场景:内网主机需要搭建 NTP 服务,设置一台主机作为服务端,其他主机作为客户端。
1 、服务端
1.1 、检查服务是否存在
如果服务存在可以跳过1.2、1.3,直接进行配置文件修改
bash
systemctl status chronyd
1.2、上传安装包
如果不存在需要上传安装包,如果存在可以跳过此步骤。
上传后进行解压:
bash
# 解压到 /root目录下
[root@Centos package]# unzip chrony.zip -d /root
# 解压后得到chrony目录,包含rpm包和chrony.conf配置文件
[root@Centos chrony]# ll
总用量 248
-rw-r--r-- 1 root root 248708 4月 25 2018 chrony-3.2-2.el7.x86_64.rpm
-rw-r--r-- 1 root root 1174 11月 10 2021 chrony.conf
[root@Centos chrony]# pwd
/root/chrony
上传依赖包:
依赖包:libseccomp-2.3.1-4.el7.x86_64.rpm (根据系统而定)
1.3 、安装
先安装依赖
bash
root@Centos package]# rpm -ivh libseccomp-2.3.1-4.el7.x86_64.rpm
警告:libseccomp-2.3.1-4.el7.x86_64.rpm: 头V3 RSA/SHA256 Signature, 密钥 ID f4a80eb5: NOKEY
准备中... ################################# [100%]
正在升级/安装...
1:libseccomp-2.3.1-4.el7 ################################# [100%]
在安装 chrony
bash
root@Centos chrony]# rpm -ivh chrony-3.2-2.el7.x86_64.rpm
警告:chrony-3.2-2.el7.x86_64.rpm: 头V3 RSA/SHA256 Signature, 密钥 ID f4a80eb5: NOKEY
准备中... ################################# [100%]
正在升级/安装...
1:chrony-3.2-2.el7 ################################# [100%]
查看状态
bash
[root@Centos chrony]# systemctl status chronyd
● chronyd.service - NTP client/server
Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:chronyd(8)
man:chrony.conf(5)
1.4、修改配置文件
备份原来配置文件
bash
mv /etc/chrony.conf /etc/chrony.conf_bak
cp /root/chrony/chrony.conf /etc/
修改配置文件
bash
# 服务端保留 15、19、22、33、36、42行
vim /etc/chrony.conf
1 # Use public servers from the pool.ntp.org project.
2 # Please consider joining the pool (http://www.pool.ntp.org/join.html).
3 #server 0.centos.pool.ntp.org iburst
4 #server 1.centos.pool.ntp.org iburst
5 #server 2.centos.pool.ntp.org iburst
6 #server 3.centos.pool.ntp.org iburst
7 #server 127.0.0.1 iburst
8
9
10
11 # 增加新的时间服务器
12 # server 59.206.217.1 iburst
13
14 # Record the rate at which the system clock gains/losses time.
15 driftfile /var/lib/chrony/drift
16
17 # Allow the system clock to be stepped in the first three updates
18 # if its offset is larger than 1 second.
19 makestep 1.0 3
20
21 # Enable kernel synchronization of the real-time clock (RTC).
22 rtcsync
23
24 # Enable hardware timestamping on all interfaces that support it.
25 #hwtimestamp *
26
27 # Increase the minimum number of selectable sources required to adjust
28 # the system clock.
29 #minsources 2
30
31 # Allow NTP client access from local network.
32 #allow 192.168.0.0/16
33 allow all
34
35 # Serve time even if not synchronized to a time source.
36 local stratum 10
37
38 # Specify file containing keys for NTP authentication.
39 #keyfile /etc/chrony.keys
40
41 # Specify directory for log files.
42 logdir /var/log/chrony
43
44 # Select which information is logged.
45 #log measurements statistics tracking
注意:如果服务端配置完成重启服务后,客户端配置后重启仍无法连接,需要看下36行注释是否取消,如果正常还不行可以使用nc测试下udp的123端口。
1.5、重启服务
bash
systemctl start chronyd
systemctl status chronyd
netstat -anput |grep 123
2、客户端配置
2.1、查看服务状态
bash
systemctl status chronyd
如果服务不存在参考客户端1.2、1.3步骤
2.2、修改配置文件
bash
# 保留7、10、14、17、36行,第7行为服务端IP地址
vim /etc/chrony.conf
1 # Use public servers from the pool.ntp.org project.
2 # Please consider joining the pool (http://www.pool.ntp.org/join.html).
3 # server 0.centos.pool.ntp.org iburst
4 # server 1.centos.pool.ntp.org iburst
5 # server 2.centos.pool.ntp.org iburst
6 # server 3.centos.pool.ntp.org iburst
7 server 10.10.37.25 iburst # 配置服务端IP地址
8
9 # Record the rate at which the system clock gains/losses time.
10 driftfile /var/lib/chrony/drift
11
12 # Allow the system clock to be stepped in the first three updates
13 # if its offset is larger than 1 second.
14 makestep 1.0 3
15
16 # Enable kernel synchronization of the real-time clock (RTC).
17 rtcsync
18
19 # Enable hardware timestamping on all interfaces that support it.
20 #hwtimestamp *
21
22 # Increase the minimum number of selectable sources required to adjust
23 # the system clock.
24 #minsources 2
25
26 # Allow NTP client access from local network.
27 #allow 192.168.0.0/16
28
29 # Serve time even if not synchronized to a time source.
30 #local stratum 10
31
32 # Specify file containing keys for NTP authentication.
33 #keyfile /etc/chrony.keys
34
35 # Specify directory for log files.
36 logdir /var/log/chrony
37
38 # Select which information is logged.
39 #log measurements statistics tracking
2.3、重启服务
bash
systemctl start chronyd
systemctl status chronyd
netstat -anput |grep 123
2.4、查看同步情况
bash
# ^*中的"*"代表是通的
root@Centos etc]# chronyc sources
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 10.10.37.25 10 10 377 771 +39us[ +43us] +/- 461us
2.5、查看时间是否同步
bash
date
3、相关包
chrony.zip
依赖包