使用ntp协议同步时间，chronyc sources -v 同步时间

原创

清欢难寻 2019-01-29 19:02:52 ©著作权

文章标签 IT 职场 90后 文章分类 运维

©著作权归作者所有：来自51CTO博客作者清欢难寻的原创作品，请联系作者获取转载授权，否则将追究法律责任

我们找一台服务器让它的时间和互联网同步，其他的主机和该服务器同步，带宽可以充分利用，效率也更高。因为ntp服务器既是客户端又是服务器，默认情况下，ntp是没有启用的，我们先要搞清楚是要当客户端or服务器，例如，目前我们的时间是错误的，要和远程的服务器同步我们拿172.20.0.1来做远程主机，它是服务器，

1、[root@Centos6 ~]# yum install ntp

Loaded plugins: fastestmirror, refresh-packagekit, security Setting up Install Process Loading mirror speeds from cached hostfile Resolving Dependencies --> Running transaction check ---> Package ntp.x86_64 0:4.2.6p5-12.el6.centos.2 will be updated ---> Package ntp.x86_64 0:4.2.6p5-15.el6.centos will be an update --> Processing Dependency: ntpdate = 4.2.6p5-15.el6.centos for package: ntp-4.2.6p5-15.el6.centos.x86_64 --> Running transaction check ---> Package ntpdate.x86_64 0:4.2.6p5-12.el6.centos.2 will be updated ---> Package ntpdate.x86_64 0:4.2.6p5-15.el6.centos will be an update --> Finished Dependency Resolution

Dependencies Resolved

===================================================================== Package Arch Version Repository Size

Updating: ntp x86_64 4.2.6p5-15.el6.centos updates 600 k Updating for dependencies: ntpdate x86_64 4.2.6p5-15.el6.centos updates 79 k

Transaction Summary

Upgrade 2 Package(s)

Total download size: 679 k Is this ok [y/N]: y Downloading Packages: (1/2): ntp-4.2.6p5-15.el6.centos.x86_64.rpm | 600 kB 00:00
(2/2): ntpdate-4.2.6p5-15.el6.centos.x86_64.r | 79 kB 00:00

Total 2.3 MB/s | 679 kB 00:00
Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Updating : ntpdate-4.2.6p5-15.el6.centos.x86_64 1/4 Updating : ntp-4.2.6p5-15.el6.centos.x86_64 2/4 Cleanup : ntp-4.2.6p5-12.el6.centos.2.x86_64 3/4 Cleanup : ntpdate-4.2.6p5-12.el6.centos.2.x86_64 4/4 Verifying : ntpdate-4.2.6p5-15.el6.centos.x86_64 1/4 Verifying : ntp-4.2.6p5-15.el6.centos.x86_64 2/4 Verifying : ntpdate-4.2.6p5-12.el6.centos.2.x86_64 3/4 Verifying : ntp-4.2.6p5-12.el6.centos.2.x86_64 4/4

Updated: ntp.x86_64 0:4.2.6p5-15.el6.centos

Dependency Updated: ntpdate.x86_64 0:4.2.6p5-15.el6.centos

Complete!

2、[root@centos7 ~]# rpm -ql ntp

/etc/dhcp/dhclient.d /etc/dhcp/dhclient.d/ntp.sh /etc/ntp.conf /etc/ntp/crypto /etc/ntp/crypto/pw /etc/sysconfig/ntpd /usr/bin/ntpstat /usr/lib/systemd/ntp-units.d/60-ntpd.list /usr/lib/systemd/system/ntpd.service /usr/sbin/ntp-keygen /usr/sbin/ntpd /usr/sbin/ntpdc /usr/sbin/ntpq /usr/sbin/ntptime /usr/sbin/tickadj /usr/share/doc/ntp-4.2.6p5 /usr/share/doc/ntp-4.2.6p5/COPYRIGHT /usr/share/doc/ntp-4.2.6p5/ChangeLog /usr/share/doc/ntp-4.2.6p5/NEWS /usr/share/man/man5/ntp.conf.5.gz /usr/share/man/man5/ntp_acc.5.gz /usr/share/man/man5/ntp_auth.5.gz /usr/share/man/man5/ntp_clock.5.gz /usr/share/man/man5/ntp_decode.5.gz /usr/share/man/man5/ntp_misc.5.gz /usr/share/man/man5/ntp_mon.5.gz /usr/share/man/man8/ntp-keygen.8.gz /usr/share/man/man8/ntpd.8.gz /usr/share/man/man8/ntpdc.8.gz /usr/share/man/man8/ntpq.8.gz /usr/share/man/man8/ntpstat.8.gz /usr/share/man/man8/ntptime.8.gz /usr/share/man/man8/tickadj.8.gz /var/lib/ntp /var/lib/ntp/drift /var/log/ntpstats

3、[root@Centos6 ~]# vim /etc/ntp.conf

# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile /var/lib/ntp/drift
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict -6 ::1
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 172.20.0.1 iburst:
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
"/etc/ntp.conf" 54L, 1804C

我们添加上server 172.20.0.1 iburst(该词为加速同步的关键词)

4、启动脚本

[root@Centos6 ~]# service ntpd status ntpd is stopped [root@Centos6 ~]# service ntpd start Starting ntpd: [ OK ] [root@Centos6 ~]# date Mon Jan 29 17:24:06 CST 2018 此时一旦启动脚本，瞬间同步时间

