时钟同步服务端和客户端的设置
1、背景
多台服务器集中化部署完毕后服务器时间的快慢,久而久之肆意变换,有几台服务器就产生几个时间,对业务系统的数据的时效产生了一定的影响。
我们都知道时钟同步可以使用外网服务器,但是在内网内不能连接外网的时候也需要时钟同步,那怎么进行呢?
很多项目中会使用内网时间服务器作为时钟源,然后让其他机器都来同步这台机器即可。
针对linux系统下ntp服务和chrony服务都是作为服务器时钟同步服务,他们之间都可以互相进行同步。但是NTP与chrony不能同时存在,只能用其中一个。
因为在日常工作中主要操作的系统环境为 RHEL7 ,RHEL7中默认使用chrony作为时间服务器,也支持NTP,需要额外安装。所以本文就以chrony为重点进行展开介绍。
2、简介
Chrony是一个开源的自由软件,是网络时间协议 NTP 的客户端和服务器软件。它能让计算机保持系统时钟与时钟服务器(NTP)同步,因此让你的计算机时间保持精确,Chrony 也可以作为服务端软件为其他计算机提供时间同步服务。
Chrony由两个程序组成,分别是chronyd和chronyc。
chronyd是一个后台运行的守护进程,用于调整内核中运行的系统时钟和时钟服务器同步。它确定计算机增减时间的比率,并对此进行补偿。chronyc提供了一个用户界面,用于监控性能并进行多样化的配置。它可以在chronyd实例控制的计算机上工作,也可以在一台不同的远程计算机上工作。
NTP 是网络时间协议(Network Time Protocol)的简称,通过 udp 123 端口进行网络时钟同步。
3、环境
| 项目 | 版本 | 说明 |
|---|---|---|
| CentOS | 7.6.1810 | 操作系统版本 |
4、安装及配置
使用管理员账号操作
yum -y install chrony
systemctl start chronyd
systemctl enable chronyd
查看 chrony.conf 默认配置
cat /etc/chrony.conf
配置文件详解:
# 以server开,理论上想添加多少时间服务器都可以
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
# 根据实际时间计算出服务器增减时间的比率,然后记录到一个文件中,在系统重启后为系统做出最佳时间补偿调整
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# 如果系统时钟的偏移量大于1秒,则允许系统时钟在前三次更新中步进
# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3
# 启用实时时钟(RTC)的内核同步
# Enable kernel synchronization of the real-time clock (RTC).
rtcsync
# 通过使用 hwtimestamp 指令启用硬件时间戳
# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *
# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2
# 指定 NTP 客户端地址,以允许或拒绝连接到扮演时钟服务器的机器
# Allow NTP client access from local network.
#allow 192.168.0.0/16
# Serve time even if not synchronized to a time source.
#local stratum 10
# 指定包含 NTP 身份验证密钥的文件
# Specify file containing keys for NTP authentication.
#keyfile /etc/chrony.keys
# Get TAI-UTC offset and leap seconds from the system tz database.
#leapsectz right/UTC
# 指定日志文件的目录
# Specify directory for log files.
logdir /var/log/chrony
# 选择日志文件要记录的信息
# Select which information is logged.
#log measurements statistics tracking
5、配置使用
案例测试背景:
- 服务端:192.168.100.200
- 客户端:192.168.100.10
首先一般默认都是已安装在Linux系统中的 若没有安装 则执行安装
yum install chrony* -y
这里我们就以服务端和客户端的配置讲解做一个详细的步骤说明,其实很简单,只需要修改配置项即可。
5.1、服务端的配置
- 修改配置文件
vi /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (https://www.pool.ntp.org/join.html).
