Loading...

VONDS ©

Lab 97: Set up a basic NTP client with chronyd

Back to Lab Index

Configure a host as an NTP client using chronyd to keep logs and timestamps consistent across systems. Verify sync health with timedatectl and chronyc, then apply a one-time step correction when drift is large.

chrony ntp timesync rhel

Scenario

A server’s clock is drifting and logs are no longer ordered correctly. You need to install chrony, enable chronyd, verify the system is synchronized, and confirm the active NTP sources and tracking statistics.

Operator context

Time drift creates subtle failures: TLS issues, confusing incident timelines, broken log correlation, and unpredictable authentication behavior. The goal is enable time sync, prove it’s working, then document what it’s using.

Objective

  • Install chrony and enable chronyd.
  • Verify service health with systemctl.
  • Confirm OS time sync status with timedatectl.
  • Validate active NTP sources with chronyc sources -v.
  • Apply a one-time step correction using chronyc makestep.
  • Confirm the primary configuration file location.

Concepts

  • Time synchronization as baseline infrastructure for distributed systems and log integrity.
  • Service enablement and runtime validation using systemctl.
  • OS-level sync state validation using timedatectl.
  • Source selection and health checks with chronyc sources -v.
  • Offset and reference tracking with chronyc tracking.
  • Controlled step correction with chronyc makestep.

Walkthrough

Step 1 : Install chrony.
Command 
sudo dnf install chrony -y

Install the client tooling and the daemon. On managed systems, this is usually standard build baseline work, not an emergency fix. 

# Expected signal:
# Installed: chrony
Step 2 : Enable and start chronyd.
Command 
sudo systemctl enable --now chronyd

This starts synchronization immediately and ensures it comes back after reboot.

Step 3 : Confirm service health.
Command 
systemctl status chronyd --no-pager

Confirm the unit is active and scan for obvious failures before you trust anything downstream. 

# Expected patterns:
# Active: active (running)
Step 4 : Validate OS sync state.
Command 
timedatectl status

You’re looking for a synchronized clock and an active NTP service. If the OS doesn’t agree, treat chrony output as incomplete evidence. 

# Expected patterns:
# System clock synchronized: yes
# NTP service: active
Step 5 : Confirm active time sources.
Command 
chronyc sources -v

Validate that the host can reach sources and that at least one is healthy. The selected source is typically marked with *. 

# Expected patterns:
# ^* time.example.net ...
Step 6 : Review tracking statistics.
Command 
chronyc tracking

Tracking output shows the current offset, correction behavior, stratum, and reference source being used. This is what you document when troubleshooting drift.

Step 7 : Apply a one-time step correction.
Safety note

Stepping time can be disruptive for time-sensitive applications. Use this when drift is large and you need a fast correction, then confirm sync and sources again.

Command 
sudo chronyc makestep
# Re-verify:
timedatectl status
chronyc sources -v
Step 8 : Confirm the configuration file location.
Command 
ls -l /etc/chrony.conf

This is where you document or adjust servers/pools and local policy. If the environment uses internal NTP, this file is where you confirm what the host is configured to trust.

Common breakpoints

chronyd is not active or fails to start

If the service is not running, start with systemctl status and then review logs. Fix the service state before trying to validate sources or tracking output.

timedatectl shows not synchronized

Confirm network reachability to NTP sources and verify at least one source is selectable in chronyc sources -v . If sources are unreachable, investigate DNS, routing, and firewall policy.

No selected source in chronyc sources output

If nothing is marked with *, the host has not selected a usable source. Confirm configuration and verify you are not blocked upstream by egress controls.

makestep causes application warnings

Stepping time can confuse systems that assume monotonic timestamps. If this is a risk, prefer gradual correction and coordinate the change window for sensitive workloads.

Cleanup checklist

This lab is non-destructive. Cleanup is confirming the service is enabled, the system reports synchronized time, and at least one usable source is selected.

Commands 
systemctl is-enabled chronyd
systemctl is-active chronyd
timedatectl status
chronyc sources -v
chronyc tracking
Success signal

timedatectl reports the clock is synchronized and chronyc sources shows a selected source with stable tracking output.

Reference

  • dnf install chrony -y : Installs the chrony package.
    • -y : Automatically answers yes to prompts.
  • systemctl enable --now chronyd : Enables chronyd at boot and starts it immediately.
    • --now : Starts the service immediately after enabling.
  • systemctl status chronyd --no-pager : Shows chronyd service status.
    • --no-pager : Prints output without paging.
  • timedatectl status : Shows system time settings and synchronization status.
  • chronyc sources -v : Shows configured and active NTP sources.
    • -v : Enables verbose output.
  • chronyc tracking : Shows chrony tracking statistics (offset, stratum, reference source).
  • chronyc makestep : Steps the clock to correct large drift.
  • ls -l /etc/chrony.conf : Confirms the primary chrony configuration file path.
    • /etc/chrony.conf : File containing chrony server/pool configuration and policy.