Linux 部署时间同步服务Chrony(Centos7)

一、概述

常见的时间同步工具有:chrony、ntp、openntpd;RHEL7版本以后默认支持chrony;

三种工具的详细区别参考https://chrony.tuxfamily.org/comparison.html

chrony包含两个程序:chronyd和chronyc,其中chronyd是守护进程,用于调整内核运行时间和时钟服务器同步;用于监视 chronyd 的性能并在运行时更改各种操作参数;

二、安装Chrony服务

[root@kmi-dawufiep ~]# yum install chrony -y[root@kmi-dawufiep ~]# systemctl enable chronyd.service[root@kmi-dawufiep ~]# systemctl restart chronyd.service[root@kmi-dawufiep ~]# systemctl status chronyd.service

在防火墙开启的情况下,需要开发ntp服务通过(ntp使用UDP端口123)

[root@kmi-dawufiep ~]# firewall-cmd --add-service=ntp --permanent[root@kmi-dawufiep ~]# firewall-cmd --reload

三、配置Chrony服务

chrony配置文件:/etc/chrony.conf

#时间同步公共服务器地址。以server开头,理论上可以添加多个时间服务器地址# These servers were defined in the installation:serverntp.ntsc.ac.cniburstservercn.ntp.org.cniburstservertime.pool.aliyun.comiburstservertime1.aliyun.com iburstservertime2.aliyun.com iburstservertime1.cloud.tencent.com iburstservertime2.cloud.tencent.com iburst# Use public servers from the pool.ntp.org project.# Please consider joining the pool (http://www.pool.ntp.org/join.html).# 根据实际时间计算出服务器增减时间的比率,然后记录到一个文件中,在系统重启后为系统做出最佳时间补偿调整。# Record the rate at which the system clock gains/losses time.driftfile /var/lib/chrony/drift# chronyd根据需求减慢或加速时间调整,# 在某些情况下系统时钟可能漂移过快,导致时间调整用时过长。# 该指令强制chronyd调整时期,大于某个阀值时步进调整系统时钟。# 只有在因chronyd启动时间超过指定的限制时(可使用负值来禁用限制)没有更多时钟更新时才生效。# Allow the system clock to be stepped in the first three updates# if its offset is larger than 1 second.makestep 1.0 3# 将启用一个内核模式,在该模式中,系统时间每11分钟会拷贝到实时时钟(RTC)。# Enable kernel synchronization of the real-time clock (RTC).rtcsync# 通过使用hwtimestamp指令启用硬件时间戳# Enable hardware timestamping on all interfaces that support it.#hwtimestamp *# Increase the minimum number of selectable sources required to adjust# the system clock.#minsources 2# 指定一台主机、子网,或者网络以允许或拒绝NTP连接到扮演时钟服务器的机器# Allow NTP client access from local network.#allow 192.168.0.0/16# Serve time even if not synchronized to a time source.#local stratum 10# 指定包含NTP验证密钥的文件。# Specify file containing keys for NTP authentication.#keyfile /etc/chrony.keys# 指定日志文件的目录。# Specify directory for log files.logdir /var/log/chrony# Select which information is logged.#log measurements statistics tracking

调整公共服务器地址模块,中国国内时间同步服务器地址可参考:https://dns.icoa.cn/ntp/

四、配置时区

1.查看时间日期、时区、NTP状态

[root@kmi-dawufiep ~]# timedatectlLocal time: 四 2021-05-06 16:16:09 CSTUniversal time: 四 2021-05-06 08:16:09 UTCRTC time: 四 2021-05-06 08:16:09Time zone: Asia/Shanghai (CST, +0800)NTP enabled: yesNTP synchronized: yesRTC in local TZ: noDST active: n/a

2.查看时区列表

[root@kmi-dawufiep ~]# timedatectl list-timezones |grep-E "Asia/S.*"Asia/SakhalinAsia/SamarkandAsia/SeoulAsia/ShanghaiAsia/SingaporeAsia/Srednekolymsk

3.修改时区为亚洲/上海时区

[root@kmi-dawufiep ~]# timedatectl set-timezone Asia/Shanghai

4.设置硬件时间(默认为UTC:0/1)

[root@kmi-dawufiep ~]# timedatectl set-local-rtc 0

5.启用NTP时间同步

[root@kmi-dawufiep ~]# timedatectl set-ntp true

6.校准时间服务器

[root@kmi-dawufiep ~]# chronyc trackingReference ID: 8BC7D7FB (139.199.215.251)Stratum: 3Ref time (UTC): Thu May 06 08:25:54 2021System time: 0.000144202 seconds fast of NTP timeLast offset: +0.000068143 secondsRMS offset: 0.001500069 secondsFrequency: 5.699 ppm slowResidual freq: +0.007 ppmSkew: 1.656 ppmRoot delay: 0.015710194 secondsRoot dispersion : 0.006367063 secondsUpdate interval : 5.0 secondsLeap status: Normal

7.查看时间同步状态

[root@kmi-dawufiep ~]# timedatectl statusLocal time: 四 2021-05-06 16:28:41 CSTUniversal time: 四 2021-05-06 08:28:41 UTCRTC time: 四 2021-05-06 08:28:40Time zone: Asia/Shanghai (CST, +0800)NTP enabled: yesNTP synchronized: yesRTC in local TZ: noDST active: n/a

8.常用命令

[root@kmi-dawufiep ~]# firewall-cmd --add-service=ntp --permanent[root@kmi-dawufiep ~]# firewall-cmd --reload0

调整配置/etc/chrony.conf,需要重启服务生效