运维开发网

chrony配置

运维开发网 https://www.qedev.com 2020-09-08 13:51 出处:51CTO 作者:wx5eb64f3ae31eb
chrony介绍chrony的优势:*更快的同步只需要数分钟而非数小时时间,从而最大程度减少了时间和频率误差,对于并非全天24小时运行的虚拟计算机而言非常有用*能够更好地响应时钟频率的快速变化,对于具备不稳定时钟的虚拟机或导致时钟频率发生变化的节能技术而言非常有用*在初始同步后,它不会停止时钟,以防对需要系统时间保持单调的应用程序造成影响*在应对临时非对称延迟时(例如,在大规模下载造成链接饱和时)

chrony介绍

chrony的优势:

* 更快的同步只需要数分钟而非数小时时间,从而最大程度减少了时间和频率误差,对于并非全天24 小时运行的虚拟计算机而言非常有用
* 能够更好地响应时钟频率的快速变化,对于具备不稳定时钟的虚拟机或导致时钟频率发生变化的节能技术而言非常有用
* 在初始同步后,它不会停止时钟,以防对需要系统时间保持单调的应用程序造成影响
* 在应对临时非对称延迟时(例如,在大规模下载造成链接饱和时)提供了更好的稳定性
* 无需对服务器进行定期轮询,因此具备间歇性网络连接的系统仍然可以快速同步时钟
* chrony官网:https://chrony.tuxfamily.org
* chrony官方文档:https://chrony.tuxfamily.org/documentation.html

chrony文件组成

* 包:chrony
* 两个主要程序:chronyd和chronyc
    * chronyd:后台运行的守护进程,用于调整内核种运行的系统时钟和时钟服务器同步。它确定计算机增减时间的比率,并对此进行补偿
    * chronyc:命令行用户工具,用于监控性能并进行多样化的配置。它可以在chronyd实例控制的计算机上工作,也可在一台不同的远程计算机上工作
    * 服务unit文件:/usr/lib/systemd/system/chronyd.service
    * 监听端口:323/udp,123/udp
    * 配置文件:/etc/chrony.conf

配置文件chronyd.conf

[[email protected] ~]$yum -y install chrony
...

[[email protected] ~]$rpm -ql chrony
/etc/NetworkManager/dispatcher.d/20-chrony
/etc/chrony.conf
/etc/chrony.keys
/etc/dhcp/dhclient.d/chrony.sh
/etc/logrotate.d/chrony
/etc/sysconfig/chronyd
/usr/bin/chronyc
/usr/lib/systemd/ntp-units.d/50-chronyd.list
/usr/lib/systemd/system/chrony-dn***[email protected]
/usr/lib/systemd/system/chrony-dn***[email protected]
/usr/lib/systemd/system/chrony-wait.service
/usr/lib/systemd/system/chronyd.service
/usr/libexec/chrony-helper
/usr/sbin/chronyd
/usr/share/doc/chrony-3.4
/usr/share/doc/chrony-3.4/COPYING
/usr/share/doc/chrony-3.4/FAQ
/usr/share/doc/chrony-3.4/NEWS
/usr/share/doc/chrony-3.4/README
/usr/share/man/man1/chronyc.1.gz
/usr/share/man/man5/chrony.conf.5.gz
/usr/share/man/man8/chronyd.8.gz
/var/lib/chrony
/var/lib/chrony/drift
/var/lib/chrony/rtc
/var/log/chrony

[[email protected] ~]$cat /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.centos.pool.ntp.org iburst                #server可用于时钟服务器;iburst,当服务器可达时,发送一个八个数据包而不是通常的一个数据包,包间隔通常为2秒,可加快初始同步速度
server 1.centos.pool.ntp.org iburst                #N.centos.pool.ntp.org:这个是地址池,是ntp服务的虚拟集群,这里可以写成集群地址,也可以写指定的某服务器
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst

# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift                    #根据实际时间计算出计算机增减时间的比率,讲它记录到一个文件中,会在重启后为系统时钟做出补偿

# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3

# Enable kernel synchronization of the real-time clock (RTC).
rtcsync                                            #启用内核模式,系统时钟每11分钟会拷贝到实时时钟(RTC)

# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *

# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2

# Allow NTP client access from local network.
#allow 192.168.0.0/16                              #allow/deny:制定一台主机,子网或者网络以允许或拒绝访问本服务器

# Serve time even if not synchronized to a time source.
#local stratum 10                                  #即使server指令中时间服务器不可用,也允许讲本地时间做为标准时间授时给其它客户端

# Specify file containing keys for NTP authentication.
#keyfile /etc/chrony.keys

# Specify directory for log files.
logdir /var/log/chrony

# Select which information is logged.
#log measurements statistics tracking

实验:配置chronyd

master:centos7,192.168.2.17

client:centos7,192.168.2.27

[[email protected] ~]$cp /etc/chrony.conf{,.bak}
[[email protected] ~]$vim /etc/chrony.conf
[[email protected] ~]$grep -Ev '^(#|$)' /etc/chrony.conf
server ntp1.aliyun.com iburst                #这是在网上找到的时间服务器,我们就同步阿里云的
server ntp2.aliyun.com iburst
server ntp3.aliyun.com iburst
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
allow 192.168.2.0/24                         #仅允许192.168.2.0/24网络的主机可以访问此时间服务器
local stratum 10                             #开启此项
logdir /var/log/chrony

启动服务,并设置开机自启

[[email protected] ~]$systemctl start chronyd
[[email protected] ~]$systemctl enable chronyd

[[email protected] ~]$systemctl status chronyd
● chronyd.service - NTP client/server
   Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2020-09-06 13:02:03 CST; 15s ago
     Docs: man:chronyd(8)
           man:chrony.conf(5)
   CGroup: /system.slice/chronyd.service
           └─8620 /usr/sbin/chronyd
Sep 06 13:02:03 master systemd[1]: Starting NTP client/server...
Sep 06 13:02:03 master chronyd[8620]: chronyd version 3.4 starting (+CMDMON +NTP +REFCLO...UG)
Sep 06 13:02:03 master systemd[1]: Permission denied while opening PID file or unsafe sy...pid
Sep 06 13:02:03 master systemd[1]: Started NTP client/server.
Sep 06 13:02:08 master chronyd[8620]: Selected source 120.25.115.20
Hint: Some lines were ellipsized, use -l to show in full

[[email protected] ~]$ss -nlup
State      Recv-Q Send-Q  Local Address:Port                 Peer Address:Port              
UNCONN     0      0                   *:123                             *:*                   users:(("chronyd",pid=8620,fd=7))
UNCONN     0      0           127.0.0.1:323                             *:*                   users:(("chronyd",pid=8620,fd=5))
UNCONN     0      0               [::1]:323                          [::]:*                   users:(("chronyd",pid=8620,fd=6))

chronyc命令

chronyc可以运行在交互式和非交互式两种方式,支持以下命令

  • help:命令可以查看更多chronyc的交互命令
  • accheck:检查是否对特定主机可访问当前服务器
  • activity:显示有多少NTP源在线/离线
  • sources [-v]:显示当前时间源的同步信息
  • sourcestats [-v]:显示当前时间源的同步统计信息
  • add server:手动添加一台新的NTP服务器
  • clients:报告已访问本服务器的客户端列表
  • delete:手动移除NTP服务器或对等服务器
  • settime:手动设置守护进程时间
  • tracking:显示系统时间信息
[[email protected] ~]$chronyc
chrony version 3.4
Copyright (C) 1997-2003, 2007, 2009-2018 Richard P. Curnow and others
chrony comes with ABSOLUTELY NO WARRANTY.  This is free software, and
you are welcome to redistribute it under certain conditions.  See the
GNU General Public License version 2 for details.

