Christian WellsIn this comprehensive guide, we will walk you through the process of setting up Chrony as both an NTP server and client on your AlmaLinux 9 server. Chrony is an implementation of the Network Time Protocol (NTP), which enables time and clock synchronization on computer networks. By following this step-by-step tutorial, you will learn how to install Chrony, configure it as an NTP server and client, and utilize the chronyc command line tool for managing and monitoring Chrony.
Prerequisites
Before we begin, make sure you have the following:
- AlmaLinux 9 server: In this demonstration, we will be using a server with the hostname
alma9and the IP address192.168.10.15. - Linux client machine: You will also need an AlmaLinux machine to act as the client, with the hostname
node1and the IP address192.168.10.20. - Non-root user with root administrator privileges.
Setting Up System Timezone
The first step is to set up the system timezone on your AlmaLinux server. To do this, we will use the timedatectl utility. Follow these steps:
- Check the list of available time zones by running the following command:
sudo timedatectl list-timezones
- Choose the timezone that suits your location and environment.
- Set the default timezone using the following command. For example, to set the timezone to Europe/Amsterdam, run:
sudo timedatectl set-timezone Europe/Amsterdam
- Verify the current timezone by running the following command:
sudo timedatectl
Ensure that the Time zone section displays your desired timezone.
Alternatively, you can also check the default system timezone by examining the /etc/localtime file. Make sure that the file is a symlink to the proper timezone by running:
ls -lah /etc/localtime
Installing Chrony
Now that the system timezone is set, we can proceed with installing Chrony on your AlmaLinux server. Chrony is available in the default AlmaLinux repository, so the installation process is straightforward. Follow these steps:
- Use the
dnfpackage manager to search for the Chrony package:
sudo dnf search chrony
- Install Chrony by running the following command and confirming with ‘y’:
sudo dnf install chrony
- Once the installation is complete, start and enable the
chronydservice using the following commands:
sudo systemctl start chronyd sudo systemctl enable chronyd
- Verify that the
chronydservice is running by running the following command:
sudo systemctl status chronyd
Ensure that the output displays “active (running)”.
Configuring Firewalld
After installing Chrony, you need to configure the firewalld to allow NTP traffic to your NTP server. Depending on whether you are running a public NTP server or a server for your local networks, follow the appropriate instructions below.
Public NTP Server
If you are running a public NTP server, execute the following commands to allow anyone to access your NTP server installation:
sudo firewall-cmd --add-service=ntp --permanent sudo firewall-cmd --reload
Local NTP Server
If you are running an NTP server for your local networks, execute the following commands to specify the network subnet that can access your NTP server:
sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='192.168.5.0/24' service='ntp' accept" sudo firewall-cmd --reload
To verify the list of firewalld rules, use the following command:
sudo firewall-cmd --list-all
Ensure that the service ntp is added to the firewalld services list.
Setting Up Chrony as NTP Server
Now that Chrony is installed and the firewall is configured, we can proceed with setting up Chrony as an NTP server. To do this, we need to make some modifications to the Chrony configuration file. Follow these steps:
- Open the Chrony default configuration file
/etc/chrony.confusing a text editor:
sudo nano /etc/chrony.conf
- Visithttps://www.ntppool.org to find available NTP servers that can be used as the source. Choose servers that are geographically close to your server’s location.
- Add the chosen NTP servers to the
serverparameter in the configuration file. For example:
server0.nl.pool.ntp.org iburst server1.nl.pool.ntp.org iburst server2.nl.pool.ntp.org iburst server3.nl.pool.ntp.org iburst
- Add the
allowparameter and specify your network subnet to restrict access to your NTP server. For example:
allow 192.168.10.0/24
- Adjust any other necessary options in the configuration file.
- Save and close the file.
- Restart the
chronydservice to apply the changes:
sudo systemctl restart chronyd
- Verify the NTP server sources by running the following command:
chronyc sources
You should see a list of the nearest NTP server sources.
Setting Up Chrony as NTP Client
In addition to setting up Chrony as an NTP server, you may also want to configure it as an NTP client on another AlmaLinux machine. Follow these steps to set up Chrony as an NTP client:
- First, ensure that the
chronydservice is running on the client machine by running the following command:
sudo systemctl status chronyd
- Open the Chrony configuration file
/etc/chrony.confusing a text editor:
sudo nano /etc/chrony.conf
- Add your NTP server to the
serverparameter in the configuration file. You can use either the IP address or the FQDN of your NTP server. For example:
server 192.168.10.15 iburst prefer The iburst parameter allows the Chronyd service to make the first update of the clock shortly after the start, and the prefer parameter prioritizes the NTP server source.
- Save and close the file.
- Restart the
chronydservice to apply the changes:
sudo systemctl restart chronyd
- Verify the NTP server sources on the client machine by running the following command:
chronyc sources
You should see your NTP server listed as the NTP server source.
Basic Usage of Chronyc Command
Chronyc provides a command-line interface for managing Chrony as both an NTP server and client. Here are some basic commands you can use with the chronyc tool:
Tracking Command
The tracking command shows the performance of the system clock. To use this command, run:
chronyc tracking
You should see information about the NTP server source that the system clock is synchronized with.
NTPdata Command
The ntpdata command allows you to measure and check the NTP source. Run the following command:
chronyc ntpdata
This command displays information about the NTP server source, including the remote address, remote port, and local address.
Activity Command
The activity command shows the number of NTP servers on the peer. Run the following command:
chronyc activity
You will see the online status if the NTP server is reachable, and the offline status if the server peer is offline.
Allow and Deny Commands
You can use the allow and deny commands to control access to your Chrony NTP server. For example, to allow a subnet to access your NTP server, use the following command:
chronyc allow IP/subnet
To deny a subnet from accessing your NTP server, use the deny command:
chronyc deny IP/subnet
Conclusion
Congratulations! You have successfully set up Chrony as an NTP server and client on your AlmaLinux 9 server. By following this guide, you have learned how to install Chrony, configure it as an NTP server, and set it up as an NTP client. Additionally, you have learned how to utilize the chronyc command line tool for managing and monitoring Chrony. With Chrony, you can ensure accurate time synchronization and improve the overall performance and reliability of your network.
For reliable and efficient cloud hosting solutions, consider Shape.host’s Linux SSD VPS services. With our scalable and secure hosting solutions, you can achieve optimal performance and uptime for your business. Visit Shape.host to learn more.
