Question, How to configure Linux to prefer Chrony for Time\Date syncronization

General system Newbie
1

Hi,

I’m in the process of writing a tech note to guide users on how to change their time synchronization from systemd-timedate.service (NTP) to the encrypted chronyd.service time (NTS). What I noticed (in Gnome) is when I toggle the time date synchronize settings ON\OFF the system will switch back to using systemd-timedate.service.

Question:

What is the best way to make chronyd.service the default time date sync service?

This is my guess based on what i am reading:

a. Edit the “/usr/lib/systemd/ntp-units.d/80-systemd-timesync.list”.

b. Remove the line “systemd-timesyncd.service”.

c. Add the line “SYSTEMD_TIMEDATED_NTP_SERVICES=chronyd.service:systemd-timesyncd.service”.

d. Disable the “systemd-timesyncd.service”.

e. Enable and start the “chronyd.service”.

f. The systemd-timedated.service will now know to use chronyd.service.

I’m just not quite sure what it means by changing the system environment variables.

These are the sources I am reading from:

https://wiki.archlinux.org/title/Chrony

https://man.archlinux.org/man/systemd-timedated.8

2

Out of curiosity, how are you testing this?

3

This is the toggle in Gnome Settings I am toggling after I enable Chrony:

image
image894×189 11.3 KB

So after this is done the “systemd-timedated.service” is restarted automatically and it switches to using systemd-timesyncd.service.

sudo systemctl status systemd-timedated.service 
● systemd-timedated.service - Time & Date Service
     Loaded: loaded (/usr/lib/systemd/system/systemd-timedated.service; static)
     Active: active (running) since Sun 2023-09-10 14:37:30 EDT; 1min 21s ago
       Docs: man:systemd-timedated.service(8)
             man:localtime(5)
             man:org.freedesktop.timedate1(5)
   Main PID: 24115 (systemd-timedat)
      Tasks: 1 (limit: 19007)
     Memory: 1.2M
        CPU: 53ms
     CGroup: /system.slice/systemd-timedated.service
             └─24115 /usr/lib/systemd/systemd-timedated

Sep 10 14:37:30 mani systemd[1]: Starting Time & Date Service...
Sep 10 14:37:30 mani systemd[1]: Started Time & Date Service.
Sep 10 14:37:36 mani systemd-timedated[24115]: chronyd.service: Disabling unit.
Sep 10 14:37:37 mani systemd-timedated[24115]: Set NTP to disabled.
Sep 10 14:38:00 mani systemd-timedated[24115]: Changed local time to Sun 2023-09-10 14:38:00 EDT
Sep 10 14:38:24 mani systemd-timedated[24115]: systemd-timesyncd.service: Enabling unit.
Sep 10 14:38:24 mani systemd-timedated[24115]: Set NTP to enabled (systemd-timesyncd.service).
4

I am wondering how you verify that “the system will switch back to using systemd-timedate.service

5

I check both the chronyd.service (becomes disabled after the toggle)

 sudo systemctl status chronyd.service
○ chronyd.service - NTP client/server
     Loaded: loaded (/usr/lib/systemd/system/chronyd.service; disabled; preset: disabled)
     Active: inactive (dead)
       Docs: man:chronyd(8)
             man:chrony.conf(5)

Sep 10 13:36:51 mani chronyd[14429]: chronyd version 4.4 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SI>
Sep 10 13:36:51 mani chronyd[14429]: Frequency 2.996 +/- 0.804 ppm read from /var/lib/chrony/drift
Sep 10 13:36:51 mani chronyd[14429]: Using right/UTC timezone to obtain leap second data
Sep 10 13:36:51 mani systemd[1]: Started NTP client/server.
Sep 10 13:36:58 mani chronyd[14429]: Selected source 206.108.0.131 (2.arch.pool.ntp.org)
Sep 10 13:36:58 mani chronyd[14429]: System clock TAI offset set to 37 seconds
Sep 10 14:37:37 mani chronyd[14429]: chronyd exiting
Sep 10 14:37:37 mani systemd[1]: Stopping NTP client/server...
Sep 10 14:37:37 mani systemd[1]: chronyd.service: Deactivated successfully.
Sep 10 14:37:37 mani systemd[1]: Stopped NTP client/server.

