centos-8安装时间服务器chrony

在时间服务器领域，一直担当杠把子角色的NTP，其实确切的说是ntpd程序，它跟chrony一样，是NTP(network time protocol网络时间协议）协议的程序实现。总体上来说，chrony更为简单，比如，客户端安装好chrony之后，并不需要设定crontab任务来定时同步时间，它是自动的，同步的时间间隔在chrony.conf配置文件中设定即可。

chrony是在centos-8里才出现的，用来替代ntpd程序。一开始我也并不知道，所以有了下面这个坑。。。

[root@hadoop02 yum.repos.d]# yum -y install ntp ntpdate
Repository extras is listed more than once in the configuration
Repository centosplus is listed more than once in the configuration
Repository PowerTools is listed more than once in the configuration
Repository AppStream is listed more than once in the configuration
Last metadata expiration check: 0:07:08 ago on Thu 12 Mar 2020 08:32:10 AM EDT.
No match for argument: ntp
No match for argument: ntpdate
Error: Unable to find a match: ntp ntpdate

当时就活见鬼了，怎么会这样呢，哎，只能慨叹IT领域的变化实在太快了。

OK，回归正题，以下是chrony的安装配置过程：

1、用yum安装chrony

[root@hadoop02 yum.repos.d]# yum -y install chrony
Repository extras is listed more than once in the configuration
Repository centosplus is listed more than once in the configuration
Repository PowerTools is listed more than once in the configuration
Repository AppStream is listed more than once in the configuration
CentOS-8 - AppStream                                                                                                                                                                       1.0 MB/s | 6.5 MB     00:06    
CentOS-8 - Extras                                                                                                                                                                          364  B/s | 2.1 kB     00:05    
CentOS-8 - Base - mirrors.aliyun.com                                                                                                                                                       1.5 MB/s | 5.0 MB     00:03    
Package chrony-3.5-1.el8.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!

毫无难度，傻瓜式安装，一行命令搞定。

2、配置chrony
chrony的配置文件是/etc/chrony.conf

 [root@hadoop02 etc]# vim  /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
pool 2.centos.pool.ntp.org iburst

# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift

# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3

# Enable kernel synchronization of the real-time clock (RTC).
rtcsync

# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *

# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2

# Allow NTP client access from local network.
#allow 192.168.0.0/16

# Serve time even if not synchronized to a time source.
#local stratum 10

# Specify file containing keys for NTP authentication.
keyfile /etc/chrony.keys

# Get TAI-UTC offset and leap seconds from the system tz database.
leapsectz right/UTC

# Specify directory for log files.
logdir /var/log/chrony

# Select which information is logged.
#log measurements statistics tracking

配置文件里的注释清晰的说明了各个配置选项的功能，如果看不懂英文，下面是我在网上找到的中文翻译版本(https://blog.csdn.net/dengshulei/article/details/103749922)。

上面这个中文注释基本上把各个主要的配置功能说清楚了。

与NTP不同的是，chrony不分服务器端和客户端。chrony可以同时扮演服务器端和客户端角色。

修改配置文件中这一行

# Please consider joining the pool (http://www.pool.ntp.org/join.html).
pool 2.centos.pool.ntp.org iburst

改成时间同步的目标服务器地址

# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 192.168.129.1 iburst

保存退出，重启chronyd服务即可。

[root@hadoop02 etc]# systemctl restart chronyd
[root@hadoop02 etc]# systemctl status chronyd
● chronyd.service - NTP client/server
   Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2020-03-12 09:04:51 EDT; 14h ago
     Docs: man:chronyd(8)
           man:chrony.conf(5)
  Process: 9146 ExecStartPost=/usr/libexec/chrony-helper update-daemon (code=exited, status=0/SUCCESS)
  Process: 9140 ExecStart=/usr/sbin/chronyd $OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 9144 (chronyd)
    Tasks: 1 (limit: 9643)
   Memory: 1.8M
   CGroup: /system.slice/chronyd.service
           └─9144 /usr/sbin/chronyd

Mar 12 09:04:51 hadoop02 systemd[1]: Starting NTP client/server...
Mar 12 09:04:51 hadoop02 chronyd[9144]: chronyd version 3.5 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +SECHASH +IPV6 +DEBUG)
Mar 12 09:04:51 hadoop02 chronyd[9144]: Frequency -1.509 +/- 0.597 ppm read from /var/lib/chrony/drift
Mar 12 09:04:51 hadoop02 chronyd[9144]: Using right/UTC timezone to obtain leap second data
Mar 12 09:04:51 hadoop02 systemd[1]: Started NTP client/server.
Mar 12 09:04:56 hadoop02 chronyd[9144]: Selected source 162.159.200.123
Mar 12 09:04:56 hadoop02 chronyd[9144]: System clock TAI offset set to 37 seconds
Mar 12 09:04:56 hadoop02 chronyd[9144]: System clock wrong by 50818.862032 seconds, adjustment started
Mar 12 23:11:55 hadoop02 chronyd[9144]: System clock was stepped by 50818.862032 seconds

配置防火墙

firewall-cmd --zone=public --add-port=123/udp --permanent

firewall-cmd --reload

启动chrony服务

systemctl restart chronyd

作者：liuxiaolin
链接：https://www.jianshu.com/p/dc9e49cfe956
来源：简书
著作权归作者所有。商业转载请联系作者获得授权，非商业转载请注明出处。