and to change parts of its configuration whilst it is running.
# Normally, chronyd will only allow connections from chronyc on the same
# machine as itself. This is for security. If you have a subnet
# 192.168.*.* and you want to be able to use chronyc from any machine on
# it, you could uncomment the following line. (Edit this to your own
# situation.)
! cmdallow 192.168/16
# You can add as many 'cmdallow' and 'cmddeny' lines as you like. The
# syntax and meaning is the same as for 'allow' and 'deny', except that
# 'cmdallow' and 'cmddeny' control access to the chronyd's command port.
# NOTE, even if the host where you run chronyc is granted access, you
# still need a command key set up and you have to know the password to
# put into chronyc to allow you to modify chronyd's parameters. By
# default all you can do is view information about chronyd's operation.
#######################################################################
### REAL TIME CLOCK
# chronyd can characterise the system's real-time clock. This is the
# clock that keeps running when the power is turned off, so that the
# machine knows the approximate time when it boots again. The error at
# a particular epoch and gain/loss rate can be written to a file and
# used later by chronyd when it is started with the '-s' option.
#
# You need to have 'enhanced RTC support' compiled into your Linux
# kernel. (Note, these options apply only to Linux.)
! rtcfile /var/lib/chrony/rtc
# Your RTC can be set to keep Universal Coordinated Time (UTC) or local
# time. (Local time means UTC +/- the effect of your timezone.) If you
# use UTC, chronyd will function correctly even if the computer is off
# at the epoch when you enter or leave summer time (aka daylight saving
# time). However, if you dual boot your system with Microsoft Windows,
# that will work better if your RTC maintains local time. You take your
# pick!
! rtconutc
# By default chronyd assumes that the enhanced RTC device is accessed as
# /dev/rtc. If it's accessed somewhere else on your system (e.g. you're
# using devfs), uncomment and edit the following line.
! rtcdevice /dev/misc/rtc
#######################################################################
### REAL TIME SCHEDULER
# This directive tells chronyd to use the real-time FIFO scheduler with the
# specified priority (which must be between 0 and 100). This should result
# in reduced latency. You don't need it unless you really have a requirement
# for extreme clock stability. Works only on Linux. Note that the "-P"
# command-line switch will override this.
! sched_priority 1
#######################################################################
### LOCKING CHRONYD INTO RAM
# This directive tells chronyd to use the mlockall() syscall to lock itself
# into RAM so that it will never be paged out. This should result in reduced
# latency. You don't need it unless you really have a requirement
# for extreme clock stability. Works only on Linux. Note that the "-m"
# command-line switch will also enable this feature.
! lock_all
Konfiguration
Client
Daemon
Im ersten Konfigurationsbeispiel widmen wir uns einem CentOS 7 Client, der von einem bekannten NTP-Server die Uhrzeit holen und auch synchron halten soll. Ob ein eigener Zeitserver im eigenen Netzwerk oder ein öffentlicher NTP-Server genutzt werden soll, ist konfigurationstechnisch egal, unterschieden sich beide System i.d.R. nur im Namen oder der zugehörigen IP-Adresse.
Die Konfiguration unseres Chrony-Daemon, oder genauer gesagt eines NTP-Clients mit Hilfe von chrony, erfolgt über die Datei /etc/chrony.conf. Mit dem Editor unserer Wahl bearbeiten wir nun diese Datei.
# vim /etc/chrony.conf
- /etc/chrony.conf
######################################################################### ## # SPECIFY YOUR NTP SERVERS # Most computers using chrony will send measurement requests to one or # more 'NTP servers'. You will probably find that your Internet Service # Provider or company have one or more NTP servers that you can specify. # Failing that, there are a lot of public NTP servers. There is a list # you can access at http://support.ntp.org/bin/view/Servers/WebHome or # you can use servers from the pool.ntp.org project. # server 0.pool.ntp.org iburst # server 1.pool.ntp.org iburst # server 2.pool.ntp.org iburst # However, for dial-up use you probably want these instead. The word # 'offline' means that the server is not visible at boot time. Use # chronyc's 'online' command to tell chronyd that these servers have # become visible after you go on-line. # server 0.pool.ntp.org offline # server 1.pool.ntp.org offline # server 2.pool.ntp.org offline # These servers were defined in the installation: server time.dmz.nausch.org iburst ######################################################################### ## # AVOIDING POTENTIALLY BOGUS CHANGES TO YOUR CLOCK # To avoid changes being made to your computer's gain/loss compensation # when the measurement history is too erratic, you might want to enable # one of the following lines. The first seems good for dial-up (or # other high-latency connections like slow leased lines), the second # seems OK for a LAN environment. # maxupdateskew 100 # maxupdateskew 5 ######################################################################### ## # FILENAMES ETC # Chrony likes to keep information about your computer's clock in files. # The 'driftfile' stores the computer's clock gain/loss rate in parts # per million. When chronyd starts, the system clock can be tuned # immediately so that it doesn't gain or lose any more time. You # generally want this, so it is uncommented. driftfile /var/lib/chrony/drift # If you want to use the program called chronyc to configure aspects of # chronyd's operation once it is running (e.g. tell it the Internet link # has gone up or down), you need a password. This is stored in the # following keys file. (You also need keys to support authenticated NTP # exchanges between cooperating machines.) Again, this option is # assumed by default. keyfile /etc/chrony.keys # Tell chronyd which numbered key in the file is used as the password # for chronyc. (You can pick any integer up to 2**32-1. '1' is just a # default. Using another value will _NOT_ increase security.) commandkey 1 # Generate command key if missing. generatecommandkey # chronyd can save the measurement history for the servers to files when # it it exits. This is useful in 2 situations: # # 1. On Linux, if you stop chronyd and restart it with '-r' (e.g. after # an upgrade), the old measurements will still be relevant when chronyd # is restarted. This will reduce the time needed to get accurate # gain/loss measurements, especially with a dial-up link. # # 2. Again on Linux, if you use the RTC support and start chronyd with # '-r -s' on bootup, measurements from the last boot will still be # useful (the real time clock is used to 'flywheel' chronyd between # boots). # # Enable these two options to use this. # dumponexit # dumpdir /var/lib/chrony # chronyd writes its process ID to a file. If you try to start a second # copy of chronyd, it will detect that the process named in the file is # still running and bail out. If you want to change the path to the PID # file, uncomment this line and edit it. The default path is shown. # pidfile /var/run/chronyd.pid ######################################################################### ## # INITIAL CLOCK CORRECTION # This option is useful to quickly correct the clock on start if it's # off by a large amount. The value '10' means that if the error is less # than 10 seconds, it will be gradually removed by speeding up or # slowing down your computer's clock until it is correct. If the error # is above 10 seconds, an immediate time jump will be applied to correct # it. The value '1' means the step is allowed only on the first update # of the clock. Some software can get upset if the system clock jumps # (especially backwards), so be careful! makestep 10 3 ######################################################################### ## # LOGGING # If you want to log information about the time measurements chronyd has # gathered, you might want to enable the following lines. You probably # only need this if you really enjoy looking at the logs, you want to # produce some graphs of your system's timekeeping performance, or you # need help in debugging a problem. # logdir /var/log/chrony # log measurements statistics tracking # If you have real time clock support enabled, you might want this line # this instead: # log measurements statistics tracking rtc ######################################################################### ## # REPORTING BIG CLOCK CHANGES # Perhaps you want to know if chronyd suddenly detects any large error # in your computer's clock. This might indicate a fault or a problem # with the server(s) you are using, for example. # # The next option causes a message to be written to syslog when chronyd # has to correct an error above 0.5 seconds (you can use any amount you # like). # logchange 0.5 # The next option will send email to the named person when chronyd has # to correct an error above 0.5 seconds. (If you need to send mail to # several people, you need to set up a mailing list or sendmail alias # for them and use the address of that.) # mailonchange wibble@foobar.org 0.5 ######################################################################### ## # COMMAND ACCESS # The program chronyc is used to show the current operation of chronyd # and to change parts of its configuration whilst it is running. # Normally, chronyd will only allow connections from chronyc on the same # machine as itself. This is for security. If you have a subnet # 192.168.