Chrony 简介

Chrony 是一个开源的自由软件,它能帮助你保持系统时钟与时钟服务器(NTP)同步,让你的时间保持精确。它由两个程序组成,分别是chronyd和chronyc。chronyd 是一个后台运行的守护进程,用于调整内核中运行的系统时钟和时钟服务器同步,它确定计算机增减时间的比率,并对此进行补偿。chronyc 提供一个用户界面,用于监控性能并进行多样化的配置,可以在 chronyd 实例控制的计算机上工作,也可以在一台不同的远程计算机上工作。本教程是在 Debian 10搭建,如有错误,请联系我更正。

安装 Chrony

Debian/Ubuntu 系统

root@LimeLinux:~# apt install chrony -y Reading package lists... Done Building dependency tree Reading state information... Done Suggested packages: dnsutils networkd-dispatcher The following NEW packages will be installed: chrony 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 234 kB of archives. After this operation, 510 kB of additional disk space will be used. Get:1 http://mirrors.aliyun.com/debian buster/main amd64 chrony amd64 3.4-4 deb10u1 [234 kB] Fetched 234 kB in 0s (1,255 kB/s) Selecting previously unselected package chrony. (Reading database ... 27613 files and directories currently installed.) Preparing to unpack .../chrony_3.4-4 deb10u1_amd64.deb ... Unpacking chrony (3.4-4 deb10u1) ... Setting up chrony (3.4-4 deb10u1) ... Creating '_chrony' system user/group for the chronyd daemon… Creating config file /etc/chrony/chrony.conf with new version Creating config file /etc/chrony/chrony.keys with new version Created symlink /etc/systemd/system/chronyd.service → /lib/systemd/system/chrony.service. Created symlink /etc/systemd/system/multi-user.target.wants/chrony.service → /lib/systemd/system/chrony.service. Processing triggers for man-db (2.8.5-2) ... Processing triggers for systemd (241-7~deb10u5) ... root@LimeLinux:~#

Chrony 配置文件

chrony 的配置文件是“ /etc/chrony.conf ”

开启chrony服务是什么命令 时钟同步Chrony教程(1)

各项参数含义:

1.server - 指:pool 2.debian.pool.ntp.org iburst, 该参数可以多次用于添加时钟服务器,一般来说,你想添加多少服务器,就可以添加多少服务器。2.driftfile - chronyd程序的主要行为之一,就是根据实际时间计算出计算机增减时间的比率,将它记录到一个文件中最合理的,会在重启后为系统时钟作出补偿,甚至可能的话,会从时钟服务器获得较好的估值。3.RTCsync - rtcsync指令将启用一个内核模式,在该模式中,系统时间每11分钟会拷贝到实时时钟(RTC)。4.allow / deny - 可以指定一台主机、子网,或者网络以允许或拒绝NTP连接到时钟服务器的机器。简而言之,就是设置那些IP地址可以使用NTP服务。

allow192.168.4.5/32 #允许某个IP deny192.168.1.0/24#拒绝一个网段 allow 0.0.0.0./0 #允许所有IP来同步时间

5.makestep - 通常,chronyd将根据需求通过减慢或加速时钟,使得系统逐步纠正所有时间偏差。在某些特定情况下,系统时钟可能会漂移过快,导致该调整过程消耗很长的时间来纠正系统时钟。该指令强制chronyd在调整期大于某个阀值时步进调整系统时钟,但只有在因为chronyd - 启动时间超过指定限制(可使用负值来禁用限制),没有更多时钟更新时才生效。

提示:整个配置文件,只需要添加 allow 0.0.0.0/0 即可,不需要作其它修改。

如下简单配置文件:

root@LimeLinux:~#nano/etc/chrony/chrony.conf #pool 2.debian.pool.ntp.org iburst # add servers in your timezone to sync times server ntp.aliyun.com iburst server ntp1.aliyun.com iburst # add to the end : add the network range you allow to receive requests allow192.168.10.0/24 root@LimeLinux:~#

chrony 相关命令

测试时间

像NTP发行版中的ntpdate命令一样,我们可以使用chronyd手动将Linux服务器的时间与远程NTP服务器同步

语法:# chronyd -q ‘server {ntp_server_name} iburst’

root@LimeLinux:/etc/chrony# chronyd -q 'server 2.debian.pool.ntp.org iburst' 2020-12-27T03:40:09Z chronyd version 3.4 starting ( CMDMON NTP REFCLOCK RTC PRIVDROP SCFILTER SIGND ASYNCDNS SECHASH IPV6 -DEBUG) 2020-12-27T03:40:09Z Initial frequency -25.488 ppm 2020-12-27T03:40:14Z System clock wrong by 0.001955 seconds (step) 2020-12-27T03:40:14Z chronyd exiting root@LimeLinux:/etc/chrony#

启动 chronyd 守护程序,并开机自启

root@LimeLinux:~# systemctl start chrony # root@LimeLinux:~# systemctl enable chrony

