Ubuntu Server Guide

Merge lp:~paelzer/serverguide/serverguide-chrony-18.04 into lp:serverguide/trunk

  1. serverguide-chrony-18.04
  2. Merge into trunk
Proposed by Christian Ehrhardt 
Status: Merged
Approved by: Doug Smythies
Approved revision: 359
Merged at revision: 349
Proposed branch: lp:~paelzer/serverguide/serverguide-chrony-18.04
Merge into: lp:serverguide/trunk
Diff against target: 380 lines (+161/-66)
2 files modified
serverguide/C/network-auth.xml (+4/-4)
serverguide/C/network-config.xml (+157/-62)
To merge this branch: bzr merge lp:~paelzer/serverguide/serverguide-chrony-18.04
Reviewer Review Type Date Requested Status
Doug Smythies Approve
Review via email: mp+338892@code.launchpad.net

Description of the change

Update for 18.04 for the time synchronization chapter
- general 18.04 updates (e.g. new output)
- recommended NTP server changed from ntpd to chrony (LP: #1744072)
- minor cleanups while working at the section

To post a comment you must log in.
Revision history for this message
Doug Smythies (dsmythies) wrote :

thanks very much.

review: Approve
Revision history for this message
Simon Déziel (sdeziel) wrote :

LGTM with 2 minor nitpicks.

Revision history for this message
Doug Smythies (dsmythies) wrote :

@Simon: Thank you very much for your diligence. Since I already pushed this one, I'll make edits and push another revision.

Revision history for this message
Simon Déziel (sdeziel) wrote :

