centos chrony 时间同步

centos chrony 时间同步

centos 时间同步,之前使用ntpdate,现在可以使用chrony从远程NTP服务器中获取正确的时间。

安装chrony

1
yum install chrony

chrony 安装完成之后,会有两个可执行程序:
chronyc:chrony命令行工具
chronyd:chrony的守护进程

chron配置文件

chrony的配置文件是/etc/chrony.conf,默认日志配置文件如下所示:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst

# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift

# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3

# Enable kernel synchronization of the real-time clock (RTC).
rtcsync

# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *

# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2

# Allow NTP client access from local network.
#allow 192.168.0.0/16

# Serve time even if not synchronized to a time source.
#local stratum 10

# Specify file containing keys for NTP authentication.
#keyfile /etc/chrony.keys

# Specify directory for log files.
logdir /var/log/chrony

# Select which information is logged.
#log measurements statistics tracking

server 开头的配置项为远程NTP服务器,chrony将从中获取时间的远程NTP服务器列表。

driftfile /var/lib/chrony/drift 存储校时误差,重启后,之前的计算结果也不会丢失。

keyfile /etc/chrony.keys 该文件包含用于NTP身份验证的密角。

logdir /var/log/chrony chrony日志文件。

测试chrony

chronyd手动同步:

语法:

1
chronyd -q 'server {ntp_server_name} iburst'
1
2
3
4
5
6
7
8
9
10
11
12
13
[root@localhost ~]# chronyd -q 
2022-04-30T03:06:47Z chronyd version 3.4 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +SECHASH +IPV6 +DEBUG)
2022-04-30T03:06:47Z Frequency 59.505 +/- 0.065 ppm read from /var/lib/chrony/drift
2022-04-30T03:06:53Z System clock wrong by -0.006353 seconds (step)
2022-04-30T03:06:53Z chronyd exiting

# 指定NTP服务器

[root@localhost ~]# chronyd -q 'server cn.pool.ntp.org iburst'
2022-04-30T03:09:54Z chronyd version 3.4 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +SECHASH +IPV6 +DEBUG)
2022-04-30T03:09:54Z Initial frequency 59.505 ppm
2022-04-30T03:09:59Z System clock wrong by -0.008810 seconds (step)
2022-04-30T03:09:59Z chronyd exiting

启动chronyd服务

使用systemctl管理chronyd服务:

1
2
3
4
systemctl start chronyd
systemctl stop chronyd
systemctl restart chronyd
systemctn enable chronyd # 开机加载服务

查看chronyd运行状态:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
systemctl status chronyd
● chronyd.service - NTP client/server
   Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
   Active: active (running) since 六 2022-04-30 11:12:34 CST; 1min 53s ago
     Docs: man:chronyd(8)
           man:chrony.conf(5)
  Process: 31623 ExecStartPost=/usr/libexec/chrony-helper update-daemon (code=exited, status=0/SUCCESS)
  Process: 31619 ExecStart=/usr/sbin/chronyd $OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 31621 (chronyd)
   CGroup: /system.slice/chronyd.service
           └─31621 /usr/sbin/chronyd

4月 30 11:12:34 localhost systemd[1]: Starting NTP client/server...
4月 30 11:12:34 localhost chronyd[31621]: chronyd version 3.4 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +SECHASH +IPV6 +DEBUG)
4月 30 11:12:34 localhost chronyd[31621]: Frequency 59.505 +/- 0.065 ppm read from /var/lib/chrony/drift
4月 30 11:12:34 localhost systemd[1]: Started NTP client/server.
4月 30 11:12:40 localhost chronyd[31621]: Selected source 162.159.200.123
4月 30 11:12:42 localhost chronyd[31621]: Selected source 139.199.215.251
4月 30 11:12:43 localhost chronyd[31621]: Source 162.159.200.1 replaced with 219.216.128.25

##验证时间同步

要验证系统时间是否已经使用chrony同步,可以使用下面命令查看:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
[root@localhost ~]# chronyc tracking
Reference ID    : 8BC7D7FB (139.199.215.251)
Stratum         : 3
Ref time (UTC)  : Sat Apr 30 03:26:44 2022
System time     : 0.000547036 seconds fast of NTP time
Last offset     : +0.000449545 seconds
RMS offset      : 0.018766215 seconds
Frequency       : 59.520 ppm fast
Residual freq   : +0.633 ppm
Skew            : 0.836 ppm
Root delay      : 0.035655029 seconds
Root dispersion : 0.012061744 seconds
Update interval : 64.6 seconds
Leap status     : Normal

##检查chrony源

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
[root@localhost ~]# chronyc sources
210 Number of sources = 4
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^- a.chl.la                      2   6   375   102  -3941us[-3490us] +/-  121ms
^- 219.216.128.25                2   6   377    41   +185us[ +185us] +/-   33ms
^* 139.199.215.251               2   6   363    41   +587us[+1038us] +/-   36ms
^- time.cloudflare.com           3   6   377    42    +20ms[  +21ms] +/-  139ms
````
列出有关chronyd使用的每个源的漂移速度和偏移会计信息,使用以下命令:
```bash
[root@localhost ~]# chronyc sourcestats -v
210 Number of sources = 4
                             .- Number of sample points in measurement set.
                            /    .- Number of residual runs with same sign.
                           |    /    .- Length of measurement set (time).
                           |   |    /      .- Est. clock freq error (ppm).
                           |   |   |      /           .- Est. error in freq.
                           |   |   |     |           /         .- Est. offset.
                           |   |   |     |          |          |   On the -.
                           |   |   |     |          |          |   samples. \
                           |   |   |     |          |          |             |
Name/IP Address            NP  NR  Span  Frequency  Freq Skew  Offset  Std Dev
==============================================================================
a.chl.la                   16   8  1050     -5.377     28.428    -19ms  8400us
219.216.128.25             18   8  1103     +0.066      3.771  +1629us  1220us
139.199.215.251            19  12  1175     +0.159      3.621  +1261ns  1523us
time.cloudflare.com        17   9  1109     +1.413      4.761  +3001us  1534us

