Chrony
Chrony是一个开源的自由软件,它能保持系统时钟与时钟服务器(NTP)同步,让时间保持精确。
程序环境
配置文件:/etc/chrony.conf
主程序文件:chronyd
工具程序:chronyc
unit file:chronyd.service
chronyd
一个后台运行的守护进程,用于调整内核中运行的系统时钟和时钟服务器同步。它确定计算机增减时间的比率,并对此进行补偿。
chronyc
提供了一个用户界面,用于监控性能并进行多样化的配置。它可以在chronyd实例控制的计算机上工作,也可以在一台不同的远程计算机上工作。
Chrony时间同步程序特点:
- 准确的时间同步
- Chrony 是网络时间协议的另一种实现,与网络时间协议后台程序(ntpd)不同,它可以更快地且准确的同步系统时钟。
Chrony 的优势
- 更快的同步只需要数分钟而非数小时时间,从而最大程度的减少时间和频率误差,这对于并非全天运行的台式计算机或系统而言非常有用。
- 能够更好的响应时间频率的快速变化,这对于具备不稳定时钟的虚拟机或导致时钟频率反生变化的节能技术而言非常有用。
- 在初始同步后,它并不会停止时钟,以防对需要系统时间保持单调的程序造成影响。
- 在应对临时非对称延迟时,(例如,大规模下载造成链接饱和时)提供了更好的稳定性。
- 无需对服务器进行定期轮询,因此具备间歇性网络连接的系统仍然可以快速同步时钟。
配置时间服务器
软件部署
[root@promote ~]# cat /etc/centos-release
CentOS Linux release 7.4.1708 (Core)
[root@promote ~]# yum -y install chrony
配置文件
[root@promote ~]# cat /etc/chrony.conf //配置文件
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
//该参数可以多次用于添加时钟服务器,必须以"server "格式使用。一般而言,你想添加多少服务器,就可以添加多少服务器。
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
#server edu.ntp.org.cn iburst
#server pool.ntp.org iburst
server news.neu.edu.cn iburst //时间同步设置(外网)
server 202.120.2.101 iburst //上海交通大学网络中心NTP服务器地址,也可以写成域名:ntp.sjtu.edu.cn
# Record the rate at which the system clock gains/losses time.
//chronyd程序的主要行为之一,就是根据实际时间计算出计算机增减时间的比率,将它记录到一个文件中是最合理的,它会在重启后为系统时钟作出补偿,甚至可能的话,会从时钟服务器获得较好的估值。
driftfile /var/lib/chrony/drift
# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
//通常,chronyd将根据需求通过减慢或加速时钟,使得系统逐步纠正所有时间偏差。在某些特定情况下,系统时钟可能会漂移过快,导致该调整过程消耗很长的时间来纠正系统时钟。该指令强制chronyd在调整期大于某个阀值时步进调整系统时钟,但只有在因为chronyd启动时间超过指定限制(可使用负值来禁用限制),没有更多时钟更新时才生效。
makestep 1.0 3
# Enable kernel synchronization of the real-time clock (RTC).
//rtcsync指令将启用一个内核模式,在该模式中,系统时间每11分钟会拷贝到实时时钟(RTC)
rtcsync
# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *
# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2
# Allow NTP client access from local network.
//这里你可以指定一台主机、子网,或者网络以允许或拒绝NTP连接到扮演时钟服务器的机器。
allow 192.168.0.0/16 //允许同步的网段
# Serve time even if not synchronized to a time source.
local stratum 10 //即使自己未能通过网络时间服务器同步到时间,也允许将本地时间作为标准时间授时给其他客户端
# Specify file containing keys for NTP authentication.
#keyfile /etc/chrony.keys
# Specify directory for log files.
logdir /var/log/chrony
# Select which information is logged.
#log measurements statistics tracking# cat /etc/chrony.conf //配置文件
启动服务
[root@promote ~]# systemctl start chronyd.service //启动服务
[root@promote ~]# systemctl enable chronyd.service //设置开机自启动
Created symlink from /etc/systemd/system/multi-user.target.wants/chronyd.service to /usr/lib/systemd/system/chronyd.service.