查看chrony状态

root@LimeLinux:~# systemctl status chrony ● chrony.service - chrony, an NTP client/server Loaded: loaded (/lib/systemd/system/chrony.service; enabled; vendor preset: enabled) Active: active (running) since Sun 2020-12-27 11:16:22 CST; 27min ago Docs: man:chronyd(8) man:chronyc(1) man:chrony.conf(5) Main PID: 1163 (chronyd) Tasks: 2 (limit: 2327) Memory: 1.2M CGroup: /system.slice/chrony.service ├─1163 /usr/sbin/chronyd -F -1 └─1164 /usr/sbin/chronyd -F -1 Dec 27 11:16:22 LimeLinux systemd[1]: Starting chrony, an NTP client/server... Dec 27 11:16:22 LimeLinux chronyd[1163]: chronyd version 3.4 starting ( CMDMON NTP REFCLOCK RTC PRIVDROP SCFILTER SIGND ASYNCDNS SECHASH IPV6 -DEBUG) Dec 27 11:16:22 LimeLinux chronyd[1163]: Initial frequency -81.770 ppm Dec 27 11:16:22 LimeLinux chronyd[1163]: Loaded seccomp filter Dec 27 11:16:22 LimeLinux systemd[1]: Started chrony, an NTP client/server. Dec 27 11:16:28 LimeLinux chronyd[1163]: Selected source 193.182.111.12 Dec 27 11:17:34 LimeLinux chronyd[1163]: Selected source 78.46.102.180 Dec 27 11:28:22 LimeLinux chronyd[1163]: Selected source 94.130.49.186 root@LimeLinux:~#

验证和跟踪时间同步

要验证系统时间是否已使用chrony同步,使用以下命令

root@LimeLinux:~# chronyc tracking Reference ID : 5E8231BA (94.130.49.186) Stratum : 4 Ref time (UTC) : Sun Dec 27 03:44:34 2020 System time : 0.000223043 seconds slow of NTP time Last offset : 0.000090305 seconds RMS offset : 0.002856454 seconds Frequency : 23.360 ppm slow Residual freq : 0.038 ppm Skew : 2.059 ppm Root delay : 0.208674118 seconds Root dispersion : 0.002633217 seconds Update interval : 65.1 seconds Leap status : Normal root@LimeLinux:~#

检查时间来源

要列出有关chronyd使用的当前时间源的信息,命令如下:

root@LimeLinux:~# chronyc sources 210 Number of sources = 4 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^ 193.182.111.12 2 8 377 30 54ms[ 54ms] /- 179ms ^ 78.46.102.180 3 8 377 294 -15ms[ -15ms] /- 128ms ^ 108.59.2.24 2 7 377 31 1782us[ 1782us] /- 260ms ^* 94.130.49.186 3 7 377 227 -16ms[ -16ms] /- 106ms root@LimeLinux:~#

要列出有关源的更多详细信息:

root@LimeLinux:~# chronyc sources -v 210 Number of sources = 4 .-- Source mode '^' = server, '=' = peer, '#' = local clock. / .- Source state '*' = current synced, ' ' = combined , '-' = not combined, | / '?' = unreachable, 'x' = time may be in error, '~' = time too variable. || .- xxxx [ yyyy ] /- zzzz || Reachability register (octal) -. | xxxx = adjusted offset, || Log2(Polling interval) --. | | yyyy = measured offset, || \ | | zzzz = estimated error. || | | \ MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^ 193.182.111.12 2 8 377 153 53ms[ 54ms] /- 179ms ^ 78.46.102.180 3 8 377 31 -15ms[ -14ms] /- 134ms ^ 108.59.2.24 2 7 377 24 566us[ 566us] /- 261ms ^* 94.130.49.186 3 7 377 27 -19ms[ -18ms] /- 110ms root@LimeLinux:~# 查看时间来源统计

查看时间来源统计

要列出有关chronyd使用的每个源的漂移速度和偏移估计的信息,命令如下:

root@LimeLinux:~# chronyc sourcestats -v 210 Number of sources = 4 .- Number of sample points in measurement set. / .- Number of residual runs with same sign. | / .- Length of measurement set (time). | | / .- Est. clock freq error (ppm). | | | / .- Est. error in freq. | | | | / .- Est. offset. | | | | | | On the -. | | | | | | samples. \ | | | | | | | Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev ============================================================================== 193.182.111.12 23 12 32m -1.740 6.255 48ms 4329us 78.46.102.180 23 10 34m -0.728 2.353 -20ms 1435us 108.59.2.24 18 13 23m 0.278 2.966 2534us 1259us 94.130.49.186 13 6 1164 0.863 4.477 -16ms 1017us root@LimeLinux:~#

设置防火墙

允许ntp服务 123/udp 通过

root@LimeLinux:~# ufw allow 123/udp

Linux改变生活,技术更好的工作!

,