NTP Chrony Cliente

• Versão avaliada: LXC Fedora 42

• O Chrony funciona na porta 123/udp e/ou 323/udp.

Instalar o Pacote

$ sudo dnf install chrony -y

• Configure a timezone e se possui NTP

# timedatectl set-timezone "America/Sao_Paulo"

# timedatectl set-ntp yes|true

Opcional

• Para o LXC foi necessário editar o arquivo /etc/sysconfig/chronyd e adicione -x no final do parâmetro OPTIONS:

$ sudo vi /etc/sysconfig/chronyd

OPTIONS="........ -x"

Configurar o Chrony

• Para configurar o Chrony acesse o arquivo de configuração e ajuste os parâmetros abaixo:

$ sudo vi /etc/chrony.conf

# Use public servers from the pool.ntp.org project.

# Please consider joining the pool (https://www.pool.ntp.org/join.html).

###pool 2.fedora.pool.ntp.org iburst

server a.st1.ntp.br iburst nts

server b.st1.ntp.br iburst nts

server c.st1.ntp.br iburst nts

server d.st1.ntp.br iburst nts

server gps.ntp.br iburst nts

# Use NTP servers from DHCP.

###sourcedir /run/chrony-dhcp

# Record the rate at which the system clock gains/losses time.

driftfile /var/lib/chrony/drift

# Allow the system clock to be stepped in the first three updates

# if its offset is larger than 1 second.

makestep 1.0 3

# Enable kernel synchronization of the real-time clock (RTC).

rtcsync

# Enable hardware timestamping on all interfaces that support it.

#hwtimestamp *

# Increase the minimum number of selectable sources required to adjust

# the system clock.

#minsources 2

# Allow NTP client access from local network.

#allow 192.168.0.0/16

# Serve time even if not synchronized to a time source.

#local stratum 10

# Require authentication (nts or key option) for all NTP sources.

#authselectmode require

# Specify file containing keys for NTP authentication.

#keyfile /etc/chrony.keys

# Save NTS keys and cookies.

ntsdumpdir /var/lib/chrony

# Insert/delete leap seconds by slewing instead of stepping.

#leapsecmode slew

# Set the TAI-UTC offset of the system clock.

leapseclist /usr/share/zoneinfo/leap-seconds.list

# Specify directory for log files.

logdir /var/log/chrony

# Select which information is logged.

log measurements statistics tracking

# erro máximo tolerado em ppm em relação aos servidores

maxupdateskew 100.0

# diretiva que indica que o offset UTC e leapseconds devem ser lidos

# da base tz (de time zone) do sistema

leapsectz right/UTC

• Inicie o serviço:

$ sudo systemctl restart chronyd.service

$ sudo systemctl status chronyd.service

Testar  o Funcionamento

$ timedatectl 

               Local time: Fri 2025-08-01 23:01:45 -03

           Universal time: Sat 2025-08-02 02:01:45 UTC

                 RTC time: n/a

                Time zone: America/Sao_Paulo (-03, -0300)

System clock synchronized: yes

              NTP service: active

          RTC in local TZ: no

$ chronyc tracking

Reference ID    : C8A007C5 (gps.jd.ntp.br)

Stratum         : 2

Ref time (UTC)  : Sat Aug 02 01:55:07 2025

System time     : 0.001968419 seconds slow of NTP time

Last offset     : +0.000161704 seconds

RMS offset      : 0.000783483 seconds

Frequency       : 0.713 ppm fast

Residual freq   : -0.056 ppm

Skew            : 7.796 ppm

Root delay      : 0.010512952 seconds

Root dispersion : 0.001821716 seconds

Update interval : 64.1 seconds

Leap status     : Normal

[suporte@hl251 ~]$ 

$ chronyc sources

MS Name/IP address         Stratum Poll Reach LastRx Last sample               

===============================================================================

^+ a.st1.ntp.br                  1   6   377    51   -279us[ -279us] +/- 5433us

^? 201.49.148.135                0   6     0     -     +0ns[   +0ns] +/-    0ns

^? c.st1.ntp.br                  1   7    41   239  -2566us[-2219us] +/- 7708us

^+ 200.20.186.76                 1   6   377    53  -1982us[-1982us] +/-   11ms

^* gps.jd.ntp.br                 1   6   377    56   -543us[ -569us] +/- 5784us

$ chronyc sourcestats -v

                             .- Number of sample points in measurement set.

                            /    .- Number of residual runs with same sign.

                           |    /    .- Length of measurement set (time).

                           |   |    /      .- Est. clock freq error (ppm).

                           |   |   |      /           .- Est. error in freq.

                           |   |   |     |           /         .- Est. offset.

                           |   |   |     |          |          |   On the -.

                           |   |   |     |          |          |   samples. \

                           |   |   |     |          |          |             |

Name/IP Address            NP  NR  Span  Frequency  Freq Skew  Offset  Std Dev

==============================================================================

a.st1.ntp.br               23   9   24m     +0.153      0.921   +366us   514us

201.49.148.135              0   0     0     +0.000   2000.000     +0ns  4000ms

c.st1.ntp.br                4   3   23m     +0.624      6.477  -1636us   225us

200.20.186.76               6   3   581     -2.084     15.227   -914us   795us

gps.jd.ntp.br              23   9   24m     +0.216      1.058   +619us   610us

$ chronyc -N authdata

• Se o serviço do chrony não estiver ativo é possível sincronizar utilizando o comando:

$ sudo chronyd -q 'server <ntp_server> iburst'

Link: 1 / 2 / 3 / 

VALIDAR

Configurando o Servidor Chrony como NTP DA REDE Local

/etc/chrony.conf “

local stratum 10

allow 192.168.0.0/16

Quando descomentamos a linha “local stratum 10” , nosso servidor passa a ser um servidor NTP 

O parametro  “ allow 192.168.0.0/26 ” indica que os clientes desta rede têm permissão para fazer sincronização de horário.

$ sudo firewall-cmd --add-service=ntp –permanent

$ sudo firewall-cmd --reload