*.* and you want to be able to use chronyc from any machine on # it, you could uncomment the following line. (Edit this to your own # situation.) # cmdallow 192.168/16 # You can add as many 'cmdallow' and 'cmddeny' lines as you like. The # syntax and meaning is the same as for 'allow' and 'deny', except that # 'cmdallow' and 'cmddeny' control access to the chronyd's command port. # NOTE, even if the host where you run chronyc is granted access, you # still need a command key set up and you have to know the password to # put into chronyc to allow you to modify chronyd's parameters. By # default all you can do is view information about chronyd's operation. ######################################################################### ## # REAL TIME CLOCK # chronyd can characterise the system's real-time clock. This is the # clock that keeps running when the power is turned off, so that the # machine knows the approximate time when it boots again. The error at # a particular epoch and gain/loss rate can be written to a file and # used later by chronyd when it is started with the '-s' option. # # You need to have 'enhanced RTC support' compiled into your Linux # kernel. (Note, these options apply only to Linux.) # rtcfile /var/lib/chrony/rtc # The 'rtcsync' directive will enable a kernel mode where the system time # is copied to the real time clock (RTC) every 11 minutes. # This directive is supported only on Linux and cannot be used when the # normal RTC tracking is enabled, i.e. when the 'rtcfile' directive is # used. rtcsync # The 'stratumweight' directive sets how much distance should be added per # stratum to the synchronisation distance when 'chronyd' selects the # synchronisation source from available sources. # The syntax is: "stratumweight <dist-in-seconds>". By default, it is one # second. This usually means that sources with lower stratum will be # preferred to sources with higher stratum even when their distance is # significantly worse. Setting 'stratumweight' to 0 makes 'chronyd' # ignore stratum when selecting the source. stratumweight 0 ######################################################################### ## # ACTING AS AN NTP CLIENT # This option allows you to configure the port on which chronyd will # listen for NTP requests. # # The compiled in default is udp/123, the standard NTP port. If set to 0, # chronyd will not open the server socket and will operate strictly in a # client-only mode. The source port used in NTP client requests can be # set by the acquisitionport directive. port 0
IPv6 Deaktivierung
Hat man im eigenen Netz „nur“ IPv4 im Einsatz, möchte man selbstredend den Support für IPv6 deaktivieren.
WICHTIG:
Das Deaktivieren von IPv6 nur vornehmen, wenn auch wirklich keine IPv6-Adresse vorhanden ist. Anderweitig muß beim Aufruf von chronyc immer der Parameter -4 angegeben werden!
Das Deaktivieren erfolgt nun nicht, wie man vermutlich annehmen wird über die Konfigurationsdatei /etc/chrony.conf, sondern über einen anderen Weg! Im Verzeichnis /etc/sysconfig legen wir uns eine Datei mit dem Namen chronyd mit nachfolgendem Inhalt an.
# vim /etc/sysconfig/chronyd
- /etc/sysconfig/chronyd
# Django : 2014-07-22 # disable IPv6 support OPTIONS=-4
Server
Daemon
Im zweiten Konfigurationsbeispiel widmen wir uns einem CentOS 7 Server, der von mehreren vertrauenswürdigen NTP-Server im Internet die Uhrzeit holen und auch synchron halten soll.
Die Konfiguration unseres Chrony-Daemon, oder genauer gesagt unseres NTP-Servers mit Hilfe von chrony, erfolgt über die Datei /etc/chrony.conf. Mit dem Editor unserer Wahl bearbeiten wir nun diese Datei.
# vim /etc/chrony.conf
- /etc/chrony.conf
######################################################################### ## # SPECIFY YOUR NTP SERVERS # Most computers using chrony will send measurement requests to one or # more 'NTP servers'. You will probably find that your Internet Service # Provider or company have one or more NTP servers that you can specify. # Failing that, there are a lot of public NTP servers. There is a list # you can access at http://support.ntp.org/bin/view/Servers/WebHome or # you can use servers from the pool.ntp.org project. server 0.pool.ntp.org iburst server 1.pool.ntp.org iburst server 2.pool.ntp.org iburst # However, for dial-up use you probably want these instead. The word # 'offline' means that the server is not visible at boot time. Use # chronyc's 'online' command to tell chronyd that these servers have # become visible after you go on-line. # server 0.pool.ntp.org offline # server 1.pool.ntp.org offline # server 2.pool.ntp.org offline ######################################################################### ## # AVOIDING POTENTIALLY BOGUS CHANGES TO YOUR CLOCK # To avoid changes being made to your computer's gain/loss compensation # when the measurement history is too erratic, you might want to enable # one of the following lines. The first seems good for dial-up (or # other high-latency connections like slow leased lines), the second # seems OK for a LAN environment. # maxupdateskew 100 # maxupdateskew 5 ######################################################################### ## # FILENAMES ETC # Chrony likes to keep information about your computer's clock in files. # The 'driftfile' stores the computer's clock gain/loss rate in parts # per million. When chronyd starts, the system clock can be tuned # immediately so that it doesn't gain or lose any more time. You # generally want this, so it is uncommented. driftfile /var/lib/chrony/drift # If you want to use the program called chronyc to configure aspects of # chronyd's operation once it is running (e.g. tell it the Internet link # has gone up or down), you need a password. This is stored in the # following keys file. (You also need keys to support authenticated NTP # exchanges between cooperating machines.) Again, this option is # assumed by default. keyfile /etc/chrony.keys # Tell chronyd which numbered key in the file is used as the password # for chronyc. (You can pick any integer up to 2**32-1. '1' is just a # default. Using another value will _NOT_ increase security.) commandkey 1 # Generate command key if missing. generatecommandkey # chronyd can save the measurement history for the servers to files when # it it exits. This is useful in 2 situations: # # 1. On Linux, if you stop chronyd and restart it with '-r' (e.g. after # an upgrade), the old measurements will still be relevant when chronyd # is restarted. This will reduce the time needed to get accurate # gain/loss measurements, especially with a dial-up link. # # 2. Again on Linux, if you use the RTC support and start chronyd with # '-r -s' on bootup, measurements from the last boot will still be # useful (the real time clock is used to 'flywheel' chronyd between # boots). # # Enable these two options to use this. # dumponexit # dumpdir /var/lib/chrony # chronyd writes its process ID to a file. If you try to start a second # copy of chronyd, it will detect that the process named in the file is # still running and bail out. If you want to change the path to the PID # file, uncomment this line and edit it. The default path is shown. # pidfile /var/run/chronyd.pid ######################################################################### ## # INITIAL CLOCK CORRECTION # This option is useful to quickly correct the clock on start if it's # off by a large amount. The value '10' means that if the error is less # than 10 seconds, it will be gradually removed by speeding up or # slowing down your computer's clock until it is correct. If the error # is above 10 seconds, an immediate time jump will be applied to correct # it. The value '1' means the step is allowed only on the first update # of the clock. Some software can get upset if the system clock jumps # (especially backwards), so be careful! makestep 10 3 ######################################################################### ## # LOGGING # If you want to log information about the time measurements chronyd has # gathered, you might want to enable the following lines. You probably # only need this if you really enjoy looking at the logs, you want to # produce some graphs of your system's timekeeping performance, or you # need help in debugging a problem. # logdir /var/log/chrony # log measurements statistics tracking # If you have real time clock support