Chrony 是一个开源的自由软件,它能帮助你保持系统时钟与时钟服务器(NTP)同步,让你的时间保持精确。它由两个程序组成,分别是chronyd和chronyc。chronyd 是一个后台运行的守护进程,用于调整内核中运行的系统时钟和时钟服务器同步,它确定计算机增减时间的比率,并对此进行补偿。chronyc 提供一个用户界面,用于监控性能并进行多样化的配置,可以在 chronyd 实例控制的计算机上工作,也可以在一台不同的远程计算机上工作。本教程是在 Debian 10搭建,如有错误,请联系我更正。
安装 ChronyDebian/Ubuntu 系统
root@LimeLinux:~# apt install chrony -y
Reading package lists... Done
Building dependency tree
Reading state information... Done
Suggested packages:
dnsutils networkd-dispatcher
The following NEW packages will be installed:
chrony
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 234 kB of archives.
After this operation, 510 kB of additional disk space will be used.
Get:1 http://mirrors.aliyun.com/debian buster/main amd64 chrony amd64 3.4-4 deb10u1 [234 kB]
Fetched 234 kB in 0s (1,255 kB/s)
Selecting previously unselected package chrony.
(Reading database ... 27613 files and directories currently installed.)
Preparing to unpack .../chrony_3.4-4 deb10u1_amd64.deb ...
Unpacking chrony (3.4-4 deb10u1) ...
Setting up chrony (3.4-4 deb10u1) ...
Creating '_chrony' system user/group for the chronyd daemon…
Creating config file /etc/chrony/chrony.conf with new version
Creating config file /etc/chrony/chrony.keys with new version
Created symlink /etc/systemd/system/chronyd.service → /lib/systemd/system/chrony.service.
Created symlink /etc/systemd/system/multi-user.target.wants/chrony.service → /lib/systemd/system/chrony.service.
Processing triggers for man-db (2.8.5-2) ...
Processing triggers for systemd (241-7~deb10u5) ...
root@LimeLinux:~#
chrony 的配置文件是“ /etc/chrony.conf ”
各项参数含义:
1.server - 指:pool 2.debian.pool.ntp.org iburst, 该参数可以多次用于添加时钟服务器,一般来说,你想添加多少服务器,就可以添加多少服务器。2.driftfile - chronyd程序的主要行为之一,就是根据实际时间计算出计算机增减时间的比率,将它记录到一个文件中最合理的,会在重启后为系统时钟作出补偿,甚至可能的话,会从时钟服务器获得较好的估值。3.RTCsync - rtcsync指令将启用一个内核模式,在该模式中,系统时间每11分钟会拷贝到实时时钟(RTC)。4.allow / deny - 可以指定一台主机、子网,或者网络以允许或拒绝NTP连接到时钟服务器的机器。简而言之,就是设置那些IP地址可以使用NTP服务。
allow192.168.4.5/32 #允许某个IP
deny192.168.1.0/24#拒绝一个网段
allow 0.0.0.0./0 #允许所有IP来同步时间
提示:整个配置文件,只需要添加 allow 0.0.0.0/0 即可,不需要作其它修改。
如下简单配置文件:
root@LimeLinux:~#nano/etc/chrony/chrony.conf
#pool 2.debian.pool.ntp.org iburst
# add servers in your timezone to sync times
server ntp.aliyun.com iburst
server ntp1.aliyun.com iburst
# add to the end : add the network range you allow to receive requests
allow192.168.10.0/24
root@LimeLinux:~#
测试时间
像NTP发行版中的ntpdate命令一样,我们可以使用chronyd手动将Linux服务器的时间与远程NTP服务器同步
语法:# chronyd -q ‘server {ntp_server_name} iburst’
root@LimeLinux:/etc/chrony# chronyd -q 'server 2.debian.pool.ntp.org iburst'
2020-12-27T03:40:09Z chronyd version 3.4 starting ( CMDMON NTP REFCLOCK RTC PRIVDROP SCFILTER SIGND ASYNCDNS SECHASH IPV6 -DEBUG)
2020-12-27T03:40:09Z Initial frequency -25.488 ppm
2020-12-27T03:40:14Z System clock wrong by 0.001955 seconds (step)
2020-12-27T03:40:14Z chronyd exiting
root@LimeLinux:/etc/chrony#
启动 chronyd 守护程序,并开机自启
root@LimeLinux:~# systemctl start chrony #
root@LimeLinux:~# systemctl enable chrony
查看chrony状态
root@LimeLinux:~# systemctl status chrony
● chrony.service - chrony, an NTP client/server
Loaded: loaded (/lib/systemd/system/chrony.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2020-12-27 11:16:22 CST; 27min ago
Docs: man:chronyd(8)
man:chronyc(1)
man:chrony.conf(5)
Main PID: 1163 (chronyd)
Tasks: 2 (limit: 2327)
Memory: 1.2M
CGroup: /system.slice/chrony.service
├─1163 /usr/sbin/chronyd -F -1
└─1164 /usr/sbin/chronyd -F -1
Dec 27 11:16:22 LimeLinux systemd[1]: Starting chrony, an NTP client/server...
