Stay punctual with chrony
Just in Time
Amazon Web Services (AWS) began recommending chrony some time ago. The documentation [3] explains that AWS runs the Amazon Time Sync Service, to which it recommends connecting from Elastic Compute Cloud (EC2) instances. Sounding a little like a James Bond movie, the AWS docs go on to explain that the service "uses a fleet of satellite-connected and atomic reference clocks in each region to deliver accurate current time readings." In English, I suspect that means each continent's varying clusters of AWS data centers have access to atomic clocks for extra accuracy.
Not surprisingly, AWS appreciates the value to their customers of getting time syncing working correctly. As mentioned, it's a critical part of any production system's health. AWS docs confirm the /etc/chrony.conf
path for that config file, so I'll hazard a guess that's the location of the file on RHEL derivatives, as well. AWS suggests adding the line
server 169.254.169.123 prefer iburst
to the config file. If you're using their in-house Amazon Linux 2 OS for your server instance, you can ignore that instruction because it already defaults to using the AWS time service.
The funny-looking IP address above is in the LINKLOCAL-RFC3927-IANA-RESERVED address range (169.254.0.0/16), which isn't routed out onto the Internet, so it is a fast, local way of syncing with the AWS internal systems. Note that it ends with 123, which is the usual NTP port, making it easier for reference.
Only a Question of Time
The Amazon Time Sync Service topic segues perfectly into considerations about the time server sources you can choose to use. I'll start by saying that if you're using AWS, you almost never have a reason not to trust their time service, but I'll then add that because timekeeping is such a critical service, you might consider adding some extra redundancy in the form of other NTP sources. Should you not be using AWS, you should definitely think about which sources you have in place for redundancy.
Before continuing further, I'm going to refer you back to the chrony FAQ page [2] and the section How can I improve the accuracy of the system clock with NTP sources?. There, you'll find information on tweaking the time servers to which you ultimately choose to sync.
In my experience with upstream time servers that are geographically close but not all in the same country, using the public servers listed on the NTP site [4] is a very effective approach. Note the warning on the site about denial-of-service attacks:
NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.
A link is offered for BCP38 [5] that details the clever approaches for filtering out attacks (at the network Access Control List level) that plagued NTP for a while.
Time Works Wonders
The NTP site has a very useful page dedicated to helping you choose time servers near you [6] and how round-robin is used to iterate through a list of servers presented to an NTP server by the Domain Name System (DNS).
Figure 2 shows that a typical NTP-style hostname actually points to multiple time servers, which allows lists of time servers to be gathered easily into "pools." I'm in Europe, so I can add the pool servers to my chrony config file that are geographically close [7],
server 0.europe.pool.ntp.org server 1.europe.pool.ntp.org server 2.europe.pool.ntp.org server 3.europe.pool.ntp.org
by prepending server
to each line. This setup offers 16 IPv4 time servers; additionally, 2.europe.pool.ntp.org offers four IPv6 clocks with which to connect.
If you're worried that the number of community-volunteered clocks will reduce over time, in Europe alone, you can see that you should have no issues in that respect (Figure 3).
However, take note of the comment on the page for European servers: "In most cases, it's best to use pool.ntp.org to find an NTP server (or 0.pool.ntp.org, 1.pool.ntp.org, etc. if you need multiple server names). The system will try finding the closest available servers for you."
The clever (NTP) protocol that assists with timekeeping is innately designed to measure response times from servers that are geographically disparate and then compensate against the inherent network latency.
If you want to get your hands dirtier with NTP and chronyd
(or ntpd
, of course), then a word of advice would be to remember that DNS entries for the clock servers (e.g., 0.pool.ntp.org through 3.pool.ntp.org) point to a randomized set of servers that are updated each hour, which helps to distribute load. Bear in mind, however, that if you're working in a hospital and life depends on equipment running to the correct time, you're probably going to need a different pool of servers than someone who's watching YouTube at home. Business and domestic needs might be quite different.
« Previous 1 2 3 Next »
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Fedora 40 Beta Released Soon
With the official release of Fedora 40 coming in April, it's almost time to download the beta and see what's new.
-
New Pentesting Distribution to Compete with Kali Linux
SnoopGod is now available for your testing needs
-
Juno Computers Launches Another Linux Laptop
If you're looking for a powerhouse laptop that runs Ubuntu, the Juno Computers Neptune 17 v6 should be on your radar.
-
ZorinOS 17.1 Released, Includes Improved Windows App Support
If you need or desire to run Windows applications on Linux, there's one distribution intent on making that easier for you and its new release further improves that feature.
-
Linux Market Share Surpasses 4% for the First Time
Look out Windows and macOS, Linux is on the rise and has even topped ChromeOS to become the fourth most widely used OS around the globe.
-
KDE’s Plasma 6 Officially Available
KDE’s Plasma 6.0 "Megarelease" has happened, and it's brimming with new features, polish, and performance.
-
Latest Version of Tails Unleashed
Tails 6.0 is based on Debian 12 and includes GNOME 43.
-
KDE Announces New Slimbook V with Plenty of Power and KDE’s Plasma 6
If you're a fan of KDE Plasma, you'll be thrilled to hear they've announced a new Slimbook with an AMD CPU and the latest version of KDE Plasma desktop.
-
Monthly Sponsorship Includes Early Access to elementary OS 8
If you want to get a glimpse of what's in the pipeline for elementary OS 8, just set up a monthly sponsorship to help fund its continued existence.
-
DebConf24 to be Held in South Korea
Busan will be the location of the latest DebConf running July 28 through August 4