Ubuntu 配置chrony做NTP时钟同步 |
您所在的位置:网站首页 › chronyc source › Ubuntu 配置chrony做NTP时钟同步 |
|
简单了解下ntp。需要完成: ubuntu 18系统上配置一个ntp server ubuntu 16系统上配置一个客户端 验证下确实同步了一、ubuntu系统上配置一个ntp server 参考https://www.cnblogs.com/pipci/p/12833228.html ntpdate 和 ntpd都已经太旧了,ubuntu 18上面的时钟同步是systemd-timesyncd 服务(只有客户端)。所以我们需要安装一个新的utpserver端。 要成为NTP服务器,可以安装chrony、ntpd,或者open-ntp。推荐chrony。 https://blog.csdn.net/weixin_67155214/article/details/123785360 安装 apt install chrony配置 vim /etc/chrony/chrony.conf # Welcome to the chrony configuration file. See chrony.conf(5) for more # information about usuable directives. # This will use (up to): # - 4 sources from ntp.ubuntu.com which some are ipv6 enabled # - 2 sources from 2.ubuntu.pool.ntp.org which is ipv6 enabled as well # - 1 source from [01].ubuntu.pool.ntp.org each (ipv4 only atm) # This means by default, up to 6 dual-stack and up to 2 additional IPv4-only # sources will be used. # At the same time it retains some protection against one of the entries being # down (compare to just using one of the lines). See (LP: #1754358) for the # discussion. # # About using servers from the NTP Pool Project in general see (LP: #104525). # Approved by Ubuntu Technical Board on 2011-02-08. # See http://www.pool.ntp.org/join.html for more information. # 因为想修改本地时间,不去和其他服务器同步,将下面这四个pool注释掉 #pool ntp.ubuntu.com iburst maxsources 4 #pool 0.ubuntu.pool.ntp.org iburst maxsources 1 #pool 1.ubuntu.pool.ntp.org iburst maxsources 1 #pool 2.ubuntu.pool.ntp.org iburst maxsources 2 # 添加自己作为服务器 server 192.168.1.1 iburst # 为了方便客户端连接权限设置为允许所有 allow all # 当无法和其他同步时,使用本地的时间去给客户端同步 local stratum 10 # This directive specify the location of the file containing ID/key pairs for # NTP authentication. keyfile /etc/chrony/chrony.keys # This directive specify the file into which chronyd will store the rate # information. driftfile /var/lib/chrony/chrony.drift # Uncomment the following line to turn logging on. #log tracking measurements statistics # Log files location. logdir /var/log/chrony # Stop bad estimates upsetting machine clock. maxupdateskew 100.0 # This directive enables kernel synchronisation (every 11 minutes) of the # real-time clock. Note that it can’t be used along with the 'rtcfile' directive. rtcsync # Step the system clock instead of slewing it if the adjustment is larger than # one second, but only in the first three clock updates. makestep 1 3服务重启(这个去搜下,也可以用systemctl restart chronyd.service) service chrony restart然后我想修改时间,用来确定是和这个服务器同步了。(这个服务器不联网,只用一个网线和客户端机器连接) 先看下时间 timedatectl status再关掉同步,不然无法修改 timedatectl set-ntp no timedatectl set-time HH:MM:SS # 是否再开启?存疑 timedatectl set-ntp yes再次查看时间。 root@fh:~# date 2023年 04月 10日 星期一 15:44:51 CST root@fh:~# chronyc tracking Reference ID : C0A80101 (fh) Stratum : 11 Ref time (UTC) : Mon Apr 10 07:17:27 2023 System time : 0.000000024 seconds fast of NTP time Last offset : +0.000005521 seconds RMS offset : 0.000005521 seconds Frequency : 0.298 ppm fast Residual freq : +0.031 ppm Skew : 2.872 ppm Root delay : 0.000015881 seconds Root dispersion : 0.006503564 seconds Update interval : 0.0 seconds Leap status : Normal二、ubuntu系统上配置一个ntp client 找了一个ubuntu16的虚拟机作为客户端。 一样的安装。 apt install chrony配置 vim /etc/chrony/chrony.conf # This the default chrony.conf file for the Debian chrony package. After # editing this file use the command 'invoke-rc.d chrony restart' to make # your changes take effect. John Hasler 1998-2008 # See www.pool.ntp.org for an explanation of these servers. Please # consider joining the project if possible. If you can't or don't want to # use these servers I suggest that you try your ISP's nameservers. We mark # the servers 'offline' so that chronyd won't try to connect when the link # is down. Scripts in /etc/ppp/ip-up.d and /etc/ppp/ip-down.d use chronyc # commands to switch it on when a dialup link comes up and off when it goes # down. Code in /etc/init.d/chrony attempts to determine whether or not # the link is up at boot time and set the online status accordingly. If # you have an always-on connection such as cable omit the 'offline' # directive and chronyd will default to online. # # Note that if Chrony tries to go "online" and dns lookup of the servers # fails they will be discarded. Thus under some circumstances it is # better to use IP numbers than host names. # 注释掉这个pool。