rhel7上NTP授时服务Chrony

Chrony 应用本身已经有几年了,其是是网络时间协议的 (NTP) 的另一种实现。一直以来众多发行版里标配的都是ntpd对时服务,自rhel7/centos7 起,Chrony做为了发行版里的标配服务,不过老的ntpd服务依旧在rhel7/centos7里可以找到 。Chrony可以同时做为ntp服务的客户端和服务端。默认安装完后有两个程序chronyd和chronyc 。chronyd是一个在系统后台运行的守护进程,chronyc是用来监控chronyd性能和配置其参数程序。

一、安装启用
可以通过如下步骤安装启用chrony服务:

# yum install -y chrony –>安装服务
# systemctl start chronyd.service –>启动服务
# systemctl enable chronyd.service –>设置开机自启动,默认是enable的
二、chrony.conf的主要配置
chrony服务使用的配置文件为/etc/chrony.conf,配置内容格式和ntpd服务基本相似。默认内容如下:

[[email protected] ~]# cat /etc/chrony.conf | grep -v “^#” | grep -v “^$”
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
logdir /var/log/chrony

这里我随便找个可用的NTP服务器源换掉上面的默认源,并且把其他的NTP服务器注释掉
[[email protected] ~]# cat /etc/chrony.conf | grep -v “^#” | grep -v “^$”
server 1.cn.pool.ntp.org iburst
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
logdir /var/log/chrony

如果本局域网内有对时服务开启的话,通过将上面的几条serer记录删除,增加指定局域网内的对时服务器并restart chrony服务即可。其中主要的配置参数有如下几个:

server – 该参数可以多次用于添加时钟服务器,必须以”server “格式使用。一般而言,你想添加多少服务器,就可以添加多少服务器;
stratumweight – stratumweight指令设置当chronyd从可用源中选择同步源时,每个层应该添加多少距离到同步距离。默认情况下,CentOS中设置为0,让chronyd在选择源时忽略源的层级;
driftfile – chronyd程序的主要行为之一,就是根据实际时间计算出计算机增减时间的比率,将它记录到一个文件中是最合理的,它会在重启后为系统时钟作出补偿,甚至可能的话,会从时钟服务器获得较好的估值;
rtcsync – rtcsync指令将启用一个内核模式,在该模式中,系统时间每11分钟会拷贝到实时时钟(RTC);
allow / deny – 这里你可以指定一台主机、子网,或者网络以允许或拒绝NTP连接到扮演时钟服务器的机器;
cmdallow / cmddeny – 跟上面相类似,只是你可以指定哪个IP地址或哪台主机可以通过chronyd使用控制命令;
bindcmdaddress – 该指令允许你限制chronyd监听哪个网络接口的命令包(由chronyc执行)。该指令通过cmddeny机制提供了一个除上述限制以外可用的额外的访问控制等级。
makestep – 通常,chronyd将根据需求通过减慢或加速时钟,使得系统逐步纠正所有时间偏差。在某些特定情况下,系统时钟可能会漂移过快,导致该调整过程消耗很长的时间来纠正系统时钟。该指令强制chronyd在调整期大于某个阀值时步进调整系统时钟,但只有在因为chronyd启动时间超过指定限制(可使用负值来禁用限制),没有更多时钟更新时才生效。

完成后重启服务
[[email protected] ~]# systemctl restart chronyd

三、查看同步状态
检查ntp源服务器状态:
配置前:
[[email protected] ~]# chronyc sources -v
210 Number of sources = 4

.– Source mode ‘^’ = server, ‘=’ = peer, ‘#’ = local clock.
/ .- Source state ‘*’ = current synced, ‘+’ = combined , ‘-‘ = not combined,
| / ‘?’ = unreachable, ‘x’ = time may be in error, ‘~’ = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) –. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^- a.chl.la 2 6 152 164 +49ms[ +51ms] +/- 186ms
^* electabuzz.felixc.at 3 6 377 103 +20ms[ +22ms] +/- 161ms
^- 119.28.206.193 2 6 37 37 -8960us[-8960us] +/- 49ms
^+ electrode.felixc.at 3 6 377 36 -3904us[-3904us] +/- 149ms

配置后
[[email protected] ~]# chronyc sourcestats
210 Number of sources = 1
Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev
==============================================================================
ntp1.flashdance.cx 4 3 9 +418.469 11440.988 +22ms 2051us

检查ntp详细同步状态:

[[email protected] ~]# chronyc sources -v
210 Number of sources = 1

.– Source mode ‘^’ = server, ‘=’ = peer, ‘#’ = local clock.
/ .- Source state ‘*’ = current synced, ‘+’ = combined , ‘-‘ = not combined,
| / ‘?’ = unreachable, ‘x’ = time may be in error, ‘~’ = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) –. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* ntp1.flashdance.cx 2 6 35 23 -1736us[-2342us] +/- 216ms

四、使用chronyc
可以通过运行chronyc命令来修改设置,命令如下:

accheck – 检查NTP访问是否对特定主机可用

activity – 该命令会显示有多少NTP源在线/离线

add server – 手动添加一台新的NTP服务器。

clients – 在客户端报告已访问到服务器

delete – 手动移除NTP服务器或对等服务器

settime – 手动设置守护进程时间

tracking – 显示系统时间信息

输入help命令可以查看更多chronyc的交互命令。

[[email protected] ~]# chronyc
chrony version 3.2
Copyright (C) 1997-2003, 2007, 2009-2017 Richard P. Curnow and others
chrony comes with ABSOLUTELY NO WARRANTY. This is free software, and
you are welcome to redistribute it under certain conditions. See the
GNU General Public License version 2 for details.

