chrony时间同步服务
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了chrony时间同步服务相关的知识,希望对你有一定的参考价值。
参考技术A 本想简单的找点chrony的讲解视频看看,但没找到;我想,可能是因为服务这个服务太简单了吧,觉得没什么讲的;所以都忽略了;现在只有自己烧烧脑,手动研究一下下公司里 虚拟机加物理机 2000+ 台 机器,一直使用的是 ntpdate 直接强行同步三台NTP服务器,就这么暴力的用了几年,到现在,也没出啥问题;但是身为一名运维屌丝,预感到了强烈安全隐患。
是时候展现真正的技术了 ~~~
一啪啦的扯淡,进入正题。
我的 rhel8上面没有,我使用过yum安装的
安装完成之后,系统会多出一个 chronyd的服务
查看服务状态: systemctl status chronyd
停止服务: systemctl stop chronyd
重启服务: systemctl restart chronyd
我们可以用 rpm -ql chrony 看一下安装 chrony 后产生的安装文件,帮助了解这个服务的大体结构,与复杂度,不想看也可以不看;
大体上就是这些东西了
下面开始介绍,将chrony配置为 NTP 服务端,用来供NTP 客户端同步使用的,后面再讲客户端
配置前先讲一下 配置文件件:
经过一番烧脑,大致的理解了一下主配置文件里的参数,并做了一下注释,方便以后查阅
配置都很简单
就更改一下域名服务器,与允许同步的网段就可以了,其余的基本都是默认;更改完后重启一下服务
阿里云的时间服务器:
ntp1.aliyun.com
ntp2.aliyun.com
中科院的时间服务器:
ntp.ntsc.ac.cn
显示目前同步的状态:
与外部互联网同步的时间间隔不能设置为小于64秒,否则会因为过于平凡与NTP服务器同步,而视为垃圾数据报被丢弃,这个需要注意一下
就是添加一个ntp服务IP就行了,其余的基本不用动;重启服务器,并加入开机启动
时间同步服务 chrony
关闭selinux
[[email protected] ~]#vim /etc/selinux/config
SELINUX=disabled
关闭防火墙
[[email protected] ~]#systemctl stop firewalld
.=====================================================================.
[[email protected] ~]#rpm -qi chrony //centOS7 上自带chrony
Name : chrony
Version : 3.2
Release : 2.el7
Architecture: x86_64
Install Date: Sun 09 Dec 2018 10:15:41 PM CST
Group : System Environment/Daemons
Size : 487489
License : GPLv2
Signature : RSA/SHA256, Wed 25 Apr 2018 06:55:05 PM CST, Key ID 24c6a8a7f4a80eb5
Source RPM : chrony-3.2-2.el7.src.rpm
Build Date : Fri 13 Apr 2018 01:38:53 AM CST
Build Host : x86-01.bsys.centos.org
Relocations : (not relocatable)
Packager : CentOS BuildSystem <http://bugs.centos.org>
Vendor : CentOS
URL : https://chrony.tuxfamily.org
Summary : An NTP client/server
Description :
A client/server for the Network Time Protocol, this program keeps your
computer‘s clock accurate. It was specially designed to support
systems with intermittent internet connections, but it also works well
in permanently connected environments. It can use also hardware reference
clocks, system real-time clock or manual input as time references.
