时间同步chrony--ntp-123/udp
准备工作:
bash
# 临时停止防火墙
systemctl stop firewalld
# 禁止防火墙开机启动(永久生效)
systemctl disable firewalld
# 验证防火墙状态(确保显示inactive)
systemctl status firewalld
# 临时关闭SELinux(重启失效)
setenforce 0
# 验证SELinux状态
getenforce遇到问题:
bash
bash-5.1# setenforce 0
bash: setenforce:未找到命令
setenforce 0
sestatus
ash-5.1# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 33
setenforce 0
#ok成功实验1:当前主机通过外网ntp.aliyun.com时间服务器进行同步
客户端环境要求:访问外网 --- nat
客户端:chrony
vim /etc/chrony.conf
pool 时间服务器主机的ip或者域名 ibusrt 启动软件读取配置(发起时间同步请求)
systemctl restart chronyd
实验2: 通过自构建的时间服务器主机给客户端主机同步时间
服务器:
bash
# 安装Chrony
yum install chrony -y
# 打开配置文件
vim /etc/chrony.conf
# -------------- 配置文件修改内容 --------------
server ntp.aliyun.com iburst
allow 10.211.55.6/24 # 允许该网段所有客户端同步服务端时间
driftfile /var/lib/chrony/drift # 记录时间漂移,优化后续同步
makestep 1.0 3 # 若时间偏差>1秒,前3次更新允许"跳变"修正
rtcsync # 启用硬件时钟(RTC)与系统时钟同步
# ---------------------------------------------
:wq
systemctl restart chronyd
systemctl enable chronyd
systemctl status chronyd客户端:
bash
yum install chrony -y
chronyc -v
vim /etc/chrony.conf
# -------------- 配置文件修改内容 --------------
# 1. 删除默认的pool地址,添加服务端IP作为时间源
server 10.211.55.6 iburst
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
# ---------------------------------------------
:wq
systemctl restart chronyd
systemctl enable chronyd
systemctl status chronyd