【就业班作业】【第十二周】1、配置chrony服务，实现服务器时间自动同步

1、概述

• chrony 包含两个程序：chronyd和chronyc
• chronyd：后台运行的守护进程，用于调整内核中运行的系统时钟和时钟服务器同步。它确定计算机增减时间的比率，并对此进行补偿；
• chronyc：命令行用户工具，用于监控性能并进行多样化的配置。它可以在chronyd实例控制的计算机上工作，也可在一台不同的远程计算机上工作服务unit 文件： /usr/lib/systemd/system/chronyd.service
• 监听端口： 323/udp，123/udp
• 配置文件： /etc/chrony.conf
• chrony、ntp和openntpd的比较：https://chrony.tuxfamily.org/comparison.html

2、安装服务

[root@localhost ~]# yum install -y chrony
[root@localhost ~]# rpm -ql chrony
/etc/NetworkManager/dispatcher.d/20-chrony
/etc/chrony.conf
/etc/chrony.keys
/etc/dhcp/dhclient.d/chrony.sh
/etc/logrotate.d/chrony
/etc/sysconfig/chronyd
/usr/bin/chronyc
/usr/lib/systemd/ntp-units.d/50-chronyd.list
/usr/lib/systemd/system/chrony-dnssrv@.service
/usr/lib/systemd/system/chrony-dnssrv@.timer
/usr/lib/systemd/system/chrony-wait.service
/usr/lib/systemd/system/chronyd.service
/usr/libexec/chrony-helper
/usr/sbin/chronyd
/usr/share/doc/chrony-3.4
/usr/share/doc/chrony-3.4/COPYING
/usr/share/doc/chrony-3.4/FAQ
/usr/share/doc/chrony-3.4/NEWS
/usr/share/doc/chrony-3.4/README
/usr/share/man/man1/chronyc.1.gz
/usr/share/man/man5/chrony.conf.5.gz
/usr/share/man/man8/chronyd.8.gz
/var/lib/chrony
/var/lib/chrony/drift
/var/lib/chrony/rtc
/var/log/chrony
[root@localhost ~]#

3、配置文件，主要指定远端时间服务器和指定允许的客户端网段

[root@localhost ~]# vi /etc/chrony.conf

# Use public servers from the pool.ntp.org project.  //定义将与本地同步的远程目标公共服务端
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server ntp.aliyun.com iburst
server cn.pool.ntp.org iburst

# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift

# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3

# Enable kernel synchronization of the real-time clock (RTC).
rtcsync

# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *

# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2

# Allow NTP client access from local network.//定义允许或拒绝指定客户端；默认拒绝所有
allow 192.168.0.0/16

# Serve time even if not synchronized to a time source.
#local stratum 10

# Specify file containing keys for NTP authentication.

4、启动服务、查看服务状态和与远程时间服务器同步状态

[root@localhost ~]# systemctl status chronyd
[root@localhost ~]# systemctl start chronyd
[root@localhost ~]# chronyc sources -v    //查看 ntp_servers
210 Number of sources = 2

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| /   '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* 203.107.6.88                  2   6    17    21  -1170us[-3814us] +/-   33ms
^? 193.182.111.142               0   6     0     -     +0ns[   +0ns] +/-    0ns
[root@localhost ~]# 
[root@localhost ~]# timedatectl status
      Local time: Fri 2020-10-23 08:44:32 CST
  Universal time: Fri 2020-10-23 00:44:32 UTC
        RTC time: Fri 2020-10-23 00:44:31
       Time zone: Asia/Shanghai (CST, +0800)
     NTP enabled: yes
NTP synchronized: yes
 RTC in local TZ: no
      DST active: n/a
[root@localhost ~]# timedatectl set-ntp true|yes  //centos7开启ntp服务
[root@lab-CentOS-6 ~]# chronyc activity -v   //查看配置的ntp服务器在线信息
200 OK
1 sources online
0 sources offline
0 sources doing burst (return to online)
0 sources doing burst (return to offline)
0 sources with unknown address
[root@lab-CentOS-6 ~]# 

5、客户端配置及时间同步查询

[root@lab-CentOS-6 /]#  cat /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.rhel.pool.ntp.org iburst
#server 1.rhel.pool.ntp.org iburst
#server 2.rhel.pool.ntp.org iburst
#server 3.rhel.pool.ntp.org iburst
server 192.168.0.19 iburst
[root@lab-CentOS-6 /]# service chronyd status
chronyd is stopped
[root@lab-CentOS-6 /]# service chronyd start
Starting chronyd:                                          [  OK  ]
[root@lab-CentOS-6 /]#
[root@lab-CentOS-6 ~]# chronyc sources -v
210 Number of sources = 1

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| /   '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^* 192.168.0.19                  3   6    17     1   -238us[ -665us] +/-   34ms
[root@lab-CentOS-6 ~]#

6、服务器查看客户端同步状态

[root@localhost ~]# chronyc clients
Hostname                      NTP   Drop Int IntL Last     Cmd   Drop Int  Last
===============================================================================
192.168.0.20                   11      0   6   -    59       0      0   -     -
[root@localhost ~]# 

（结束）