我们只用上面的server #pool 2.debian.pool.ntp.org offline iburst # Look here for the admin password needed for chronyc. The initial # password is generated by a random process at install time. You may # change it if you wish. keyfile /etc/chrony/chrony.keys # This directive sets the key ID used for authenticating user commands via the # 'chronyc' program at run time. commandkey 1 # I moved the driftfile to /var/lib/chrony to comply with the Debian # filesystem standard. driftfile /var/lib/chrony/chrony.drift # Comment this line out to turn off logging. log tracking measurements statistics logdir /var/log/chrony # Stop bad estimates upsetting machine clock. maxupdateskew 100.0 # Dump measurements when daemon exits. dumponexit # Specify directory for dumping measurements. dumpdir /var/lib/chrony # This directive lets 'chronyd' to serve time even if unsynchronised to any # NTP server. #添加了一个server server 192.168.1.1 minpoll 4 maxpoll 10 iburst #local stratum 10 # This directive designates subnets (or nodes) from which NTP clients are allowed # to access to 'chronyd'. #allow foo.example.net #allow 10/8 #allow 0/0 (allow access by any IPv4 node) #allow ::/0 (allow access by any IPv6 node) # 这里我也加了,但是似乎客户端是不需要加的 allow all # This directive forces `chronyd' to send a message to syslog if it # makes a system clock adjustment larger than a threshold value in seconds. logchange 0.5 # This directive defines an email address to which mail should be sent # if chronyd applies a correction exceeding a particular threshold to the # system clock. # mailonchange root@localhost 0.5 # This directive tells 'chronyd' to parse the 'adjtime' file to find out if the # real-time clock keeps local time or UTC. It overrides the 'rtconutc' directive. hwclockfile /etc/adjtime # This directive enables kernel synchronisation (every 11 minutes) of the # real-time clock. Note that it can’t be used along with the 'rtcfile' directive. rtcsync一样的重启chrony的服务。 三、验证(强制同步版) 先确定下两个的chrony服务状态没问题 # 18 systemctl status chronyd # 16 service chrony status检查客户端的时间和服务器的不一致。 root@controller:~# timedatectl status Local time: Mon 2023-04-10 16:02:17 CST Universal time: Mon 2023-04-10 08:02:17 UTC RTC time: Mon 2023-04-10 08:02:17 Time zone: Asia/Shanghai (CST, +0800) Network time on: yes NTP synchronized: no RTC in local TZ: no坑:这里发现NTP synchronized: no,查了半天解决不了。 会导致没法一段时间自己同步? 客户端和服务器的ip能互相ping通; 服务器的123udp端口开启。我们可以抓包; tcpdump -i ens33 port 123服务端执行,看看有没有连上客户端。 chronyc clients客户端执行,查看源是不是正常 root@controller:~# chronyc activity 200 OK 1 sources online 0 sources offline 0 sources doing burst (return to online) 0 sources doing burst (return to offline) 0 sources with unknown address root@controller:~# chronyc sourcestats -v 210 Number of sources = 1 .- Number of sample points in measurement set. / .- Number of residual runs with same sign. | / .- Length of measurement set (time). | | / .- Est. clock freq error (ppm). | | | / .- Est. error in freq. | | | | / .- Est. offset. | | | | | | On the -. | | | | | | samples. | | | | | | | Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev ============================================================================== 192.168.1.1 14 11 247 +0.004 1.547 +35ns 101us root@controller:~# chronyc sources -v 210 Number of sources = 1 .-- Source mode '^' = server, '=' = peer, '#' = local clock. / .- Source state '*' = current synced, '+' = combined , '-' = not combined, | / '?' = unreachable, 'x' = time may be in error, '~' = time too variable. || .- xxxx [ yyyy ] +/- zzzz || Reachability register (octal) -. | xxxx = adjusted offset, || Log2(Polling interval) --. | | yyyy = measured offset, || | | zzzz = estimated error. || | | MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* 192.168.1.1 11 9 377 64 +179us[ +216us] +/- 6878us^?