Ubuntu 配置chrony做NTP时钟同步_ubuntu chrony

简单了解下ntp。需要完成：

1. ubuntu 18系统上配置一个ntp server
2. ubuntu 16系统上配置一个客户端
3. 验证下确实同步了

一、ubuntu系统上配置一个ntp server

参考https://www.cnblogs.com/pipci/p/12833228.html
ntpdate 和 ntpd都已经太旧了，ubuntu 18上面的时钟同步是systemd-timesyncd 服务（只有客户端）。所以我们需要安装一个新的utpserver端。
要成为NTP服务器，可以安装chrony、ntpd，或者open-ntp。推荐chrony。

https://blog.csdn.net/weixin_67155214/article/details/123785360

安装

apt install chrony
1

配置

vim /etc/chrony/chrony.conf
1

# Welcome to the chrony configuration file. See chrony.conf(5) for more
# information about usuable directives.

# This will use (up to):
# - 4 sources from ntp.ubuntu.com which some are ipv6 enabled
# - 2 sources from 2.ubuntu.pool.ntp.org which is ipv6 enabled as well
# - 1 source from [01].ubuntu.pool.ntp.org each (ipv4 only atm)
# This means by default, up to 6 dual-stack and up to 2 additional IPv4-only
# sources will be used.
# At the same time it retains some protection against one of the entries being
# down (compare to just using one of the lines). See (LP: #1754358) for the
# discussion.
#
# About using servers from the NTP Pool Project in general see (LP: #104525).
# Approved by Ubuntu Technical Board on 2011-02-08.
# See http://www.pool.ntp.org/join.html for more information.
# 因为想修改本地时间，不去和其他服务器同步，将下面这四个pool注释掉
#pool ntp.ubuntu.com        iburst maxsources 4
#pool 0.ubuntu.pool.ntp.org iburst maxsources 1
#pool 1.ubuntu.pool.ntp.org iburst maxsources 1
#pool 2.ubuntu.pool.ntp.org iburst maxsources 2

# 添加自己作为服务器
server 192.168.1.1 iburst
# 为了方便客户端连接权限设置为允许所有
allow all
# 当无法和其他同步时，使用本地的时间去给客户端同步
local stratum 10

# This directive specify the location of the file containing ID/key pairs for
# NTP authentication.
keyfile /etc/chrony/chrony.keys

# This directive specify the file into which chronyd will store the rate
# information.
driftfile /var/lib/chrony/chrony.drift

# Uncomment the following line to turn logging on.
#log tracking measurements statistics

# Log files location.
logdir /var/log/chrony

# Stop bad estimates upsetting machine clock.
maxupdateskew 100.0

# This directive enables kernel synchronisation (every 11 minutes) of the
# real-time clock. Note that it can’t be used along with the 'rtcfile' directive.
rtcsync

# Step the system clock instead of slewing it if the adjustment is larger than
# one second, but only in the first three clock updates.
makestep 1 3
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53

服务重启（这个去搜下，也可以用systemctl restart chronyd.service）

service chrony restart
1

然后我想修改时间，用来确定是和这个服务器同步了。（这个服务器不联网，只用一个网线和客户端机器连接）
先看下时间

timedatectl status
1

再关掉同步，不然无法修改

timedatectl set-ntp no
timedatectl set-time HH:MM:SS 
# 是否再开启？存疑
timedatectl set-ntp yes
1
2
3
4

再次查看时间。

root@fh:~# date
2023年 04月 10日 星期一 15:44:51 CST
root@fh:~# chronyc tracking
Reference ID    : C0A80101 (fh)
Stratum         : 11
Ref time (UTC)  : Mon Apr 10 07:17:27 2023
System time     : 0.000000024 seconds fast of NTP time
Last offset     : +0.000005521 seconds
RMS offset      : 0.000005521 seconds
Frequency       : 0.298 ppm fast
Residual freq   : +0.031 ppm
Skew            : 2.872 ppm
Root delay      : 0.000015881 seconds
Root dispersion : 0.006503564 seconds
Update interval : 0.0 seconds
Leap status     : Normal

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

二、ubuntu系统上配置一个ntp client

找了一个ubuntu16的虚拟机作为客户端。
一样的安装。

apt install chrony
1

配置

vim /etc/chrony/chrony.conf
1

# This the default chrony.conf file for the Debian chrony package.  After
# editing this file use the command 'invoke-rc.d chrony restart' to make
# your changes take effect.  John Hasler <jhasler@debian.org> 1998-2008

# See www.pool.ntp.org for an explanation of these servers.  Please
# consider joining the project if possible.  If you can't or don't want to
# use these servers I suggest that you try your ISP's nameservers.  We mark
# the servers 'offline' so that chronyd won't try to connect when the link
# is down.  Scripts in /etc/ppp/ip-up.d and /etc/ppp/ip-down.d use chronyc
# commands to switch it on when a dialup link comes up and off when it goes
# down.  Code in /etc/init.d/chrony attempts to determine whether or not
# the link is up at boot time and set the online status accordingly.  If
# you have an always-on connection such as cable omit the 'offline'
# directive and chronyd will default to online.
#
# Note that if Chrony tries to go "online" and dns lookup of the servers
# fails they will be discarded.  Thus under some circumstances it is 
# better to use IP numbers than host names.

