| RE: [chrony-users] Configuring chronyd w/o real time source |
[ Thread Index |
Date Index
| More chrony.tuxfamily.org/chrony-users Archives
]
- To: "chrony-users@xxxxxxxxxxxxxxxxxxxx" <chrony-users@xxxxxxxxxxxxxxxxxxxx>
- Subject: RE: [chrony-users] Configuring chronyd w/o real time source
- From: "Kohr, Alexander" <Alexander.Kohr@xxxxxxxxxxxxxxx>
- Date: Mon, 16 Mar 2020 12:03:09 +0000
- Accept-language: en-US
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 155.247.195.54) smtp.rcpttodomain=chrony.tuxfamily.org smtp.mailfrom=tuhs.temple.edu; dmarc=bestguesspass action=none header.from=tuhs.temple.edu; dkim=none (message not signed); arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FqLzExTN9herIDlLFgq1b/4RM9M07IpVfC0rwwnRR+0=; b=k1Vq9wwDbe/+yz/UNzH67Cpi3S6E9vx8JCfljenESE8z3bQAX0MYQInaKxOQjj0tDn8B4B0OnCnM9t4ZeDXYcM7vYTBi8h0JlThjIwwsMbR0At1aor1BskB4OMcZxhWJPpPHMxbAEINbm7ARJfWXM/WCwmPuVDyZkIE8UKQc8KC6KEPRVNxqEYGT4X0BTHeDR3gF1Av/9ihmV/uOffDhpfdt9NGz6OGNLX/jgIEDWSm7kyjD5/s13n3V5qMZ46WgcPyV0GQx/ZYMJJL5l3M3S5tSpmZS7aVvDSHrJ/Xw3Ie2cLWxCmf6F3t0VOUvJJIaUPJhjeU7qRrPVAqqym4k0A==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=E81aMpgV60mfnz/9r4qN7Hbo8cwI56b8tjRsHJDmBp42KTFNxDxqgCjtCINp1H2oMaAlmFprTr/YTGCss6CDBfQ1nnjl+8q5PdPUEiU2JDoakZhcUuoLEinWnFXwu2lc0p0ypo3HJNSOKWUJm6fG9UWPOhmXw3f+0Rg2PpxzU4jrRCfGsPrQQCqJcz8oDz4BRxFOgGyndbW9UaQgwnE09uTiovsJTRQzf+XvL8wKmzDxjth+P4wfy1Po2uCHlmX/N1sJgKkkO+B800qhMqGMe16ySFLznZclVjxnjVFe0onxSHhZtv+//9xQNGt6IizivqKx+fkuvEg3RW8LZsAwEA==
- Authentication-results: spf=pass (sender IP is 155.247.195.54) smtp.mailfrom=tuhs.temple.edu; chrony.tuxfamily.org; dkim=none (message not signed) header.d=none;chrony.tuxfamily.org; dmarc=bestguesspass action=none header.from=tuhs.temple.edu;
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tuhs.onmicrosoft.com; s=selector2-tuhs-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FqLzExTN9herIDlLFgq1b/4RM9M07IpVfC0rwwnRR+0=; b=BWgAntIfGXgbcuZhtqZqCHz+OkSnDWI+h3EBJErRetOqSHv8Svq953Sd3jKcWXM4AkNPBygDTypOxj9/mh+I00fybfBiwjwTyk42715HS+fb4bKg0VVx0LYYIMmGRA512BjUQBDcUKEdS3P+4xda2uO5IRFjjiURpVYUEe39xwY=
- Thread-index: AQHV+Lw3XSLQJMLTo0eGldpeIXf1kahF2ewAgAVEnIA=
- Thread-topic: [chrony-users] Configuring chronyd w/o real time source
I am not recommending any particular card, but if you need to know your drift and don't mind spending a little money to keep your time sever close to real time, and this doesn't violate the security of your air gapping; there are manufactures of PCI cards, or standalone devices that have antenna's that can take you position and time from either the GPS systems and/or if you are in north America from the United States National Institute of Standards and Technology, Atomic Clock Radio Broadcasts stations. These can vary greatly in cost depending on what crystal you buy them with. (Also note while an appliance may physically last for almost ever, you may be better off buying a cheaper standalone device or card than, paying thousands for a more expensive standalone devices as recently older time appliances by at least one manufacturer turned to junk due to the nature of how they work and being way too old, for the company to issue a firmware update to support the rollover of the time clocks.)
