在centos7.4 上 時間服務器chrony的配置實戰-20191125

關於chrony：

chrony is a versatile implementation of the Network Time Protocol (NTP). It can synchronize the system clock with NTP servers, reference clocks (e.g. GPS receiver), and manual input using wristwatch and keyboard. It can also operate as an NTPv4 (RFC 5905) server and peer to provide a time service to other computers in the network.

It is designed to perform well in a wide range of conditions, including intermittent network connections, heavily congested networks, changing temperatures (ordinary computer clocks are sensitive to temperature), and systems that do not run continuosly, or run on a virtual machine.

Typical accuracy between two machines synchronised over the Internet is within a few milliseconds; on a LAN, accuracy is typically in tens of microseconds. With hardware timestamping, or a hardware reference clock, sub-microsecond accuracy may be possible.

Two programs are included in chrony, chronyd is a daemon that can be started at boot time and chronyc is a command-line interface program which can be used to monitor chronyd’s performance and to change various operating parameters whilst it is running.

NTP：Network Time Protocol；

[root@lamp ~]# yum install chrony

[root@lamp ~]# rpm -ql chrony

/etc/NetworkManager/dispatcher.d/20-chronybr/>/etc/chrony.conf
/etc/chrony.keys
/etc/dhcp/dhclient.d/chrony.sh
/etc/logrotate.d/chrony
/etc/sysconfig/chronyd
/usr/bin/chronyc
/usr/lib/systemd/ntp-units.d/50-chronyd.list
/usr/lib/systemd/system/chrony-dn***[email protected]
/usr/lib/systemd/system/chrony-dn***[email protected]
/usr/lib/systemd/system/chrony-wait.service
/usr/lib/systemd/system/chronyd.service
/usr/libexec/chrony-helper
/usr/sbin/chronyd
/usr/share/doc/chrony-3.2
/usr/share/doc/chrony-3.2/COPYING
/usr/share/doc/chrony-3.2/FAQ
/usr/share/doc/chrony-3.2/NEWS
/usr/share/doc/chrony-3.2/README
/usr/share/man/man1/chronyc.1.gz
/usr/share/man/man5/chrony.conf.5.gz
/usr/share/man/man8/chronyd.8.gz
/var/lib/chrony
/var/lib/chrony/drift
/var/lib/chrony/rtc
/var/log/chrony
[root@lamp ~]#

程序環境：
    配置文件：/etc/chrony.conf
    主程序文件：chronyd
    工具程序：chronyc
    unit file: chronyd.service

配置文件：chrony.conf
    server：指明時間服務器地址；    客戶端直接配置 NTP  server IP  ,    啓動chrony進程即可以進行時間同步

    allow NETADD/NETMASK
    allow all：允許所有客戶端主機；
    deny NETADDR/NETMASK
    deny all：拒絕所有客戶端；
    bindcmdaddress：命令管理接口監聽的地址；
    local stratum 10：即使自己未能通過網絡時間服務器同步到時間，也允許將本地時間作爲標準時間授時給其它客戶端；

    服務器端配置
    [root@lib ~]# ls -lt /etc/chrony.conf*

-rw-r--r-- 1 root root 1106 Aug 7 12:07 /etc/chrony.conf
-rw-r--r-- 1 root root 1108 Apr 13 2018 /etc/chrony.conf.bk.20190807.org
[root@lib ~]# diff /etc/chrony.conf /etc/chrony.conf.bk.20190807.org
26c26
< allow 192.168.0.0/24---

#allow 192.168.0.0/16
38c38
< log measurements statistics tracking

#log measurements statistics tracking
[root@lib ~]# grep -v '#' /etc/chrony.conf
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst

driftfile /var/lib/chrony/drift

makestep 1.0 3

rtcsync

allow 192.168.0.0/24

logdir /var/log/chrony

log measurements statistics tracking
[root@lib ~]#

客戶端配置
[root@lamp chrony]# ls -l /etc/chrony.conf*
-rw-r--r-- 1 root root 1139 Aug 7 12:07 /etc/chrony.conf
-rw-r--r-- 1 root root 1108 Apr 13 2018 /etc/chrony.conf.bk.20190807
[root@lamp chrony]# diff /etc/chrony.conf /etc/chrony.conf.bk.20190807
3,7c3,6
< #server 0.centos.pool.ntp.org iburst
< #server 1.centos.pool.ntp.org iburst
< #server 2.centos.pool.ntp.org iburst
< #server 3.centos.pool.ntp.org iburst
< server 192.168.0.103 iburst---

server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
39c38
<log measurements statistics tracking

#log measurements statistics tracking
[root@lamp chrony]#

####################
配置
[root@lib ~]# grep -v '#' /etc/chrony.conf
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
allow 192.168.0.0/24
local stratum 10
logdir /var/log/chrony
log measurements statistics tracking
[root@lib ~]#

實例
服務器端
[root@lib ~]# date -s 12:30:00
Wed Aug 7 12:30:00 CST 2019
[root@lib ~]#
[root@lib ~]#
[root@lib ~]# date
Wed Aug 7 12:30:01 CST 2019
[root@lib ~]#

