Versão avaliada: LXC Fedora 42
O Chrony funciona na porta 123/udp e/ou 323/udp.
$ sudo dnf install chrony -y
Configure a timezone e se possui NTP
# timedatectl set-timezone "America/Sao_Paulo"
# timedatectl set-ntp yes|true
Para o LXC foi necessário editar o arquivo /etc/sysconfig/chronyd e adicione -x no final do parâmetro OPTIONS:
$ sudo vi /etc/sysconfig/chronyd
OPTIONS="........ -x"
Para configurar o Chrony acesse o arquivo de configuração e ajuste os parâmetros abaixo:
$ sudo vi /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (https://www.pool.ntp.org/join.html).
###pool 2.fedora.pool.ntp.org iburst
server a.st1.ntp.br iburst nts
server b.st1.ntp.br iburst nts
server c.st1.ntp.br iburst nts
server d.st1.ntp.br iburst nts
server gps.ntp.br iburst nts
# Use NTP servers from DHCP.
###sourcedir /run/chrony-dhcp
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3
# Enable kernel synchronization of the real-time clock (RTC).
rtcsync
# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *
# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2
# Allow NTP client access from local network.
#allow 192.168.0.0/16
# Serve time even if not synchronized to a time source.
#local stratum 10
# Require authentication (nts or key option) for all NTP sources.
#authselectmode require
# Specify file containing keys for NTP authentication.
#keyfile /etc/chrony.keys
# Save NTS keys and cookies.
ntsdumpdir /var/lib/chrony
# Insert/delete leap seconds by slewing instead of stepping.
#leapsecmode slew
# Set the TAI-UTC offset of the system clock.
leapseclist /usr/share/zoneinfo/leap-seconds.list
# Specify directory for log files.
logdir /var/log/chrony
# Select which information is logged.
log measurements statistics tracking
# erro máximo tolerado em ppm em relação aos servidores
maxupdateskew 100.0
# diretiva que indica que o offset UTC e leapseconds devem ser lidos
# da base tz (de time zone) do sistema
leapsectz right/UTC
Inicie o serviço:
$ sudo systemctl restart chronyd.service
$ sudo systemctl status chronyd.service
$ timedatectl
Local time: Fri 2025-08-01 23:01:45 -03
Universal time: Sat 2025-08-02 02:01:45 UTC
RTC time: n/a
Time zone: America/Sao_Paulo (-03, -0300)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
$ chronyc tracking
Reference ID : C8A007C5 (gps.jd.ntp.br)
Stratum : 2
Ref time (UTC) : Sat Aug 02 01:55:07 2025
System time : 0.001968419 seconds slow of NTP time
Last offset : +0.000161704 seconds
RMS offset : 0.000783483 seconds
Frequency : 0.713 ppm fast
Residual freq : -0.056 ppm
Skew : 7.796 ppm
Root delay : 0.010512952 seconds
Root dispersion : 0.001821716 seconds
Update interval : 64.1 seconds
Leap status : Normal
[suporte@hl251 ~]$
$ chronyc sources
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^+ a.st1.ntp.br 1 6 377 51 -279us[ -279us] +/- 5433us
^? 201.49.148.135 0 6 0 - +0ns[ +0ns] +/- 0ns
^? c.st1.ntp.br 1 7 41 239 -2566us[-2219us] +/- 7708us
^+ 200.20.186.76 1 6 377 53 -1982us[-1982us] +/- 11ms
^* gps.jd.ntp.br 1 6 377 56 -543us[ -569us] +/- 5784us
$ chronyc sourcestats -v
.- Number of sample points in measurement set.
/ .- Number of residual runs with same sign.
| / .- Length of measurement set (time).
| | / .- Est. clock freq error (ppm).
| | | / .- Est. error in freq.
| | | | / .- Est. offset.
| | | | | | On the -.
| | | | | | samples. \
| | | | | | |
Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev
==============================================================================
a.st1.ntp.br 23 9 24m +0.153 0.921 +366us 514us
201.49.148.135 0 0 0 +0.000 2000.000 +0ns 4000ms
c.st1.ntp.br 4 3 23m +0.624 6.477 -1636us 225us
200.20.186.76 6 3 581 -2.084 15.227 -914us 795us
gps.jd.ntp.br 23 9 24m +0.216 1.058 +619us 610us
$ chronyc -N authdata
Se o serviço do chrony não estiver ativo é possível sincronizar utilizando o comando:
$ sudo chronyd -q 'server <ntp_server> iburst'
VALIDAR
Configurando o Servidor Chrony como NTP DA REDE Local
/etc/chrony.conf “
local stratum 10
allow 192.168.0.0/16
Quando descomentamos a linha “local stratum 10” , nosso servidor passa a ser um servidor NTP
O parametro “ allow 192.168.0.0/26 ” indica que os clientes desta rede têm permissão para fazer sincronização de horário.
$ sudo firewall-cmd --add-service=ntp –permanent
$ sudo firewall-cmd --reload