-Alexander Kohr.
-----Original Message-----
From: Bill Unruh <unruh@xxxxxxxxxxxxxx>
Sent: Thursday, March 12, 2020 7:16 PM
To: chrony-users@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [chrony-users] Configuring chronyd w/o real time source
EXTERNAL MESSAGE. DO NOT open attachments or click links from unknown senders or unknown emails.
________________________________
Read the manual
you set up chronyd on your "server". You can set the time by wristwatch if need be.
chronyc
type help to see a list of the commands and concentrate on the ones under Manual time input, especially settime settime Sep 25, 2015 16:30:05 (or whatever time you want to set it to). It will then "freewheel" and will reports its best guess of the current time to anyone that asks.
Note that since it has no idea what the real time is, it will not be able to correct for clock drift (eg if it is running 1% faster than real time, it will not know) except if you put in a number of settime commands (eg once a day) from a clock that you know to be right, it will try to use those to estimate and correct ay speed differences from that right time.
That is it.
Your /etc/chrony.conf will be minimal since you have no time servers that you can access, except your wristwatch when you run settime About all you need is dumponexit
rtconutc (if your rtc clock is set to UTC and not local time),
allow 192.168.0.0/16 (assuming tha the other computers who will be
getting time from your machine are on that network And that is about it.
So, it will all depend on how accurately you can enter the time When you hit return on the settime command, the computer will assume that that time is exact at that instant.
William G. Unruh __| Canadian Institute for|____ Tel: +1(604)822-3273 Physics&Astronomy _|___ Advanced Research _|____ Fax: +1(604)822-5324 UBC, Vancouver,BC _|_ Program in Cosmology |____ unruh@xxxxxxxxxxxxxx Canada V6T 1Z1 ____|____ and Gravity ______|_ https://nam01.safelinks.protection.outlook.com/?url=www.theory.physics.ubc.ca%2F&data=02%7C01%7Calexander.kohr%40tuhs.temple.edu%7C89c8825275694287dbb808d7c6db567f%7C6c85bf6157fb436280e22cd2d7bef6a0%7C0%7C0%7C637196517670599741&sdata=Fj4dSh8GkOWk7K8fmj1WwktRrURDOxMqyiFfz7lr3%2Bw%3D&reserved=0
On Thu, 12 Mar 2020, Dominik Vogt wrote:
> Hi folks,
>
> for a test setup I need to configure chronyd to run in an isolated
> network without internet access and without any real time source other
> than the system clock. The only requirement is that the server
> replies to any client request with the system time and claims that its
> absolutely precise.
>
> Using the system clock is fine, or /dev/rtc or any other source that
> is usually present on a vanilla Linux system.
>
> (Unfortunately my knowledge of ntp in general and chrony specifically
> is close to zero, so I really need some hint on
> this.)
>
> Ciao
>
> Dominik ^_^ ^_^
>
> --
>
> Dominik Vogt
>
> --
> To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
> with "unsubscribe" in the subject.
> For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
> with "help" in the subject.
> Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.
>
--
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.
________________________________
This electronic message is intended to be for the use of the named recipient, and may contain information that is confidential or privileged. This communication may contain protected health information (PHI) that is legally protected from inappropriate disclosure by the Privacy Standards of the Health Insurance Portability and Accountability Act (HIPAA) and relevant Pennsylvania Laws. You can direct questions concerning PHI or HIPAA to the Corporate Compliance and Privacy Officer at (215) 707-5605. If you are not the intended recipient, please note that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this message in error, you should notify the sender immediately by telephone or by return e-mail and delete and destroy all copies of this message.
--
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.