Robert Moskowitz
2016-Dec-27 04:04 UTC
[CentOS] chronyd configuration as a local ntp server
This is for centos 7 that has chronyd 2.1.1 I am looking into how to use chronyd as my local ntp server. On my old servers with ntpd I had local access control lines like: restrict 192.168.128.0 mask 255.255.255.0 nomodify notrap But in looking for documentation on chronyd I did not find anything on this at: https://chrony.tuxfamily.org/doc/2.1/manual.html In the actual /etc/chronyd.conf there is the sample line: # Allow NTP client access from local network. #allow 192.168/16 Does this allow only allow queries? Does chronyd support the 'restrict' option? thank you
On Mon, Dec 26, 2016 at 11:04:22PM -0500, Robert Moskowitz wrote:> This is for centos 7 that has chronyd 2.1.1 > > I am looking into how to use chronyd as my local ntp server. > > On my old servers with ntpd I had local access control lines like: > > restrict 192.168.128.0 mask 255.255.255.0 nomodify notrap > > > But in looking for documentation on chronyd I did not find anything > on this at: > > https://chrony.tuxfamily.org/doc/2.1/manual.html > > In the actual /etc/chronyd.conf there is the sample line: > > # Allow NTP client access from local network. > #allow 192.168/16 > > Does this allow only allow queries? Does chronyd support the > 'restrict' option?Robert: Years back I used to use Chrony for that purpose (when I was running Smoothwall on an old PC instead of a commercial router, as I am now) and it did the job remarkably well. One of the designgoals of Chrony was to support networks or computers that are NOT connected full-time, so that time stayed somewhere near correct even if offline for hours or days. But that having been so long ago, now, I don't remember the details. I also don't remember what the "restrict" directive for ntpd does. (to give you an idea of how long ago that was it was when I had a Red Hat 7.2 or 7.3 workstation as my home PC--pre-RHEL. I could compile things on that RH box, tar up the necessary results and take that file to the smoothwall box and untar them and with small configuration: voila!) there used to be a chrony mailing list where one could ask such questions, but I haven't seen traffic on it in years, so it may no longer exist. Fred -- ------------------------------------------------------------------------------- Under no circumstances will I ever purchase anything offered to me as the result of an unsolicited e-mail message. Nor will I forward chain letters, petitions, mass mailings, or virus warnings to large numbers of others. This is my contribution to the survival of the online community. --Roger Ebert, December, 1996 ----------------------------- The Boulder Pledge -----------------------------
AFAIK the only thing needed to make your host an NTP server using chrony is to set the allow line to the network address in CIDR format of the network you want to be served, and uncomment it. The restart chronyd. You also need to ensure that port 123 (NTP) is open to your internal network on your filrewall. I have a CentOS 6 box that is an NTP server for my network. CentOS 7 works the same way. On 12/27/2016 08:25 AM, Fred Smith wrote:> On Mon, Dec 26, 2016 at 11:04:22PM -0500, Robert Moskowitz wrote: >> This is for centos 7 that has chronyd 2.1.1 >> >> I am looking into how to use chronyd as my local ntp server. >> >> On my old servers with ntpd I had local access control lines like: >> >> restrict 192.168.128.0 mask 255.255.255.0 nomodify notrap >> >> >> But in looking for documentation on chronyd I did not find anything >> on this at: >> >> https://chrony.tuxfamily.org/doc/2.1/manual.html >> >> In the actual /etc/chronyd.conf there is the sample line: >> >> # Allow NTP client access from local network. >> #allow 192.168/16 >> >> Does this allow only allow queries? Does chronyd support the >> 'restrict' option? > Robert: > > Years back I used to use Chrony for that purpose (when I was running > Smoothwall on an old PC instead of a commercial router, as I am now) > and it did the job remarkably well. > > One of the designgoals of Chrony was to support networks or computers > that are NOT connected full-time, so that time stayed somewhere near > correct even if offline for hours or days. > > But that having been so long ago, now, I don't remember the details. > > I also don't remember what the "restrict" directive for ntpd does. > > (to give you an idea of how long ago that was it was when I had a Red Hat > 7.2 or 7.3 workstation as my home PC--pre-RHEL. I could compile things on > that RH box, tar up the necessary results and take that file to the > smoothwall box and untar them and with small configuration: voila!) > > there used to be a chrony mailing list where one could ask such questions, > but I haven't seen traffic on it in years, so it may no longer exist. > > Fred-- ********************************************************* David P. Both, RHCE Millennium Technology Consulting LLC Raleigh, NC, USA 919-389-8678 dboth at millennium-technology.com www.millennium-technology.com www.databook.bz - Home of the DataBook for Linux DataBook is a Registered Trademark of David Both ********************************************************* This communication may be unlawfully collected and stored by the National Security Agency (NSA) in secret. The parties to this email do not consent to the retrieving or storing of this communication and any related metadata, as well as printing, copying, re-transmitting, disseminating, or otherwise using it. If you believe you have received this communication in error, please delete it immediately.