Alright, thanks guys.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'serverguide/C/network-auth.xml'
--- serverguide/C/network-auth.xml 2017-11-06 15:28:57 +0000
+++ serverguide/C/network-auth.xml 2018-02-23 10:55:44 +0000
@@ -3977,7 +3977,7 @@
3977 <para>The following packages are needed: <emphasis>krb5-user</emphasis>, <emphasis>samba</emphasis>, <emphasis>sssd</emphasis>, and <emphasis>ntp</emphasis>. Samba needs to be installed, even if the system is not exporting shares. The Kerberos realm and FQDN or IP of the domain controllers are needed for this step.</para>3977 <para>The following packages are needed: <emphasis>krb5-user</emphasis>, <emphasis>samba</emphasis>, <emphasis>sssd</emphasis>, and <emphasis>ntp</emphasis>. Samba needs to be installed, even if the system is not exporting shares. The Kerberos realm and FQDN or IP of the domain controllers are needed for this step.</para>
3978 <para>Install these packages now.3978 <para>Install these packages now.
3979 </para>3979 </para>
3980 <screen><command>sudo apt install krb5-user samba sssd ntp</command></screen>3980 <screen><command>sudo apt install krb5-user samba sssd chrony</command></screen>
3981 <para>See the next section for the answers to the questions asked by the <emphasis>krb5-user</emphasis> postinstall script.</para>3981 <para>See the next section for the answers to the questions asked by the <emphasis>krb5-user</emphasis> postinstall script.</para>
3982 </sect2>3982 </sect2>
3983 <sect2 id="sssd-ad-kerberos" status="review">3983 <sect2 id="sssd-ad-kerberos" status="review">
@@ -3997,7 +3997,7 @@
39973997
3998 <para>If default_realm is not specified, it may be necessary to log in with <quote>username@domain</quote> instead of <quote>username</quote>.</para>3998 <para>If default_realm is not specified, it may be necessary to log in with <quote>username@domain</quote> instead of <quote>username</quote>.</para>
39993999
4000 <para>The system time on the Active Directory member needs to be consistent with that of the domain controller, or Kerberos authentication may fail. Ideally, the domain controller server itself will provide the NTP service. Edit <filename>/etc/ntp.conf</filename>:</para>4000 <para>The system time on the Active Directory member needs to be consistent with that of the domain controller, or Kerberos authentication may fail. Ideally, the domain controller server itself will provide the NTP service. Edit <filename>/etc/chrony/chrony.conf</filename>:</para>
40014001
4002<programlisting>4002<programlisting>
4003server dc.myubuntu.example.com4003server dc.myubuntu.example.com
@@ -4085,8 +4085,8 @@
40854085
4086<sect2 id="sssd-ad-join" status="review">4086<sect2 id="sssd-ad-join" status="review">
4087 <title>Join the Active Directory</title>4087 <title>Join the Active Directory</title>
4088<para>Now, restart ntp and samba and start sssd.</para>4088<para>Now, restart chrony and samba and start sssd.</para>
4089<screen><command>sudo systemctl restart ntp.service</command>4089<screen><command>sudo systemctl restart chrony.service</command>
4090<command>sudo systemctl restart smbd.service nmbd.service</command> 4090<command>sudo systemctl restart smbd.service nmbd.service</command>
4091<command>sudo systemctl start sssd.service</command></screen>4091<command>sudo systemctl start sssd.service</command></screen>
40924092
40934093
=== modified file 'serverguide/C/network-config.xml'
--- serverguide/C/network-config.xml 2017-07-02 17:41:08 +0000
+++ serverguide/C/network-config.xml 2018-02-23 10:55:44 +0000
@@ -1055,34 +1055,49 @@
1055 </sect1>1055 </sect1>
10561056
1057 <sect1 id="NTP" status="review">1057 <sect1 id="NTP" status="review">
1058 <title>Time Synchronisation</title>1058 <title>Time Synchronization</title>
1059 <para>1059 <para>
1060NTP is a TCP/IP protocol for synchronising time over a network. Basically a client requests the current time from a server, and uses it to set its own clock. 1060NTP is a TCP/IP protocol for synchronizing time over a network. Basically a client requests the current time from a server, and uses it to set its own clock.
1061</para>1061</para>
1062 <para>1062 <para>