[root@promote ~]# systemctl status chronyd.service
● chronyd.service - NTP client/server //查看当前状态
Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2018-01-02 18:57:34 CST; 2h 1min ago
Docs: man:chronyd(8)
man:chrony.conf(5)
Main PID: 1695 (chronyd)
CGroup: /system.slice/chronyd.service
└─1695 /usr/sbin/chronyd
Jan 02 18:57:34 director.contoso.com systemd[1]: Starting NTP client/server...
Jan 02 18:57:34 director.contoso.com chronyd[1695]: chronyd version 3.1 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SECHASH ...+DEBUG)
Jan 02 18:57:34 director.contoso.com systemd[1]: Started NTP client/server.
Jan 02 18:57:38 director.contoso.com chronyd[1695]: Selected source 192.168.10.8
Hint: Some lines were ellipsized, use -l to show in full.
[root@promote ~]# ss -tulp | grep chronyd
udp UNCONN 0 0 *:ntp *:* users:(("chronyd",pid=1695,fd=3))
udp UNCONN 0 0 127.0.0.1:323 *:* users:(("chronyd",pid=1695,fd=1))
udp UNCONN 0 0 ::1:323 :::* users:(("chronyd",pid=1695,fd=2))
验证服务
[root@promote ~]# chronyc sources -v //查看时间同步源:
210 Number of sources = 1
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^? ns.bjnet-pku.edu.cn 0 6 0 - +0ns[ +0ns] +/- 0ns
[root@promote ~]# ping -c 2 s2m.time.edu.cn
PING s2m.time.edu.cn (202.112.7.13) 56(84) bytes of data.
64 bytes from ns.pku.cn (202.112.7.13): icmp_seq=1 ttl=237 time=36.9 ms
64 bytes from ns.pku.cn (202.112.7.13): icmp_seq=2 ttl=237 time=36.9 ms
--- s2m.time.edu.cn ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 36.927/36.928/36.929/0.001 ms
[root@promote ~]# chronyc sourcestats -v // 查看时间同步源状态
Number of sources = 1
.- Number of sample points in measurement set.
/ .- Number of residual runs with same sign.
| / .- Length of measurement set (time).
| | / .- Est. clock freq error (ppm).
| | | / .- Est. error in freq.
| | | | / .- Est. offset.
| | | | | | On the -.
| | | | | | samples. \
| | | | | | |
Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev
==============================================================================
202.120.2.101.dns.sjtu.e> 0 0 0 +0.000 2000.000 +0ns 4000ms
news.neu.edu.cn 0 0 0 +0.000 2000.000 +0ns 4000ms
其它客户端配置
配置文件
[root@CentOS7 ~]# egrep -v "^#|^$" /etc/chrony.conf
server 192.168.0.100 iburst //同步时间服务器
stratumweight 0
driftfile /var/lib/chrony/drift
rtcsync
makestep 10 3
bindcmdaddress 127.0.0.1
bindcmdaddress ::1
keyfile /etc/chrony.keys
commandkey 1
generatecommandkey
noclientlog
logchange 0.5
logdir /var/log/chrony
启动服务
[root@CentOS7 ~]# systemctl start chronyd.service
[root@CentOS7 ~]# systemctl enable chronyd.service
Created symlink from /etc/systemd/system/multi-user.target.wants/chronyd.service to /usr/lib/systemd/system/chronyd.service.
验证服务
Jan 21:39:34 ntpdate[43563]: adjust time server 192.168.0.100 offset -0.000041 sec
[root@CentOS7 ~]# chronyc sourcestats -v
Number of sources = 1
.- Number of sample points in measurement set.
/ .- Number of residual runs with same sign.
| / .- Length of measurement set (time).
| | / .- Est. clock freq error (ppm).
| | | / .- Est. error in freq.
| | | | / .- Est. offset.
| | | | | | On the -.
| | | | | | samples. \
| | | | | | |
Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev
==============================================================================
192.168.0.100 14 8 118m +0.002 0.023 +1305ns 48us
设置任务计划
[root@CentOS7 ~]# crontab -e //编辑crontab文件
[root@CentOS7 ~]# crontab -l //查看任务计划
#synchronization time //每隔五分钟进行同步一次
*/5 * * * * /usr/sbin/ntpdate 192.168.10.8 > /dev/null 2>&1
