Master Chrony: Install and Configure High‑Precision Time Sync on Linux

Chrony Introduction and Installation

Chrony is a high‑precision time synchronization software that provides an NTP server and client, allowing computers to keep accurate system clocks.

Key Features

High‑precision clock synchronization with advanced algorithms.

Supports the NTP protocol for communication with external time servers.

Rich configuration options for customizing synchronization.

Fault tolerance and robustness for network interruptions.

System clock management and monitoring.

Chrony Package Composition

The package chrony contains two main programs: chronyd (the daemon) and chronyc (the command‑line client).

Service unit file: /usr/lib/systemd/system/chronyd.service Listening ports: server 123/udp, client 323/udp

Configuration file:

/etc/chrony.conf

chrony.conf Options

server - NTP server, iburst for fast initial sync
driftfile - records clock drift for compensation after reboot
rtcsync - copies system time to the hardware clock every 11 minutes
allow / deny - network ranges allowed to query the server
cmdallow / cmddeny - hosts allowed to send control commands
bindcmdaddress - interface for chronyc commands
makestep - forces a step correction when offset exceeds a threshold
local stratum 10 - provides local time when external servers are unavailable

Installation on Various Distributions

For Rocky Linux 9/10, AlmaLinux 9/10, CentOS Stream 9/10, AnolisOS 23, OpenCloudOS 9 and similar RHEL‑compatible systems, install with: # yum install -y chrony For openSUSE, use: # zypper install -y chrony For Ubuntu and Debian, use: # apt install -y chrony After installation, edit /etc/chrony.conf to replace the default pool with preferred NTP servers (e.g., ntp.aliyun.com, ntp.tencent.com, ntp.tuna.tsinghua.edu.cn) and allow all clients:

allow 0.0.0.0/0
local stratum 10

Enable and start the service:

# systemctl enable --now chronyd
# chronyc sources -nv   # verify synchronization

Network, Firewall, SELinux, and Timezone Configuration

Set a consistent network interface name, configure static IP, adjust repository mirrors, disable firewalls (firewalld, ufw), disable SELinux or AppArmor where applicable, and set the timezone to Asia/Shanghai.

Private Time Server Setup

Server Configuration

Install chrony, edit /etc/chrony.conf to remove the default pool, add external NTP servers, allow all subnets, and enable the local stratum:

server ntp.aliyun.com iburst
server ntp.tencent.com iburst
server ntp.tuna.tsinghua.edu.cn iburst
allow 0.0.0.0/0
local stratum 10

Restart and enable the daemon, then verify with chronyc sources -nv.

Client Configuration

Install chrony on the client, replace the pool lines with the private server address (e.g., 10.0.0.10), and restart the service.

server 10.0.0.10 iburst
allow 0.0.0.0/0
local stratum 10

One‑Click Installation Scripts

Two Bash scripts are provided: install_chrony_server_v3.sh for setting up a Chrony server on supported distributions, and install_chrony_client_v3.sh for configuring a client. The scripts detect the OS, install the package, adjust chrony.conf, and enable the service automatically.