1063Behind this simple description, there is a lot of complexity - there are tiers of NTP servers, with the tier one NTP servers connected to atomic clocks, and tier two and three servers spreading the load of actually handling requests across the Internet. Also the client software is a lot more complex than you might think - it has to factor out communication delays, and adjust the time in a way that does not upset all the other processes that run on the server. But luckily all that complexity is hidden from you! 1063Behind this simple description, there is a lot of complexity - there are tiers of NTP servers, with the tier one NTP servers connected to atomic clocks, and tier two and three servers spreading the load of actually handling requests across the Internet. Also the client software is a lot more complex than you might think - it has to factor out communication delays, and adjust the time in a way that does not upset all the other processes that run on the server. But luckily all that complexity is hidden from you!
1064</para>1064</para>
1065 <para>1065 <para>
1066Ubuntu by default uses <emphasis>timedatectl / timesyncd</emphasis> to synchronize time and users can optionally use ntpd to serve network time info.1066 Ubuntu by default uses <emphasis>timedatectl / timesyncd</emphasis> to synchronize time and users can optionally use chrony to <xref linkend="timeservers"/>.
1067</para>1067</para>
10681068
1069<sect2 id="timedate-info" status="review">1069<sect2 id="timedate-info" status="review">
1070<title>Synchronizing your systems time</title>1070<title>Synchronizing your systems time</title>
1071 <para>1071 <para>
1072 Starting with Ubuntu 16.04 <emphasis>timedatectl / timesyncd</emphasis> (which are part of systemd) replace most of <emphasis>ntpdate / ntp</emphasis>.1072 Since Ubuntu 16.04 <emphasis>timedatectl / timesyncd</emphasis> (which are part of systemd) replace most of <emphasis>ntpdate / ntp</emphasis>.
1073 </para>1073 </para>
1074 <para>1074 <para>
1075 <application>timesyncd</application> is available by default and replaces not only <application>ntpdate</application>, but also the client portion of <application>ntpd</application>.1075 <application>timesyncd</application> is available by default and replaces not only <application>ntpdate</application>, but also the client portion of <application>chrony</application> (or formerly <application>ntpd</application>).
1076 So on top of the one-shot action that <application>ntpdate</application> provided on boot and network activation, now <application>timesyncd</application> by default regularly checks and keeps your local time in sync.1076 So on top of the one-shot action that <application>ntpdate</application> provided on boot and network activation, now <application>timesyncd</application> by default regularly checks and keeps your local time in sync.
1077 It also stores time updates locally, so that after reboots monotonically advances if applicable.1077 It also stores time updates locally, so that after reboots monotonically advances if applicable.
1078 </para>1078 </para>
1079 <para>1079 <para>
1080 If <application>ntpdate / ntp</application> are installed <application>timedatectl</application> steps back to let you keep your old setup.1080 If <application>chrony</application> is installed <application>timedatectl</application> steps back to let chrony do the time keeping.
1081 That shall ensure that no two time syncing services are fighting and also to retain any kind of old behaviour/config that you had through an upgrade.1081 That shall ensure that no two time syncing services are fighting.
1082 While no more recommended to be used, this still also applies to <application>ntpd</application> being installed to retain any kind of old behavior/config that you had through an upgrade.
1082 But it also implies that on an upgrade from a former release ntp/ntpdate might still be installed and therefore renders the new systemd based services disabled.1083 But it also implies that on an upgrade from a former release ntp/ntpdate might still be installed and therefore renders the new systemd based services disabled.
1083 </para>1084 </para>
1084 <para>1085 <para>
1085 <application>ntpdate</application> is considered deprecated in favour of <application>timedatectl</application> and thereby no more installed by default.1086 <application>ntpdate</application> is considered deprecated in favor of <application>timedatectl</application> (or <application>chrony</application>) and thereby no more installed by default.
