Linux(Centos7.4和RHEL7.4)环境下基于chrony的NTP服务器的构建
Linux(Centos7.4和RHEL7.4)环境下基于chrony的NTP服务器的构建
版权声明:本文为耕耘实录原创文章,各大自媒体平台同步更新。欢迎转载,转载请注明出处,谢谢
一、操作环境
操作系统:CentOS Linux release 7.4.1708 (Core) 最小化安装版 chrony版本:chrony-3.1-2.x86_64
二、配置过程
由于在CentOS7.4系统中以默认安装chrony,因此无需再执行安装过程。其他未安装chrony的操作系统要执行安装chrony也是极其简单的,以CentOS7以下没有自带chrony的操作系统版本为例,执行yum -y install chrony一键即可完成chrony的安装。 1、检查服务状态。
[root@Geeklp-Chrony ~]# systemctl status chronyd
● chronyd.service - NTP client/server
Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
Active: active (running) since 五 2018-01-12 10:20:17 CST; 1h 26min ago从以上信息中我们可以看到,chrony服务已经启动,默认开机启动,厂商预置状态为开机启动。 2、配置防火墙
[root@Geeklp-Chrony ~]# firewall-cmd --permanent --add-service=ntp
success
[root@Geeklp-Chrony ~]# firewall-cmd --reload
success3、测试。 本次测试使用的客户端IP为:10.1.1.23,客户端同样安装的是chrony软件。 (1)将客户端chronyd的配置文件中以下几行注释了,并在后面新增一行:
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server 10.1.1.21 iburst(2)将客户时间修改为错误时间。 [root@JDK-Tomcat ~]# date -s 18:23:12 (3)重启客户端chrony。
[root@JDK-Tomcat ~]# systemctl restart chronyd(4)查看客户端时间同步情况。
[root@JDK-Tomcat ~]# date
2018年 01月 12日 星期五 19:39:37 CST结果与服务器时间一致,配置成功。测试完毕。 4、chrony也支持ntpdate,我们现在来卸载客户端上的chrony,然后使用ntpdate尝试同步。
[root@JDK-Tomcat ~]# yum -y remove chronyd
[root@JDK-Tomcat ~]# yum -y install ntpdate
[root@JDK-Tomcat ~]# ntpdate 10.1.1.21
12 Jan 19:41:49 ntpdate[3407]: step time server 10.1.1.21 offset 4702.851108 sec以上效果也是很明显的。我们也可以使用定时任务来同步时间,关于定时任务设置,此处不再赘述。
三、高级设置
chrony是ntp协议的另外一种实现,关于chrony与ntp的对比我们可以参考文末参考资料。一般情况下,建议使用chrony代替ntp。 1、关于chronyc。chronyc支持命令行模式与交互式模式。我们来看一下帮助文档。
System clock:
tracking Display system time information
makestep Correct clock by stepping immediately
makestep <threshold> <updates>
Configure automatic clock stepping
maxupdateskew <skew> Modify maximum valid skew to update frequency
waitsync [<max-tries> [<max-correction> [<max-skew> [<interval>]]]]
Wait until synchronised in specified limits
Time sources:
sources [-v] Display information about current sources
sourcestats [-v] Display statistics about collected measurements
reselect Force reselecting synchronisation source
reselectdist <dist> Modify reselection distance
NTP sources:
activity Check how many NTP sources are online/offline
ntpdata [<address>] Display information about last valid measurement
add server <address> [options]
Add new NTP server
add peer <address> [options]
Add new NTP peer
delete <address> Remove server or peer
burst <n-good>/<n-max> [<mask>/<address>]
Start rapid set of measurements
maxdelay <address> <delay> Modify maximum valid sample delay
maxdelayratio <address> <ratio>
Modify maximum valid delay/minimum ratio
maxdelaydevratio <address> <ratio>
Modify maximum valid delay/deviation ratio
minpoll <address> <poll> Modify minimum polling interval
maxpoll <address> <poll> Modify maximum polling interval
minstratum <address> <stratum>
Modify minimum stratum
offline [<mask>/<address>] Set sources in subnet to offline status
online [<mask>/<address>] Set sources in subnet to online status
polltarget <address> <target>
Modify poll target
refresh Refresh IP addresses
Manual time input:
manual off|on|reset Disable/enable/reset settime command
manual list Show previous settime entries
manual delete <index> Delete previous settime entry
settime <time> Set daemon time
(e.g. Sep 25, 2015 16:30:05 or 16:30:05)
NTP access:
accheck <address> Check whether address is allowed
clients Report on clients that have accessed the server
serverstats Display statistics of the server
allow [<subnet>] Allow access to subnet as a default
allow all [<subnet>] Allow access to subnet and all children
deny [<subnet>] Deny access to subnet as a default
deny all [<subnet>] Deny access to subnet and all children
local [options] Serve time even when not synchronised
local off Don't serve time when not synchronised
smoothtime reset|activate Reset/activate time smoothing
smoothing Display current time smoothing state
Monitoring access:
cmdaccheck <address> Check whether address is allowed
cmdallow [<subnet>] Allow access to subnet as a default
cmdallow all [<subnet>] Allow access to subnet and all children
cmddeny [<subnet>] Deny access to subnet as a default
cmddeny all [<subnet>] Deny access to subnet and all children
Real-time clock:
rtcdata Print current RTC performance parameters
trimrtc Correct RTC relative to system clock
writertc Save RTC performance parameters to file
Other daemon commands:
cyclelogs Close and re-open log files
dump Dump all measurements to save files
rekey Re-read keys from key file
Client commands:
dns -n|+n Disable/enable resolving IP addresses to hostnames
dns -4|-6|-46 Resolve hostnames only to IPv4/IPv6/both addresses
timeout <milliseconds> Set initial response timeout
retries <retries> Set maximum number of retries
keygen [<id> [<type> [<bits>]]]
Generate key for key file
exit|quit Leave the program
help Generate this help以上命令在交互模式中支持自动补全哦,十分方便。让我们来实践一下吧。 (1)查看时间同步源。在命令行中输入chronyc进入交互模式。
怎么样?是不是比ntpq中显示的要直观得多。图中展示了一些命令补全的效果。 (2)查看时间同步状态。
2、关于chrony。
[root@Geeklp-Chrony ~]# man chrony.conf(3)关于chronyd。
[root@Geeklp-Chrony ~]# man chronyd(4)最重要的chronyc。
[root@Geeklp-Chrony ~]# man chronyc参考资料:
https://chrony.tuxfamily.org/doc/3.1/chrony.conf.html https://chrony.tuxfamily.org/doc/3.2/chronyd.html https://chrony.tuxfamily.org/doc/3.2/chronyc.html https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/sect-using_chrony