Somehow but not quite building upon the older question "ntpd vs. I know that systemd-timesyncd is a more or less minimal ntp client implementation whereas chrony is a full fledged NTP daemon solution that happens to include an NTP client.
Subscribe to RSS
The ubuntu Bionic Beaver release notes state the following:. For simple time sync needs the base system already comes with systemd-timesyncd. Chrony is only needed to act as a time server or if you want the advertised more accurate and efficient syncing.
I like the idea of using a minimal preinstalled tool to do the job and I am pretty sure systemd-timesyncd will do the job for my use cases, still I am curious:.
The announcement of systemd-timesyncd in the systemd NEWS file does a good job of explaining the differences of this tool in comparison with Chrony and tools like it. A new "systemd-timesyncd" daemon has been added for synchronizing the system clock across the network. It implements an SNTP client. In contrast to NTP implementations such as chrony or the NTP reference server this only implements a client side, and does not bother with the full NTP complexity, focusing only on querying time from one remote server and synchronizing the local clock to it.
Unless you intend to serve NTP to networked clients or want to connect to local hardware clocks this simple NTP client should be more than appropriate for most installations. This setup is a common use case for most hosts in a server fleet. They will usually get synchronized from local NTP servers, which themselves get synchronized from multiple sources, possibly including hardware.
I believe you can get higher accuracy by getting synchronization data from multiple sources, which is specifically not a supported use case for systemd-timesyncd. But when you're using it to get synchronization data from central NTP servers connected to your reliable internal network, using multiple sources isn't really that relevant and you get good accuracy from a single source.
If you're synchronizing your server from a trusted server in a local network and in the same datacenterthe difference in accuracy between NTP and SNTP will be virtually non-existent. NTP can take RTT into account and do timesmearing, but that's not that beneficial when your RTT is really small, which is the case of a fast local network and a nearby machine.
You also don't need multiple sources if you can trust the one you're using. Getting synchronization from a single source is much simpler than getting it from multiple sources, since you don't have to make decisions about which sources are better than others and possibly combine information from multiple sources. The algorithms are much simpler and will require less CPU load for the simple case. That's addressed in the quote above, but in any case these are use cases for Chrony that are not covered by systemd-timesyncd:.
While a full featured NTP server or client reaches a very high level of accuracy and avoids abrupt time steps as much as possible by using different mathematical and statistical methods and smooth clock speed adjustments, SNTP can only be recommended for simple applications, where the requirements for accuracy and reliability are not too demanding.
By disregarding drift values and using simplified ways of system clock adjustment methods often simple time steppingSNTP achieves only a low quality time synchronisation when compared with a full NTP implementation. SNTP adopts a much simpler approach.
Chapter 6. Using the Chrony suite to configure NTP
Many of the complexities of the NTP algorithm are removed.Accessing chronyd remotely with chronyc. Understanding chrony and Its Configuration. Understanding chronyd and chronyc. The chrony daemon, chronydcan be monitored and controlled by the command line utility chronyc. This utility provides a command prompt, which allows entering a number of commands to query the current state of chronyd and make changes to its configuration.
By default, chronyd accepts only commands from a local instance of chronycbut it can be configured to accept monitoring commands also from remote hosts.
The remote access should be restricted. Understanding the chrony Configuration Commands. The -f option can be used to specify an alternate configuration file path. See the chronyd man page for further options. Below is a selection of chronyd configuration options:. The default is not to allow connections. Examples: allow Use this this command to grant access to an IPv6. The UDP port number needs to be open in the firewall in order to allow the client access:.
If you want to open port permanently, use the --permanent option:. This is similar to the allow directive see section allowexcept that it allows control access rather than NTP client access to a particular subnet or host. The syntax is identical. There is also a cmddeny all directive with similar behavior to the cmdallow all directive.
Path to the directory to save the measurement history across restarts of chronyd assuming no changes are made to the system clock behavior whilst it is not running. If this capability is to be used via the dumponexit command in the configuration file, or the dump command in chronycthe dumpdir command should be used to define the directory where the measurement histories are saved.
If this command is present, it indicates that chronyd should save the measurement history for each of its time sources recorded whenever the program exits. See the dumpdir command above. The hwtimestamp directive enables hardware timestamping for extremely accurate synchronization.Presence of the features was determined from the documentation, observed behaviour, and source code.
