chronyd
is /etc/chrony.conf
. The -f
option can be used to specify an alternate configuration file path. See the chronyd
man page for further options. For a complete list of the directives that can be used see http://chrony.tuxfamily.org/manual.html#Configuration-file. Below is a selection of configuration options:
NTP
connections to a machine acting as NTP
server. The default is not to allow connections.
Examples:
allow server1.example.com
allow 192.0.2.0/24
allow 2001:db8::/32
IPv6
address to be allowed access.
allow
directive (see section allow
), except that it allows control access (rather than NTP
client access) to a particular subnet or host. (By “control access” is meant that chronyc can be run on those hosts and successfully connect to chronyd
on this computer.) The syntax is identical. There is also a cmddeny all
directive with similar behavior to the cmdallow all
directive.
chronyd
(assuming no changes are made to the system clock behavior whilst it is not running). If this capability is to be used (via the dumponexit
command in the configuration file, or the dump
command in chronyc), the dumpdir
command should be used to define the directory where the measurement histories are saved.
chronyd
should save the measurement history for each of its time sources recorded whenever the program exits. (See the dumpdir
command above).
local
keyword is used to allow chronyd
to appear synchronized to real time (from the viewpoint of clients polling it), even if it has no current synchronization source. This option is normally used on computers in an isolated network, where several computers are required to synchronize to one other, this being the “master” which is kept vaguely in line with real time by manual input.
local stratum 10A large value of 10 indicates that the clock is so many hops away from a reference clock that its time is unreliable. If the computer ever has access to another computer which is ultimately synchronized to a reference clock, it will almost certainly be at a stratum less than 10. Therefore, the choice of a high value like 10 for the
local
command prevents the machine’s own time from ever being confused with real time, were it ever to leak out to clients that have visibility of real servers.
log
command indicates that certain information is to be logged. It accepts the following options:
NTP
measurements and related information to a file called measurements.log
.
statistics.log
.
tracking.log
.
refclocks.log
.
tempcomp.log
.
logdir
command. An example of the command is:
log measurements statistics tracking
logdir /var/log/chrony
chronyd
will cause the system to gradually correct any time offset, by slowing down or speeding up the clock as required. In certain situations, the system clock may be so far adrift that this slewing process would take a very long time to correct the system clock. This directive forces chronyd
to step system clock if the adjustment is larger than a threshold value, but only if there were no more clock updates since chronyd
was started than a specified limit (a negative value can be used to disable the limit). This is particularly useful when using reference clocks, because the initstepslew
directive only works with NTP
sources.
makestep 1000 10This would step the system clock if the adjustment is larger than 1000 seconds, but only in the first ten clock updates.
chronyd
will give up and exit (a negative value can be used to never exit). In both cases a message is sent to syslog.
maxchange 1000 1 2After the first clock update,
chronyd
will check the offset on every clock update, it will ignore two adjustments larger than 1000 seconds and exit on another one.
chronyd
's tasks is to work out how fast or slow the computer’s clock runs relative to its reference sources. In addition, it computes an estimate of the error bounds around the estimated value. If the range of error is too large, it indicates that the measurements have not settled down yet, and that the estimated gain or loss rate is not very reliable. The maxupdateskew
parameter is the threshold for determining whether an estimate is too unreliable to be used. By default, the threshold is 1000 ppm. The format of the syntax is:
maxupdateskew skew-in-ppmTypical values for skew-in-ppm might be 100 for a dial-up connection to servers over a telephone line, and 5 or 10 for a computer on a LAN. It should be noted that this is not the only means of protection against using unreliable estimates. At all times,
chronyd
keeps track of both the estimated gain or loss rate, and the error bound on the estimate. When a new estimate is generated following another measurement from one of the sources, a weighted combination algorithm is used to update the master estimate. So if chronyd
has an existing highly-reliable master estimate and a new estimate is generated which has large error bounds, the existing master estimate will dominate in the new master estimate.
chronyd
selects synchronization source from available sources, it will prefer the one with minimum synchronization distance. However, to avoid frequent reselecting when there are sources with similar distance, a fixed distance is added to the distance for sources that are currently not selected. This can be set with the reselectdist
option. By default, the distance is 100 microseconds.
reselectdist dist-in-seconds
stratumweight
directive sets how much distance should be added per stratum to the synchronization distance when chronyd
selects the synchronization source from available sources.
stratumweight dist-in-secondsBy default, dist-in-seconds is 1 second. This means that sources with lower stratum are usually preferred to sources with higher stratum even when their distance is significantly worse. Setting
stratumweight
to 0 makes chronyd
ignore stratum when selecting the source.
rtcfile
directive defines the name of the file in which chronyd
can save parameters associated with tracking the accuracy of the system’s real-time clock (RTC). The format of the syntax is:
rtcfile /var/lib/chrony/rtc
chronyd
saves information in this file when it exits and when the writertc
command is issued in chronyc. The information saved is the RTC’s error at some epoch, that epoch (in seconds since January 1 1970), and the rate at which the RTC gains or loses time. Not all real-time clocks are supported as their code is system-specific. Note that if this directive is used then the real-time clock should not be manually adjusted as this would interfere with chrony's need to measure the rate at which the real-time clock drifts if it was adjusted at random intervals.
rtcsync
directive is present in the /etc/chrony.conf
file by default. This will inform the kernel the system clock is kept synchronized and the kernel will update the real-time clock every 11 minutes.