首页青柠Linux时钟chrono教程 (时钟同步linux)

时钟chrono教程 (时钟同步linux)

🏷️ 青柠Linux ✍️ LimeLinux.青柠Linux 专注分享Linux技术,分享福利,让我们一起交流进步,彼此都少走些弯路,诗和远方,你好。 📅 2020-12-28 00:10:00

Chrony 简介

Chrony 是一个开源的自由软件,它能帮助你保持系统时钟与时钟服务器(NTP)同步,让你的时间保持精确。它由两个程序组成,分别是chronyd和chronyc。chronyd 是一个后台运行的守护进程,用于调整内核中运行的系统时钟和时钟服务器同步,它确定计算机增减时间的比率,并对此进行补偿。chronyc 提供一个用户界面,用于监控性能并进行多样化的配置,可以在 chronyd 实例控制的计算机上工作,也可以在一台不同的远程计算机上工作。本教程是在 Debian 10搭建,如有错误,请联系我更正。

安装 Chrony

Debian/Ubuntu 系统

root@LimeLinux:~# apt  install chrony -y
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Suggested packages:
  dnsutils networkd-dispatcher
The following NEW packages will be installed:
  chrony
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 234 kB of archives.
After this operation, 510 kB of additional disk space will be used.
Get:1 http://mirrors.aliyun.com/debian buster/main amd64 chrony amd64 3.4-4+deb10u1 [234 kB]
Fetched 234 kB in 0s (1,255 kB/s)
Selecting previously unselected package chrony.
(Reading database ... 27613 files and directories currently installed.)
Preparing to unpack .../chrony_3.4-4+deb10u1_amd64.deb ...
Unpacking chrony (3.4-4+deb10u1) ...
Setting up chrony (3.4-4+deb10u1) ...
Creating '_chrony' system user/group for the chronyd daemon…


Creating config file /etc/chrony/chrony.conf with new version


Creating config file /etc/chrony/chrony.keys with new version
Created symlink /etc/systemd/system/chronyd.service → /lib/systemd/system/chrony.service.
Created symlink /etc/systemd/system/multi-user.target.wants/chrony.service → /lib/systemd/system/chrony.service.
Processing triggers for man-db (2.8.5-2) ...
Processing triggers for systemd (241-7~deb10u5) ...
root@LimeLinux:~#

Chrony 配置文件

chrony 的配置文件是“ /etc/chrony.conf ”

时钟同步方法,时钟同步和异步

各项参数含义:

1.server - 指:pool 2.debian.pool.ntp.org iburst, 该参数可以多次用于添加时钟服务器,一般来说,你想添加多少服务器,就可以添加多少服务器。

2.driftfile - chronyd程序的主要行为之一,就是根据实际时间计算出计算机增减时间的比率,将它记录到一个文件中最合理的,会在重启后为系统时钟作出补偿,甚至可能的话,会从时钟服务器获得较好的估值。

3.rtcsync - rtcsync指令将启用一个内核模式,在该模式中,系统时间每11分钟会拷贝到实时时钟(RTC)。

4.allow / deny - 可以指定一台主机、子网,或者网络以允许或拒绝NTP连接到时钟服务器的机器。简而言之,就是设置那些IP地址可以使用NTP服务。 

allow192.168.4.5/32 #允许某个IP
deny192.168.1.0/24#拒绝一个网段
allow 0.0.0.0./0 #允许所有IP来同步时间

5.makestep - 通常,chronyd将根据需求通过减慢或加速时钟,使得系统逐步纠正所有时间偏差。在某些特定情况下,系统时钟可能会漂移过快,导致该调整过程消耗很长的时间来纠正系统时钟。该指令强制chronyd在调整期大于某个阀值时步进调整系统时钟,但只有在因为chronyd - 启动时间超过指定限制(可使用负值来禁用限制),没有更多时钟更新时才生效。

提示:整个配置文件,只需要添加 allow 0.0.0.0/0 即可,不需要作其它修改。

如下简单配置文件:

root@LimeLinux:~#nano/etc/chrony/chrony.conf
#pool 2.debian.pool.ntp.org iburst
# add servers in your timezone to sync times
server ntp.aliyun.com iburst
server ntp1.aliyun.com iburst
# add to the end : add the network range you allow to receive requests
allow192.168.10.0/24
root@LimeLinux:~#

chrony 相关命令

测试时间

像NTP发行版中的ntpdate命令一样,我们可以使用chronyd手动将Linux服务器的时间与远程NTP服务器同步

语法:# chronyd -q ‘server {ntp_server_name} iburst’

root@LimeLinux:/etc/chrony# chronyd -q 'server 2.debian.pool.ntp.org iburst'
2020-12-27T03:40:09Z chronyd version 3.4 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +SECHASH +IPV6 -DEBUG)
2020-12-27T03:40:09Z Initial frequency -25.488 ppm
2020-12-27T03:40:14Z System clock wrong by 0.001955 seconds (step)
2020-12-27T03:40:14Z chronyd exiting
root@LimeLinux:/etc/chrony#