chronyc> clients            #当前还没有配置有链接到这台时间服务器上的client,所以显示没有相关client信息
Hostname                      NTP   Drop Int IntL Last     Cmd   Drop Int  Last
===============================================================================
chronyc> activity           #发现为什么只有两台机器在线?明明配置了3台阿里云的时间服务器
200 OK
2 sources online
0 sources offline
0 sources doing burst (return to online)
0 sources doing burst (return to offline)
0 sources with unknown address
chronyc> sources -v
210 Number of sources = 2

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| /   '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* 120.25.115.20                 2   6   377    25  -1844us[-2471us] +/- 5379us        #注意看上面提示,此台为当前同步服务器,为什么这里也只显示两台了?
^- 203.107.6.88                  2   6   377    26  -2924us[-3549us] +/-   33ms

使用client查看下上面配置的三台阿里云服务器的状况

[[email protected] ~]$ping ntp1.aliyun.com
PING ntp1.aliyun.com (120.25.115.20) 56(84) bytes of data.
64 bytes from 120.25.115.20 (120.25.115.20): icmp_seq=1 ttl=53 time=9.92 ms
^C
--- ntp1.aliyun.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 9.926/9.926/9.926/0.000 ms
[[email protected] ~]$ping ntp2.aliyun.com
PING ntp.aliyun.com (203.107.6.88) 56(84) bytes of data.
64 bytes from 203.107.6.88 (203.107.6.88): icmp_seq=1 ttl=54 time=46.5 ms
64 bytes from 203.107.6.88 (203.107.6.88): icmp_seq=2 ttl=54 time=46.3 ms
^C
--- ntp.aliyun.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1008ms
rtt min/avg/max/mdev = 46.397/46.486/46.576/0.233 ms
[[email protected] ~]$ping ntp3.aliyun.com
PING ntp.aliyun.com (203.107.6.88) 56(84) bytes of data.
64 bytes from 203.107.6.88 (203.107.6.88): icmp_seq=1 ttl=54 time=46.4 ms
64 bytes from 203.107.6.88 (203.107.6.88): icmp_seq=2 ttl=54 time=46.4 ms
^C
--- ntp.aliyun.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1006ms
rtt min/avg/max/mdev = 46.490/46.491/46.493/0.215 ms

可发现,ntp1.aliyun.com的地址是:120.25.115.20;ntp2.aliyun.com和ntp3.aliyun.com的地址都为:203.107.6.88;所以才仅显示了两台

配置client,首先得把时间给改了

[[email protected] ~]$date
Sun Sep  6 13:16:27 CST 2020
[[email protected] ~]$date -s '1 year ago'
Fri Sep  6 13:16:49 CST 2019
[[email protected] ~]$date
Fri Sep  6 13:16:52 CST 2019

[[email protected] ~]$yum -y install chrony
...

[[email protected] ~]$vim /etc/chrony.conf
[[email protected] ~]$grep -Ev '^(#|$)' /etc/chrony.conf
server 192.168.2.17 iburst            #只需要改这里即可,但是在生产中,最好多设置几个server
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
logdir /var/log/chrony

[[email protected] ~]$systemctl start chronyd
[[email protected] ~]$systemctl enable chronyd

测试下client,时间是否已经同步

[[email protected] ~]$date
Sun Sep  6 13:19:43 CST 2020                #已然同步成功

[[email protected] ~]$chronyc
chrony version 3.4
Copyright (C) 1997-2003, 2007, 2009-2018 Richard P. Curnow and others
chrony comes with ABSOLUTELY NO WARRANTY.  This is free software, and
you are welcome to redistribute it under certain conditions.  See the
GNU General Public License version 2 for details.

chronyc> sources -v
210 Number of sources = 1

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| /   '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* 192.168.2.17                  3   6    17    55  -1972ns[  -21us] +/- 4403us

master测试

[[email protected] ~]$chronyc clients
Hostname                      NTP   Drop Int IntL Last     Cmd   Drop Int  Last
===============================================================================
192.168.2.27                    5      0   4   -    28       0      0   -     -

扫码领视频副本.gif

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号