1087 timesyncd will generally do the right thing keeping your time in sync, and <application>chrony</application> will help with more complex cases.
1088 But if you had one of a few known special ntpdate use cases, consider the following:
1089 <itemizedlist>
1090 <listitem>
1091 <para>
1092 If you require a one-shot sync use: <command>chronyd -q</command>
1093 </para>
1094 </listitem>
1095 <listitem>
1096 <para>
1097 If you require a one-shot time check, without setting the time use: <command>chronyd -Q</command>
1098 </para>
1099 </listitem>
1100 </itemizedlist>
1086 </para>1101 </para>
10871102
1088<sect3 id="timedate-config" status="review">1103<sect3 id="timedate-config" status="review">
@@ -1090,16 +1105,20 @@
1090 <para>1105 <para>
1091 The current status of time and time configuration via <application>timedatectl</application> and <application>timesyncd</application> can be checked with <command>timedatectl status</command>.1106 The current status of time and time configuration via <application>timedatectl</application> and <application>timesyncd</application> can be checked with <command>timedatectl status</command>.
1092 </para>1107 </para>
1093<screen>1108 <screen>
1094$ timedatectl status1109$ timedatectl status
1095 Local time: Mo 2017-06-26 12:16:16 CEST1110 Local time: Fr 2018-02-23 08:47:13 UTC
1096 Universal time: Mo 2017-06-26 10:16:16 UTC1111 Universal time: Fr 2018-02-23 08:47:13 UTC
1097 RTC time: Mo 2017-06-26 10:16:161112 RTC time: Fr 2018-02-23 08:47:13
1098 Time zone: Europe/Berlin (CEST, +0200)1113 Time zone: Etc/UTC (UTC, +0000)
1099 Network time on: yes1114 System clock synchronized: yes
1100NTP synchronized: yes1115 systemd-timesyncd.service active: yes
1101 RTC in local TZ: no1116 RTC in local TZ: no
1102</screen>1117
1118If chrony is running it will automatically switch to:
1119[...]
1120 systemd-timesyncd.service active: no
1121 </screen>
1103<para>1122<para>
1104Via <application>timedatectl</application> an admin can control the timezone, how the system clock should relate to the hwclock and if permanent synronization should be enabled or not.1123Via <application>timedatectl</application> an admin can control the timezone, how the system clock should relate to the hwclock and if permanent synronization should be enabled or not.
1105See <command>man timedatectl</command> for more details.1124See <command>man timedatectl</command> for more details.
@@ -1108,62 +1127,75 @@
1108 timesyncd itself is still a normal service, so you can check its status also more in detail via.1127 timesyncd itself is still a normal service, so you can check its status also more in detail via.
1109<screen>1128<screen>
1110$ systemctl status systemd-timesyncd1129$ systemctl status systemd-timesyncd
1111. systemd-timesyncd.service - Network Time Synchronization1130 systemd-timesyncd.service - Network Time Synchronization
1112 Loaded: loaded (/lib/systemd/system/systemd-timesyncd.service; enabled; vendor preset: enabled)1131 Loaded: loaded (/lib/systemd/system/systemd-timesyncd.service; enabled; vendor preset: enabled)
1113 Drop-In: /lib/systemd/system/systemd-timesyncd.service.d1132 Active: active (running) since Fri 2018-02-23 08:55:46 UTC; 10s ago
1114 |_disable-with-time-daemon.conf
1115 Active: active (running) since Mo 2017-06-26 11:12:19 CEST; 30min ago
1116 Docs: man:systemd-timesyncd.service(8)1133 Docs: man:systemd-timesyncd.service(8)
1117 Main PID: 12379 (systemd-timesyn)1134 Main PID: 3744 (systemd-timesyn)
1118 Status: "Synchronized to time server [2001:67c:1560:8003::c8]:123 (ntp.ubuntu.com)."1135 Status: "Synchronized to time server 91.189.89.198:123 (ntp.ubuntu.com)."
1119 Tasks: 21136 Tasks: 2 (limit: 4915)
1120 Memory: 424.0K
1121 CPU: 12ms
1122 CGroup: /system.slice/systemd-timesyncd.service1137 CGroup: /system.slice/systemd-timesyncd.service
1123 |_12379 /lib/systemd/systemd-timesyncd1138 └─3744 /lib/systemd/systemd-timesyncd
11241139
1125Jun 26 11:12:19 lap systemd[1]: Starting Network Time Synchronization...1140Feb 23 08:55:46 bionic-test systemd[1]: Starting Network Time Synchronization...
1126Jun 26 11:12:19 lap systemd[1]: Started Network Time Synchronization.1141Feb 23 08:55:46 bionic-test systemd[1]: Started Network Time Synchronization.
