chrony服务配置_chrony.conf

1、chrony服务

chrony 是网络时间协议 (NTP) 的通用实现。它可以将系统时钟与 NTP 服务器、参考时钟（例如 GPS 接收器）以及使用手表和键盘的手动输入同步。它还可以作为 NTPv4 (RFC 5905) 服务器和对等点运行，为网络中的其他计算机提供时间服务。

它旨在在广泛的条件下运行良好，包括间歇性网络连接、严重拥塞的网络、不断变化的温度（普通计算机时钟对温度很敏感）以及不能连续运行或在虚拟机上运行的系统。

通过 Internet 同步的两台机器之间的典型精度在几毫秒内；在 LAN 上，精度通常为几十微秒。使用硬件时间戳或硬件参考时钟，亚微秒精度可能是可能的。

chrony 中包含两个程序，chronyd 是一个可以在引导时启动的守护进程，chronyc 是一个命令行界面程序，可用于监视 chronyd 的性能并在其运行时更改各种操作参数。

centos7+ 支持chrony时间同步配置，ntp在centos8上已经不再支持了
chrony相比ntp时间同步配置更简单高效，它是一个开源的软件能保持系统始终与服务器时间同步。

2、OS测试环境介绍

Server端：RedHat8.2- 172.20.10.6

Client端：CentOS8.3- 172.20.10.7

本次测试为最小化系统安装，配置本地yum源后安装chrony服务（服务端客户端均安装该服务，如下）

[root@centos8-3 ~]# yum install -y chrony
Last metadata expiration check: 0:00:05 ago on Tue 15 Jun 2021 08:02:45 PM CST.
Dependencies resolved.
=================================================================================================================================================================
 Package                                Architecture                        Version                                Repository                               Size
=================================================================================================================================================================
Installing:
 chrony                                 x86_64                              3.5-1.el8                              centos8-OS                              271 k
Installing weak dependencies:
 timedatex                              x86_64                              0.5-3.el8                              centos8-OS                               32 k
 
Transaction Summary
=================================================================================================================================================================
Install  2 Packages
 
Total size: 303 k
Installed size: 731 k
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                         1/1 
  Installing       : timedatex-0.5-3.el8.x86_64                                                                                                              1/2 
  Running scriptlet: timedatex-0.5-3.el8.x86_64                                                                                                              1/2 
  Running scriptlet: chrony-3.5-1.el8.x86_64                                                                                                                 2/2 
  Installing       : chrony-3.5-1.el8.x86_64                                                                                                                 2/2 
  Running scriptlet: chrony-3.5-1.el8.x86_64                                                                                                                 2/2 
  Verifying        : chrony-3.5-1.el8.x86_64                                                                                                                 1/2 
  Verifying        : timedatex-0.5-3.el8.x86_64                                                                                                              2/2 
 
Installed:
  chrony-3.5-1.el8.x86_64                                                       timedatex-0.5-3.el8.x86_64                                                      
 
Complete!

3、server与client端配置

（1）server端配置以及解释说明

[root@RedHat8-2 ~]# cat /etc/chrony.conf 
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#pool 2.rhel.pool.ntp.org iburst  --注释这行，外网时间服务器的网址
server 172.20.10.6 iburst         --添加这行，表示与本机同步时间(视情况自行更改)
 
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
 
# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3
 
# Enable kernel synchronization of the real-time clock (RTC).
rtcsync
 
# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *
 
# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2
 
# Allow NTP client access from local network.
allow 172.20.10.0/28              -->>允许哪些服务器或客户端到这台时间服务器来同步时间。必须配置
# Serve time even if not synchronized to a time source.
local stratum 10                  -->>该行注释取消掉不然NTP synchronized: 为no 取消掉后变为 NTP synchronized:yes
# Specify file containing keys for NTP authentication.
keyfile /etc/chrony.keys
 