配置chrony NTP服务

如果要将linux服务器配置为所有内部系统的Chronyc NTP服务器,需要修改配置文件:

1
2
sed -i "s/#local stratum 10/local stratum 10/g" /etc/chrony.conf
sed -i "s/#allow 192.168.0.0/16/allow 192.168.0.0/16/g" /etc/chrony.conf

取消local stratum 10行注释时,使用linux服务器成为实时NTP服务器,无外部连网也可以继续工作。
取消allow 192.168.0.0/16表示允许该网段的设备连接到chrony ntp 服务器进行时间同步。

防火墙允许NTP服务:

1
2
firewall-cmd --permanent --add-service=ntp
firewall-cmd --complete-reload

chronyc 交互式命令

命令行:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
[root@localhost ~]# chronyc
chrony version 3.4
Copyright (C) 1997-2003, 2007, 2009-2018 Richard P. Curnow and others
chrony comes with ABSOLUTELY NO WARRANTY.  This is free software, and
you are welcome to redistribute it under certain conditions.  See the
GNU General Public License version 2 for details.

chronyc> help
System clock:               
tracking                    Display system time information
makestep                    Correct clock by stepping immediately
makestep <threshold> <updates>
                            Configure automatic clock stepping
maxupdateskew <skew>        Modify maximum valid skew to update frequency
waitsync [<max-tries> [<max-correction> [<max-skew> [<interval>]]]]
                            Wait until synchronised in specified limits
                            
Time sources:               
sources [-v]                Display information about current sources
sourcestats [-v]            Display statistics about collected measurements
reselect                    Force reselecting synchronisation source
reselectdist <dist>         Modify reselection distance
                            
NTP sources:                
activity                    Check how many NTP sources are online/offline
ntpdata [<address>]         Display information about last valid measurement
add server <address> [options]
                            Add new NTP server
add peer <address> [options]
                            Add new NTP peer
delete <address>            Remove server or peer
burst <n-good>/<n-max> [<mask>/<address>]
                            Start rapid set of measurements
maxdelay <address> <delay>  Modify maximum valid sample delay
maxdelayratio <address> <ratio>
                            Modify maximum valid delay/minimum ratio
maxdelaydevratio <address> <ratio>
                            Modify maximum valid delay/deviation ratio
minpoll <address> <poll>    Modify minimum polling interval
maxpoll <address> <poll>    Modify maximum polling interval
minstratum <address> <stratum>
                            Modify minimum stratum

offline [<mask>/<address>]  Set sources in subnet to offline status
online [<mask>/<address>]   Set sources in subnet to online status
onoffline                   Set all sources to online or offline status
                            according to network configuration
polltarget <address> <target>
                            Modify poll target
refresh                     Refresh IP addresses
                            
Manual time input:          
manual off|on|reset         Disable/enable/reset settime command
manual list                 Show previous settime entries
manual delete <index>       Delete previous settime entry
settime <time>              Set daemon time
                            (e.g. Sep 25, 2015 16:30:05 or 16:30:05)
                            
NTP access:                 
accheck <address>           Check whether address is allowed
clients                     Report on clients that have accessed the server
serverstats                 Display statistics of the server
allow [<subnet>]            Allow access to subnet as a default
allow all [<subnet>]        Allow access to subnet and all children
deny [<subnet>]             Deny access to subnet as a default
deny all [<subnet>]         Deny access to subnet and all children
local [options]             Serve time even when not synchronised
local off                   Don't serve time when not synchronised
smoothtime reset|activate   Reset/activate time smoothing
smoothing                   Display current time smoothing state
                            
Monitoring access:          
cmdaccheck <address>        Check whether address is allowed
cmdallow [<subnet>]         Allow access to subnet as a default
cmdallow all [<subnet>]     Allow access to subnet and all children
cmddeny [<subnet>]          Deny access to subnet as a default
cmddeny all [<subnet>]      Deny access to subnet and all children
                            
Real-time clock:            
rtcdata                     Print current RTC performance parameters
trimrtc                     Correct RTC relative to system clock
writertc                    Save RTC performance parameters to file
                            
Other daemon commands:      
cyclelogs                   Close and re-open log files
dump                        Dump all measurements to save files
rekey                       Re-read keys from key file
shutdown                    Stop daemon
                            
Client commands:            
dns -n|+n                   Disable/enable resolving IP addresses to hostnames
dns -4|-6|-46               Resolve hostnames only to IPv4/IPv6/both addresses
timeout <milliseconds>      Set initial response timeout
retries <retries>           Set maximum number of retries
keygen [<id> [<type> [<bits>]]]
                            Generate key for key file
exit|quit                   Leave the program
help                        Generate this help
linux
#centos #ntp #chrony
centos chrony 时间同步
https://ywmy.xyz/2022/04/30/centos-chrony-时间同步/
作者
ian
发布于
2022年4月30日
许可协议