1127Jun 26 11:12:19 lap systemd-timesyncd[12379]: Synchronized to time server [2001:67c:1560:8003::c8]:123 (ntp.ubuntu.com).1142Feb 23 08:55:46 bionic-test systemd-timesyncd[3744]: Synchronized to time server 91.189.89.198:123 (ntp.ubuntu.com).
1128</screen>1143</screen>
1129</para>1144</para>
1130<para>1145<para>
1131 The nameserver to fetch time for <application>timedatectl</application> and <application>timesyncd</application> from can be specified in <filename>/etc/systemd/timesyncd.conf</filename> and additional config files can be stored in <filename>/etc/systemd/timesyncd.conf.d/</filename>.1146 The nameserver to fetch time for <application>timedatectl</application> and <application>timesyncd</application> from can be specified in <filename>/etc/systemd/timesyncd.conf</filename> and additional config files can be stored in <filename>/etc/systemd/timesyncd.conf.d/</filename>.
1132 The entries for NTP= and FallbackNTP= are space separated lists.1147 The entries for NTP= and FallbackNTP= are space separated lists.
1148 See <command>man timesyncd.conf</command> for more.
1133</para>1149</para>
1134</sect3>1150</sect3>
11351151
1136</sect2>1152</sect2>
11371153
1138<sect2 id="timeservers" status="review">1154<sect2 id="timeservers" status="review">
1139 <title>Serving NTP</title>1155 <title>Serve the Network Time Protocol</title>
1140 <para>1156 <para>
1141 If on top of synchronizing your system you also want to serve NTP information you need an ntp server. The most classic and supported one is <application>ntpd</application>, but it is also very old so there also are <application>openntpd</application> and <application>chrony</application> as alternatives available in the archive.1157 If in addition to synchronizing your system you also want to serve NTP information you need an NTP server. There are several options with <application>chrony</application>, <application>ntpd</application> and <application>open-ntp</application>.
1158 The recommended solution <application>chrony</application>.
1142 </para>1159 </para>
11431160
1144<sect3 id="ntpd" status="review">1161<sect3 id="chrony" status="review">
1145 <title>ntpd</title>1162 <title>chrony(d)</title>
1146 <para>1163 <para>
1147 The ntp daemon ntpd calculates the drift of your system clock and continuously adjusts it, so there are no large corrections that could1164 The NTP daemon chronyd calculates the drift and offset of your system clock and continuously adjusts it, so there are no large corrections that could
1148 lead to inconsistent logs for instance. The cost is a little processing power and memory, but for a modern server this is negligible.1165 lead to inconsistent logs for instance. The cost is a little processing power and memory, but for a modern server this is usually negligible.
1149 </para>1166 </para>
1150</sect3>1167</sect3>
11511168
1152<sect3 id="ntp-installation" status="review">1169<sect3 id="chrony-installation" status="review">
1153 <title>Installation</title>1170 <title>Installation</title>
1154 <para>1171 <para>
1155 To install ntpd, from a terminal prompt enter:1172 To install chrony, from a terminal prompt enter:
1156 </para>1173 </para>
1157<screen>1174<screen>
1158<command>sudo apt install ntp</command>1175<command>sudo apt install chrony</command>
1159</screen>1176</screen>
1177 <para>
1178 This will provide two binaries:
1179 <itemizedlist>
1180 <listitem>
1181 <para>
1182 chronyd - the actual daemon to sync and serve via the NTP protocol
1183 </para>
1184 </listitem>
1185 <listitem>
1186 <para>
1187 chronyc - command-line interface for chrony daemon
1188 </para>
1189 </listitem>
1190 </itemizedlist>
1191 </para>
1160</sect3>1192</sect3>
11611193
1162<sect3 id="timeservers-conf" status="review">1194<sect3 id="timeservers-conf" status="review">
1163 <title>Configuration</title>1195 <title>Chronyd Configuration</title>
11641196
1165 <para>1197 <para>
1166 Edit <filename>/etc/ntp.conf</filename> to add/remove server lines.1198 Edit <filename>/etc/chrony/chrony.conf</filename> to add/remove server lines.
1167 By default these servers are configured:1199 By default these servers are configured:
1168 </para>1200 </para>
11691201
@@ -1171,21 +1203,21 @@
1171# Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board1203# Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board