And systemd-timesyncd.service (becomes enabled after toggle):

sudo systemctl status systemd-timesyncd.service
○ systemd-timesyncd.service - Network Time Synchronization
     Loaded: loaded (/usr/lib/systemd/system/systemd-timesyncd.service; disabled; preset: enabled)
     Active: inactive (dead)
       Docs: man:systemd-timesyncd.service(8)

Sep 10 14:38:24 mani systemd[1]: Starting Network Time Synchronization...
Sep 10 14:38:24 mani systemd-timesyncd[24545]: The system is configured to read the RTC time in the local time zone. T>
Sep 10 14:38:24 mani systemd[1]: Started Network Time Synchronization.
Sep 10 14:38:24 mani systemd-timesyncd[24545]: Contacted time server 216.232.132.102:123 (0.arch.pool.ntp.org).
Sep 10 14:38:24 mani systemd-timesyncd[24545]: Initial clock synchronization to Sun 2023-09-10 14:38:24.970715 EDT.
Sep 10 14:42:23 mani systemd[1]: Stopping Network Time Synchronization...
Sep 10 14:42:23 mani systemd[1]: systemd-timesyncd.service: Deactivated successfully.
Sep 10 14:42:23 mani systemd[1]: Stopped Network Time Synchronization.
6

@dalto I have also captured this information after I did a cold boot or a restart. Once I

  • enable chrony.service
  • disabled systemd-timesyncd.service

it will keep these settings (so far). But when I toggle on\off in Gnome Settings then the system will switch back to using systemd-timesyncd.service.

Guess my playing always find something to puzzle me. Below are the terminal messages with the time line intact after a cold boot:

❯ sudo systemctl status systemd-timedated.service
[sudo] password for user: 
○ systemd-timedated.service - Time & Date Service
     Loaded: loaded (/usr/lib/systemd/system/systemd-timedated.service; static)
     Active: inactive (dead)
       Docs: man:systemd-timedated.service(8)
             man:localtime(5)
             man:org.freedesktop.timedate1(5)

Sep 10 14:54:29 mani systemd[1]: Starting Time & Date Service...
Sep 10 14:54:29 mani systemd[1]: Started Time & Date Service.
Sep 10 14:54:59 mani systemd[1]: systemd-timedated.service: Deactivated successfully.

~ took 3s 
❯ 

~ 
❯ sudo systemctl status systemd-timesyncd.service
○ systemd-timesyncd.service - Network Time Synchronization
     Loaded: loaded (/usr/lib/systemd/system/systemd-timesyncd.service; disabled; preset: enabled)
     Active: inactive (dead)
       Docs: man:systemd-timesyncd.service(8)

~ 
❯ sudo systemctl status chronyd.service          
● chronyd.service - NTP client/server
     Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; preset: disabled)
     Active: active (running) since Sun 2023-09-10 14:54:28 EDT; 55s ago
       Docs: man:chronyd(8)
             man:chrony.conf(5)
    Process: 542 ExecStart=/usr/bin/chronyd $OPTIONS (code=exited, status=0/SUCCESS)
   Main PID: 550 (chronyd)
      Tasks: 1 (limit: 19007)
     Memory: 6.0M
        CPU: 73ms
     CGroup: /system.slice/chronyd.service
             └─550 /usr/bin/chronyd

Sep 10 14:54:28 mani systemd[1]: Starting NTP client/server...
Sep 10 14:54:28 mani (chronyd)[542]: chronyd.service: Referenced but unset environment variable evaluates to an empty >
Sep 10 14:54:28 mani chronyd[550]: chronyd version 4.4 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGN>
Sep 10 14:54:28 mani chronyd[550]: Frequency 3.190 +/- 0.378 ppm read from /var/lib/chrony/drift
Sep 10 14:54:28 mani chronyd[550]: Using right/UTC timezone to obtain leap second data
Sep 10 14:54:28 mani systemd[1]: Started NTP client/server.
Sep 10 14:55:01 mani chronyd[550]: Selected source 54.39.23.64 (2.arch.pool.ntp.org)
Sep 10 14:55:01 mani chronyd[550]: System clock TAI offset set to 37 seconds
Sep 10 14:55:03 mani chronyd[550]: Selected source 162.159.200.1 (time.cloudflare.com)
7

I’m going to post the below steps as what I did to set it up:

How to setup Chrony on Linux for Secure Time Synchronization (NTP)

Many computers use the Network Time Protocol (NTP) to synchronize their system clocks over the internet. NTP is one of the few unsecured internet protocols still in common use today. Usi Network Time Security (NTS) is one method secure NTP.