chronyc> activity
200 OK
1 sources online
0 sources offline
0 sources doing burst (return to online)
0 sources doing burst (return to offline)
0 sources with unknown address
chronyc> help
System clock:
tracking Display system time information
makestep Correct clock by stepping immediately
makestep <threshold> <updates>
Configure automatic clock stepping
maxupdateskew <skew> Modify maximum valid skew to update frequency
waitsync [<max-tries> [<max-correction> [<max-skew> [<interval>]]]]
Wait until synchronised in specified limits

Time sources:
sources [-v] Display information about current sources
sourcestats [-v] Display statistics about collected measurements
reselect Force reselecting synchronisation source
reselectdist <dist> Modify reselection distance

NTP sources:
activity Check how many NTP sources are online/offline
ntpdata [<address>] Display information about last valid measurement
add server <address> [options]
Add new NTP server
add peer <address> [options]
Add new NTP peer
delete <address> Remove server or peer
burst <n-good>/<n-max> [<mask>/<address>]
Start rapid set of measurements
maxdelay <address> <delay> Modify maximum valid sample delay
maxdelayratio <address> <ratio>
Modify maximum valid delay/minimum ratio
maxdelaydevratio <address> <ratio>
Modify maximum valid delay/deviation ratio
minpoll <address> <poll> Modify minimum polling interval
maxpoll <address> <poll> Modify maximum polling interval
minstratum <address> <stratum>
Modify minimum stratum
offline [<mask>/<address>] Set sources in subnet to offline status
online [<mask>/<address>] Set sources in subnet to online status
polltarget <address> <target>
Modify poll target
refresh Refresh IP addresses

Manual time input:
manual off|on|reset Disable/enable/reset settime command
manual list Show previous settime entries
manual delete <index> Delete previous settime entry
settime <time> Set daemon time
(e.g. Sep 25, 2015 16:30:05 or 16:30:05)

NTP access:
accheck <address> Check whether address is allowed
clients Report on clients that have accessed the server
serverstats Display statistics of the server
allow [<subnet>] Allow access to subnet as a default
allow all [<subnet>] Allow access to subnet and all children
deny [<subnet>] Deny access to subnet as a default
deny all [<subnet>] Deny access to subnet and all children
local [options] Serve time even when not synchronised
local off Don’t serve time when not synchronised
smoothtime reset|activate Reset/activate time smoothing
smoothing Display current time smoothing state

Monitoring access:
cmdaccheck <address> Check whether address is allowed
cmdallow [<subnet>] Allow access to subnet as a default
cmdallow all [<subnet>] Allow access to subnet and all children
cmddeny [<subnet>] Deny access to subnet as a default
cmddeny all [<subnet>] Deny access to subnet and all children

Real-time clock:
rtcdata Print current RTC performance parameters
trimrtc Correct RTC relative to system clock
writertc Save RTC performance parameters to file

Other daemon commands:
cyclelogs Close and re-open log files
dump Dump all measurements to save files
rekey Re-read keys from key file

Client commands:
dns -n|+n Disable/enable resolving IP addresses to hostnames
dns -4|-6|-46 Resolve hostnames only to IPv4/IPv6/both addresses
timeout <milliseconds> Set initial response timeout
retries <retries> Set maximum number of retries
keygen [<id> [<type> [<bits>]]]
Generate key for key file
exit|quit Leave the program
help Generate this help

chronyc>

五、其他时间设置相关指令
相关指令如下:

查看日期时间、时区及NTP状态:# timedatectl
查看时区列表:# timedatectl list-timezones
修改时区# timedatectl set-timezone Asia/Shanghai
修改日期时间:# timedatectl set-time “2015-01-21 11:50:00″(可以只修改其中一个)
开启NTP:# timedatectl set-ntp true/flase
还有另外一个有趣的指令system-config-date ,在rhel7 里也给了我们一个可以图形化配置chrony服务的工具 。安装命令如下:

[[email protected] ~]# yum -y install system-config-date
Loaded plugins: fastestmirror
Determining fastest mirrors
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
base | 3.6 kB 00:00:00
extras | 3.4 kB 00:00:00
updates | 3.4 kB 00:00:00
(1/2): extras/7/x86_64/primary_db | 215 kB 00:00:00
(2/2): updates/7/x86_64/primary_db | 7.4 MB 00:00:03
Resolving Dependencies
–> Running transaction check
(省略)
安装完成后运行system-config-date命令,界面如下:

system-config-date

六、chrony的优势
Chrony 的优势包括:

更快的同步只需要数分钟而非数小时时间,从而最大程度减少了时间和频率误差,这对于并非全天 24 小时运行的台式计算机或系统而言非常有用。
能够更好地响应时钟频率的快速变化,这对于具备不稳定时钟的虚拟机或导致时钟频率发生变化的节能技术而言非常有用。
在初始同步后,它不会停止时钟,以防对需要系统时间保持单调的应用程序造成影响。
在应对临时非对称延迟时(例如,在大规模下载造成链接饱和时)提供了更好的稳定性。
无需对服务器进行定期轮询,因此具备间歇性网络连接的系统仍然可以快速同步时钟。
参考文档:
红帽chrony文档
chrony官方手册

转载自http://www.361way.com/rhel7-chrony/4778.html,并做修改

此条目发表在NTP分类目录,贴了标签。将固定链接加入收藏夹。

发表评论

您的电子邮箱地址不会被公开。 必填项已用*标注