时间同步服务 chromy
1. chrony 服务器端配置
假设chrony服务器端192.168.1.1
$ cat /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
server ntp1.aliyun.com iburst
server ntp2.aliyun.com iburst
pool pool.ntp.org iburst
# Ignor source level
stratumweight 0
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Allow the system clock to be stepped in the first five updates
# if its offset is larger than 1 second.
makestep 1 5
# Enable kernel synchronization of the real-time clock (RTC).
rtcsync
# Allow NTP client access from local network.
allow 0.0.0.0/0
# Serve time even if not synchronized to a time source.
local stratum 10
# Select which information is logged.
#log measurements statistics tracking
#
noclientlog
2. chrony 客户端配置
$ cat /etc/chrony.conf
# Use local chrony server.
server 192.168.1.1 iburst
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Allow the system clock to be stepped in the first five updates
# if its offset is larger than 1 second.
makestep 1 5
# Enable kernel synchronization of the real-time clock (RTC).
rtcsync
# Select which information is logged.
#log measurements statistics tracking
3. systemd 服务文件
/etc/systemd/system/chrony.service
[Unit]
Description=chrony
Documentation=https://github.com/kubeasz/dockerfiles/chrony
After=docker.service
Requires=docker.service
[Service]
User=root
ExecStart=/opt/kube/bin/docker run \
--cap-add SYS_TIME \
--name chrony \
--network host \
--volume /etc/chrony.conf:/etc/chrony/chrony.conf \
--volume /var/lib/chrony:/var/lib/chrony \
easzlab/chrony:0.1.0
ExecStartPost=/sbin/iptables -t raw -A PREROUTING -p udp -m udp --dport 123 -j NOTRACK
ExecStartPost=/sbin/iptables -t raw -A OUTPUT -p udp -m udp --sport 123 -j NOTRACK
ExecStop=/opt/kube/bin/docker rm -f chrony
Restart=always
RestartSec=10
Delegate=yes
[Install]
WantedBy=multi-user.target
4. /etc/chrony.conf 释义
# 同步使用的端口
acquisitionport 1123
# 存储Server时间的本地目录
dumpdir /var/run/chrony
# Ignore stratum in source selection.
stratumweight 0.01
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# 闰秒配置,17h34m消化1s
leapsecmode slew
maxslewrate 1000
smoothtime 400 0.001 leaponly
# In first three updates step the system clock instead of slew
# if the adjustment is larger than 10 seconds.
# makestep 0.1 3
## Server config
# Allow NTP client access from local network.
allow 0.0.0.0/0
# Listen for commands only on localhost.
bindaddress 0.0.0.0
port 123
clientloglimit 1073741824
#ratelimit interval 1
#ratelimit burst 16
# Serve time even if not synchronized to any NTP server.
local stratum 5 distance 20
maxdistance 20
## Command config
bindcmdaddress 127.0.0.1
bindcmdaddress /var/run/chrony/chronyd.sock
cmdallow all
## Real Time clock(RTC)
hwclockfile /etc/adjtime
rtcautotrim 10
rtcsync
keyfile /etc/chrony.keys
# Specify the key used as password for chronyc.
commandkey 1
# Generate command key if missing.
generatecommandkey
## Log
# Send a message to syslog if a clock adjustment is larger than 0.5 seconds.
logchange 0.1
log measurements statistics tracking
logdir /var/log/chrony
# Server配置
#ip address is the stable clock source which customer provided
bindacqaddress 172.16.79.6
server ntp.aliyun.com iburst minpoll 4 maxpoll 6 prefer
server cn.ntp.org.cn iburst minpoll 4 maxpoll 6
5. 其他
chronyc sources -v # 查看时间同步情况
chronyc -n tracking -v # 查看偏移时间
ntpd -q