enabled, you might want this line # this instead: # log measurements statistics tracking rtc # Normally, chronyd will keep track of how many times each client # machine accesses it. The information can be accessed by the 'clients' # command of chronyc. You can disable this facility by uncommenting the # following line. This will save a bit of memory if you have many # clients. # noclientlog # The clientlog size is limited to 512KB by default. If you have many # clients, especially in many different subnets, you might want to # increase the limit. # clientloglimit 4194304 ######################################################################### ## # REPORTING BIG CLOCK CHANGES # Perhaps you want to know if chronyd suddenly detects any large error # in your computer's clock. This might indicate a fault or a problem # with the server(s) you are using, for example. # # The next option causes a message to be written to syslog when chronyd # has to correct an error above 0.5 seconds (you can use any amount you # like). # logchange 0.5 # The next option will send email to the named person when chronyd has # to correct an error above 0.5 seconds. (If you need to send mail to # several people, you need to set up a mailing list or sendmail alias # for them and use the address of that.) # mailonchange wibble@foobar.org 0.5 ######################################################################### ## # COMMAND ACCESS # The program chronyc is used to show the current operation of chronyd # and to change parts of its configuration whilst it is running. # Normally, chronyd will only allow connections from chronyc on the same # machine as itself. This is for security. If you have a subnet # 192.168.*.* and you want to be able to use chronyc from any machine on # it, you could uncomment the following line. (Edit this to your own # situation.) # cmdallow 192.168/16 # You can add as many 'cmdallow' and 'cmddeny' lines as you like. The # syntax and meaning is the same as for 'allow' and 'deny', except that # 'cmdallow' and 'cmddeny' control access to the chronyd's command port. # NOTE, even if the host where you run chronyc is granted access, you # still need a command key set up and you have to know the password to # put into chronyc to allow you to modify chronyd's parameters. By # default all you can do is view information about chronyd's operation. ######################################################################### ## # REAL TIME CLOCK # chronyd can characterise the system's real-time clock. This is the # clock that keeps running when the power is turned off, so that the # machine knows the approximate time when it boots again. The error at # a particular epoch and gain/loss rate can be written to a file and # used later by chronyd when it is started with the '-s' option. # # You need to have 'enhanced RTC support' compiled into your Linux # kernel. (Note, these options apply only to Linux.) # rtcfile /var/lib/chrony/rtc # The 'rtcsync' directive will enable a kernel mode where the system time # is copied to the real time clock (RTC) every 11 minutes. # This directive is supported only on Linux and cannot be used when the # normal RTC tracking is enabled, i.e. when the 'rtcfile' directive is # used. rtcsync # The 'stratumweight' directive sets how much distance should be added per # stratum to the synchronisation distance when 'chronyd' selects the # synchronisation source from available sources. # The syntax is: "stratumweight <dist-in-seconds>". By default, it is one # second. This usually means that sources with lower stratum will be # preferred to sources with higher stratum even when their distance is # significantly worse. Setting 'stratumweight' to 0 makes 'chronyd' # ignore stratum when selecting the source. stratumweight 0 ######################################################################### ## # ACTING AS AN NTP SERVER # You might want the computer to be an NTP server for other computers. # e.g. you might be running chronyd on a dial-up machine that has a LAN # sitting behind it with several 'satellite' computers on it. # This option allows the UDP port on which the server understands NTP # requests to be specified. For normal servers this option should not # not be required (the default is 123, the standard NTP port). # port 123 # # By default, chronyd does not allow any clients to access it. You need # to explicitly enable access using 'allow' and 'deny' directives. # # e.g. to enable client access from the 192.168.*.* class B subnet, # allow 192.168/16 # .. but disallow the 192.168.100.* subnet of that, # deny 192.168.100/24 # You can have as many allow and deny directives as you need. The order # is unimportant. # If you want chronyd to act as an NTP broadcast server, enable and edit # (and maybe copy) the following line. This means that a broadcast # packet is sent to the address 192.168.1.255 every 60 seconds. The # address MUST correspond to the broadcast address of one of the network # interfaces on your machine. If you have multiple network interfaces, # add a broadcast line for each. # broadcast 60 192.168.1.255 # If you want to present your computer's time for others to synchronise # with, even if you don't seem to be synchronised to any NTP servers # yourself, enable the following line. The value 10 may be varied # between 1 and 15. You should avoid small values because you will look # like a real NTP server. The value 10 means that you appear to be 10 # NTP 'hops' away from an authoritative source (atomic clock, GPS # receiver, radio clock etc). # local stratum 10 # 'chronyd' will trim the rate at which it samples the server during # normal operation, the user may wish to constrain the minimum polling # interval. This is always defined as a power of 2, so <tt/minpoll 5/ # would mean that the polling interval cannot drop below 32 seconds. # The default is 6 (64 seconds). minpoll 6 # In a similar way, the user may wish to constrain the maximum polling # interval. Again this is specified as a power of 2, so <tt/maxpoll 9/ # indicates that the polling interval must stay at or below 512 seconds. # The default is 10 (1024 seconds). maxpoll 10 # Target number of measurements to use for the regression algorithm # which 'chronyd' will try to maintain by adjusting polling interval # between 'minpoll' and 'maxpoll'. A higher target makes 'chronyd' # prefer shorter polling intervals. The default is 6 and a useful # range is 6 to 60. polltarget 6 # 'chronyd' uses the network round-trip delay to the server to determine # how accurate a particular measurement is likely to be. Long round-trip # delays indicate that the request, or the response, or both were delayed. # If only one of the messages was delayed the measurement error is likely # to be substantial. # # For small variations in round trip delay, 'chronyd' uses a weighting # scheme when processing the measurements. However, beyond a certain # level of delay the measurements are likely to be so corrupted as to be # useless. (This is particularly so on dial-up or other slow links, where # a long delay probably indicates a highly asymmetric delay caused by the # response waiting behind a lot of packets related to a download of some # sort). # # If the user knows that round trip delays above a certain level should # cause the measurement to be ignored, this level can be defined with # the maxdelay command. For example, <tt/maxdelay 0.3/ would indicate # that measurements with a round-trip delay of 0.3 seconds or more should # be ignored. # maxdelay 0.3 # Maxdelayratio is similar to the maxdelay option above. 'chronyd' keeps a # record of the minimum round-trip delay amongst the previous measure- # ments that it has buffered. If a measurement has a round trip delay # that is greater than the maxdelayratio times the minimum delay, it # will be rejected. # maxdelayratio 0.5 # If a measurement has ratio of the increase in round-trip delay from # the minimum delay amongst the previous measurements to the standard # deviation of the previous measurements that is greater than # maxdelaydevratio, it will be rejected. The default is 10.0. # maxdelaydevratio
IPv6 Deaktivierung
Hat man im eigenen Netz „nur“ IPv4 im Einsatz, möchte man selbstredend den Support für IPv6 deaktivieren.
WICHTIG:
Das Deaktivieren von IPv6 nur vornehmen, wenn auch wirklich keine IPv6-Adresse vorhanden ist. Anderweitig muß beim Aufruf von chronyc immer der Parameter -4 angegeben werden!
Das Deaktivieren erfolgt nun nicht, wie man vermutlich annehmen wird über die Konfigurationsdatei /etc/chrony.conf, sondern über einen anderen Weg! Im Verzeichnis /etc/sysconfig legen wir uns eine Datei mit dem Namen chronyd mit nachfolgendem Inhalt an.
# vim /etc/sysconfig/chronyd
- /etc/sysconfig/chronyd
# Django : 2014-07-22 # disable IPv6 support OPTIONS=-4
Paketfilter - firewalld
Damit unsere Clients Verbindungen zu dem geöffneten UDP-Port ntp/123 chrony-Daemons aufbauen können müssen wir für diese noch Änderungen am Paketfilter firewalld vornehmen.