  1. Install Chrony from Arch Repository:
sudo pacman -S chrony

Output:

Package (1)   New Version  Net Change  Download Size

extra/chrony  4.4-1          1.06 MiB       0.34 MiB

Total Download Size:   0.34 MiB
Total Installed Size:  1.06 MiB

:: Proceed with installation? [Y/n] y
:: Retrieving packages...
 chrony-4.4-1-x86_64                        344.6 KiB   520 KiB/s 00:01 [----------------------------------------] 100%
(1/1) checking keys in keyring                                          [----------------------------------------] 100%
(1/1) checking package integrity                                        [----------------------------------------] 100%
(1/1) loading package files                                             [----------------------------------------] 100%
(1/1) checking for file conflicts                                       [----------------------------------------] 100%
:: Processing package changes...
(1/1) installing chrony                                                 [----------------------------------------] 100%
:: Running post-transaction hooks...
(1/4) Creating system user accounts...
Creating group 'chrony' with GID 956.
Creating user 'chrony' (Network Time Protocol) with UID 956 and GID 956.
(2/4) Reloading system manager configuration...
(3/4) Creating temporary files...
(4/4) Arming ConditionNeedsUpdate...
  1. Update the /etc/chrony.conf file with your preferred configuration:
### SPECIFY YOUR NTP SERVERS
# Most computers using chrony will send measurement requests to one or
# more 'NTP servers'.  You will probably find that your Internet Service
# Provider or company have one or more NTP servers that you can specify.
# Failing that, there are a lot of public NTP servers.  There is a list
# you can access at http://support.ntp.org/bin/view/Servers/WebHome or
# you can use servers from the pool.ntp.org project.

# Cloudflare (Anycast)
server time.cloudflare.com nts iburst

# System76
server ohio.time.system76.com nts iburst

# Default Arch NTP Pool
! pool 2.arch.pool.ntp.org iburst

#######################################################################
### AVOIDING POTENTIALLY BOGUS CHANGES TO YOUR CLOCK
#
# To avoid changes being made to your computer's gain/loss compensation
# when the measurement history is too erratic, you might want to enable
# one of the following lines.  The first seems good with servers on the
# Internet, the second seems OK for a LAN environment.

maxupdateskew 100

# By default, chronyd allows synchronisation to an unauthenticated NTP
# source (i.e. specified without the nts and key options) if it agrees with
# a majority of authenticated NTP sources, or if no authenticated source is
# specified.  If you don't want chronyd to ever synchronise to an
# unauthenticated NTP source, uncomment the first from the following lines.
# If you don't want to synchronise to an unauthenticated NTP source only
# when an authenticated source is specified, uncomment the second line.
# If you want chronyd to ignore authentication in the source selection,
# uncomment the third line.

authselectmode require
! authselectmode prefer
! authselectmode ignore

#######################################################################
### FILENAMES ETC
# Chrony likes to keep information about your computer's clock in files.
# The 'driftfile' stores the computer's clock gain/loss rate in parts
# per million.  When chronyd starts, the system clock can be tuned
# immediately so that it doesn't gain or lose any more time.  You
# generally want this, so it is uncommented.

driftfile /var/lib/chrony/drift

# Your RTC can be set to keep Universal Coordinated Time (UTC) or local
# time.  (Local time means UTC +/- the effect of your timezone.)  If you
# use UTC, chronyd will function correctly even if the computer is off
# at the epoch when you enter or leave summer time (aka daylight saving
# time).  However, if you dual boot your system with Microsoft Windows,
# that will work better if your RTC maintains local time.  You take your
# pick!

rtconutc

# Alternatively, if not using the -s option, this directive can be used
# to enable a mode in which the RTC is periodically set to the system
# time, with no tracking of its drift.

rtcsync
  1. Have Systemd use Chrony for time sync:

You can actually define the order of preference in which systemd-timedated searches for the actual synchronization services, either by defining an environment variable in an override file, e.g.:

a. Create a systemd service to allow for creation of an override file.