# 注释掉这个pool。我们只用上面的server
#pool 2.debian.pool.ntp.org offline iburst

# Look here for the admin password needed for chronyc.  The initial
# password is generated by a random process at install time.  You may
# change it if you wish.

keyfile /etc/chrony/chrony.keys

# This directive sets the key ID used for authenticating user commands via the
# 'chronyc' program at run time.

commandkey 1

# I moved the driftfile to /var/lib/chrony to comply with the Debian
# filesystem standard.

driftfile /var/lib/chrony/chrony.drift

# Comment this line out to turn off logging.

log tracking measurements statistics
logdir /var/log/chrony

# Stop bad estimates upsetting machine clock.

maxupdateskew 100.0

# Dump measurements when daemon exits.

dumponexit

# Specify directory for dumping measurements.

dumpdir /var/lib/chrony

# This directive lets 'chronyd' to serve time even if unsynchronised to any
# NTP server.

#添加了一个server
server 192.168.1.1 minpoll 4 maxpoll 10 iburst

#local stratum 10

# This directive designates subnets (or nodes) from which NTP clients are allowed
# to access to 'chronyd'.

#allow foo.example.net
#allow 10/8
#allow 0/0 (allow access by any IPv4 node)
#allow ::/0 (allow access by any IPv6 node)
# 这里我也加了，但是似乎客户端是不需要加的
allow all

# This directive forces `chronyd' to send a message to syslog if it
# makes a system clock adjustment larger than a threshold value in seconds.

logchange 0.5

# This directive defines an email address to which mail should be sent
# if chronyd applies a correction exceeding a particular threshold to the
# system clock.

# mailonchange root@localhost 0.5

# This directive tells 'chronyd' to parse the 'adjtime' file to find out if the
# real-time clock keeps local time or UTC. It overrides the 'rtconutc' directive.

hwclockfile /etc/adjtime

# This directive enables kernel synchronisation (every 11 minutes) of the
# real-time clock. Note that it can’t be used along with the 'rtcfile' directive.

rtcsync
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93

一样的重启chrony的服务。

三、验证（强制同步版）

先确定下两个的chrony服务状态没问题

# 18
systemctl status chronyd
# 16
service chrony status
1
2
3
4

检查客户端的时间和服务器的不一致。

root@controller:~# timedatectl status
      Local time: Mon 2023-04-10 16:02:17 CST
  Universal time: Mon 2023-04-10 08:02:17 UTC
        RTC time: Mon 2023-04-10 08:02:17
       Time zone: Asia/Shanghai (CST, +0800)
 Network time on: yes
NTP synchronized: no
 RTC in local TZ: no
1
2
3
4
5
6
7
8

坑：这里发现NTP synchronized: no，查了半天解决不了。
会导致没法一段时间自己同步？

客户端和服务器的ip能互相ping通；
服务器的123udp端口开启。我们可以抓包；

tcpdump -i ens33 port 123
1

服务端执行，看看有没有连上客户端。

chronyc clients
1

客户端执行，查看源是不是正常

root@controller:~#  chronyc activity
200 OK
1 sources online
0 sources offline
0 sources doing burst (return to online)
0 sources doing burst (return to offline)
0 sources with unknown address

root@controller:~# chronyc sourcestats -v
210 Number of sources = 1
                             .- Number of sample points in measurement set.
                            /    .- Number of residual runs with same sign.
                           |    /    .- Length of measurement set (time).
                           |   |    /      .- Est. clock freq error (ppm).
                           |   |   |      /           .- Est. error in freq.
                           |   |   |     |           /         .- Est. offset.
                           |   |   |     |          |          |   On the -.
                           |   |   |     |          |          |   samples. \
                           |   |   |     |          |          |             |
Name/IP Address            NP  NR  Span  Frequency  Freq Skew  Offset  Std Dev
==============================================================================
192.168.1.1                14  11   247     +0.004      1.547    +35ns   101us

root@controller:~# chronyc sources -v
210 Number of sources = 1

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| /   '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^* 192.168.1.1                  11   9   377    64   +179us[ +216us] +/- 6878us
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

^?就是源有问题，等两分钟再试。^*表示正常。

track一下，看看。

root@controller:~# chronyc tracking
Reference ID    : 192.168.1.1 (192.168.1.1)
Stratum         : 12
Ref time (UTC)  : Mon Apr 10 07:43:06 2023
System time     : 57402.121093750 seconds fast of NTP time
Last offset     : +0.000036663 seconds
RMS offset      : 0.000126418 seconds
Frequency       : 9.823 ppm slow
Residual freq   : +0.007 ppm
Skew            : 0.307 ppm
Root delay      : 0.001302 seconds
Root dispersion : 0.000698 seconds
Update interval : 282.2 seconds
Leap status     : Normal
1
2
3
4
5
6
7
8
9
10
11
12
13
14