Unter CentOS 7 wird als Standard-Firewall die dynamische firewalld verwendet. Ein großer Vorteil der dynamischen Paketfilterregeln ist unter anderem, dass zur Aktivierung der neuen Firewall-Regel(n) nicht der Daemon durchgestartet werden muss und somit alle aktiven Verbindungen kurz getrennt werden. Sondern unsere Änderungen können on-the-fly aktiviert oder auch wieder deaktiviert werden.
Mit Hilfe des Programms firewall-cmd legen wir nun eine permanente Regel in der Zone public, dies entspricht in unserem Beispiel das Netzwerk-Interface eth0 mit der IP 10.0.0.57, an. Als Source-IP geben geben wir das Netz unserer Clients an, was in unserem Fall 10.0.0.0/24 entspricht. Genug der Vorrede, mit nachfolgendem Befehl wird der Port 123 geöffnet.
# firewall-cmd --permanent --zone=public --add-rich-rule="rule family="ipv4" source address="10.0.0.0/24" port protocol="udp" port="123" destination address="10.0.0.57/32" accept"
success
Anschließend können wir den Firewall-Daemon einmal durchstarten und anschließend überprüfen, ob die Regeln auch entsprechend unserer Definition, gezogen haben.
# firewall-cmd --reload
success
Abschließend prüfen wir noch, ob die Erweiterung unseres Paketfilter aktiv ist.
# iptables -nvL IN_public_allow
Chain IN_public_allow (1 references) pkts bytes target prot opt in out source destination 205 15580 ACCEPT udp -- * * 10.0.0.0/24 10.0.0.57 udp dpt:123 ctstate NEW 0 0 ACCEPT tcp -- * * 10.0.0.117 10.0.0.57 tcp dpt:5665 ctstate NEW 2 112 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW
DHCP
Damit unsere Cliens auch von unserem eigenen NTP-Server Gebrauch machen, geben wir die IP-Adresse unseres NTP-Servers via DHCP bekannt.
Wir editieren also unsere /etc/dhcpd.conf.
vim /etc/dhcpd.conf option ntp-servers 192.168.100.1;
Abschließend restarten wir unseren DHCP-Server.
service dhcpd restart
Start des Daemon
manueller Start des Daemon
Möchten wir unseren Daemon starten, benutzen wir den folgenden Befehlsaufruf.
# systemctl start chronyd
Im syslog unseres Servers wird uns der Start unseres NTP-Daemons entsprechend vermerkt.
# tail -f /var/log/messages
Jul 22 22:21:12 vml000070 systemd: Starting NTP client/server... Jul 22 22:21:12 vml000070 chronyd[22344]: chronyd version 1.29.1 starting Jul 22 22:21:12 vml000070 chronyd[22344]: Linux kernel major=3 minor=10 patch=0 Jul 22 22:21:12 vml000070 chronyd[22344]: hz=100 shift_hz=7 freq_scale=1.00000000 nominal_tick=10000 slew_delta_tick=833 max_tick_bias=1000 shift_pll=2 Jul 22 22:21:12 vml000070 chronyd[22344]: Frequency 0.291 +/- 0.119 ppm read from /var/lib/chrony/drift Jul 22 22:21:12 vml000070 systemd: Started NTP client/server. Jul 22 22:21:16 vml000070 chronyd[22344]: Selected source 10.0.0.20
automatischer Start des Daemon
Damit der Daemon chrony automatisch bei jedem Systemstart startet, kann die Einrichtung eines Start-Scriptes über folgenden Befehl erreicht werden:
# systemctl enable chronyd.service
ln -s '/usr/lib/systemd/system/chronyd.service' '/etc/systemd/system/multi-user.target.wants/chronyd.service'
Ein Überprüfung ob der Dienst (Daemon)chrony wirklich bei jedem Systemstart automatisch mit gestartet wird, kann durch folgenden Befehl erreicht werden:
# systemctl is-enabled chronyd.service
enabled
Tests
Daemon
Als ersten Test überprüfen wir, ob der Service chronyd geladen und ausgeführt wird. Hierzu benutzen wir folgenden Befehl.
# systemctl status chronyd.service
chronyd.service - NTP client/server Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled) Active: active (running) since Sat 2015-06-20 15:30:55 CEST; 2 days ago Process: 666 ExecStartPost=/usr/libexec/chrony-helper add-dhclient-servers (code=exited, status=0/SUCCESS) Process: 619 ExecStart=/usr/sbin/chronyd -u chrony $OPTIONS (code=exited, status=0/SUCCESS) Main PID: 638 (chronyd) CGroup: /system.slice/chronyd.service └─638 /usr/sbin/chronyd -u chrony
Da wir chrony im Client-Modus betreiben, wird auch der Port 123 bedient - daher wird bei der nachfolgenden Abfrage auch kein geöffneter Port 123 gemeldet.
# netstat -paunt | grep 123
Betreiben wir unseren chrony Daemon im Servermode wird dann natürlich der Port 123 auf den konfigurierten Netzwerkadressen gebunden.
# netstat -paunt | grep 123
udp 0 0 0.0.0.0:123 0.0.0.0:* 13580/chronyd udp6 0 0 :::123 :::* 13580/chronyd
Checking chrony Sources
Welche Server vom lokalen Daemon benutzt werden kann mit Hilfe des Befehls chronyc sources abgefragt werden.
# chronyc sources
210 Number of sources = 3 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^- liste.cc 2 6 37 9 +2584us[+2584us] +/- 63ms ^* stratum2-3.NTP.TechFak.NE 2 6 37 9 -7053ns[ -230us] +/- 22ms ^- alpha.linux.gq 3 6 37 8 +1006us[+1006us] +/- 68ms
Die einzelnen Spalten haben folgende Bedeutung:
- M
Zeigt den Modus der Angezeigten Quelle,- ^ steht für einen NTP-Server,
- = steht für einen Peer-Rechner und
- # steht für eine lokal am Host angeschlossene Referenzuhr.
- S
Zeigt den Status der Zeitquelle an- * bedeutet, der chrony-Daemon hat sich mit der Quelle synchronisiert.
- + die Quelle wird als akzeptabl gewertet, die mit der ausgewählten Quelle kombiniert wird.
- - steht für eine akzeptable Quelle, die aber durch die Kombinationsalgorithmus ausgeschlossen wird.
- ? bedeutet, dass die Verbindung lückenhaft war bzw. abgebrochen ist oder dessen UDP-Pakete nicht alle Tests bestanden haben.
- x definiert eine fehlerhafte Quelle, deren Zeitangaben nicht mit den anderen Quellen nicht im Einklang gebracht werden können.
- ~ steht für eine Quelle mit großen Schwankungen und
- ? Anzeige, dass der Daemon gerade erst gestartet wurde und weniger als 4 Datenpakete empfangen wurden.
- Name/IP address
Zeigt den Namen bzw. die IP-Adresse der Quelle, Referenz-ID oder der lokalen Referenz-Uhr. - Stratum
Anzeige des Stratum-Wertes von der Quelle an Hand der zuletzt empfangenen Datenpakete.- 1 wird angezeigt, wenn der Server über eine lokal angeschlossene Referenzuhr verfügt.
- 2 wird angezeigt, wenn der Daemon sich mit einer Quelle synchronisiert hat, die den Wert Stratum 1 inne hat.
- n Jede weitere Erhöhung des Stratum-Wertes bedeutet, dass ein weiterer Host zwischen dem chrony-Daemon und dem Zeitnormal mit dem Stratum Wert 1 steht.