1172# on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for1204# on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for
1173# more information.1205# more information.
1174server 0.ubuntu.pool.ntp.org1206pool 0.ubuntu.pool.ntp.org iburst
1175server 1.ubuntu.pool.ntp.org1207pool 1.ubuntu.pool.ntp.org iburst
1176server 2.ubuntu.pool.ntp.org1208pool 2.ubuntu.pool.ntp.org iburst
1177server 3.ubuntu.pool.ntp.org1209pool 3.ubuntu.pool.ntp.org iburst
1178</programlisting>1210</programlisting>
11791211
1180 <para>1212 <para>
1181 After changing the config file you have to reload the1213 See <command>man chrony.conf</command> for more details on the configuration options.
1182 <application>ntpd</application>:1214 After changing the any of the config file you have to reload <application>chrony</application>:
1183 </para>1215 </para>
1184<screen>1216<screen>
1185<command>sudo systemctl reload ntp.service</command>1217<command>sudo systemctl restart chrony.service</command>
1186</screen>1218</screen>
1187<para>1219<para>
1188 Of the pool number 2.ubuntu.pool.ntp.org as well as ntp.ubuntu.com also support ipv6 if needed.1220 Of the pool 2.ubuntu.pool.ntp.org as well as ntp.ubuntu.com also support ipv6 if needed.
1189 If one needs to force ipv6 there also is ipv6.ntp.ubuntu.com which is not configured by default.1221 If one needs to force ipv6 there also is ipv6.ntp.ubuntu.com which is not configured by default.
1190</para>1222</para>
11911223
@@ -1194,26 +1226,79 @@
1194<sect3 id="ntp-status" status="review">1226<sect3 id="ntp-status" status="review">
1195 <title>View status</title>1227 <title>View status</title>
1196 <para>1228 <para>
1197 Use ntpq to see more info: 1229 Use chronyc to see query the status of the chrony daemon.
1230 For example to get an overview of the currently available and selected time sources.
1231 </para>
1232 <para>
1198 </para>1233 </para>
1199<screen>1234<screen>
1200<command># sudo ntpq -p</command>1235<command>chronyc sources</command>
1201<computeroutput> remote refid st t when poll reach delay offset jitter1236<computeroutput>
1237MS Name/IP address Stratum Poll Reach LastRx Last sample
1238===============================================================================
1239^+ gamma.rueckgr.at 2 8 377 135 -1048us[-1048us] +/- 29ms
1240^- 2b.ncomputers.org 2 8 377 204 -1141us[-1124us] +/- 50ms
1241^+ www.kashra.com 2 8 377 139 +3483us[+3483us] +/- 18ms
1242^+ stratum2-4.NTP.TechFak.U> 2 8 377 143 -2090us[-2073us] +/- 19ms
1243^- zepto.mcl.gg 2 7 377 9 -774us[ -774us] +/- 29ms
1244^- mirrorhost.pw 2 7 377 78 -660us[ -660us] +/- 53ms
1245^- atto.mcl.gg 2 7 377 8 -823us[ -823us] +/- 50ms
1246^- static.140.107.46.78.cli> 2 8 377 9 -1503us[-1503us] +/- 45ms
1247^- 4.53.160.75 2 8 377 137 -11ms[ -11ms] +/- 117ms
1248^- 37.44.185.42 3 7 377 10 -3274us[-3274us] +/- 70ms
1249^- bagnikita.com 2 7 377 74 +3131us[+3131us] +/- 71ms
1250^- europa.ellipse.net 2 8 377 204 -790us[ -773us] +/- 97ms
1251^- tethys.hot-chilli.net 2 8 377 141 -797us[ -797us] +/- 59ms
1252^- 66-232-97-8.static.hvvc.> 2 7 377 206 +1669us[+1686us] +/- 133ms
1253^+ 85.199.214.102 1 8 377 205 +175us[ +192us] +/- 12ms
1254^* 46-243-26-34.tangos.nl 1 8 377 141 -123us[ -106us] +/- 10ms
1255^- pugot.canonical.com 2 8 377 21 -95us[ -95us] +/- 57ms
1256^- alphyn.canonical.com 2 6 377 23 -1569us[-1569us] +/- 79ms
1257^- golem.canonical.com 2 7 377 92 -1018us[-1018us] +/- 31ms
1258^- chilipepper.canonical.com 2 8 377 21 -1106us[-1106us] +/- 27ms
1259</computeroutput>
1260<command>chronyc sourcestats</command>
1261<computeroutput>
1262210 Number of sources = 20
1263Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev
1202==============================================================================1264==============================================================================
1203+stratum2-2.NTP. 129.70.130.70 2 u 5 64 377 68.461 -44.274 110.3341265gamma.rueckgr.at 25 15 32m -0.007 0.142 -878us 106us
1204+ntp2.m-online.n 212.18.1.106 2 u 5 64 377 54.629 -27.318 78.88212662b.ncomputers.org 26 16 35m -0.132 0.283 -1169us 256us
1205*145.253.66.170 .DCFa. 1 u 10 64 377 83.607 -30.159 68.3431267www.kashra.com 25 15 32m -0.092 0.259 +3426us 195us
1206+stratum2-3.NTP. 129.70.130.70 2 u 5 64 357 68.795 -68.168 104.6121268stratum2-4.NTP.TechFak.U> 25 14 32m -0.018 0.130 -2056us 96us