启动 chronyd 守护程序,并开机自启

root@LimeLinux:~# systemctl start chrony #
root@LimeLinux:~# systemctl enable chrony

查看chrony状态

root@LimeLinux:~# systemctl status chrony
● chrony.service - chrony, an NTP client/server
   Loaded: loaded (/lib/systemd/system/chrony.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2020-12-27 11:16:22 CST; 27min ago
     Docs: man:chronyd(8)
           man:chronyc(1)
           man:chrony.conf(5)
 Main PID: 1163 (chronyd)
    Tasks: 2 (limit: 2327)
   Memory: 1.2M
   CGroup: /system.slice/chrony.service
           ├─1163 /usr/sbin/chronyd -F -1
           └─1164 /usr/sbin/chronyd -F -1


Dec 27 11:16:22 LimeLinux systemd[1]: Starting chrony, an NTP client/server...
Dec 27 11:16:22 LimeLinux chronyd[1163]: chronyd version 3.4 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +SECHASH +IPV6 -DEBUG)
Dec 27 11:16:22 LimeLinux chronyd[1163]: Initial frequency -81.770 ppm
Dec 27 11:16:22 LimeLinux chronyd[1163]: Loaded seccomp filter
Dec 27 11:16:22 LimeLinux systemd[1]: Started chrony, an NTP client/server.
Dec 27 11:16:28 LimeLinux chronyd[1163]: Selected source 193.182.111.12
Dec 27 11:17:34 LimeLinux chronyd[1163]: Selected source 78.46.102.180
Dec 27 11:28:22 LimeLinux chronyd[1163]: Selected source 94.130.49.186
root@LimeLinux:~#

验证和跟踪时间同步

要验证系统时间是否已使用chrony同步,使用以下命令

root@LimeLinux:~# chronyc tracking 
Reference ID    : 5E8231BA (94.130.49.186)
Stratum         : 4
Ref time (UTC)  : Sun Dec 27 03:44:34 2020
System time     : 0.000223043 seconds slow of NTP time
Last offset     : +0.000090305 seconds
RMS offset      : 0.002856454 seconds
Frequency       : 23.360 ppm slow
Residual freq   : +0.038 ppm
Skew            : 2.059 ppm
Root delay      : 0.208674118 seconds
Root dispersion : 0.002633217 seconds
Update interval : 65.1 seconds
Leap status     : Normal
root@LimeLinux:~#
  • Reference ID 是系统时间当前同步到的服务器的ID和名称。
  • Stratum 表示带有附加参考时钟的离开服务器的跳数。

检查时间来源

要列出有关chronyd使用的当前时间源的信息,命令如下:

root@LimeLinux:~# chronyc sources
210 Number of sources = 4
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^+ 193.182.111.12                2   8   377    30    +54ms[  +54ms] +/-  179ms
^+ 78.46.102.180                 3   8   377   294    -15ms[  -15ms] +/-  128ms
^+ 108.59.2.24                   2   7   377    31  +1782us[+1782us] +/-  260ms
^* 94.130.49.186                 3   7   377   227    -16ms[  -16ms] +/-  106ms
root@LimeLinux:~#

要列出有关源的更多详细信息

root@LimeLinux:~# chronyc sources -v
210 Number of sources = 4


  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| /   '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^+ 193.182.111.12                2   8   377   153    +53ms[  +54ms] +/-  179ms
^+ 78.46.102.180                 3   8   377    31    -15ms[  -14ms] +/-  134ms
^+ 108.59.2.24                   2   7   377    24   +566us[ +566us] +/-  261ms
^* 94.130.49.186                 3   7   377    27    -19ms[  -18ms] +/-  110ms
root@LimeLinux:~#
  查看时间来源统计

查看时间来源统计

要列出有关chronyd使用的每个源的漂移速度和偏移估计的信息,命令如下:

root@LimeLinux:~# chronyc sourcestats -v
210 Number of sources = 4
                             .- Number of sample points in measurement set.
                            /    .- Number of residual runs with same sign.
                           |    /    .- Length of measurement set (time).
                           |   |    /      .- Est. clock freq error (ppm).
                           |   |   |      /           .- Est. error in freq.
                           |   |   |     |           /         .- Est. offset.
                           |   |   |     |          |          |   On the -.
                           |   |   |     |          |          |   samples. \
                           |   |   |     |          |          |             |
Name/IP Address            NP  NR  Span  Frequency  Freq Skew  Offset  Std Dev
==============================================================================
193.182.111.12             23  12   32m     -1.740      6.255    +48ms  4329us
78.46.102.180              23  10   34m     -0.728      2.353    -20ms  1435us
108.59.2.24                18  13   23m     +0.278      2.966  +2534us  1259us
94.130.49.186              13   6  1164     +0.863      4.477    -16ms  1017us
root@LimeLinux:~#

设置防火墙

允许ntp服务 123/udp 通过

root@LimeLinux:~# ufw allow 123/udp

Linux改变生活,技术更好的工作!