- Poll
Angabe in welchen Abständen die Uhrzeit turnusmäßig synchronisiert wird. Die Zeitspanne errechnet sich bei einem polling-Wert n = 6 nach (2n) von 26 = 64. Der Wert kann schwanken, je nach dem wie stabil das Zeitnormal verläuft. - Reach
Registerwert (Oktalzahl) der empfangenen Datenpakete. Das Register hat hat 8 bit und wird jeweils beim Empfang bzw. etwaigen Verlusten von Datenpaketen angepasst. Ein Wert von 377 zeigt z.B. an, das die letzten acht empfangenen Datenpakete gültig waren. - LastRx
In dieser Spalte wird angezeigt, wann zuletzt von der genannten Zeitquelle ein Datenpaket empfangen wurde. Ein reiner Zahlenwert steht für die Angabe in Sekunden, sowie die Buchstaben m, h, d oder y jeweils für Minuten, Stunden, Tage bzw. Jahre. Der Wert 10 Jahre steht dafür, dass noch kein gültiges Datenpaket von der Quelle empfangen wurde. - Last sample
Hier wird der Offset zwischen der lokalen Zeit und dem empfangenen NTP-UDP-Paket des Zeitservers angezeigt. Der Wert in den eckigen Klammern zeigt die tatsächlich gemessene Abweichung (Offset). Die Werte werden in den Einheiten ns für Nanosekunden, us für Mikrosekunden, ms für Millisekunden und s für Sekunden angegeben. Die Zahl auf der linken Seite der eckigen Klammern zeigt die ursprünglichen Messwert an, mit dem die Messwerte bis jetzt korrigiert wurden. Die Zahl nach dem +/- Anzeige zeigt die Fehlerspanne bei der Messung. Positive Offsets anzuzeigen, dass die lokale Zeit der NTP-Serverzeit vorausläuft.
Haben wir uns mit chronyc verbunden, können wir uns auch mit der Option -v eine Beschreibung der Spalten abrufen.
# chronyc -a
chrony version 1.29.1 Copyright (C) 1997-2003, 2007, 2009-2013 Richard P. Curnow and others chrony comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the GNU General Public License version 2 for details. 200 OK chronyc>
chronyc> sources -v
210 Number of sources = 5 .-- Source mode '^' = server, '=' = peer, '#' = local clock. / .- Source state '*' = current synced, '+' = combined , '-' = not combined, | / '?' = unreachable, 'x' = time may be in error, '~' = time too variable. || .- xxxx [ yyyy ] +/- zzzz || / xxxx = adjusted offset, || Log2(Polling interval) -. | yyyy = measured offset, || \ | zzzz = estimated error. || | | MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* char-ntp-pool.charite.de 1 10 377 98 -476us[ -433us] +/- 21ms ^? s1.vlns.de 3 10 377 569 +1343us[+1385us] +/- 107ms ^+ funky.fuchsi.de 2 10 377 1017 -1579us[-1537us] +/- 35ms ^- nandus.lf-net.org 2 10 377 765 -1300us[-1258us] +/- 53ms ^+ xen1.hochstaetter.de 2 10 377 1018 +4330us[+4372us] +/- 73ms chronyc>
Checking chrony Source Statistics
Den Status unserer Zeitserverquellen fragen wir mit dem Befehl chronyc sourcestats ab.
# chronyc sourcestats
210 Number of sources = 3 Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev ============================================================================== liste.cc 8 7 265 -1.024 5.907 +2816us 252us stratum2-3.NTP.TechFak.NE 8 5 265 -1.825 7.580 -110us 411us alpha.linux.gq 8 5 265 -0.776 3.946 +1241us 176us
Die einzelnen Spalten haben folgende Bedeutung:
- Name / IP-Adresse
Name bzw. die IP-Adresse der Quelle, Referenz-ID oder der lokalen Referenz-Uhr auf den/die sich die folgenden Werte beziehen. - NP
Anzahl der Abtastpunkte (sampling points), die derzeit vom Daemon verwendet werden. Die Driftrate und der Offset werden durch eine lineare Regression der Abtastpunkte geschätzt. - NR
Anzahl der Durchläufe der Restwertberechnungen mit dem gleichen Vorzeichen nach der letzten Regression. Sobald dieser wert unter die Anzahl der Abtastpunkte (sampling points) ist dies ein Anzeichen, dass die Werte nicht mehr optimal linear berechnet werden können. Wird die Anzahl der Durchläufe zu klein, führt chronyd basieren auf alte bekannte Daten eine neu Regression durch, bis der wert wieder in einem akzeptablen Bereich liegt. - Span
Abstand zwischen dem ältesten und neuesten Sample. Wird keine Einheit angegeben, werden Sekunden angezeigt; m steht für Minuten. - Frequency
geschätzte Restfrequenz, die dedr Daemon nutzte (10-6) - Freq Skew
geschätzte Fehlergrenzen des Werts Frequency (10-6). - Offset
geschätzter Offset der Quelle. - Std Dev
geschätzte Standardabweichung der Stichprobe.
Haben wir uns mit chronyc verbunden, können wir uns auch mit der Option -v eine Beschreibung der Spalten abrufen.
# chronyc -a
chrony version 1.29.1 Copyright (C) 1997-2003, 2007, 2009-2013 Richard P. Curnow and others chrony comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the GNU General Public License version 2 for details. 200 OK chronyc>
chronyc> sourcestats -v
210 Number of sources = 5 .- Number of sample points in measurement set. / .- Number of residual runs with same sign. | / .- Length of measurement set (time). | | / .- Est. clock freq error (ppm). | | | / .- Est. error in freq. | | | | / .- Est. offset. | | | | | | On the -. | | | | | | samples. \ | | | | | | | Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev ============================================================================== char-ntp-pool.charite.de 64 27 15h -0.000 0.009 -801us 356us s1.vlns.de 18 9 293m 0.083 0.047 +1293us 244us funky.fuchsi.de 9 7 155m 0.026 0.163 -1709us 263us nandus.lf-net.org 7 6 103m -0.351 0.495 -2348us 422us xen1.hochstaetter.de 61 29 15h -0.001 0.009 +4265us 372us
Checking chrony Tracking
Die Anzeige der System Zeit Informationen fragen wir mit dem Befehl chronyc tracking ab.
# chronyc tracking
Reference ID : 129.70.132.36 (stratum2-3.NTP.TechFak.NET) Stratum : 3 Ref time (UTC) : Thu Jun 25 12:11:40 2015 System time : 0.000093731 seconds slow of NTP time Last offset : -0.000091557 seconds RMS offset : 0.000051272 seconds Frequency : 0.381 ppm slow Residual freq : -0.001 ppm Skew : 0.006 ppm Root delay : 0.033234 seconds Root dispersion : 0.002327 seconds Update interval : 1043.2 seconds Leap status : Normal
Die einzelnen Werte haben nachfolgend aufgeführte Bedeutungen:
- Reference ID
Referenz-ID bzw. Name und die IP-Adresse mit dem sich der chrony-Daemon synchronisiert hat. Der Wert 127.127.1.1 zeigt an, dass sich der Daemon nicht mit einer externen NTP-server synchronisiert hat, sondern dass der Daemon im „lokal mode“ befindet, da der Server über eine externe Signalquelle z.B. einer DCF 77 Funkuhr verfügt. - Stratum
Anzeige des Stratum-Wertes von der Quelle an Hand der zuletzt empfangenen Datenpakete.- 1 wird angezeigt, wenn der Server über eine lokal angeschlossene Referenzuhr verfügt.
- 2 wird angezeigt, wenn der Daemon sich mit einer Quelle synchronisiert hat, die den Wert Stratum 1 inne hat.
- n Jede weitere Erhöhung des Stratum-Wertes bedeutet, dass ein weiterer Host zwischen dem chrony-Daemon und dem Zeitnormal mit dem Stratum Wert 1 steht.
