chrony: hosting time with RTC as authoritative clock on an air-gapped (isolated) system

davidA

6/9/23, 12:03 AM

I have an isolated and air-gapped LAN that I want to synchronise. I have one host that will be the authoritative time server for all clients on the LAN. It's not important that the LAN time reflects real time, but it is important that all the clients agree on the time. All hosts are running Linux.

I had hoped to configure chronyd such that it would use the RTC on the nominated host as the authoritative time source, and provide an NTP service to clients so that they can synchronise with it. Therefore if the administrator needs to change the time on the LAN, they can update the RTC on the time server and everything should fall into sync given enough time.

Unfortunately I am not having much luck configuring chronyd in this way. If I don't specify any time servers ("server ..." in /etc/chrony/chrony.conf) then chronyd seems to operate with no sources, rather than using the local RTC as a source.

The refclock config parameter can be used to select an external time source such as GPS or PPS, but none of the drivers seem appropriate for reading the RTC.

One idea I had is to write a small application to read the RTC and provide it as PPS data over the SOCK driver, but further reading showed that this requires an NTP source as well since it's a sub-second measurement and not the absolute time.

Is it possible to use chronyd in this way?

0 + 0

time

time-synchronization

isolated-network

chrony

Score:1

Server

John Mahowald

6/9/23, 4:59 AM

local

by itself in chrony.conf is sufficient to enable local system as reference.

RTCs are not perfect, they drift a lot. If you only need precision not accuracy, this may be acceptable.

Other directives are also useful.

# Local self reference
local

# Allow chronyc settime where a person can type the time
# Drift is estimated from these inputs
# Useful in environments without other reference clocks
manual    

# Recording drift is especially important
# when timestamps are few and far between
driftfile /var/lib/chrony/drift

# Get TAI-UTC offset and leap seconds from the system tz database.
leapsectz right/UTC

0 + 0

davidA

6/9/23, 9:48 PM

Thank you for the clarification. Yes, in this case precision is needed - the hosts on the network must all agree on the current time (to within some tolerance), but if that's not actually real time then that's acceptable as long as it's roughly correct (within minutes over months) and can be manually corrected from time to time.

Score:0

Server

davidA

6/9/23, 2:15 AM

To answer my own question, I found the Isolate-networks documentation to be partially relevant, in particular setting chrony.conf to include:

local stratum 8
manual

This seems to pick up the time from RTC initially, so perhaps the use of settime is not needed? I'm not sure if manual is necessary.

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: chrony: hosting time with RTC as authoritative clock on an air-gapped (isolated) system

TH: chrony: เวลาโฮสต์กับ RTC เป็นนาฬิกาที่เชื่อถือได้บนระบบ air-gapped (แยก)

RO: cronică: timpul de găzduire cu RTC ca ceas autoritar pe un sistem izolat (izolat).

RU: chrony: время хостинга с RTC в качестве авторитетных часов в системе с воздушным зазором (изолированной)

VI: chrony: thời gian lưu trữ với RTC là đồng hồ có thẩm quyền trên hệ thống không khí (bị cô lập)

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.