Linux chrony时间同步服务
chrony有两个核心组件,分别是:chronyd:是守护进程,主要用于调整内核中运行的系统时间和时间服务器同步。它确定计算机增减时间的比率,并对此进行调整补偿。chronyc:提供一个用户界面,用于监控性能并进行多样化的配置。它可以在chronyd实例控制的计算机上工作,也可以在一台不同的远程计算机上工作。
下面是如何搭建chrony服务,主机server0是客户端,要同步服务端desktop0。desktop和自己同步,不和网络上的服务器进行同步,即本地同步。
(1)先安装chrony软件所需要的包,客户端和服务端都得安装
[root@desktop0 ~]# yum install chrony -y
Loaded plugins: langpacks
rhel_dvd | 4.1 kB 00:00:00
(1/2): rhel_dvd/group_gz | 134 kB 00:00:00
(2/2): rhel_dvd/primary_db | 3.4 MB 00:00:01
Package chrony-1.29.1-1.el7.x86_64 already installed and latest version
Nothing to do
(2)在客户端和服务端将chrony启动,并且设置为开机自启动
[root@desktop0 ~]# systemctl start chronyd
[root@desktop0 ~]# systemctl enable chrond
[root@desktop0 ~]# systemctl status chronyd
chronyd.service - NTP client/server
Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled)
Active: active (running) since Mon 2018-04-23 09:55:46 CST; 3h 44min ago
Main PID: 498 (chronyd)
CGroup: /system.slice/chronyd.service
?..498 /usr/sbin/chronyd -u chrony
Apr 23 09:55:42 localhost chronyd[498]: chronyd version 1.29.1 starting
Apr 23 09:55:42 localhost chronyd[498]: Linux kernel major=3 minor=10 patch=0
Apr 23 09:55:42 localhost chronyd[498]: hz=100 shift_hz=7 freq_scale=1.00000000 nominal_tick=10000 slew_delta_t...pll=2
Apr 23 09:55:46 localhost systemd[1]: Started NTP client/server.
Apr 23 13:39:45 desktop0.example.com systemd[1]: Started NTP client/server.
Hint: Some lines were ellipsized, use -l to show in full.
(3)服务端将防火墙关闭
[root@desktop0 ~]# iptables -F
这里先来了解一下chrony的配置文件里面的内容
[root@desktop0 ~]# cat /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
使用pool.ntp.org项目中的公共服务器。以server开,理论上你想添加多少时间服务器都可以。
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.rhel.pool.ntp.org iburst
server 1.rhel.pool.ntp.org iburst
server 2.rhel.pool.ntp.org iburst
server 3.rhel.pool.ntp.org iburst
# Ignore stratum in source selection.
stratumweight 0
根据实际时间计算出服务器增减时间的比率,然后记录到一个文件中,在系统重启后为系统做出最佳时间补偿调整。
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Enable kernel RTC synchronization.
rtcsync
# In first three updates step the system clock instead of slew
# if the adjustment is larger than 10 seconds.
makestep 10 3
# 指定一台主机、子网,或者网络以允许或拒绝NTP连接到扮演时钟服务器的机器
# Allow NTP client access from local network.
#allow 192.168/16
# Listen for commands only on localhost.
bindcmdaddress 127.0.0.1
bindcmdaddress ::1
# Serve time even if not synchronized to any NTP server.
#local stratum 10
keyfile /etc/chrony.keys
# Specify the key used as password for chronyc.
commandkey 1
# Generate command key if missing.
generatecommandkey
# Disable logging of client accesses.
noclientlog
# Send a message to syslog if a clock adjustment is larger than 0.5 seconds.
logchange 0.5
# 指定日志文件的目录。
logdir /var/log/chrony
#log measurements statistics tracking
(4)配置服务端的chrony的配置文件/etc/chrony.conf
在配置文件里面修改如下三行
[root@desktop0 ~]# cat /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 127.127.1.1 iburst --和本地同步
# Ignore stratum in source selection.
stratumweight 0
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Enable kernel RTC synchronization.
rtcsync
# In first three updates step the system clock instead of slew
# if the adjustment is larger than 10 seconds.
makestep 10 3
# Allow NTP client access from local network.
allow 172.25.0/24 --这个很重要,这里写的是允许客户端同步服务端的ip地址和网段,客户端ip为172.25.0.11
allow 127/8 --这个是允许和本地同步
# Listen for commands only on localhost.
bindcmdaddress 127.0.0.1
bindcmdaddress ::1
# Serve time even if not synchronized to any NTP server.
local stratum 10 --不去同步任何人的时间
keyfile /etc/chrony.keys
# Specify the key used as password for chronyc.
commandkey 1
# Generate command key if missing.
generatecommandkey
# Disable logging of client accesses.
noclientlog
# Send a message to syslog if a clock adjustment is larger than 0.5 seconds.
logchange 0.5
logdir /var/log/chrony
#log measurements statistics tracking
(5)修改完配置文件后将服务重启再进行检查,看chrony是否和本地同步
[root@desktop0 ~]# systemctl restart chronyd
[root@desktop0 ~]# chronyc sources
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 127.127.1.1 12 6 37 1 -6150us[-6368us] +/- 33ms
可以看到是和本地同步了
(6)配置客户端,相对于服务端只需要修改一个地方
服务端ip地址为172.25.0.10
[root@desktop0 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.0.10 netmask 255.255.255.0 broadcast 172.25.0.255
[root@server0 ~]# cat /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 172.25.0.10 iburst --将服务端的ip添加,及要同步服务器ip地址
(7)修改完客户端配置文件将服务重启查看是否和服务端同步
[root@server0 ~]# systemctl restart chronyd
[root@server0 ~]# chronyc sources
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* desktop0.example.com 12 6 7 0 -149us[ +979ms] +/- 2431us
注意如果得到下面结果代表没有配置好
[root@server0 ~]# chronyc sources
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^? desktop0.example.com 0 6 0 10y +0ns[ +0ns] +/- 0ns
这里是问号?不是*号代表没有配置成功。
总结:
chrony的优势更快的同步只需要数分钟而非数小时时间,从而最大程度减少了时间和频率误差,这对于并非全天 24 小时运行的台式计算机或系统而言非常有用。
能够更好地响应时钟频率的快速变化,这对于具备不稳定时钟的虚拟机或导致时钟频率发生变化的节能技术而言非常有用。
在初始同步后,它不会停止时钟,以防对需要系统时间保持单调的应用程序造成影响。
在应对临时非对称延迟时(例如,在大规模下载造成链接饱和时)提供了更好的稳定性。
无需对服务器进行定期轮询,因此具备间歇性网络连接的系统仍然可以快速同步时钟。
说明:
chrony与ntp都是时间同步软件,两个软件不能够同时开启,会出现时间冲突。Redhat使用chrony,Redhat6使用ntp。
目录 返回
首页