- Ref time (UTC)
Uhrzeit (UTC) der Referenz ID, also der Zeit des externen Zeitservers oder der lokalen externen Uhr. - System time
Im normalen Betrieb wird der chrony-Daemon die lokale Zeit nicht in einem Schritt neu stellen, da dies zu ungewollten Effekten führen würde. Chrony word daher zur Anpassung der lokalen Uhrzeit an das externe Ziel durch Veränderungen der Laufgeschwindigkeit der lokalen Uhr anpassen; d.h. die loakel Uhr wird mal schneller oder langsamer als die Uhr des Zeitquelle laufen. Diese Abweichung wird beim Punkt Ref time (UTC) angegeben. - Last offset
Repräsentiert die geschätze Differenz der lokalen Uhr zur externen Quelle. - RMS offset
Dies ist die Anzeige der durchschnittliche Abweichung der lokalen Uhr zur externen Quelle. - Frequency
Abweichung der lokalen Uhrzeit vom Zeitnormal, in der Annahme chronyd würde die Zeit nicht anpassen. Der Wert wird in ppm2) angegeben. - Residual freq
Anzeige der Restfrequenz (residual frequency) für die aktuell ausgewählte Referenzquelle. Der angezeigte Wert spiegelt einen Unterschied zwischen dem, was die Messung von der Referenzquelle vorgibt un der aktuell von chrony-Daemon verwendeten Frequenz wieder. Der Wert wird dabei niemals den Wert 0 anzeigen, da bei der Berechnung der Frequenzwerte Rundungen verwendet werden. Jedes mal wenn der Frequenzwert des Zeitnormals empfangen wurde und die neue Restfrequenz berechnet wurde, wird die geschätzte Genauigkeit dieses neuen Restwertes mit den vorhandenen Werten verglichen und angezeigt. Je genauer die Messungen der Referenzquelle ist und je stabiler die lokale Uhr läuft um so geringer wird der angezeigte Wert und nähert sich im Idealfall dem Wert 0 an. - Skew
Frequenzdrifft in ppm3). - Root delay
Verzögerung durch Laufzeitunterschiede zwischen dem Straum 1 und dem lokalen Server, die durch Laufzeitunterschiede im Netzwerk aufgetreten sind. - Root dispersion
Ungefähre Abweichung (Streuung), bedingt durch statistischen Messschwankungen oder Rundungsdifferenzen, der lokalen Uhrzeit bis hin zur Stratum 1 Quelle. - Update interval
Intervall in Sekunden, in der der Daemon die Uhrzeit spätentens aktualisiert. - Leap status
Sprungstatus der Uhrzeit, die einen der folgenden Werte aufweisen kann:- Normal normaler Betrieb, also alles in Ordnung,
- Insert second Zeit wurde durch Einfügen einer Sekunde verlangsamt,
- Delete second Zeit wurde durch Löschen einer Sekunde beschleunigt, oder
- Not synchronized Zeit konnte noch nicht synchronisiert werden.
Checking chrony Clients
Betreiben wir unseren chrony-Daemon im Server-Mode, können wir uns anzeigen lassen, welcher oder welche Clients sich mit dem Daemon verbunden haben, egal ob via NTP oder zum command/monitoring Port. Hierzu öffnen wir zuerst einmal die chrony-Shell auf unserem Server, auf dem der chrony-Daemon läuft.
# chronyc -a
chrony version 1.29.1 Copyright (C) 1997-2003, 2007, 2009-2013 Richard P. Curnow and others chrony comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the GNU General Public License version 2 for details. 200 OK chronyc>
Anschließend fragen wir mit dem Befehl clients ab, welche Clients sich mit dem Server verbunden haben.
chronyc> clients
Hostname Client Peer CmdAuth CmdNorm CmdBad LstN LstC ========================= ====== ====== ====== ====== ====== ==== ==== localhost 0 0 31 25 0 45y 0 10.0.0.52 228 0 0 0 0 57 45y
Die einzelnen Werte haben nachfolgend aufgeführte Bedeutungen:
- Hostname
Hostname oder IP-Adresse des Clients - Client
Anzahl der Verbindungen des Clients im NTP client mode - Peer
Anzahl der Verbindungen des Clients im NTP symmetric active mode - CmdAuth
Anzahl der authentifizierten Steuerpakete die vom Client bis jetzt erfolgreich, d.h. nach dem password-Befehl, abgesetzt wurden. - CmdNorm
Anzahl der nicht authentifizierten Steuerpakete die vom Client bis jetzt abgesetzt wurden. - CmdBad
Anzahl der erfolglosen Versuche Steuerpakete die vom Client bis jetzt abgesetzt wurden. - LstN
Zeit seit dem das letzte NTP Pakete empfangen wurde - LstC
Zeit seit dem das letzte Steuerpaket/Befehl empfangen wurde
Fazit
Betrachtet man nun abschließend die Konfigurationsmöglichkeiten von chrony, kann man unter anderem folgendes Resümee ziehen:
chronyd eignet sich hervorragend im Virtualisierungsumfeld, die ja bekannter Weise eine große Volatilität bei der lokalen Systemuhr nach sich ziehen kann, eine stabile Synchronisation der Uhrzeiten zu gewährleisten.
ntpd
Als Alternative kann man natürlich auch auf den altbekannten NTP-Daemon ntp zurückgreifen.
Installation
Wurde bei der Erstinstallation der unter CentOS 7 standardmäßig vorgegebene NTP-Daemon noch nicht vom System entfernt, holen wir dies nun kurz nach.
# yum remove chrony -y
Nun installieren wir den NTP-Daemon ntp mit Hilfe des Paketverwaltungsprogramms yum.
# yum install ntp -y
Dokumentation
Was uns das Paket alles mitgebracht hat, zeigt uns der Aufruf vom Befehl rpm mit der Option -qil.
# rpm -qil ntp
Name : ntp Version : 4.2.6p5 Release : 19.el7.centos Architecture: x86_64 Install Date: Fri 26 Jun 2015 09:48:07 AM CEST Group : System Environment/Daemons Size : 1429916 License : (MIT and BSD and BSD with advertising) and GPLv2 Signature : RSA/SHA256, Sat 20 Dec 2014 03:55:07 AM CET, Key ID 24c6a8a7f4a80eb5 Source RPM : ntp-4.2.6p5-19.el7.centos.src.rpm Build Date : Sat 20 Dec 2014 03:38:17 AM CET Build Host : worker1.bsys.centos.org Relocations : (not relocatable) Packager : CentOS BuildSystem <http://bugs.centos.org> Vendor : CentOS URL : http://www.ntp.org Summary : The NTP daemon and utilities Description : The Network Time Protocol (NTP) is used to synchronize a computer's time with another reference time source. This package includes ntpd (a daemon which continuously adjusts system time) and utilities used to query and configure the ntpd daemon. Perl scripts ntp-wait and ntptrace are in the ntp-perl package, ntpdate is in the ntpdate package and sntp is in the sntp package. The documentation is in the ntp-doc package. /etc/dhcp/dhclient.d /etc/dhcp/dhclient.d/ntp.sh /etc/ntp.conf /etc/ntp/crypto /etc/ntp/crypto/pw /etc/sysconfig/ntpd /usr/bin/ntpstat /usr/lib/systemd/ntp-units.d/60-ntpd.list /usr/lib/systemd/system/ntpd.service /usr/sbin/ntp-keygen /usr/sbin/ntpd /usr/sbin/ntpdc /usr/sbin/ntpq /usr/sbin/ntptime /usr/sbin/tickadj /usr/share/doc/ntp-4.2.6p5 /usr/share/doc/ntp-4.2.6p5/COPYRIGHT /usr/share/doc/ntp-4.2.6p5/ChangeLog /usr/share/doc/ntp-4.2.6p5/NEWS /usr/share/man/man5/ntp.conf.5.gz /usr/share/man/man5/ntp_acc.5.gz /usr/share/man/man5/ntp_auth.5.gz /usr/share/man/man5/ntp_clock.5.gz /usr/share/man/man5/ntp_decode.5.gz /usr/share/man/man5/ntp_misc.5.gz /usr/share/man/man5/ntp_mon.5.gz /usr/share/man/man8/ntp-keygen.8.gz /usr/share/man/man8/ntpd.8.gz /usr/share/man/man8/ntpdc.8.gz /usr/share/man/man8/ntpq.8.gz /usr/share/man/man8/ntpstat.8.gz /usr/share/man/man8/ntptime.8.gz /usr/share/man/man8/tickadj.8.gz /var/lib/ntp /var/lib/ntp/drift /var/log/ntpstats
Die Beschreibungen der einzelnen Befehle findet man in deren manpage's.
