chrony时间同步软件介绍

chrony是网络时间协议NTP的通用实现，它可以将系统时钟和`NTP服务器同步。它支持在各种条件下包括间歇性的网络连接、严重阻塞的网络、不断变化的温度以及支持不连续的运行并且可以运行于虚机上。

本文介绍chrony工具的安装和使用，包括两个节点：一个作为时间服务器，另一个作为客户端。

执行如下命令来安装chrony：

[root@kvm ~]# yum install chrony
[root@kvm ~]# rpm -ql chrony
/etc/NetworkManager/dispatcher.d/20-chrony-dhcp
/etc/NetworkManager/dispatcher.d/20-chrony-onoffline
/etc/chrony.conf
/etc/chrony.keys
/etc/dhcp/dhclient.d/chrony.sh
/etc/logrotate.d/chrony
/etc/sysconfig/chronyd
/usr/bin/chronyc
/usr/lib/.build-id
/usr/lib/.build-id/38
/usr/lib/.build-id/38/1d3a324ce66865ba879dfa43d49e0e0c1e2c41
/usr/lib/.build-id/43
/usr/lib/.build-id/43/444c816fcf0802c43011f282afaf9feded4c56
/usr/lib/systemd/ntp-units.d/50-chronyd.list
/usr/lib/systemd/system/chrony-dnssrv@.service
/usr/lib/systemd/system/chrony-dnssrv@.timer
/usr/lib/systemd/system/chrony-wait.service
/usr/lib/systemd/system/chronyd.service
/usr/libexec/chrony-helper
/usr/sbin/chronyd
/usr/share/doc/chrony
/usr/share/doc/chrony/FAQ
/usr/share/doc/chrony/NEWS
/usr/share/doc/chrony/README
/usr/share/doc/chrony/ntp2chrony.py
/usr/share/licenses/chrony
/usr/share/licenses/chrony/COPYING
/usr/share/man/man1/chronyc.1.gz
/usr/share/man/man5/chrony.conf.5.gz
/usr/share/man/man8/chronyd.8.gz
/var/lib/chrony
/var/lib/chrony/drift
/var/lib/chrony/rtc
/var/log/chrony

如下所示为配置文件：

[root@kvm ~]# cat /etc/chrony.conf
pool 2.centos.pool.ntp.org iburst
​
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
​
# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3
​
# Enable kernel synchronization of the real-time clock (RTC).
rtcsync
​
# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *
​
# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2
​
# Allow NTP client access from local network.
allow 0/0
​
# Serve time even if not synchronized to a time source.
local stratum 10
​
# Specify file containing keys for NTP authentication.
keyfile /etc/chrony.keys
​
# Get TAI-UTC offset and leap seconds from the system tz database.
leapsectz right/UTC
​
# Specify directory for log files.
logdir /var/log/chrony
​
# Select which information is logged.
#log measurements statistics tracking

其中：

• pool：为外部时钟源地址

• rtcsync：开启硬件时钟的同步机制，linux内核每11分钟同步一次系统时钟到硬件时钟

• local stratum 10：当外部时钟源不可用的时候，以本机时钟为准继续提供服务

• allow 0/0：允许的客户端的cidr

启动服务后查看状态：

[root@kvm ~]# systemctl start chronyd
[root@kvm ~]#
[root@kvm ~]#
[root@kvm ~]# systemctl status chronyd
● chronyd.service - NTP client/server
   Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2023-09-08 19:02:50 CST; 2min 43s left
     Docs: man:chronyd(8)
           man:chrony.conf(5)
  Process: 11542 ExecStopPost=/usr/libexec/chrony-helper remove-daemon-state (code=exited, status=0/SUCCESS)
  Process: 11552 ExecStartPost=/usr/libexec/chrony-helper update-daemon (code=exited, status=0/SUCCESS)
  Process: 11547 ExecStart=/usr/sbin/chronyd $OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 11550 (chronyd)
    Tasks: 1 (limit: 52427)
   Memory: 924.0K
   CGroup: /system.slice/chronyd.service
           └─11550 /usr/sbin/chronyd
​
Sep 08 19:02:50 kvm chronyd[11550]: chronyd version 4.2 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +NTS +SECHASH +IPV6 +DEBUG)
Sep 08 19:02:50 kvm chronyd[11550]: Frequency 1.633 +/- 0.046 ppm read from /var/lib/chrony/drift
Sep 08 19:02:50 kvm chronyd[11550]: Using right/UTC timezone to obtain leap second data
Sep 08 19:02:50 kvm systemd[1]: Started NTP client/server.
Sep 08 19:02:55 kvm chronyd[11550]: Selected source 36.110.233.85 (2.centos.pool.ntp.org)
Sep 08 19:02:55 kvm chronyd[11550]: System clock wrong by -791.549636 seconds
Sep 08 18:49:44 kvm chronyd[11550]: System clock was stepped by -791.549636 seconds
Sep 08 18:49:44 kvm chronyd[11550]: System clock TAI offset set to 37 seconds
Sep 08 18:50:49 kvm chronyd[11550]: Selected source 119.28.206.193 (2.centos.pool.ntp.org)
Sep 08 18:54:07 kvm chronyd[11550]: Source 81.16.177.123 replaced with 78.46.102.180 (2.centos.pool.ntp.org)
[root@kvm ~]#
[root@kvm ~]# netstat -tunlp |grep chrony
udp        0      0 0.0.0.0:123             0.0.0.0:*                           11550/chronyd
udp        0      0 127.0.0.1:323           0.0.0.0:*                           11550/chronyd
udp6       0      0 ::1:323                 :::*                                11550/chronyd
[root@kvm ~]#
[root@kvm ~]# chronyc sources -v
​
  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current best, '+' = combined, '-' = not combined,
| /             'x' = may be in error, '~' = too variable, '?' = unusable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^- 79.133.44.136                 1   6   377    56    -10ms[  -10ms] +/-  138ms
^- electrode.felixc.at           2   6    33    55    +17ms[  +17ms] +/-  119ms
^* 119.28.206.193                2   6   377    60  +1706us[+2327us] +/-   40ms
^+ 36.110.233.85                 2   6   377    58  -1324us[-1324us] +/-   68ms

chrony守护进程监听在udp协议的123和323端口。

客户端节点上安装好chrony后，修改配置文件如下所示：

[root@node1 ~]# cat /etc/chrony.conf
server 172.24.21.221 iburst
​
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
​
# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 3600 3
​
# Enable kernel synchronization of the real-time clock (RTC).
rtcsync
​
# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *
​
# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2
​
# Allow NTP client access from local network.
#allow 192.168.0.0/16
​
# Serve time even if not synchronized to a time source.
#local stratum 10
​
# Specify file containing keys for NTP authentication.
#keyfile /etc/chrony.keys
​
# Specify directory for log files.
logdir /var/log/chrony
​
# Select which information is logged.
#log measurements statistics tracking

查看状态：

[root@node1 ~]# chronyc sources -v
210 Number of sources = 1
​
  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| /   '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^* 172.24.21.221                 3   6   377    37  -7753ns[ +140us] +/-   29ms

chrony默认是采用连续同步的方式来同步时钟的，并非采用跳变的方式。