There may be mistakes, please let us know if you find any. This is a comparison of accuracies that can be achieved when the NTP implementations are used as NTP clients in various clock and network conditions. The accuracy of the synchronized clock was measured in a simulated Linux environment. The results are mean values and standard deviations from simulations.
The values are in microseconds. In this test with one NTP server the clients were using their default polling configuration. In this test the network was available to the clients only for 30 continuous minutes every 24 hours. The polling interval configuration and the clock wander were the same as in the first test.
It can use this data when the system boots to set the system time from a corrected version of the real-time clock. These real-time clock facilities are only available on Linux, so far. Note that the protocol has been shown to be insecure and it will be probably replaced with an implementation of the Network Time Security NTS specification.
This document compares features and performance of the following NTP implementations:. Clock discipline chrony ntp openntpd Independent phase and frequency control Yes No Yes Allowed random update interval e. Performance This is a comparison of accuracies that can be achieved when the NTP implementations are used as NTP clients in various clock and network conditions. Test 1: permanent network connection and stable clock In this test with one NTP server the clients were using their default polling configuration.
Test 3: intermittent network connection In this test the network was available to the clients only for 30 continuous minutes every 24 hours. Summary chrony vs ntp Things chrony can do better than ntp :. Infinity configurable.
By DNS, max 4 configurable. Timedelta sensors OpenBSD.Every time ntp comes up I wonder what happened to ntimed. NTP supports dozens of reference clocks, including the protocols of may precision timing receivers. Last I looked chrony supported only a single kind of reference clock. FWIW, the page also compares the number of reference clock drivers.
The most commonly used reference clocks these days are GPS receivers, which are well supported by gpsd. These tests show the same. Anyone know why it hasn't become the default on Linux?
It is the default for redhat and fedora. Then prove them wrong instead. Just because it's on their website doesn't mean it's misleading or incorrect. Or, perhaps, simply treat it with due skepticism. Sorry, but this is just flabby thinking.
We know it takes 10 times as long to refute bullshit as to create it. No-one needs to spend their lives proving wrong every slated comparison on every website. On the other hand, just calling bullshit because an open source project did a comparison page is a bit much.
The incentive to lie isn't particularly high and doing a good comparison has the utility of letting you know what you still need to work on.
So unless you have at least one example of how the page is wrong just calling bullshit by default seems uncalled for. I can't speak for chrony but considering the amount of security issues with ntpd I would much rather run openntpd.
They don't do the same thing. That means it's more suitable for following a reference clock, not keeping a number of machines in sync with each other and the rest of the world. Unless they have implemented more of the protocol now. This has security implications of its own. Both amongsts themselves, as well as with other devices that are running other NTP implementations.
I've heard other people claiming that OpenNTPD is not accurate enough and what not, but my anecdata says it performs well enough.
Do you happen to have any specific gripes with it? Is it the timekeeping algorithm that is lacking? Sibling comment mentioned leap seconds, and that's unlikely to change. Gathering from I've read on OpenBSD's mailing lists, leap second support in the kernel is not a priority -- to say the least.
Seeing the fallout on other OSes, I'd say it's a sound decision. On a similar note, Google introduced leap smearing to not deal with introducing leap seconds across all of its' servers.
Several other actors, such as Amazon and Akamai followed suite. The Linux ports are really outdated and few distributions include them. I'm using chrony on Linux distributions that don't ship openntpd. Also note that openntpd just ignores that leap seconds exist, and just assumes the local time is 1 second wrong when it happens.
Subscribe to RSS
If chrony had an MIT license, it has the potential to be more awesome.Jump to navigation. Does anybody really care? Perhaps that rock group didn't care what time it was, but our computers do need to know the exact time. Timekeeping is very important to computer networks.
In banking, stock markets, and other financial businesses, transactions must be maintained in the proper order, and exact time sequences are critical for that. For sysadmins and DevOps professionals, it's easier to follow the trail of email through a series of servers or to determine the exact sequence of events using log files on geographically dispersed hosts when exact times are kept on the computers in question.
I used to work at an organization that received over 20 million emails per day and had four servers just to accept and do a basic filter on the incoming flood of email. From there, emails were sent to one of four other servers to perform more complex anti-spam assessments, then they were delivered to one of several additional servers where the emails were placed in the correct inboxes.
