chrony服务配置
1、chrony服务
chrony 是网络时间协议 (NTP) 的通用实现。它可以将系统时钟与 NTP 服务器、参考时钟(例如 GPS 接收器)以及使用手表和键盘的手动输入同步。它还可以作为 NTPv4 (RFC 5905) 服务器和对等点运行,为网络中的其他计算机提供时间服务。
它旨在在广泛的条件下运行良好,包括间歇性网络连接、严重拥塞的网络、不断变化的温度(普通计算机时钟对温度很敏感)以及不能连续运行或在虚拟机上运行的系统。
通过 Internet 同步的两台机器之间的典型精度在几毫秒内;在 LAN 上,精度通常为几十微秒。使用硬件时间戳或硬件参考时钟,亚微秒精度可能是可能的。
chrony 中包含两个程序,chronyd 是一个可以在引导时启动的守护进程,chronyc 是一个命令行界面程序,可用于监视 chronyd 的性能并在其运行时更改各种操作参数。
centos7+ 支持chrony时间同步配置,ntp在centos8上已经不再支持了
chrony相比ntp时间同步配置更简单高效,它是一个开源的软件能保持系统始终与服务器时间同步。
2、OS测试环境介绍
Server端:RedHat8.2- 172.20.10.6
Client端:CentOS8.3- 172.20.10.7
本次测试为最小化系统安装,配置本地yum源后安装chrony服务(服务端客户端均安装该服务,如下)
[root@centos8-3 ~]# yum install -y chrony
Last metadata expiration check: 0:00:05 ago on Tue 15 Jun 2021 08:02:45 PM CST.
Dependencies resolved.
=================================================================================================================================================================
Package Architecture Version Repository Size
=================================================================================================================================================================
Installing:
chrony x86_64 3.5-1.el8 centos8-OS 271 k
Installing weak dependencies:
timedatex x86_64 0.5-3.el8 centos8-OS 32 k
Transaction Summary
=================================================================================================================================================================
Install 2 Packages
Total size: 303 k
Installed size: 731 k
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : timedatex-0.5-3.el8.x86_64 1/2
Running scriptlet: timedatex-0.5-3.el8.x86_64 1/2
Running scriptlet: chrony-3.5-1.el8.x86_64 2/2
Installing : chrony-3.5-1.el8.x86_64 2/2
Running scriptlet: chrony-3.5-1.el8.x86_64 2/2
Verifying : chrony-3.5-1.el8.x86_64 1/2
Verifying : timedatex-0.5-3.el8.x86_64 2/2
Installed:
chrony-3.5-1.el8.x86_64 timedatex-0.5-3.el8.x86_64
Complete!
3、server与client端配置
(1)server端配置以及解释说明
[root@RedHat8-2 ~]# cat /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#pool 2.rhel.pool.ntp.org iburst --注释这行,外网时间服务器的网址
server 172.20.10.6 iburst --添加这行,表示与本机同步时间(视情况自行更改)
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3
# Enable kernel synchronization of the real-time clock (RTC).
rtcsync
# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *
# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2
# Allow NTP client access from local network.
allow 172.20.10.0/28 -->>允许哪些服务器或客户端到这台时间服务器来同步时间。必须配置
# Serve time even if not synchronized to a time source.
local stratum 10 -->>该行注释取消掉不然NTP synchronized: 为no 取消掉后变为 NTP synchronized:yes
# Specify file containing keys for NTP authentication.
keyfile /etc/chrony.keys
# Get TAI-UTC offset and leap seconds from the system tz database.
leapsectz right/UTC
# Specify directory for log files.
logdir /var/log/chrony
# Select which information is logged.
#log measurements statistics tracking
启动chrony服务并进行检查
启动chronyd
[root@RedHat8-2 ~]# systemctl start chronyd
加入开机自启
[root@RedHat8-2 ~]# systemctl enable chronyd
检查
[root@RedHat8-2 ~]# netstat -antulp|grep chronyd
udp 0 0 0.0.0.0:123 0.0.0.0:* 7745/chronyd
udp 0 0 127.0.0.1:323 0.0.0.0:* 7745/chronyd
udp6 0 0 ::1:323 :::* 7745/chronyd
[root@RedHat8-2 ~]# ss -antulp|grep chronyd
udp UNCONN 0 0 0.0.0.0:123 0.0.0.0:* users:(("chronyd",pid=7745,fd=9))
udp UNCONN 0 0 127.0.0.1:323 0.0.0.0:* users:(("chronyd",pid=7745,fd=7))
udp UNCONN 0 0 [::1]:323 [::]:* users:(("chronyd",pid=7745,fd=8))
(2)client端配置
[root@centos8-3 ~]# cat /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#pool 2.centos.pool.ntp.org iburst
server 172.20.10.6 iburst -->>添加该行,表示到这台服务器去同步时间
启动chronyd并加入开机自启
[root@centos8-3 ~]# systemctl start chronyd
[root@centos8-3 ~]# systemctl enable chronyd
4、查看状态
[root@centos8-3 ~]# timedatectl
Local time: Tue 2021-06-15 16:45:10 CST
Universal time: Tue 2021-06-15 08:45:10 UTC
RTC time: Tue 2021-06-15 16:45:10
Time zone: Asia/Shanghai (CST, +0800)
System clock synchronized: yes --表示已同步完成
NTP service: active
RTC in local TZ: no
5、查看时间源信息
服务端
[root@RedHat8-2 ~]# chronyc sources -v
210 Number of sources = 1
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^? RedHat8-2.localdomain 0 7 377 - +0ns[ +0ns] +/- 0ns
客户端
[root@centos8-3 ~]# chronyc sources -v
210 Number of sources = 1
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 172.20.10.6 11 6 177 50 +2087ns[ -33us] +/- 227ms
6、测试
测试说明,对服务端进行手动更改时间,查看客户端是否同步
(1)查看客户端与服务端当前时间
服务端
[root@RedHat8-2 ~]# date
Tue Jun 15 16:43:22 CST 2021
客户端
[root@centos8-3 ~]# date
Tue Jun 15 16:43:22 CST 2021
(2)手动更改服务端时间
[root@RedHat8-2 ~]# date
Tue Jun 15 17:14:03 CST 2021
[root@RedHat8-2 ~]# date -s "2021-6-15 18:00:00"
Tue Jun 15 18:00:00 CST 2021
(3)等待客户端自动同步(测试同步时间较为缓慢)
[root@centos8-3 ~]# chronyc sources -v
210 Number of sources = 1
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^~ 172.20.10.6 11 6 37 11 -2716s[ -2716s] +/- 265ms
[root@centos8-3 ~]# date
Tue Jun 15 17:16:44 CST 2021
[root@centos8-3 ~]# timedatectl
Local time: Tue 2021-06-15 17:16:53 CST
Universal time: Tue 2021-06-15 09:16:53 UTC
RTC time: Tue 2021-06-15 09:17:19
Time zone: Asia/Shanghai (CST, +0800)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
[root@centos8-3 ~]# date
Tue Jun 15 18:06:49 CST 2021
在测试中发现个问题 同步时间较为缓慢不过成功的进行了同步