sudo systemctl edit myservice

b. The directory /etc/systemd/system/myservice.service.d will be created automatically.

c. Create an override file in the /etc/systemd/system/myservice.service.d directory.

sudo nano /etc/systemd/system/myservice.service.d/myenv-override.conf

d. Add the following content in the /etc/systemd/system/myservice.service.d/myenv-override.conf override file:

[Service]
Environment=SYSTEMD_TIMEDATED_NTP_SERVICES=chronyd.service:systemd-timesyncd.service

e. Enable and start the myservice.service:

sudo systemctl start myservice.service
sudo systemctl enable myservice.service

f. Verify the status of the myservice.service service:

sudo systemctl status myservice.service

Source:

  1. Disable the default ‘systemd-timesyncd.service’/
sudo systemctl disable systemd-timesyncd.service

Output:

❯ sudo systemctl disable systemd-timesyncd.service

~ 
❯ sudo systemctl status systemd-timesyncd.service 
○ systemd-timesyncd.service - Network Time Synchronization
     Loaded: loaded (/usr/lib/systemd/system/systemd-timesyncd.service; disabled; preset: enabled)
     Active: inactive (dead)
       Docs: man:systemd-timesyncd.service(8)
  1. Start and verify the ‘chronyd.service’ service is running correctly.
sudo systemctl start chronyd.service

Output:

sudo systemctl start chronyd.service         

~ 
❯ sudo systemctl status chronyd.service
● chronyd.service - NTP client/server
     Loaded: loaded (/usr/lib/systemd/system/chronyd.service; disabled; preset: disabled)
     Active: active (running) since Sun 2023-09-10 11:37:17 EDT; 19s ago
       Docs: man:chronyd(8)
             man:chrony.conf(5)
    Process: 19332 ExecStart=/usr/bin/chronyd $OPTIONS (code=exited, status=0/SUCCESS)
   Main PID: 19334 (chronyd)
      Tasks: 1 (limit: 19007)
     Memory: 7.7M
        CPU: 92ms
     CGroup: /system.slice/chronyd.service
             └─19334 /usr/bin/chronyd

Sep 10 11:37:17 mani systemd[1]: Starting NTP client/server...
Sep 10 11:37:17 mani (chronyd)[19332]: chronyd.service: Referenced but unset environment variable evaluates to an empt>
Sep 10 11:37:17 mani chronyd[19334]: chronyd version 4.4 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SI>
Sep 10 11:37:17 mani chronyd[19334]: Using right/UTC timezone to obtain leap second data
Sep 10 11:37:17 mani systemd[1]: Started NTP client/server.
Sep 10 11:37:24 mani chronyd[19334]: Selected source 162.159.200.1 (time.cloudflare.com)
Sep 10 11:37:24 mani chronyd[19334]: System clock wrong by 5.045062 seconds
Sep 10 11:37:29 mani chronyd[19334]: System clock was stepped by 5.045062 seconds
Sep 10 11:37:29 mani chronyd[19334]: System clock TAI offset set to 37 seconds
  1. Verify Chrony is running and able to connect to the time sources.
chronyc activity  

200 OK
5 sources online
0 sources offline
0 sources doing burst (return to online)
0 sources doing burst (return to offline)
0 sources with unknown address
  1. Verify Chrony is using the correct souces.
chronyc sources -v                    

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current best, '+' = combined, '-' = not combined,
| /             'x' = may be in error, '~' = too variable, '?' = unusable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^- time.cloudflare.com           3   6    27    35  -1091us[-1091us] +/-   21ms
^? time.cloudflare.com           3   6    17    37   +605us[ +605us] +/-   19ms
^- ntp1a.versadns.com            1   6    17    37   +786us[ +786us] +/-   14ms
^? vps-845cd9b3.vps.ovh.ca       2   6    17    37  +2485us[+2485us] +/-   67ms
^* ntp1.torix.ca                 1   6    17    38   +123us[ -609us] +/- 6362us
  1. Enable the Service to start at system boot.
sudo systemctl enable chronyd.service

Source:

https://wiki.archlinux.org/title/Chrony
https://man.archlinux.org/man/systemd-timedated.8

https://chrony-project.org/

NTP Pool Sources:
https://www.ntppool.org/zone/ca

8

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.