5、我们故意把时间弄错，再启动脚本

[root@Centos6 ~]# date -s "-1 year" Mon Jan 29 17:23:25 CST 2018 [root@Centos6 ~]# date Mon Jan 29 17:23:28 CST 2018 [root@Centos6 ~]# service ntpd restart Shutting down ntpd: [ OK ] Starting ntpd: [ OK ] [root@Centos6 ~]# date Mon Jan 29 17:24:06 CST 2018 它是逐步同步的过程，所以不会马上同步，然而，我们用如下命令它与主机时间同步：

[root@Centos6 ~]# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 172.20.0.1      5.103.139.163    2 u   37   64    1    1.979  -15.289   0.000
+ntp7.flashdance 194.58.202.20    2 u   33   64    1  490.878  -13.246  19.820
*85.199.214.101  .GPS.            1 u   30   64    1  309.518   39.975   1.333
 ntp.wdc1.us.lea .STEP.          16 u    -   64    0    0.000    0.000   0.000
 jp.linode.oxoox .STEP.          16 u    -   64    0    0.000    0.000   0.000

而我们应该用ntpdate命令实现与主机立即同步

[root@Centos6 ~]# ntpdate 172.20.0.1 29 Jan 17:25:33 ntpdate[29759]: the NTP socket is in use, exiting 它会报错，因为开启了service ntpd restart ntp服务，应该先暂停服务，再立即同步，最后再开启服务。

[root@Centos6 ~]# service ntpd stop
Shutting down ntpd:                                        [  OK  ]
[root@Centos6 ~]# ntpdate 172.20.0.1
29 Jan 17:26:00 ntpdate[29779]: adjust time server 172.20.0.1 offset -0.015599 sec
[root@Centos6 ~]# service ntpd start
Starting ntpd:                                             [  OK  ]
[root@Centos6 ~]# date
Tue Jan 29 17:26:28 CST 2019

先确保时间一致，再走ntp协议！

ntp协议走的是udp协议的123端口，将来配置防火墙时，要把123端口打开.

使用chrony实现时间同步首先，chrony也可以既当客户端又可作服务器

1、先配置chrony客户端

[root@centos7 ~]# vim /etc/chrony.conf

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
sercer 172.20.0.1
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst                                 

# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3
# Enable kernel synchronization of the real-time clock (RTC).
rtcsync
# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *
# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2
# Allow NTP client access from local network.

我们只需添加sercer 172.20.0.1把其他的server都注释掉即可完成配置。

2、打开chrony状态，此时为关闭如下：

[root@centos7 ~]# systemctl status chronyd.service ● chronyd.service - NTP client/server Loaded: loaded (/usr/lib/systemd/system/chronyd.service; disabled; vendor preset: enabled) Active: inactive (dead) Docs: man:chronyd(8) man:chrony.conf(5)

打开chronyc 专门的客户端工具

[root@centos7 ~]# chronyc chrony version 3.2 Copyright (C) 1997-2003, 2007, 2009-2017 Richard P. Curnow and others chrony comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the GNU General Public License version 2 for details.

chronyc> help System clock:
tracking Display system time information makestep Correct clock by stepping immediately makestep <threshold> <updates> Configure automatic clock stepping maxupdateskew <skew> Modify maximum valid skew to update frequency waitsync [<max-tries> [<max-correction> [<max-skew> [<interval>]]]] Wait until synchronised in specified limits Time sources:
sources [-v] Display information about current sources sourcestats [-v] Display statistics about collected measurements reselect Force reselecting synchronisation source reselectdist <dist> Modify reselection distance 使用chronyc sources -v root@Centos6 ~]# chronyc sources -v chronyc> sources -v 210 Number of sources = 1

.-- Source mode '^' = server, '=' = peer, '#' = local clock. / .- Source state '*' = current synced, '+' = combined , '-' = not combined, | / '?' = unreachable, 'x' = time may be in error, '~' = time too variable. || .- xxxx [ yyyy ] +/- zzzz || Reachability register (octal) -. | xxxx = adjusted offset, || Log2(Polling interval) --. | | yyyy = measured offset, || \ | | zzzz = estimated error. || | |
MS Name/IP address Stratum Poll Reach LastRx Last sample

^* gateway 2 6 177 23 +160us[ +271us] +/- 252ms chronyc>

#####  vim /etc/chrony.conf 
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.s

server ntp.aliyun.com iburst
server ntp1.aliyun.com iburst
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst

# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift

# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3

我们添加了server ntp.aliyun.com iburst server ntp1.aliyun.com iburst 两项，与互联网同步的操作把时间搞错，把服务重新启动： [root@centos7 ~]# date -s "2 year" Fri Jan 29 18:55:06 CST 2021 [root@centos7 ~]# systemctl restart chronyd [root@centos7 ~]# date Tue Jan 29 18:56:49 CST 2021 [root@centos7 ~]# chronyc sources -v 210 Number of sources = 2

.-- Source mode '^' = server, '=' = peer, '#' = local clock. / .- Source state '*' = current synced, '+' = combined , '-' = not combined, | / '?' = unreachable, 'x' = time may be in error, '~' = time too variable. || .- xxxx [ yyyy ] +/- zzzz || Reachability register (octal) -. | xxxx = adjusted offset, || Log2(Polling interval) --. | | yyyy = measured offset, || \ | | zzzz = estimated error. || | |
MS Name/IP address Stratum Poll Reach LastRx Last sample

^* 203.107.6.88 2 6 77 1 -1324us[-3791us] +/- 19ms ^+ 120.25.115.20 2 6 77 0 +1182us[+1182us] +/- 22ms [root@centos7 ~]# date Tue Jan 29 18:58:51 CST 2019 此时时间同步完成，相差两年也会马上同步，速度可见一斑。