Konfiguration
Client
In diesem Konfigurationsbeispiel widmen wir uns einem CentOS 7 Client, der von einem bekannten NTP-Server die Uhrzeit holen und auch synchron halten soll. Ob ein eigener Zeitserver im eigenen Netzwerk oder ein öffentlicher NTP-Server genutzt werden soll, ist konfigurationstechnisch egal, unterschieden sich beide System i.d.R. nur im Namen oder der zugehörigen IP-Adresse.
Die Konfiguration unseres NTP-Daemon, oder genauer gesagt eines NTP-Clients ntp, erfolgt über die Datei /etc/ntp.conf. Mit dem Editor unserer Wahl bearbeiten wir nun diese Datei.
# vim /etc/ntp.conf
- /etc/ntp.conf
# For more information about this file, see the man pages # ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5). driftfile /var/lib/ntp/drift # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. restrict default kod nomodify notrap nopeer noquery restrict -6 default kod nomodify notrap nopeer noquery # Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1 restrict -6 ::1 # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). # Django : 2015-06-06 # default: server 0.centos.pool.ntp.org iburst # server 1.centos.pool.ntp.org iburst # server 2.centos.pool.ntp.org iburst # server 3.centos.pool.ntp.org iburst server time.dmz.nausch.org iburst server 10.0.0.57 iburst server 10.0.0.127 iburst #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys # Specify the key identifiers which are trusted. #trustedkey 4 8 42 # Specify the key identifier to use with the ntpdc utility. #requestkey 8 # Specify the key identifier to use with the ntpq utility. #controlkey 8 # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats
In der sehr übersichtlichen Konfigurationsdatei ist für unserem Client hauptsächlich die Zeile server time.dmz.nausch.org iburst von Interesse. Hier haben wir angegeben, mit welchem oder welchen internen Zeitserver(n) sich der Client sich synchronisieren soll.
Server
Daemon
Im zweiten Konfigurationsbeispiel widmen wir uns einem CentOS 7 Server, der von mehreren vertrauenswürdigen NTP-Server im Internet die Uhrzeit holen und auch synchron halten soll.
Die Konfiguration unseres NTP-Daemon, oder genauer gesagt unseres NTP-Servers mit Hilfe von ntüp, erfolgt über die Datei /etc/ntp.conf. Mit dem Editor unserer Wahl bearbeiten wir nun diese Datei.
# vim /etc/ntp.conf
- /etc/ntp.conf
# For more information about this file, see the man pages # ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5). driftfile /var/lib/ntp/drift # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. restrict default nomodify notrap nopeer noquery # Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1 restrict ::1 # Hosts on local network are less restricted. # Django : 2015-06-26 # interne Netze definiert, die den Zeitserver kontaktieren dürfen # default: #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap restrict 10.0.0.0 mask 255.255.255.0 nomodify notrap restrict 10.0.10.0 mask 255.255.255.192 nomodify notrap # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). server 0.centos.pool.ntp.org iburst server 1.centos.pool.ntp.org iburst server 2.centos.pool.ntp.org iburst server 3.centos.pool.ntp.org iburst #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys # Specify the key identifiers which are trusted. #trustedkey 4 8 42 # Specify the key identifier to use with the ntpdc utility. #requestkey 8 # Specify the key identifier to use with the ntpq utility. #controlkey 8 # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor
IPv6 Deaktivierung
Hat man im eigenen Netz „nur“ IPv4 im Einsatz, möchte man selbstredend den Support für IPv6 deaktivieren.
Das Deaktivieren erfolgt nun nicht, wie man vermutlich annehmen wird über die Konfigurationsdatei /etc/ntp.conf, sondern über die Datei /etc/sysconfig/ntpd.
# vim /etc/sysconfig/ntpd
- /etc/sysconfig/ntpd
# Command line options for ntpd # Django : 2015-06-26 # disable IPv6 support # default: OPTIONS="-g" OPTIONS="-g -4"
Paketfilter - firewalld
Damit unsere Clients Verbindungen zu dem geöffneten UDP-Port ntp/123 chrony-Daemons aufbauen können müssen wir für diese noch Änderungen am Paketfilter firewalld vornehmen.
Unter CentOS 7 wird als Standard-Firewall die dynamische firewalld verwendet. Ein großer Vorteil der dynamischen Paketfilterregeln ist unter anderem, dass zur Aktivierung der neuen Firewall-Regel(n) nicht der Daemon durchgestartet werden muss und somit alle aktiven Verbindungen kurz getrennt werden. Sondern unsere Änderungen können on-the-fly aktiviert oder auch wieder deaktiviert werden.
Mit Hilfe des Programms firewall-cmd legen wir nun eine permanente Regel in der Zone public, dies entspricht in unserem Beispiel das Netzwerk-Interface eth0 mit der IP 10.0.0.57, an. Als Source-IP geben geben wir das Netz unserer Clients an, was in unserem Fall 10.0.0.0/24 entspricht. Genug der Vorrede, mit nachfolgendem Befehl wird der Port 123 geöffnet.
# firewall-cmd --permanent --zone=public --add-rich-rule="rule family="ipv4" source address="10.0.0.0/24" port protocol="udp" port="123" destination address="10.0.0.57/32" accept"
success
Anschließend können wir den Firewall-Daemon einmal durchstarten und anschließend überprüfen, ob die Regeln auch entsprechend unserer Definition, gezogen haben.
# firewall-cmd --reload
success
Abschließend prüfen wir noch, ob die Erweiterung unseres Paketfilter aktiv ist.
# iptables -nvL IN_public_allow
Chain IN_public_allow (1 references) pkts bytes target prot opt in out source destination 205 15580 ACCEPT udp -- * * 10.0.0.0/24 10.0.0.57 udp dpt:123 ctstate NEW 0 0 ACCEPT tcp -- * * 10.0.0.117 10.0.0.57 tcp dpt:5665 ctstate NEW 2 112 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW
DHCP
Damit unsere Cliens auch von unserem eigenen NTP-Server Gebrauch machen, geben wir die IP-Adresse unseres NTP-Servers via DHCP bekannt.
Wir editieren also unsere /etc/dhcpd.conf.
vim /etc/dhcpd.conf option ntp-servers 192.168.100.1;
Abschließend restarten wir unseren DHCP-Server.
service dhcpd restart
Start des Daemon
manueller Start des Daemon
Möchten wir unseren Daemon starten, benutzen wir den folgenden Befehlsaufruf.
# systemctl start ntpd
Im syslog unseres Servers wird uns der Start unseres NTP-Daemons entsprechend vermerkt.