At each layer, the emails would be sent to one of the next-level servers, selected only by the randomness of round-robin DNS. Sometimes we had to trace a new message through the system until we could determine where it "got lost," according to the pointy-haired bosses.
We had to do this with frightening regularity. Most of that email turned out to be spam. Some people actually complained that their [joke, cat pic, recipe, inspirational saying, or other-strange-email]-of-the-day was missing and asked us to find it.
We did reject those opportunities. Our email and other transactional searches were aided by log entries with timestamps that—today—can resolve down to the nanosecond in even the slowest of modern Linux computers. In very high-volume transaction environments, even a few microseconds of difference in the system clocks can mean sorting thousands of transactions to find the correct one s.
The primary servers are at stratum 1, and they are connected directly to various national time services at stratum 0 via satellite, radio, or even modems over phone lines. The time service at stratum 0 may be an atomic clock, a radio receiver tuned to the signals broadcast by an atomic clock, or a GPS receiver using the highly accurate clock signals broadcast by GPS satellites.
To prevent time requests from time servers lower in the hierarchy i. Many organizations with large numbers of hosts that need an NTP server will set up their own time servers so that only one local host accesses the stratum 2 time servers, then they configure the remaining network hosts to use the local time server which, in my case, is a stratum 3 server.
The original NTP daemon, ntpdhas been joined by a newer one, chronyd. Both keep the local host's time synchronized with the time server.Accurate timekeeping is important for a number of reasons in IT.
In networking for example, accurate time stamps in packets and logs are required. In Linux systems, the NTP protocol is implemented by a daemon running in user space. The user space daemon updates the system clock running in the kernel. The system clock can keep time by using various clock sources.
It is very fast, has a high resolution, and there are no interruptions. These sections describe the use of the chrony suite.
You can use chrony :. Typical accuracy between two machines synchronized over the Internet is within a few milliseconds, and for machines on a LAN within tens of microseconds. Hardware timestamping or a hardware reference clock may improve accuracy between two machines synchronized to a sub-microsecond level.
The chrony daemon, chronydcan be monitored and controlled by the command line utility chronyc. This utility provides a command prompt which allows entering a number of commands to query the current state of chronyd and make changes to its configuration.
By default, chronyd accepts only commands from a local instance of chronycbut it can be configured to accept monitoring commands also from remote hosts. The remote access should be restricted. To make changes to the local instance of chronyd using the command line utility chronyc in interactive mode, enter the following command as root :. The chronyc command prompt will be displayed as follows:. The utility can also be invoked in non-interactive command mode if called together with a command as follows:.
Changes made using chronyc are not permanent, they will be lost after a chronyd restart. Network Time Protocol NTP has two different implementations with similar basic functionality - ntp and chrony. Both ntp and chrony can operate as an NTP client in order to synchronize the system clock with NTP servers and they can operate as an NTP server for other computers in the network.
Each implementation has some unique features. For comparison of ntp and chronysee Comparison of NTP implementations. Configuration specific to an NTP client is identical in most cases. NTP servers are specified with the server directive. A pool of servers can be specified with the pool directive. Configuration specific to an NTP server differs in how the client access is controlled.
By default, ntpd responds to client requests from any address. The access can be restricted with the restrict directive, but it is not possible to disable the access completely if ntpd uses any servers as a client. To make chrony operate as an NTP server, you need to specify some addresses within the allow directive. If the offset is larger than seconds, ntpd exits unless it is the first correction of the clock and ntpd is started with the -g option.
Sign up to join this community. The best answers are voted up and rise to the top. Home Questions Tags Users Unanswered. Why is Chrony taking over network time sync responsibilities?
Ask Question. Asked 1 year, 11 months ago. Active 1 year, 11 months ago. Viewed 2k times. I am wondering why is Chrony replacing NTPd as the default component for network time sync.
Active Oldest Votes. See bug report LP : Rationale: 2. Sign up or log in Sign up using Google. Sign up using Facebook. Sign up using Email and Password.
Post as a guest Name. Email Required, but never shown. The Overflow Blog. Podcast Cryptocurrency-Based Life Forms. Q2 Community Roadmap. Featured on Meta.