#pool 2.pool.ntp.org iburst //注释此行
server 192.168.100.200 iburst //添加此行 server+服务端ip+iburst
# Use NTP servers from DHCP.
sourcedir /run/chrony-dhcp
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3
# Enable kernel synchronization of the real-time clock (RTC).
rtcsync
# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *
# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2
# Allow NTP client access from local network.
allow 192.168.100.0/24 //要设置允许的网络段
# Serve time even if not synchronized to a time source.
local stratum 10 //取消注释此行
# Require authentication (nts or key option) for all NTP sources.
#authselectmode require
# Specify file containing keys for NTP authentication.
keyfile /etc/chrony.keys
# Save NTS keys and cookies.
ntsdumpdir /var/lib/chrony
# Insert/delete leap seconds by slewing instead of stepping.
#leapsecmode slew
# Get TAI-UTC offset and leap seconds from the system tz database.
leapsectz right/UTC
# Specify directory for log files.
logdir /var/log/chrony
# Select which information is logged.
#log measurements statistics tracking
- 设置开机自启
systemctl enable chronyd
- 重启 chronyd 服务
systemctl restart chronyd
- 查看时间同步状态
timedatectl status
- 开启网络时间同步
timedatectl set-ntp true
- 如果有防火墙,则需要开放端口 udp 123
# 开启防火墙
firewall-cmd --zone=public --add-port=123/udp --permanent
#或者
firewall-cmd --zone=public --add-service=ntp --permanent
firewall-cmd --reload
5.2、客户端的配置
- 同样编辑文件
vim /etc/chrony.conf
- 修改如下配置项
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (https://www.pool.ntp.org/join.html).
#pool 2.pool.ntp.org iburst //注释此行
server 192.168.100.200 iburst //添加此行 server+服务端ip+iburst
# Use NTP servers from DHCP.
sourcedir /run/chrony-dhcp
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3
# Enable kernel synchronization of the real-time clock (RTC).
rtcsync
# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *
# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2
# Allow NTP client access from local network.
#allow 192.168.0.0/16
# Serve time even if not synchronized to a time source.
#local stratum 10
# Require authentication (nts or key option) for all NTP sources.
#authselectmode require
# Specify file containing keys for NTP authentication.
keyfile /etc/chrony.keys
# Save NTS keys and cookies.
ntsdumpdir /var/lib/chrony
# Insert/delete leap seconds by slewing instead of stepping.
#leapsecmode slew
# Get TAI-UTC offset and leap seconds from the system tz database.
leapsectz right/UTC
# Specify directory for log files.
logdir /var/log/chrony
# Select which information is logged.
#log measurements statistics tracking
- 设置开机自启
systemctl enable chronyd
- 重启 chronyd 服务
systemctl restart chronyd
- 查看时间同步状态
timedatectl status
如果 NTP enabled 这里是 no,则需要开启 NTP
timedatectl set-ntp true
5.3、客户端查看同步源信息
chronyc sources #客户机查看同步源
可以看到如下输出
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 10.0.244.1 8 7 377 49 -17us[ -11us] +/- 12ms
到此,说明时钟服务器设置已经同步成功了,如果同步失败检查是否关闭了selinux和firewalld。
6、chrony 命令
- 查看 ntp_servers
chronyc sources -v
输出如下:
210 Number of sources = 1
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 10.0.244.1 8 7 377 71 -29us[ -25us] +/- 12ms
- 查看 ntp_servers 状态
chronyc sourcestats -v
输出如下:
210 Number of sources = 1
.- Number of sample points in measurement set.
/ .- Number of residual runs with same sign.
| / .- Length of measurement set (time).
| | / .- Est. clock freq error (ppm).
| | | / .- Est. error in freq.
| | | | / .- Est. offset.
| | | | | | On the -.
| | | | | | samples. \
| | | | | | |
Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev
==============================================================================
10.0.244.1 12 7 23m +0.004 0.087 +94ns 26us
- 查看 ntp_servers 是否在线
chronyc activity -v
输出如下:
200 OK
1 sources online
0 sources offline
0 sources doing burst (return to online)
0 sources doing burst (return to offline)
4 sources with unknown address
- 查看 ntp 详细信息
chronyc tracking -v
输出信息如下:
Reference ID : 0A00F401 (10.0.244.1)
Stratum : 9
Ref time (UTC) : Wed Mar 22 12:36:46 2023
System time : 0.000011087 seconds fast of NTP time
Last offset : +0.000013647 seconds
RMS offset : 0.000166242 seconds
Frequency : 25.694 ppm fast
Residual freq : +0.003 ppm
Skew : 0.090 ppm
Root delay : 0.002177232 seconds
Root dispersion : 0.011265529 seconds
Update interval : 129.3 seconds
Leap status : Normal