1207+europium.canoni 193.79.237.14 2 u 63 64 337 81.534 -67.968 92.792</computeroutput>1269zepto.mcl.gg 13 11 21m +0.148 0.196 -683us 66us
1270mirrorhost.pw 6 5 645 +0.117 0.445 -591us 19us
1271atto.mcl.gg 21 13 25m -0.069 0.199 -904us 103us
1272static.140.107.46.78.cli> 25 18 34m -0.005 0.094 -1526us 78us
12734.53.160.75 25 10 32m +0.412 0.110 -11ms 84us
127437.44.185.42 24 12 30m -0.983 0.173 -3718us 122us
1275bagnikita.com 17 7 31m -0.132 0.217 +3527us 139us
1276europa.ellipse.net 26 15 35m +0.038 0.553 -473us 424us
1277tethys.hot-chilli.net 25 11 32m -0.094 0.110 -864us 88us
127866-232-97-8.static.hvvc.> 20 11 35m -0.116 0.165 +1561us 109us
127985.199.214.102 26 11 35m -0.054 0.390 +129us 343us
128046-243-26-34.tangos.nl 25 16 32m +0.129 0.297 -307us 198us
1281pugot.canonical.com 25 14 34m -0.271 0.176 -143us 135us
1282alphyn.canonical.com 17 11 1100 -0.087 0.360 -1749us 114us
1283golem.canonical.com 23 12 30m +0.057 0.370 -988us 229us
1284chilipepper.canonical.com 25 18 34m -0.084 0.224 -1116us 169us
1285</computeroutput>
1208</screen>1286</screen>
12091287 <para>
1288 Certain chronyc commands are privileged and can not be run via the network without explicitly allowing them.
1289 See section <emphasis>Command and monitoring access</emphasis> in <command>man chrony.conf</command> for more details.
1290 A local admin can use <application>sudo</application> as usually as this will grant him access to the local admin socket <filename>/var/run/chrony/chronyd.sock</filename>.
1291 </para>
1210</sect3>1292</sect3>
12111293
1212<sect3 id="ntp-pps" status="review">1294<sect3 id="ntp-pps" status="review">
1213 <title>PPS Support</title>1295 <title>PPS Support</title>
1214 <para>1296 <para>
1215Since 16.04 ntp supports PPS discipline which can be used to augment ntp with local timesources for better accuracy.1297 Chrony supports various PPS types natively. It can use kernel PPS API as well as PTP hardware clock.
1216For more details on configuration see the external pps ressource listed below.1298 Most general GPS receivers can be leveraged via <application>GPSD</application>.
1299 The latter (and potentially more) can be accessed via <emphasis>SHM</emphasis> or via a <emphasis>socket</emphasis> (recommended).
1300 All of the above can be used to augment chrony with additional high quality time sources for better accuracy, jitter, drift, longer-or-short term accuracy (Usually each kind of clock type is good at one of those, but non-perfect at the others).
1301 For more details on configuration see some of the external PPS/GPSD resource listed below.
1217 </para>1302 </para>
1218</sect3>1303</sect3>
1219</sect2>1304</sect2>
@@ -1225,7 +1310,7 @@
1225 <itemizedlist>1310 <itemizedlist>
1226 <listitem>1311 <listitem>
1227 <para>1312 <para>
1228 See the <ulink url="https://help.ubuntu.com/community/UbuntuTime">Ubuntu Time</ulink> wiki page for more information.1313 <ulink url="https://chrony.tuxfamily.org/faq.html">Chrony FAQ</ulink>
1229 </para>1314 </para>
1230 </listitem>1315 </listitem>
1231 <listitem>1316 <listitem>
@@ -1235,6 +1320,11 @@
1235 </listitem>1320 </listitem>
1236 <listitem>1321 <listitem>
1237 <para>1322 <para>
1323 <ulink url="http://www.pool.ntp.org/">The pool.ntp.org projecti, being a big virtual cluster of timeservers.</ulink>
1324 </para>
1325 </listitem>
1326 <listitem>
1327 <para>
1238 <ulink url="https://www.freedesktop.org/software/systemd/man/timedatectl.html">Freedesktop.org info on timedatectl</ulink>1328 <ulink url="https://www.freedesktop.org/software/systemd/man/timedatectl.html">Freedesktop.org info on timedatectl</ulink>
1239 </para>1329 </para>
1240 </listitem>1330 </listitem>
@@ -1245,7 +1335,12 @@
1245 </listitem>1335 </listitem>
1246 <listitem>1336 <listitem>
1247 <para>1337 <para>
1248 <ulink url="http://www.ntp.org/ntpfaq/NTP-s-config-adv.htm#S-CONFIG-ADV-PPS">ntp.org faq on configuring PPS</ulink>1338 <ulink url="http://www.catb.org/gpsd/gpsd-time-service-howto.html#_feeding_chrony_from_gpsd">Feeding chrony from GPSD</ulink>
1339 </para>
1340 </listitem>
1341 <listitem>
1342 <para>
1343 See the <ulink url="https://help.ubuntu.com/community/UbuntuTime">Ubuntu Time</ulink> wiki page for more information.
1249 </para>1344 </para>
1250 </listitem>1345 </listitem>
1251 </itemizedlist>1346 </itemizedlist>

Subscribers

People subscribed via source and target branches