使用Chrony搭建NTP服务器

---

chrony简介

官网：https://chrony.tuxfamily.org

从CentOS 8开始，ntpd 正式被 chrony 取代，与前代 ntpd 相比，chrony 性能更好，安装配置更方便。

---

常用命令

安装chrony

yum install -y chrony

启用chrony

systemctl enable chronyd.service
systemctl disable chronyd.service

重启chrony

systemctl start chronyd.service
systemctl restart chronyd.service

启用防火墙

系统默认ntp端口为 123/udp

firewall-cmd --add-service=ntp --permanent  && firewall-cmd --reload 

---

配置

Chrony 分为两部分：

1. Chronyd：即NTP服务端
2. Chronyc：即NTP客户端

配置文件

vim /etc/chrony.conf

最重要的3个属性

第一是你需要同步的ntp服务器地址
具体的NTP服务器地址，可查询https://www.ntppool.org/en/

# These servers were defined in the installation:
pool 0.asia.pool.ntp.org iburst
pool 1.asia.pool.ntp.org iburst
pool 2.asia.pool.ntp.org iburst
pool 3.asia.pool.ntp.org iburst
# pool 2.centos.pool.ntp.org iburst
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).

第二个是允许访问该服务器的网段

# Allow NTP client access from local network.
allow 10.10.2.0/24
allow 10.10.3.0/24

第三个即使服务器无法连接ntp服务器，也可以同步本地时间。

# Serve time even if not synchronized to a time source.
local stratum 10

配置好以后，记得保存，重启ntp

---

客户端同步

查询现有时间服务器：

其中第二个字符如果为*，就表示正常，为？就表示无法连通

[admin@jumper ~]$ chronyc sources -v
210 Number of sources = 1

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| /   '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* 10.10.3.240                   2   9   377   515    -12us[-6390ns] +/-   23ms

查询ntp服务器状态：

[admin@jumper ~]$ chronyc sourcestats -v
210 Number of sources = 1
                             .- Number of sample points in measurement set.
                            /    .- Number of residual runs with same sign.
                           |    /    .- Length of measurement set (time).
                           |   |    /      .- Est. clock freq error (ppm).
                           |   |   |      /           .- Est. error in freq.
                           |   |   |     |           /         .- Est. offset.
                           |   |   |     |          |          |   On the -.
                           |   |   |     |          |          |   samples. \
                           |   |   |     |          |          |             |
Name/IP Address            NP  NR  Span  Frequency  Freq Skew  Offset  Std Dev
==============================================================================
10.10.3.240                12   9   64m     +0.000      0.043    +16ns    37us

手动同步

chrony兼容ntpdate，客户端可以使用ntpdate手动同步时间

[root@jumper ~]# ntpdate 10.10.3.240
23 Dec 14:57:50 ntpdate[29245]: adjust time server 10.10.3.240 offset -0.000084 sec