Dec 27 11:16:22 LimeLinux chronyd[1163]: chronyd version 3.4 starting ( CMDMON NTP REFCLOCK RTC PRIVDROP SCFILTER SIGND ASYNCDNS SECHASH IPV6 -DEBUG)
Dec 27 11:16:22 LimeLinux chronyd[1163]: Initial frequency -81.770 ppm
Dec 27 11:16:22 LimeLinux chronyd[1163]: Loaded seccomp filter
Dec 27 11:16:22 LimeLinux systemd[1]: Started chrony, an NTP client/server.
Dec 27 11:16:28 LimeLinux chronyd[1163]: Selected source 193.182.111.12
Dec 27 11:17:34 LimeLinux chronyd[1163]: Selected source 78.46.102.180
Dec 27 11:28:22 LimeLinux chronyd[1163]: Selected source 94.130.49.186
root@LimeLinux:~#
验证和跟踪时间同步
要验证系统时间是否已使用chrony同步,使用以下命令
root@LimeLinux:~# chronyc tracking
Reference ID : 5E8231BA (94.130.49.186)
Stratum : 4
Ref time (UTC) : Sun Dec 27 03:44:34 2020
System time : 0.000223043 seconds slow of NTP time
Last offset : 0.000090305 seconds
RMS offset : 0.002856454 seconds
Frequency : 23.360 ppm slow
Residual freq : 0.038 ppm
Skew : 2.059 ppm
Root delay : 0.208674118 seconds
Root dispersion : 0.002633217 seconds
Update interval : 65.1 seconds
Leap status : Normal
root@LimeLinux:~#
- Reference ID 是系统时间当前同步到的服务器的ID和名称。
- Stratum 表示带有附加参考时钟的离开服务器的跳数。
检查时间来源
要列出有关chronyd使用的当前时间源的信息,命令如下:
root@LimeLinux:~# chronyc sources
210 Number of sources = 4
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^ 193.182.111.12 2 8 377 30 54ms[ 54ms] /- 179ms
^ 78.46.102.180 3 8 377 294 -15ms[ -15ms] /- 128ms
^ 108.59.2.24 2 7 377 31 1782us[ 1782us] /- 260ms
^* 94.130.49.186 3 7 377 227 -16ms[ -16ms] /- 106ms
root@LimeLinux:~#
要列出有关源的更多详细信息:
root@LimeLinux:~# chronyc sources -v
210 Number of sources = 4
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, ' ' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] /- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^ 193.182.111.12 2 8 377 153 53ms[ 54ms] /- 179ms
^ 78.46.102.180 3 8 377 31 -15ms[ -14ms] /- 134ms
^ 108.59.2.24 2 7 377 24 566us[ 566us] /- 261ms
^* 94.130.49.186 3 7 377 27 -19ms[ -18ms] /- 110ms
root@LimeLinux:~#
查看时间来源统计
查看时间来源统计
要列出有关chronyd使用的每个源的漂移速度和偏移估计的信息,命令如下:
root@LimeLinux:~# chronyc sourcestats -v
210 Number of sources = 4
.- Number of sample points in measurement set.
/ .- Number of residual runs with same sign.
| / .- Length of measurement set (time).
| | / .- Est. clock freq error (ppm).
| | | / .- Est. error in freq.
| | | | / .- Est. offset.
| | | | | | On the -.
| | | | | | samples. \
| | | | | | |
Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev
==============================================================================
193.182.111.12 23 12 32m -1.740 6.255 48ms 4329us
78.46.102.180 23 10 34m -0.728 2.353 -20ms 1435us
108.59.2.24 18 13 23m 0.278 2.966 2534us 1259us
94.130.49.186 13 6 1164 0.863 4.477 -16ms 1017us
root@LimeLinux:~#
设置防火墙
允许ntp服务 123/udp 通过
root@LimeLinux:~# ufw allow 123/udp
Linux改变生活,技术更好的工作!
,