chronyd使用

chronyd管理

如下操作展示了如何安装、启动、停止和检查chronyd的状态。

1. 安装chronyd软件包

dnf install -y chrony

chrony守护进程的默认位置是/usr/sbin/chronyd。命令行的工具将被安装到/usr/bin/chronyc。

2. 查看当前chronyd的状态

[root@server ~]# systemctl status chronyd
● chronyd.service - NTP client/server
   Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2023-06-14 14:03:11 CST; 4min 15s ago
     Docs: man:chronyd(8)
           man:chrony.conf(5)
  Process: 700 ExecStart=/usr/sbin/chronyd $OPTIONS (code=exited, status=0/SUCCESS)
  Process: 715 ExecStartPost=/usr/libexec/chrony-helper update-daemon (code=exited, status=0/SUCCESS)
 Main PID: 706 (chronyd)
    Tasks: 1
   Memory: 1.2M
   CGroup: /system.slice/chronyd.service
           └─706 /usr/sbin/chronyd

Jun 14 14:03:11 localhost.localdomain chronyd[706]: chronyd version 3.5 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGN>
Jun 14 14:03:11 localhost.localdomain chronyd[706]: Frequency -5.946 +/- 0.150 ppm read from /var/lib/chrony/drift
Jun 14 14:03:11 localhost.localdomain systemd[1]: Started NTP client/server.
Jun 14 14:03:24 bogon chronyd[706]: Selected source 84.16.73.33
Jun 14 14:03:24 bogon chronyd[706]: System clock wrong by 5.921216 seconds, adjustment started
Jun 14 14:03:30 bogon chronyd[706]: System clock was stepped by 5.921216 seconds
Jun 14 14:03:34 bogon chronyd[706]: Can't synchronise: no selectable sources
Jun 14 14:03:34 bogon chronyd[706]: Selected source 84.16.73.33
Jun 14 14:04:31 bogon chronyd[706]: Can't synchronise: no selectable sources
Jun 14 14:05:44 server chronyd[706]: Selected source 84.16.73.33

3. 启动 chronyd 服务，通过 root 用户执行如下命令:

systemctl start chronyd

通过root用户执行如下命令设置服务开机自启:

systemctl enable chronyd

4. 通过`root`用户执行如下命令停止`chronyd`服务: `systemctl stop chronyd` 如果想要禁止此服务开机自启则使用命令: `systemctl disable chronyd` 

检查chrony是否已经同步

要检查chrony是否已经完成同步，使用tracking 、 sources 、sourcestats子命令进行查询。

检查 chrony跟踪情况

[root@server ~]# chronyc tradking
Unrecognized command
[root@server ~]# chronyc tracking
Reference ID    : 6FE6BDAE (111.230.189.174)
Stratum         : 3
Ref time (UTC)  : Wed Jun 14 06:18:30 2023
System time     : 0.000284686 seconds fast of NTP time
Last offset     : +0.000278373 seconds
RMS offset      : 0.011469826 seconds
Frequency       : 7.196 ppm slow
Residual freq   : -0.228 ppm
Skew            : 5.393 ppm
Root delay      : 0.045849703 seconds
Root dispersion : 0.005494612 seconds
Update interval : 64.4 seconds
Leap status     : Normal

查看当前时间源列表

[root@server ~]# chronyc sources
210 Number of sources = 4
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^* 111.230.189.174               2   8   377    64   -812us[ -434us] +/-   63ms
^- ntp6.flashdance.cx            2   7   277   124  +1301us[+1661us] +/-   90ms
^- time.cloudflare.com           3   7   376   386   -421us[ +478us] +/-   89ms
^- tick.ntp.infomaniak.ch        1   8    10   832  +8284us[+9211us] +/-  142ms

查看当前时间源的同步情况

[root@server ~]# chronyc sourcestats
210 Number of sources = 4
Name/IP Address            NP  NR  Span  Frequency  Freq Skew  Offset  Std Dev
==============================================================================
111.230.189.174            26  18   38m     -0.002      1.765    -71ns  1449us
ntp6.flashdance.cx         23  13   35m     -0.426      4.814  -3270us  3127us
time.cloudflare.com        23  15   35m     -0.346      4.524   +394us  2593us
tick.ntp.infomaniak.ch     11   4   36m    -12.853     27.718    -26ms    16ms

手动调整系统时钟

[root@server ~]# chronyc makestep
200 OK

为孤立网络环境设置chrony

设置一台服务器作为服务器

修改/etc/chrony.conf配置文件如下:

[root@server ~]# cat /etc/chrony.conf
# 上级时间同步地址
server ntp1.aliyun.com iburst
driftfile /var/lib/chrony/drift
keyfile /etc/chrony.keys
local stratum 8
manual
# 此网段为允许时间从此处同步时间的客户端的网段
allow 192.168.56.0/24

如果服务器上打开了防火墙需要为123端口放行:

[root@server ~]# firewall-cmd --add-port 123/udp --permanent
success
[root@server ~]# firewall-cmd --reload
success

客户端配置

修改chrony配置文件如下

[root@client etc]# cat /etc/chrony.conf
# 下面行的第二个server是时间源服务器的dns名称，可以是hosts中定义的主机名称，也可以是一个ip地址
server server
driftfile /var/lib/chrony/drift
logdir /var/log/chrony
log measurements statistics tracking
keyfile /etc/chrony.keys
local stratum 8

问题处理

1. 客户端无法从服务端同步时间

# 检查服务端防火墙 123 端口是否打开

# 客户端使用命令查看是否可以连接到时间源
[root@client ~]# chronyc sources
210 Number of sources = 1
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^* server                        8   7   377   102    +16us[  +21us] +/-  299us
[root@client ~]# chronyc sourcestats
210 Number of sources = 1
Name/IP Address            NP  NR  Span  Frequency  Freq Skew  Offset  Std Dev
==============================================================================
server                     19  13   948     +0.001      0.143   +149ns    47us

# 服务端查看当前的client
[root@server ~]# chronyc clients
Hostname                      NTP   Drop Int IntL Last     Cmd   Drop Int  Last
===============================================================================
client                         21      0   7   -    97       0      0   -     -

# 在服务端查看是否允许某个机器的同步
[root@server ~]# chronyc accheck client
208 Access allowed
[root@server ~]# chronyc accheck 192.168.56.106
208 Access allowed