Configuring Time in Rhel7 Chronyd

Configuring Time in Rhel7 with Chronyd. Time is one of the essential services on your network is the supply of accurate time. This is required for authentication with Active Directory or other Kerberos-based mechanisms and to make timestamps useful in log files.

Network Time Protocol (NTP) uses UDP and the traditional port 123. This protocol dictates the number of seconds that have elapsed since midnight on January 1, 1900. NTP is 32 bit, which means that the maximum time will be reached in 2036; however, as only the difference in timestamps is used rather than the actual time, the date does not present an issue unlike UNIX time ending in 2038, which is a little more serious.

Once the time service is started and synchronized with another time source, the client time can be changed to match the server’s time as long as the time is said to be sane. Insane time is said to be a server, offering a time with more than 1000 seconds offset to the client. Using this level of sanity, a client is prevented from synchronizing with a rogue time source.

The time can be managed in RHEL 7 via the chronyd or ntpd daemon itself. The chronyd daemon is enabled by default; however, this is really designed for desktops and machines that are often disconnected from networks. Synchronization of time with chronyd is much quicker than ntpd and is therefore suitable for machines that are booted frequently or often suspended. The ntpd daemon is still preferred for servers because it supports more authentication options and can broadcast time over the network.

Configuring time in Rhel 7 or any other OS using NTP is based on a hierarchy of servers. Each server is assigned a stratum number. The possible start values range from 0 to 15. Stratum 16 indicates that time services are not available. A time server with a stratum value of 0 gets its time from a physical time source (such as a GPS clock or an atomic clock). A stratum 1 server retrieves its time from a stratum 0 server, and so on.

implementing chronyd

First check the status of the chronyd service. It is running and enabled by default. Still lets check.

checking chronyd service status in rhel 7

We can also use the netstat command to display this. If we use the command with root privileges, we also see that the service holding the port open is chronyd. The -p option displays this, but requires root privileges. We can also use “chronyc tracking” command to check the current status of chronyd and from which server it is configuring time in rhel 7

chronyc tracking command in rhel 7

For configuring time in rhel 7. If we want to synchronize ourselves with one of our own local time servers, we can edit the /etc/chrony.conf configuration file. It will seem reasonable to allocate one server on your network as a time server and use this server as a time reference for the network.

/etc/chronyc.conf file in rhel 7

Now if we restart the service. We will get the updated time as sync using the NTP Server.

running chronyc -v sources command

We can also confirm it by using “chronyc tracking” command.

chronyc tracking command rhel 7