Wandering Thoughts archives

I've switched from ntpd to chrony as my NTP daemon

I've been running some version of NTP(D) on my machines for a very long time now. In the early 1990s the University of Toronto was lucky enough to have Dennis Fergusson, who was very interested in time keeping and wrote a version of ntpd; I caught my interest in NTP from the general UofT Unix sysadmin environment at the time and kept it ever since.

When I first vaguely noticed chrony, it was on my Fedora laptop; way back in Fedora 11, Fedora switched to chrony by default. The release notes at the time made it sound like chrony was just a client and was focused on laptops and other frequently disconnected machines, so I didn't pay much attention to it. I let a Fedora upgrade switch my laptop over, because why not, but otherwise I kept on running ntpd without thinking twice. Over time this got a little bit more annoying on my desktop machines, because Fedora kept trying to switch over and I'd keep having to reverse that and block chrony every few Fedora version upgrades so that I'd keep running my old faithful setup.

I'm not sure what caused me to take an actual look at chrony, but in late September I did just that. This time around I read the chrony web pages and thus discovered that chrony is a full featured NTP daemon, just like ntpd. That definitely made me look at chrony in a new light, as did chrony's comparison page. I'm occasionally given to sudden impulses, so I decided to switch over more or less on the spot; my logs say that I shut down ntpd and started chrony on my office workstation shortly before noon on September 25th (and then on my home machine the next morning). This turned out to be interesting timing, as shortly afterward the Core Infrastructure Initiative released Securing Network Time, where chrony came out by far the best of the three NTP implementations that were evaluated.

The CII article indirectly explains why I was willing to consider switching. There's a quiet schism going on in the NTP world, with a group of people forking the main NTP code to develop 'NTPSec'; infosec people whose views I respect are quite down on the result, and I haven't been terribly impressed by what I've read about the project. At the same time, the NTP code itself is acknowledged to be old and crusty, which is not a great thing for either security or its long term future. Once I found out that chrony was a full featured NTP daemon written from scratch, with modern code and active maintenance, switching seemed like not a bad idea.

(I'd previously checked out Poul-Henning Kamp's quite interesting Ntimed as another potential ntpd replacement, but sadly it went dormant.)

I'm broadly pleased with the result of switching. Chrony has been easier to configure and the result mostly works the way I want. The daemon seems to work just as well as ntpd and my time stays synchronized, just as before. There are some things from ntpq that I miss, especially the ability to easily see what my time sources are themselves synchronized to, but I'll survive. On the positive side, chrony has some useful additional features for my home machine, such as the explicit ability to tell the daemon that we're about to go offline.

We don't have many machines that run full time NTP daemons, but in the future I'm going to propose setting up such machines with chrony instead of ntpd if chrony is packaged for their OS. At this point, sadly I have a lot more trust in ongoing maintenance and support for chrony than I do for NTP.

There's a part of me that's a little bit sad about this because, as mentioned, I have been running ntpd for a very long time. Even though I'm still keeping up with time keeping, switching to something else feels like the end of an era. It's one more link to history quietly slipping away.