# tail -f /var/log/messages
Jun 26 10:53:09 vml000127 systemd: Starting Network Time Service... Jun 26 10:53:09 vml000127 ntpd[28371]: ntpd 4.2.6p5@1.2349-o Sat Dec 20 02:38:09 UTC 2014 (1) Jun 26 10:53:09 vml000127 ntpd[28372]: proto: precision = 0.308 usec Jun 26 10:53:09 vml000127 ntpd[28372]: 0.0.0.0 c01d 0d kern kernel time sync enabled Jun 26 10:53:09 vml000127 ntpd[28372]: Listen and drop on 0 v4wildcard 0.0.0.0 UDP 123 Jun 26 10:53:09 vml000127 ntpd[28372]: Listen and drop on 1 v6wildcard :: UDP 123 Jun 26 10:53:09 vml000127 ntpd[28372]: Listen normally on 2 lo 127.0.0.1 UDP 123 Jun 26 10:53:09 vml000127 ntpd[28372]: Listen normally on 3 eth0 10.0.0.127 UDP 123 Jun 26 10:53:09 vml000127 ntpd[28372]: Listen normally on 4 eth1 10.0.10.4 UDP 123 Jun 26 10:53:09 vml000127 ntpd[28372]: Listen normally on 5 lo ::1 UDP 123 Jun 26 10:53:09 vml000127 ntpd[28372]: Listen normally on 6 eth0 fe80::5054:ff:fe75:64da UDP 123 Jun 26 10:53:09 vml000127 ntpd[28372]: Listen normally on 7 eth1 fe80::5054:ff:fe34:a2fe UDP 123 Jun 26 10:53:09 vml000127 ntpd[28372]: Listening on routing socket on fd #24 for interface updates Jun 26 10:53:09 vml000127 systemd: Started Network Time Service. Jun 26 10:53:10 vml000127 ntpd[28372]: 0.0.0.0 c016 06 restart Jun 26 10:53:10 vml000127 ntpd[28372]: 0.0.0.0 c012 02 freq_set kernel 0.000 PPM Jun 26 10:53:10 vml000127 ntpd[28372]: 0.0.0.0 c011 01 freq_not_set Jun 26 10:53:10 vml000127 ntpd[28372]: 0.0.0.0 c614 04 freq_mode
automatischer Start des Daemon
Damit der Daemon ntpd automatisch bei jedem Systemstart startet, kann die Einrichtung eines Start-Scriptes über folgenden Befehl erreicht werden:
# systemctl enable ntpd.service
ln -s '/usr/lib/systemd/system/ntpd.service' '/etc/systemd/system/multi-user.target.wants/ntpd.service'
Ein Überprüfung ob der Dienst (Daemon)ntpd wirklich bei jedem Systemstart automatisch mit gestartet wird, kann durch folgenden Befehl erreicht werden:
# systemctl is-enabled ntpd.service
enabled
Tests
Daemon
Als ersten Test überprüfen wir, ob der Service ntpd geladen und ausgeführt wird. Hierzu benutzen wir folgenden Befehl.
# systemctl status ntpd.service
ntpd.service - Network Time Service Loaded: loaded (/usr/lib/systemd/system/ntpd.service; enabled) Active: active (running) since Fri 2015-06-26 10:53:09 CEST; 4min 14s ago Main PID: 28372 (ntpd) CGroup: /system.slice/ntpd.service └─28372 /usr/sbin/ntpd -u ntp:ntp -g Jun 26 10:53:09 vml000127.dmz.nausch.org ntpd[28372]: Listen normally on 4 eth1 10.0.10.4 UDP 123 Jun 26 10:53:09 vml000127.dmz.nausch.org ntpd[28372]: Listen normally on 5 lo ::1 UDP 123 Jun 26 10:53:09 vml000127.dmz.nausch.org ntpd[28372]: Listen normally on 6 eth0 fe80::5054:ff:fe75:64da UDP 123 Jun 26 10:53:09 vml000127.dmz.nausch.org ntpd[28372]: Listen normally on 7 eth1 fe80::5054:ff:fe34:a2fe UDP 123 Jun 26 10:53:09 vml000127.dmz.nausch.org ntpd[28372]: Listening on routing socket on fd #24 for interface updates Jun 26 10:53:09 vml000127.dmz.nausch.org systemd[1]: Started Network Time Service. Jun 26 10:53:10 vml000127.dmz.nausch.org ntpd[28372]: 0.0.0.0 c016 06 restart Jun 26 10:53:10 vml000127.dmz.nausch.org ntpd[28372]: 0.0.0.0 c012 02 freq_set kernel 0.000 PPM Jun 26 10:53:10 vml000127.dmz.nausch.org ntpd[28372]: 0.0.0.0 c011 01 freq_not_set Jun 26 10:53:10 vml000127.dmz.nausch.org ntpd[28372]: 0.0.0.0 c614 04 freq_mode
Mit nachfolgendem Befehlsaufruf können wir überprüfen ob und ggf. auf welchen Netzwerkinterfaces der ntpd den UDP Port 123 geöffnet hat.
# netstat -paunt | grep 123
udp 0 0 10.0.10.4:123 0.0.0.0:* 28372/ntpd udp 0 0 10.0.0.127:123 0.0.0.0:* 28372/ntpd udp 0 0 127.0.0.1:123 0.0.0.0:* 28372/ntpd udp 0 0 0.0.0.0:123 0.0.0.0:* 28372/ntpd udp6 0 0 fe80::5054:ff:fe34::123 :::* 28372/ntpd udp6 0 0 fe80::5054:ff:fe75::123 :::* 28372/ntpd udp6 0 0 ::1:123 :::* 28372/ntpd udp6 0 0 :::123 :::* 28372/ntpd
Mit dem Befehl watch ntpq -np können wir uns abschließend den Status unseres Timeservers anzeigen lassen (Die Synchronisation unter Umständen bis zu 30 Minuten dauern - diese Zeit muss ggf. gewartet werden)
watch ntpq -np
zeigt uns an:
Every 2,0s: ntpq -np Fri Jun 26 11:21:42 2015 remote refid st t when poll reach delay offset jitter ============================================================================== +81.169.180.23 78.46.78.10 3 u 2 64 377 28.552 0.764 0.540 +88.198.23.16 192.53.103.104 2 u 64 64 377 12.074 0.461 0.589 +88.198.8.101 192.53.103.104 2 u 62 64 377 42.315 0.422 0.666 *193.175.73.151 DCF77 1 u 62 64 377 12.315 0.552 0.852
An Hand des * am Zeilenanfang ist zu erkennen, dass Synchronisation erfolgt. Die Spalten haben folgende Bedeutung:
- remote
Mit welchen Servern ist mein Zeitserver verbunden? - refid
Von welcher Zeitquelle stammt die Zeit? - st
Anzeige des Stratum-Wertes von der Quelle an Hand der zuletzt empfangenen Datenpakete.- 1 wird angezeigt, wenn der Server über eine lokal angeschlossene Referenzuhr verfügt.
- 2 wird angezeigt, wenn der Daemon sich mit einer Quelle synchronisiert hat, die den Wert Stratum 1 inne hat.
- n Jede weitere Erhöhung des Stratum-Wertes bedeutet, dass ein weiterer Host zwischen dem chrony-Daemon und dem Zeitnormal mit dem Stratum Wert 1 steht.
- t
Welchen Typs ist die Zeitquelle?- u = unicast,
- m = multicast,
- l = lokal,
- - = unbekannt
- when
Vor wieviel Sekunden wurde beim Server zuletzt angefragt ? - poll
Wie oft wird mit diesem Server syncronisiert? ( Intervall in Sekunden ) - reach
Registerwert (Oktalzahl) der empfangenen Datenpakete. Das Register hat hat 8 bit und wird jeweils beim Empfang bzw. etwaigen Verlusten von Datenpaketen angepasst. Ein Wert von 377 zeigt z.B. an, das die letzten acht empfangenen Datenpakete gültig waren und somit alles bestens ist. - delay
Verzögerung durch Laufzeitunterschiede zwischen dem externen Zeitserver und dem lokalen Server. - offset
Repräsentiert die geschätze Differenz der lokalen Uhr zur externen Quelle. - jitter
Abweichung in Millisekunden
Links
- Zurück zu Projekte und Themenkapitel
- Zurück zu LINUX Installation und Konfiguration
- Zurück zur Startseite