时间同步-chrony

场景：内网主机需要搭建 NTP 服务，设置一台主机作为服务端，其他主机作为客户端。

1 、服务端

1.1 、检查服务是否存在

如果服务存在可以跳过1.2、1.3，直接进行配置文件修改

systemctl status chronyd

1.2、上传安装包

如果不存在需要上传安装包，如果存在可以跳过此步骤。

上传后进行解压：

# 解压到 /root目录下
[root@Centos package]# unzip chrony.zip -d /root

# 解压后得到chrony目录，包含rpm包和chrony.conf配置文件
[root@Centos chrony]# ll
总用量 248
-rw-r--r-- 1 root root 248708 4月  25 2018 chrony-3.2-2.el7.x86_64.rpm
-rw-r--r-- 1 root root   1174 11月 10 2021 chrony.conf
[root@Centos chrony]# pwd
/root/chrony

上传依赖包：

依赖包：libseccomp-2.3.1-4.el7.x86_64.rpm （根据系统而定）

1.3 、安装

先安装依赖

root@Centos package]# rpm -ivh libseccomp-2.3.1-4.el7.x86_64.rpm 
警告：libseccomp-2.3.1-4.el7.x86_64.rpm: 头V3 RSA/SHA256 Signature, 密钥 ID f4a80eb5: NOKEY
准备中...                          ################################# [100%]
正在升级/安装...
   1:libseccomp-2.3.1-4.el7           ################################# [100%]

在安装 chrony

root@Centos chrony]# rpm -ivh chrony-3.2-2.el7.x86_64.rpm 
警告：chrony-3.2-2.el7.x86_64.rpm: 头V3 RSA/SHA256 Signature, 密钥 ID f4a80eb5: NOKEY
准备中...                          ################################# [100%]
正在升级/安装...
   1:chrony-3.2-2.el7                 ################################# [100%]

查看状态

[root@Centos chrony]# systemctl status chronyd
● chronyd.service - NTP client/server
   Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:chronyd(8)
           man:chrony.conf(5)

1.4、修改配置文件

备份原来配置文件

mv /etc/chrony.conf /etc/chrony.conf_bak
cp /root/chrony/chrony.conf /etc/

修改配置文件

# 服务端保留 15、19、22、33、36、42行
vim /etc/chrony.conf
  1 # Use public servers from the pool.ntp.org project.
  2 # Please consider joining the pool (http://www.pool.ntp.org/join.html).
  3 #server 0.centos.pool.ntp.org iburst
  4 #server 1.centos.pool.ntp.org iburst
  5 #server 2.centos.pool.ntp.org iburst
  6 #server 3.centos.pool.ntp.org iburst
  7 #server 127.0.0.1  iburst
  8 
  9 
 10 
 11 # 增加新的时间服务器
 12 # server 59.206.217.1 iburst
 13 
 14 # Record the rate at which the system clock gains/losses time.
 15 driftfile /var/lib/chrony/drift
 16 
 17 # Allow the system clock to be stepped in the first three updates
 18 # if its offset is larger than 1 second.
 19 makestep 1.0 3
 20 
 21 # Enable kernel synchronization of the real-time clock (RTC).
 22 rtcsync
 23 
 24 # Enable hardware timestamping on all interfaces that support it.
 25 #hwtimestamp *
 26 
 27 # Increase the minimum number of selectable sources required to adjust
 28 # the system clock.
 29 #minsources 2
 30 
 31 # Allow NTP client access from local network.
 32 #allow 192.168.0.0/16
 33 allow all
 34 
 35 # Serve time even if not synchronized to a time source.
 36 local stratum 10
 37 
 38 # Specify file containing keys for NTP authentication.
 39 #keyfile /etc/chrony.keys
 40 
 41 # Specify directory for log files.
 42 logdir /var/log/chrony
 43 
 44 # Select which information is logged.
 45 #log measurements statistics tracking

注意：如果服务端配置完成重启服务后，客户端配置后重启仍无法连接，需要看下36行注释是否取消，如果正常还不行可以使用nc测试下udp的123端口。

1.5、重启服务

systemctl start chronyd
systemctl status chronyd
netstat -anput |grep 123

2、客户端配置

2.1、查看服务状态

systemctl status chronyd

如果服务不存在参考客户端1.2、1.3步骤

2.2、修改配置文件

  # 保留7、10、14、17、36行，第7行为服务端IP地址
  vim /etc/chrony.conf
  1 # Use public servers from the pool.ntp.org project.
  2 # Please consider joining the pool (http://www.pool.ntp.org/join.html).
  3 # server 0.centos.pool.ntp.org iburst
  4 # server 1.centos.pool.ntp.org iburst
  5 # server 2.centos.pool.ntp.org iburst
  6 # server 3.centos.pool.ntp.org iburst
  7 server 10.10.37.25 iburst # 配置服务端IP地址
  8 
  9 # Record the rate at which the system clock gains/losses time.
 10 driftfile /var/lib/chrony/drift
 11 
 12 # Allow the system clock to be stepped in the first three updates
 13 # if its offset is larger than 1 second.
 14 makestep 1.0 3
 15 
 16 # Enable kernel synchronization of the real-time clock (RTC).
 17 rtcsync
 18 
 19 # Enable hardware timestamping on all interfaces that support it.
 20 #hwtimestamp *
 21 
 22 # Increase the minimum number of selectable sources required to adjust
 23 # the system clock.
 24 #minsources 2
 25 
 26 # Allow NTP client access from local network.
 27 #allow 192.168.0.0/16
 28 
 29 # Serve time even if not synchronized to a time source.
 30 #local stratum 10
 31 
 32 # Specify file containing keys for NTP authentication.
 33 #keyfile /etc/chrony.keys
 34 
 35 # Specify directory for log files.
 36 logdir /var/log/chrony
 37 
 38 # Select which information is logged.
 39 #log measurements statistics tracking

2.3、重启服务

systemctl start chronyd
systemctl status chronyd
netstat -anput |grep 123

2.4、查看同步情况

# ^*中的"*"代表是通的
root@Centos etc]# chronyc sources
210 Number of sources = 1
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* 10.10.37.25                  10  10   377   771    +39us[  +43us] +/-  461us

2.5、查看时间是否同步

date

3、相关包

chrony.zip

chrony.zip

依赖包