Mastering Time: A Guide to Setting Up a Chrony NTP Server on Rocky/Oracle Linux
In any modern IT infrastructure, accurate timekeeping isn’t just a convenience—it’s a critical necessity. From correlating log files for security analysis to ensuring transaction integrity in distributed databases, synchronized time is the silent backbone of a stable system. When managing multiple servers, relying on external time sources for every machine can be inefficient. The solution is to establish a local Network Time Protocol (NTP) server to act as a definitive, low-latency time authority for your entire network.
This guide provides a step-by-step walkthrough for configuring a robust NTP server on Rocky Linux or Oracle Linux using Chrony, the default and highly efficient NTP implementation in modern RHEL-based distributions.
Why Use a Local NTP Server?
- Reduced Latency: Querying a server on your local network is significantly faster than reaching out to public internet servers.
- Improved Accuracy and Stability: A local server provides a consistent and stable time source for all clients, minimizing clock drift across your environment.
- Network Efficiency: It reduces redundant internet traffic by having one server sync externally while all other clients sync internally.
- Security: You can operate an NTP server on an isolated network that has no internet access, provided you have another way to set its time accurately (like a GPS receiver).
Step 1: Install the Chrony Package
Before configuration, you need to ensure Chrony is installed. It’s the default NTP client and server software and offers faster time synchronization and better accuracy for systems that don’t run 24/7.
Open your terminal and run the following command with sudo or as the root user:
sudo dnf install chrony -y
This command will search the repositories for the chrony package and install it if it’s not already present.
Step 2: Configure Chrony as a Server
The core of the setup lies in the main configuration file, located at /etc/chrony.conf. We need to edit this file to define its upstream time sources and specify which clients are allowed to connect.
First, open the file in your preferred text editor:
sudo nano /etc/chrony.conf
1. Define Upstream Time Sources
By default, the configuration file uses servers from the pool.ntp.org project. These are excellent public sources. For a reliable setup, ensure you have at least three to four pool or server lines. The default configuration is often sufficient.
# Use public servers from the pool.ntp.org project.
pool 2.rocky.pool.ntp.org iburst
The iburst option sends a quick burst of packets at startup to speed up the initial time synchronization. Using a geographically relevant pool (e.g., us.pool.ntp.org or europe.pool.ntp.org) can improve accuracy.
2. Allow Network Clients to Connect
This is the most critical step for turning your machine into an NTP server. You must explicitly grant access to other machines on your network. Find the allow directive in the configuration file (it may be commented out).
Add a line to permit synchronization from your local subnet. For example, if your local network is 192.168.1.0/24, you would add:
# Allow NTP client access from local network.
allow 192.168.1.0/24
It is a crucial security practice to only allow trusted subnets. Never use allow all unless you have a very specific reason and understand the security implications.
After making your changes, save the file and exit the editor.
Step 3: Start and Enable the Chrony Service
With the configuration in place, you need to start the Chrony service and enable it to launch automatically on boot.
Run the following systemctl commands:
# Start the chronyd service immediately
sudo systemctl start chronyd
# Enable the service to start on boot
sudo systemctl enable chronyd
# Check the status to ensure it's running without errors
sudo systemctl status chronyd
If the status shows “active (running),” the service has started successfully.
Step 4: Open the Firewall for NTP Traffic
By default, the system’s firewall will block incoming NTP requests. You must create a rule to allow other machines to reach your server. NTP uses UDP port 123.
Use firewall-cmd to permanently add a rule for the NTP service:
# Add the NTP service to the public zone (or your active zone)
sudo firewall-cmd --add-service=ntp --permanent
# Reload the firewall to apply the changes
sudo firewall-cmd --reload
This command tells firewalld to allow incoming traffic on UDP port 123, which is the standard for NTP.
Step 5: Verify the NTP Server is Operational
Now that your server is configured and running, you can verify its status. The chronyc command-line utility is used to monitor and control the chronyd service.
1. Check Synchronization Sources
This command shows which upstream servers chronyd is connected to and which one it is currently synced with.
chronyc sources
The output will list the servers you defined. The ^* prefix indicates the server that your system is currently synchronized with. It may take a few minutes after starting the service for it to select a source and achieve sync.
2. Check Tracking Information
This command provides a summary of the system clock’s performance.
chronyc tracking
Look for the “Leap status” line. If it shows “Normal,” your server is operating correctly and its time is synchronized.
Configuring Client Machines
To complete your setup, configure your other network devices (clients) to use your new NTP server. On another Rocky or Oracle Linux client, edit its /etc/chrony.conf file.
Comment out or remove the public pool lines and add a server line pointing to your new NTP server’s IP address:
# server 0.rocky.pool.ntp.org iburst
# server 1.rocky.pool.ntp.org iburst
# server 2.rocky.pool.ntp.org iburst
# server 3.rocky.pool.ntp.org iburst
# Use our local NTP server
server 192.168.1.10 iburst
Replace 192.168.1.10 with the actual IP address of your NTP server. After saving the file, restart the chronyd service on the client machine:
sudo systemctl restart chronyd
By following these steps, you have successfully deployed a centralized and efficient time synchronization server, bringing greater stability, security, and precision to your entire network.
Source: https://kifarunix.com/easily-configure-ntp-server-on-rocky-oracle-linux/