[[email protected] ~]#rpm -ql chrony
/etc/NetworkManager/dispatcher.d/20-chrony
/etc/chrony.conf //配置文件
/etc/chrony.keys
/etc/dhcp/dhclient.d/chrony.sh
/etc/logrotate.d/chrony
/etc/sysconfig/chronyd
/usr/bin/chronyc br/>/usr/lib/systemd/ntp-units.d/50-chronyd.list
/usr/lib/systemd/system/chrony-dn***[email protected]
/usr/lib/systemd/system/chrony-dn***[email protected]
/usr/lib/systemd/system/chrony-wait.service
/usr/lib/systemd/system/chronyd.service //chrony服务
/usr/libexec/chrony-helper
/usr/sbin/chronyd //chrony 二进制程序服务器端
/usr/share/doc/chrony-3.2
/usr/share/doc/chrony-3.2/COPYING
/usr/share/doc/chrony-3.2/FAQ
/usr/share/doc/chrony-3.2/NEWS
/usr/share/doc/chrony-3.2/README
/usr/share/man/man1/chronyc.1.gz
/usr/share/man/man5/chrony.conf.5.gz
/usr/share/man/man8/chronyd.8.gz
/var/lib/chrony
/var/lib/chrony/drift
/var/lib/chrony/rtc
/var/log/chrony
启动chrony服务
[[email protected] ~]#systemctl start chronyd.service //启动chrony服务
[[email protected] ~]#systemctl enable chronyd.service //设为开机启动
[[email protected] ~]#systemctl status chronyd.service //查看服务状态
配置chrnoy客户端
[[email protected] ~]#vim /etc/chrony.conf
#以阿里云公共NTP服务器为准,来同步客户端时间
server ntp.aliyun.com iburst
#注释下面4行
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
[[email protected] ~]#chronyc sources -v //chronyc为客户端命令, sources -v 显示当前NTP服务器端信息
210 Number of sources = 1
.-- Source mode ‘^‘ = server, ‘=‘ = peer, ‘#‘ = local clock.
/ .- Source state ‘‘ = current synced, ‘+‘ = combined , ‘-‘ = not combined,
| / ‘?‘ = unreachable, ‘x‘ = time may be in error, ‘~‘ = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| | | zzzz = estimated error.
|| | |
MS Name/IP address Stratum Poll Reach LastRx Last sample
.==============================================================================================
^ 203.107.6.88 2 6 17 29 -2123us[-9477us] +/- 23ms
===============================================================================================
以centOS7 为ntp服务器端(192.168.21.104),配置centOS6 为chrony客户端(192.168.21.103), 从centOS7上同步时间:
在centOS6上安装chrony
[[email protected] ~]#yum install chrony -y
关闭ntpd服务,避免干扰!
[[email protected] ~]#service ntpd status
ntpd is stopped
客户端配置
[[email protected] ~]#vim /etc/chrony.conf
server 192.168.21.104 iburst //添加从centOS7上同步时间
#注释下面4行
#server 0.rhel.pool.ntp.org iburst
#server 1.rhel.pool.ntp.org iburst
#server 2.rhel.pool.ntp.org iburst
#server 3.rhel.pool.ntp.org iburst
[[email protected] ~]#service chronyd start //启动chrony服务
[[email protected] ~]#chkconfig chronyd on //添加chrony为开机启动
服务器端配置
[[email protected] ~]#vim /etc/chrony.conf
server ntp.aliyun.com iburst
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
.# Allow NTP client access from local network.
#allow 192.168.0.0/16
allow 192.168.21.0/24 //添加允许哪个网段可以从服务器端同步时间
[[email protected] ~]#systemctl restart chronyd //重启chrony服务
在centOS6上测试
[[email protected] ~]#date -s "-2 year" //先把时间改错
Tue Feb 14 09:49:54 EST 2017
[[email protected] ~]#date
Tue Feb 14 09:49:59 EST 2017
重启服务后,时间已经同步
[[email protected] ~]#service chronyd restart
Stopping chronyd: [ OK ]
Starting chronyd: [ OK ]
[[email protected] ~]#date
Thu Feb 14 09:52:36 EST 2019
把EST改为CST
[[email protected] ~]#ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
[[email protected] ~]#ll /etc/localtime
lrwxrwxrwx 1 root root 33 Feb 14 23:13 /etc/localtime -> /usr/share/zoneinfo/Asia/Shanghai
[[email protected] ~]#date
Thu Feb 14 23:13:28 CST 2019
以上是关于chrony时间同步服务的主要内容,如果未能解决你的问题,请参考以下文章