1. Introduction
Chrony is an open source free software, it can help you keep the system clock synchronized with the clock server (NTP), thus keeping your time accurate. It consists of two programs, chronyd and chronyc. Chronyd is a daemon that runs in the background and is used to adjust the system clock running in the kernel to synchronize with the clock server. It determines the rate at which the computer increases or decreases time, and compensates for it. Chronyc provides a user interface for monitoring performance and diversified configuration. It can work on the computer controlled by the chronyd instance or on a different remote computer.
2. Detailed configuration file
When Chrony starts, it reads the settings in the /etc/chrony.conf configuration file. The most important settings on CentOS 7 operating system are:
1.server-This parameter can be used multiple times to add a clock server and must be used in the "server" format. Generally speaking, you can add as many servers as you want.
2. stratumweight-The stratumweight instruction sets how much distance each layer should add to the synchronization distance when chronyd selects the synchronization source from the available sources. By default, it is set to 0 in CentOS, so that chronyd ignores the level of the source when selecting the source.
3. Driftfile-One of the main behaviors of the chronyd program is to calculate the ratio of the increase or decrease of the computer time according to the actual time. It is the most reasonable to record it in a file. It will compensate the system clock after restarting, and it may even be possible. If so, a better valuation will be obtained from the clock server.
4. rtcsync-The rtcsync command will enable a kernel mode in which the system time will be copied to the real-time clock (RTC) every 11 minutes.
5.allow / deny-Here you can specify a host, subnet, or network to allow or deny NTP connection to the machine acting as the clock server.
allow 192.168.4.5
deny 192.168/16
6. cmdallow / cmddeny-similar to the above, but you can specify which IP address or which host can use control commands through chronyd
7.bindcmdaddress-This command allows you to restrict which network interface chronyd listens for command packets (executed by chronyc). This command provides an additional level of access control available in addition to the above restrictions through the cmddeny mechanism.
bindcmdaddress 127.0.0.1
bindcmdaddress ::1
8.makestep-Normally, chronyd will slow down or speed up the clock according to demand, so that the system gradually corrects all time deviations. In some specific cases, the system clock may drift too fast, causing the adjustment process to take a long time to correct the system clock. This instruction forces chronyd to step-adjust the system clock when the adjustment period is greater than a certain threshold, but it will only take effect when there are no more clock updates because chronyd-startup time exceeds the specified limit (you can use a negative value to disable the limit).
Three, use chronyc
You can also modify the settings by running the chronyc command, the command is as follows:
chronyc: enter the settings
accheck: check whether NTP access is available to a specific host
activity: this command will show how many NTP sources are online/offline
add server: manually add a new NTP server.
Clients: Report on the client that the server has been accessed
delete: Manually remove the NTP server or peer server
settime: Manually set the daemon time
tracking: Display system time information
help: Display help