Master Chrony: Complete Guide to Install and Configure Time Synchronization on Linux

Chrony Introduction and Installation

1. Chrony (time synchronization service)

1.1 Chrony Introduction

Chrony is a time‑synchronization software designed to provide high‑precision system clock synchronization. It includes an NTP server and client, allowing computers to synchronize with network time servers and maintain accurate system time.

Key features of Chrony include:

High‑precision clock synchronization using advanced algorithms and drift compensation.

Full support for the Network Time Protocol (NTP) to communicate with external NTP servers.

Flexible configuration options for customizing synchronization behavior.

Fault tolerance and robustness to handle network interruptions or unavailable time servers.

System clock management capabilities beyond NTP client functionality.

1.2 Chrony File Composition

The Chrony package provides two main programs: chronyd (the daemon that adjusts the kernel clock) and chronyc (the command‑line tool for monitoring and configuring Chrony).

chronyd: runs as a background service, determines the rate of clock drift and compensates for it.

chronyc: provides interactive commands to query and configure Chrony.

Service unit file: /usr/lib/systemd/system/chronyd.service Listening ports: server 123/udp, client 323/udp

Configuration file:

/etc/chrony.conf

1.3 chrony.conf Configuration File

server - 可用于时钟服务器，iburst 选项当服务器可达时，发送一个八个数据包而不是通常的一个数据包。 包间隔通常为2秒,可加快初始同步速度

driftfile - 根据实际时间计算出计算机增减时间的比率，将它记录到一个文件中，会在重启后为系统时钟作出补偿

rtcsync - 启用内核模式，系统时间每11分钟会拷贝到实时时钟（RTC）

allow / deny - 指定一台主机、子网，或者网络以允许或拒绝访问本服务器

cmdallow / cmddeny - 可以指定哪台主机可以通过chronyd使用控制命令

bindcmdaddress - 允许chronyd监听哪个接口来接收由chronyc执行的命令

makestep - 强制chronyd在调整期大于某个阀值时立即校正系统时钟

local stratum 10 - 即使外部服务器不可用，也允许本地时间作为标准时间授时给其它客户端

2. Chrony Installation

2.1 Host Initialization

2.1.1 Set Network Interface Name

Rocky Linux 9/10, AlmaLinux 9/10, CentOS Stream 9/10, AnolisOS 23, OpenCloudOS 9 :

# mkdir -p /etc/systemd/network/
# touch /etc/systemd/network/70-eth0.link
# ip addr
# cat > /etc/systemd/network/70-eth0.link <<EOF
[Match]
MACAddress=00:0c:29:f8:60:8f

[Link]
Name=eth0
EOF

Alternatively, use a dynamic command to set the name based on the MAC address.

Modify NetworkManager configuration file to rename the connection:

# mv /etc/NetworkManager/system-connections/ens160.nmconnection /etc/NetworkManager/system-connections/eth0.nmconnection
# sed -i.bak 's/ens160/eth0/' /etc/NetworkManager/system-connections/eth0.nmconnection

Rocky Linux 8, AlmaLinux 8, CentOS 7, CentOS Stream 8, openEuler 22.03/24.03, AnolisOS 8, OpenCloudOS 8, Kylin Server v10, Uos Server v20 :

# edit /etc/default/grub and add "net.ifnames=0 biosdevname=0" to GRUB_CMDLINE_LINUX
# grub2-mkconfig -o /boot/grub2/grub.cfg   # (or appropriate EFI path)

2.1.2 Configure Network Parameters

Define IP address, prefix, gateway, and DNS variables, then apply them to the appropriate network configuration files for each distribution (Rocky, AlmaLinux, CentOS, Ubuntu, Debian, openSUSE, etc.). Example for Rocky/Linux:

IP=172.31.0.9
PREFIX=21
GATEWAY=172.31.0.2
PRIMARY_DNS=223.5.5.5
BACKUP_DNS=180.76.76.76

cat > /etc/NetworkManager/system-connections/${ETHNAME}.nmconnection <<EOF
[connection]
id=${ETHNAME}
type=ethernet
interface-name=${ETHNAME}

[ipv4]
address1=${IP}/${PREFIX},${GATEWAY}
dns=${PRIMARY_DNS};${BACKUP_DNS};
method=manual
EOF

Similar blocks are provided for other distributions (Ubuntu netplan, Debian /etc/network/interfaces, openSUSE /etc/sysconfig/network/ifcfg‑*).

2.1.3 Configure Mirror Sources

Replace default repository URLs with regional mirrors (e.g., Aliyun, Tencent, Sohu) using sed commands for each distribution. Example for Rocky:

MIRROR=mirrors.aliyun.com
sed -i.bak -e 's|^mirrorlist=|#mirrorlist=|g' -e 's|^#baseurl=http://dl.rockylinux.org/$contentdir|baseurl=https://'${MIRROR}'/rockylinux|g' /etc/yum.repos.d/[Rr]ocky*.repo

dnf clean all && dnf makecache

2.1.4 Disable Firewall

# systemctl disable --now firewalld   # for Rocky, AlmaLinux, CentOS, openEuler, AnolisOS, OpenCloudOS, openSUSE, Kylin, Uos
# systemctl disable --now ufw        # for Ubuntu

2.1.5 Disable SELinux

# setenforce 0
# sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config

2.1.6 Disable AppArmor (openSUSE)

# systemctl disable --now apparmor

2.1.7 Set Timezone

# timedatectl set-timezone Asia/Shanghai
# echo 'Asia/Shanghai' > /etc/timezone
# echo 'LC_TIME=en_DK.UTF-8' >> /etc/default/locale   # for Ubuntu

2.2 Implement Private Time Server

2.2.1 Server Configuration

Install Chrony, edit /etc/chrony.conf (or /etc/chrony/chrony.conf on Ubuntu/Debian) to replace pool servers with public NTP servers (Aliyun, Tencent, Tsinghua) and allow all clients:

server ntp.aliyun.com iburst
server ntp.tencent.com iburst
server ntp.tuna.tsinghua.edu.cn iburst
allow 0.0.0.0/0
local stratum 10

Restart and enable the service:

# systemctl restart chronyd
# systemctl enable --now chronyd
# ss -ntul   # verify ports 123/udp and 323/udp are open
# chronyc sources -nv   # confirm synchronization sources

2.2.2 Client Configuration

Install Chrony on the client host, then replace the default pool entries with the private server IP (e.g., 172.31.0.9):

server 172.31.0.9 iburst
allow 0.0.0.0/0
local stratum 10

Restart and enable the service, then verify synchronization:

# systemctl restart chronyd
# systemctl enable --now chronyd
# chronyc sources -nv   # should show the private server with a "*"

2.3 One‑Click Chrony Installation Scripts

2.3.1 Server Installation Script

#!/bin/bash
# Chrony server install script supporting Rocky, AlmaLinux, CentOS, openEuler, Anolis, OpenCloudOS, openSUSE, Kylin, UOS
NTP_SERVER1=ntp.aliyun.com
NTP_SERVER2=ntp.tencent.com
NTP_SERVER3=ntp.tuna.tsinghua.edu.cn
# Detect OS, install chrony, modify /etc/chrony.conf, enable and start chronyd
# ... (script content omitted for brevity)

2.3.2 Client Installation Script

#!/bin/bash
# Chrony client install script supporting the same distributions
SERVER=172.31.0.9
# Detect OS, install chrony, modify configuration to point to SERVER, enable and start chronyd
# ... (script content omitted for brevity)

Both scripts can be obtained from the author's Gitee or GitHub repositories.