# Get TAI-UTC offset and leap seconds from the system tz database.
leapsectz right/UTC
 
# Specify directory for log files.
logdir /var/log/chrony
 
# Select which information is logged.
#log measurements statistics tracking

启动chrony服务并进行检查

启动chronyd
[root@RedHat8-2 ~]# systemctl start chronyd
加入开机自启
[root@RedHat8-2 ~]# systemctl enable chronyd
 
检查
[root@RedHat8-2 ~]# netstat -antulp|grep chronyd
udp        0      0 0.0.0.0:123             0.0.0.0:*                           7745/chronyd        
udp        0      0 127.0.0.1:323           0.0.0.0:*                           7745/chronyd        
udp6       0      0 ::1:323                 :::*                                7745/chronyd        
[root@RedHat8-2 ~]# ss -antulp|grep chronyd
udp     UNCONN   0        0                0.0.0.0:123           0.0.0.0:*       users:(("chronyd",pid=7745,fd=9))                                              
udp     UNCONN   0        0              127.0.0.1:323           0.0.0.0:*       users:(("chronyd",pid=7745,fd=7))                                              
udp     UNCONN   0        0                  [::1]:323              [::]:*       users:(("chronyd",pid=7745,fd=8))                                              

（2）client端配置

[root@centos8-3 ~]# cat /etc/chrony.conf 
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#pool 2.centos.pool.ntp.org iburst
server 172.20.10.6 iburst   -->>添加该行，表示到这台服务器去同步时间

启动chronyd并加入开机自启

[root@centos8-3 ~]# systemctl start chronyd
[root@centos8-3 ~]# systemctl enable chronyd

4、查看状态

[root@centos8-3 ~]# timedatectl 
               Local time: Tue 2021-06-15 16:45:10 CST
           Universal time: Tue 2021-06-15 08:45:10 UTC
                 RTC time: Tue 2021-06-15 16:45:10
                Time zone: Asia/Shanghai (CST, +0800)
System clock synchronized: yes   --表示已同步完成
              NTP service: active
          RTC in local TZ: no

5、查看时间源信息

服务端

[root@RedHat8-2 ~]# chronyc sources -v
210 Number of sources = 1
 
  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| /   '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^? RedHat8-2.localdomain         0   7   377     -     +0ns[   +0ns] +/-    0ns

客户端

[root@centos8-3 ~]# chronyc sources -v
210 Number of sources = 1
 
  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| /   '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* 172.20.10.6                  11   6   177    50  +2087ns[  -33us] +/-  227ms

6、测试

测试说明，对服务端进行手动更改时间，查看客户端是否同步

（1）查看客户端与服务端当前时间

服务端
[root@RedHat8-2 ~]# date
Tue Jun 15 16:43:22 CST 2021
 
客户端
[root@centos8-3 ~]# date
Tue Jun 15 16:43:22 CST 2021
 

（2）手动更改服务端时间

[root@RedHat8-2 ~]# date 
Tue Jun 15 17:14:03 CST 2021
[root@RedHat8-2 ~]# date -s "2021-6-15 18:00:00"
Tue Jun 15 18:00:00 CST 2021

（3）等待客户端自动同步（测试同步时间较为缓慢）

[root@centos8-3 ~]# chronyc sources -v
210 Number of sources = 1
 
  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| /   '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^~ 172.20.10.6                  11   6    37    11   -2716s[ -2716s] +/-  265ms
[root@centos8-3 ~]# date
Tue Jun 15 17:16:44 CST 2021
[root@centos8-3 ~]# timedatectl 
               Local time: Tue 2021-06-15 17:16:53 CST
           Universal time: Tue 2021-06-15 09:16:53 UTC
                 RTC time: Tue 2021-06-15 09:17:19
                Time zone: Asia/Shanghai (CST, +0800)
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no
 
[root@centos8-3 ~]# date
Tue Jun 15 18:06:49 CST 2021

在测试中发现个问题 同步时间较为缓慢不过成功的进行了同步