chrony服务部署配置
chrony的服务,在centos上是chronyd,在ubuntu上是chrony
环境信息
| 操作系统系统 | Server | Client | 外网NTP服务器 |
|---|---|---|---|
| ubuntu20 | 192.168.100.21 | 192.168.100.22 | ntp.aliyun.com |
安装
sudo apt install chrony
关闭systemd-timesyncd服务
sudo systemctl stop systemd-timesyncd
sudo systemctl disable systemd-timesyncd
sudo systemctl mask systemd-timesyncd
ntp服务互相冲突
启动服务
sudo systemctl enable chrony
sudo systemctl start chrony
配置服务端
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#pool 2.centos.pool.ntp.org iburst
# ntp server
server ntp.aliyun.com iburst
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
# offset13
makestep 1.0 3
# Enable kernel synchronization of the real-time clock (RTC).
# RTC
rtcsync
# Enable hardware timestamping on all interfaces that support it.
# hwtimestamp
#hwtimestamp *
# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2
# Allow NTP client access from local network.
#allow 192.168.0.0/16 允许所有客户端同步当前服务端
allow all
# Serve time even if not synchronized to a time source.
local stratum 10
# Specify file containing keys for NTP authentication.
keyfile /etc/chrony.keys
# Get TAI-UTC offset and leap seconds from the system tz database.
leapsectz right/UTC
logdir /var/log/chrony
bindcmdaddress 0.0.0.0
配置客户端
只需要写一行server 192.168.100.21 iburst
重启chrony服务
防火墙服务放开
firewall-cmd --add-service=ntp --permanent
firewall-cmd --reload
设置时区
确认当前时区
#timedatectl show
Timezone=Asia/Shanghai
LocalRTC=no
CanNTP=yes
NTP=yes
NTPSynchronized=yes
TimeUSec=Wed 2020-07-15 17:06:51 CST
RTCTimeUSec=Wed 2020-07-15 17:06:51 CST
如果时区不对,则需将时区修改为东八区 Asia/Shanghai
timedatectl set-timezone Asia/Shanghai
配置UTC硬件时间
# timedatectl status
Local time: Wed 2020-07-15 17:07:58 CST
Universal time: Wed 2020-07-15 09:07:58 UTC
RTC time: Wed 2020-07-15 09:07:58
Time zone: Asia/Shanghai (CST, +0800)
System clock synchronized: yes
NTP service: active
RTC in local TZ: yes
Warning: The system is configured to read the RTC time in the local time zone.
This mode cannot be fully supported. It will create various problems
with time zone changes and daylight saving time adjustments. The RTC
time is never updated, it relies on external facilities to maintain it.
If at all possible, use RTC in UTC by calling
'timedatectl set-local-rtc 0'.
timedatectl set-local-rtc 0
服务检测命令
chronyc sources -v
chronyc sourcestats -v
chronyc -a makestep
chronyc tracking
chronyc activity
chronyc [-n] clients # -n IP
chronyc accheck $hostname
注: chronyc sources是列不出来server的话,可能是没配置dns解析(/etc/resolve.conf),或者/etc/hosts没有解析ntp服务器的域名; 如果server是ip地址 还是列不出来,那就是resolve里的nameserver连不上, 即不能连接外网,此时需注释掉nameserver
