A server will use the Network Time Protocol (NTP) to synchronize its time with internet standard reference clocks via a hierarchy of NTP servers. The two common NTP daemon server implementations are ntpd and chronyd. Chrony is known to be much faster in time synchronization in comparison to the traditional NTP. Chrony can also handle intermittent network connections and bandwidth saturation.

The Chrony RPM package is available from the standard Amazon Linux 2 repositories. You can quickly install the package by running the following commands:

sudo yum -y install chronyd

There is a daemon for Chrony called chronyd, which runs in the background to monitor system time and status of the time server specified in the chrony.conf file.

Configure Chrony NTP Server on Amazon Linux 2

The server configuration file is /etc/chrony.conf. Edit this file to set NTP Servers where time synchronization reference will happen.

$ sudo vim /etc/chrony.conf

Set the NTP servers to synchronize. Please replace the values here with your own timezone NTP servers.

pool 0.africa.pool.ntp.org iburst
pool 1.africa.pool.ntp.org iburst
pool 2.africa.pool.ntp.org iburst

Use public servers from the pool.ntp.org project. You can get all zonal Pool Servers.

Once the file is updated with servers to reference for time updates, restart chronyd service.

sudo systemctl restart chronyd
sudo systemctl enable chronyd

Check service status:

$ sudo systemctl status chronyd
● chronyd.service - NTP client/server
   Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2020-10-23 05:17:16 UTC; 23s ago
     Docs: man:chronyd(8)
           man:chrony.conf(5)
 Main PID: 29890 (chronyd)
   CGroup: /system.slice/chronyd.service
           └─29890 /usr/sbin/chronyd

Oct 23 05:17:16 ip-172-31-39-10.eu-west-1.compute.internal systemd[1]: Starting NTP client/server...
Oct 23 05:17:16 ip-172-31-39-10.eu-west-1.compute.internal chronyd[29890]: chronyd version 3.2 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER ...DEBUG)
Oct 23 05:17:16 ip-172-31-39-10.eu-west-1.compute.internal chronyd[29890]: Frequency 13.093 +/- 0.052 ppm read from /var/lib/chrony/drift
Oct 23 05:17:16 ip-172-31-39-10.eu-west-1.compute.internal systemd[1]: Started NTP client/server.
Oct 23 05:17:25 ip-172-31-39-10.eu-west-1.compute.internal chronyd[29890]: Selected source 156.38.0.155

If you have a running firewalld service and the server will serve as NTP Server to other clients, you may have to allow in the firewall.

sudo firewall-cmd --add-service=ntp --permanent
sudo firewall-cmd --reload

If you prefer allowing from specific subnet.

sudo firewall-cmd --remove-service=ntp --permanent
sudo firewall-cmd --add-rich-rule 'rule family="ipv4" service name="ssh" source address="172.31.0.0/16" accept' --permanent
sudo firewall-cmd --reload

Where 172.31.0.0/16 is the source address where NTP protocol is allowed for incoming traffic.

$ firewall-cmd --list-rich-rules
rule family="ipv4" source address="172.31.0.0/16" service name="ssh" accept

Verify Chrony is working by pulling correct time.

$ sudo chronyc sources
210 Number of sources = 12
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^+ ntp1.inx.net.za               2   6   377    64  +1643us[+1379us] +/-  119ms
^+ mail.saasta.ac.za             2   6   377    64  +3552us[+3288us] +/-  112ms
^+ cpt-ntp.mweb.co.za            2   6   377    65   +665us[ +401us] +/-  195ms
^+ 156.38.0.219                  2   6   375     1  +1074us[+1074us] +/-  126ms
^+ ntp.cd.net.za                 2   6   377    64   +827us[ +827us] +/-  134ms
^+ ntp1.za.hypr.digital          2   6   377     1  +2071us[+2071us] +/-  129ms
^+ ntp3.inx.net.za               2   6   377     4  +3273us[+3273us] +/-  121ms
^+ ntp.dts.mg                    2   6   377    64   +706us[ +706us] +/-  148ms
^- repository.habari.co.tz       2   6   377    66    +24ms[  +24ms] +/-  277ms
^- ns2.botsnet.bw                2   6   377     1  +7376us[+7557us] +/-  267ms
^* 196.200.160.123               2   6   377     1  -3843us[-3661us] +/-   96ms
^+ apollo.slash.tech             2   6   377    68  -2247us[-2321us] +/-   94ms

Chrony Client Configurations

On your client machines install chrony package:

sudo yum -y install chrony

Modify configuration file and add your NTP Server.

$ sudo vim /etc/chrony.conf
pool 172.31.20.11 iburst

Set your machine timezone:

sudo timedatectl set-timezone Africa/Nairobi

Start and enable Chronyd Service.

sudo systemctl enable --now chronyd

Test with the command below.

sudo chronyc sources

Check your system date to confirm if it is correct:

$ date
Fri Oct 23 08:34:54 EAT 2020

LEAVE A REPLY

Please enter your comment!
Please enter your name here

six + 4 =