就是源有问题,等两分钟再试。^*表示正常。 track一下,看看。 root@controller:~# chronyc tracking Reference ID : 192.168.1.1 (192.168.1.1) Stratum : 12 Ref time (UTC) : Mon Apr 10 07:43:06 2023 System time : 57402.121093750 seconds fast of NTP time Last offset : +0.000036663 seconds RMS offset : 0.000126418 seconds Frequency : 9.823 ppm slow Residual freq : +0.007 ppm Skew : 0.307 ppm Root delay : 0.001302 seconds Root dispersion : 0.000698 seconds Update interval : 282.2 seconds Leap status : Normal看System time和NTP不同步。 看服务输出了什么错误信息 root@controller:~# service chrony status ● chrony.service - LSB: Controls chronyd NTP time daemon Loaded: loaded (/etc/init.d/chrony; bad; vendor preset: enabled) Active: active (running) since Tue 2023-04-11 07:16:56 CST; 33min ago Docs: man:systemd-sysv-generator(8) Process: 19400 ExecStop=/etc/init.d/chrony stop (code=exited, status=0/SUCCESS) Process: 19410 ExecStart=/etc/init.d/chrony start (code=exited, status=0/SUCCESS) Tasks: 1 Memory: 272.0K CPU: 35ms CGroup: /system.slice/chrony.service └─19418 /usr/sbin/chronyd Apr 11 07:16:54 controller systemd[1]: Starting LSB: Controls chronyd NTP time daemon... Apr 11 07:16:54 controller chronyd[19418]: chronyd version 2.1.1 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP -DEBUG +ASYNCDNS +IPV6 +SECH Apr 11 07:16:54 controller chronyd[19418]: Frequency -9.839 +/- 0.638 ppm read from /var/lib/chrony/chrony.drift Apr 11 07:16:56 controller chrony[19410]: chronyd is running and online. Apr 11 07:16:56 controller systemd[1]: Started LSB: Controls chronyd NTP time daemon. Apr 11 07:16:58 controller chronyd[19418]: Selected source 192.168.1.1 Apr 11 07:16:58 controller chronyd[19418]: System clock wrong by -57534.054360 seconds, adjustment started找了半天,用chronyc -a makestep在客户端上强制同步。(好几次) root@controller:~# timedatectl status Local time: Tue 2023-04-11 07:53:36 CST Universal time: Mon 2023-04-10 23:53:36 UTC RTC time: Tue 2023-04-11 00:00:18 Time zone: Asia/Shanghai (CST, +0800) Network time on: yes NTP synchronized: no RTC in local TZ: no root@controller:~# chronyc -a makestep 200 OK 200 OK root@controller:~# timedatectl status Local time: Mon 2023-04-10 16:00:58 CST Universal time: Mon 2023-04-10 08:00:58 UTC RTC time: Tue 2023-04-11 00:03:14 Time zone: Asia/Shanghai (CST, +0800) Network time on: yes NTP synchronized: no RTC in local TZ: no root@controller:~# timedatectl status Local time: Mon 2023-04-10 16:01:49 CST Universal time: Mon 2023-04-10 08:01:49 UTC RTC time: Tue 2023-04-11 00:04:05 Time zone: Asia/Shanghai (CST, +0800) Network time on: yes NTP synchronized: no RTC in local TZ: no root@controller:~# chronyc -a makestep 200 OK 200 OK root@controller:~# chronyc -a makestep 200 OK 200 OK root@controller:~# timedatectl status Local time: Mon 2023-04-10 16:02:02 CST Universal time: Mon 2023-04-10 08:02:02 UTC RTC time: Mon 2023-04-10 08:02:01 Time zone: Asia/Shanghai (CST, +0800) Network time on: yes NTP synchronized: no RTC in local TZ: no root@controller:~# timedatectl status Local time: Mon 2023-04-10 16:02:09 CST Universal time: Mon 2023-04-10 08:02:09 UTC RTC time: Mon 2023-04-10 08:02:09 Time zone: Asia/Shanghai (CST, +0800) Network time on: yes NTP synchronized: no RTC in local TZ: no逐渐同步到与服务器时间相同,服务器抓包也可以看到输出。 root@fh:~# tcpdump -i ens33 port 123 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes 15:52:34.734949 IP 192.168.1.10.59947 > fh.ntp: NTPv4, Client, length 48 15:52:34.735118 IP fh.ntp > 192.168.1.10.59947: NTPv4, Server, length 48 16:01:49.376551 IP 192.168.1.10.34716 > fh.ntp: NTPv4, Client, length 48 16:01:49.377012 IP fh.ntp > 192.168.1.10.34716: NTPv4, Server, length 48 16:19:06.195222 IP 192.168.1.10.43636 > fh.ntp: NTPv4, Client, length 48 16:19:06.195547 IP fh.ntp > 192.168.1.10.43636: NTPv4, Server, length 48 16:36:30.731287 IP 192.168.1.10.42798 > fh.ntp: NTPv4, Client, length 48 16:36:30.731652 IP fh.ntp > 192.168.1.10.42798: NTPv4, Server, length 48尚不明确客户端如何能一段时间自动同步。但是可以验证这个服务器应该是没什么问题的。 |
| CopyRight 2018-2019 办公设备维修网 版权所有 豫ICP备15022753号-3 |