看System time和NTP不同步。
看服务输出了什么错误信息

root@controller:~# service chrony status
● chrony.service - LSB: Controls chronyd NTP time daemon
   Loaded: loaded (/etc/init.d/chrony; bad; vendor preset: enabled)
   Active: active (running) since Tue 2023-04-11 07:16:56 CST; 33min ago
     Docs: man:systemd-sysv-generator(8)
  Process: 19400 ExecStop=/etc/init.d/chrony stop (code=exited, status=0/SUCCESS)
  Process: 19410 ExecStart=/etc/init.d/chrony start (code=exited, status=0/SUCCESS)
    Tasks: 1
   Memory: 272.0K
      CPU: 35ms
   CGroup: /system.slice/chrony.service
           └─19418 /usr/sbin/chronyd

Apr 11 07:16:54 controller systemd[1]: Starting LSB: Controls chronyd NTP time daemon...
Apr 11 07:16:54 controller chronyd[19418]: chronyd version 2.1.1 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP -DEBUG +ASYNCDNS +IPV6 +SECH
Apr 11 07:16:54 controller chronyd[19418]: Frequency -9.839 +/- 0.638 ppm read from /var/lib/chrony/chrony.drift
Apr 11 07:16:56 controller chrony[19410]: chronyd is running and online.
Apr 11 07:16:56 controller systemd[1]: Started LSB: Controls chronyd NTP time daemon.
Apr 11 07:16:58 controller chronyd[19418]: Selected source 192.168.1.1
Apr 11 07:16:58 controller chronyd[19418]: System clock wrong by -57534.054360 seconds, adjustment started
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

找了半天，用chronyc -a makestep在客户端上强制同步。（好几次）

root@controller:~# timedatectl status
      Local time: Tue 2023-04-11 07:53:36 CST
  Universal time: Mon 2023-04-10 23:53:36 UTC
        RTC time: Tue 2023-04-11 00:00:18
       Time zone: Asia/Shanghai (CST, +0800)
 Network time on: yes
NTP synchronized: no
 RTC in local TZ: no
root@controller:~# chronyc -a makestep
200 OK
200 OK
root@controller:~# timedatectl status
      Local time: Mon 2023-04-10 16:00:58 CST
  Universal time: Mon 2023-04-10 08:00:58 UTC
        RTC time: Tue 2023-04-11 00:03:14
       Time zone: Asia/Shanghai (CST, +0800)
 Network time on: yes
NTP synchronized: no
 RTC in local TZ: no
root@controller:~# timedatectl status
      Local time: Mon 2023-04-10 16:01:49 CST
  Universal time: Mon 2023-04-10 08:01:49 UTC
        RTC time: Tue 2023-04-11 00:04:05
       Time zone: Asia/Shanghai (CST, +0800)
 Network time on: yes
NTP synchronized: no
 RTC in local TZ: no
root@controller:~# chronyc -a makestep
200 OK
200 OK
root@controller:~# chronyc -a makestep
200 OK
200 OK
root@controller:~# timedatectl status
      Local time: Mon 2023-04-10 16:02:02 CST
  Universal time: Mon 2023-04-10 08:02:02 UTC
        RTC time: Mon 2023-04-10 08:02:01
       Time zone: Asia/Shanghai (CST, +0800)
 Network time on: yes
NTP synchronized: no
 RTC in local TZ: no
root@controller:~# timedatectl status
      Local time: Mon 2023-04-10 16:02:09 CST
  Universal time: Mon 2023-04-10 08:02:09 UTC
        RTC time: Mon 2023-04-10 08:02:09
       Time zone: Asia/Shanghai (CST, +0800)
 Network time on: yes
NTP synchronized: no
 RTC in local TZ: no
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

逐渐同步到与服务器时间相同，服务器抓包也可以看到输出。

root@fh:~# tcpdump -i ens33 port 123
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
15:52:34.734949 IP 192.168.1.10.59947 > fh.ntp: NTPv4, Client, length 48
15:52:34.735118 IP fh.ntp > 192.168.1.10.59947: NTPv4, Server, length 48
16:01:49.376551 IP 192.168.1.10.34716 > fh.ntp: NTPv4, Client, length 48
16:01:49.377012 IP fh.ntp > 192.168.1.10.34716: NTPv4, Server, length 48
16:19:06.195222 IP 192.168.1.10.43636 > fh.ntp: NTPv4, Client, length 48
16:19:06.195547 IP fh.ntp > 192.168.1.10.43636: NTPv4, Server, length 48
16:36:30.731287 IP 192.168.1.10.42798 > fh.ntp: NTPv4, Client, length 48
16:36:30.731652 IP fh.ntp > 192.168.1.10.42798: NTPv4, Server, length 48
1
2
3
4
5
6
7
8
9
10
11

尚不明确客户端如何能一段时间自动同步。但是可以验证这个服务器应该是没什么问题的。

四、自动同步的猜测
参考https://qastack.cn/server/948974/force-systemd-timesyncd-to-sync-time-with-ntp-server-immediately。调整到足以被视为“同步”时，“系统时钟同步：否”将变为“是”。