客戶端
[root@lamp ~]# date
Wed Aug 7 12:53:14 CST 2019
[root@lamp ~]# ntpdate 192.168.0.103
7 Aug 12:30:10 ntpdate[3064]: step time server 192.168.0.103 offset -1407.571506 sec
[root@lamp ~]# date
Wed Aug 7 12:30:13 CST 2019
[root@lamp ~]#
##########################

實例2

服務器端
[root@lib ~]# grep -v '#' /etc/chrony.conf
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst

driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
allow 192.168.0.0/24
local stratum 10 不建議開啓，本身chronyd服務器時間與互聯網時間同步有問題，就不允許客戶端來同步，開啓後就允許
logdir /var/log/chrony
log measurements statistics tracking
[root@lib ~]#

客戶端配置
[root@lamp ~]# grep -v '#' /etc/chrony.conf
server 192.168.0.103 iburst
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
logdir /var/log/chrony
log measurements statistics tracking

[root@lamp ~]# systemctl start chronyd
[root@lamp ~]#

[root@lamp ~]# chronyc
chrony version 3.2
Copyright (C) 1997-2003, 2007, 2009-2017 Richard P. Curnow and others
chrony comes with ABSOLUTELY NO WARRANTY. This is free software, and
you are welcome to redistribute it under certain conditions. See the
GNU General Public License version 2 for details.

chronyc> sourcestats
210 Number of sources = 1
Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev==============================================================================
www.test.com 4 4 6 -2.316 70.585 -92us 6210ns
chronyc> ?
Unrecognized command
chronyc> exit
[root@lamp ~]# date
Wed Aug 7 13:02:42 CST 2019
[root@lamp ~]# chronyc sources
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample===============================================================================
^~ www.test.com 3 6 37 16 -1080s[ -1080s] +/- 22ms
[root@lamp ~]# chronyc sources -v
210 Number of sources = 1

.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample===============================================================================
^~ www.test.com 3 6 37 34 -1080s[ -1080s] +/- 22ms
[root@lamp ~]# date
Wed Aug 7 13:04:01 CST 2019
[root@lamp ~]# chronyc sourcestats
210 Number of sources = 1
Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev==============================================================================
www.test.com 6 4 135 -10456225 18356178 -1746s 221.3s
[root@lamp ~]# date
Wed Aug 7 13:04:41 CST 2019
[root@lamp ~]#

不會同步服務器時間，有問題

[root@lamp ~]# systemctl status chronyd
● chronyd.service - NTP client/server
Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor pres et: enabled)
Active: active (running) since Wed 2019-08-07 12:38:08 CST; 28min ago
Docs: man:chronyd(8)
man:chrony.conf(5)
Process: 3086 ExecStartPost=/usr/libexec/chrony-helper update-daemon (code=exi ted, status=0/SUCCESS)
Process: 3083 ExecStart=/usr/sbin/chronyd $OPTIONS (code=exited, status=0/SUCC ESS)
Main PID: 3085 (chronyd)
CGroup: /system.slice/chronyd.service
└─3085 /usr/sbin/chronyd

Aug 07 12:38:08 lamp systemd[1]: Starting NTP client/server...
Aug 07 12:38:08 lamp chronyd[3085]: chronyd version 3.2 starting (+CMDMON +...G)
Aug 07 12:38:08 lamp chronyd[3085]: Frequency 0.670 +/- 2.937 ppm read from...ft
Aug 07 12:38:08 lamp systemd[1]: Started NTP client/server.
Aug 07 12:38:12 lamp chronyd[3085]: Selected source 192.168.0.103
Aug 07 12:38:12 lamp chronyd[3085]: System clock wrong by 1407.589018 secon...ed
Aug 07 13:01:40 lamp chronyd[3085]: System clock was stepped by 1407.589018...ds
Aug 07 13:02:47 lamp chronyd[3085]: Can't synchronise: no selectable sources
報錯
Hint: Some lines were ellipsized, use -l to show in full.
[root@lamp ~]#

可能是時間服務器本身也不對導致
重啓服務器chronyd 讓其與互聯網時間同步

再重啓客戶端的chronyd ，時間可以同步了
[root@lamp ~]# systemctl restart chronyd
[root@lamp ~]# systemctl status chronyd -l
● chronyd.service - NTP client/server
Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2019-08-07 12:20:17 CST; 1s ago
Docs: man:chronyd(8)
man:chrony.conf(5)
Process: 3125 ExecStartPost=/usr/libexec/chrony-helper update-daemon (code=exited, status=0/SUCCESS)
Process: 3122 ExecStart=/usr/sbin/chronyd $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 3124 (chronyd)
CGroup: /system.slice/chronyd.service
└─3124 /usr/sbin/chronyd

Aug 07 12:20:17 lamp systemd[1]: Starting NTP client/server...
Aug 07 12:20:17 lamp chronyd[3124]: chronyd version 3.2 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SECHASH +SIGND +ASYNCDNS +IPV6 +DEBUG)
Aug 07 12:20:17 lamp chronyd[3124]: Frequency 0.658 +/- 3.454 ppm read from /var/lib/chrony/drift
Aug 07 12:20:17 lamp systemd[1]: Started NTP client/server.
[root@lamp ~]# date
Wed Aug 7 13:10:02 CST 2019
[root@lamp ~]# cat /var/lib/chrony/drift
0.658242 3.453812
[root@lamp ~]#