[Linux series] Chrony time synchronization server

background

         When doing experiments with LNMP and LNMT architectures, after the virtual machine was on standby overnight, the time was still the same as the previous day, which made the apt command unable to install applications. It also reminded me that when I was working on a domestic xc project some time ago, there was an xc host on the intranet. After a period of shutdown, the time was wrong, which led to the problem that some applications could not be accessed. I just have time today, so let’s talk about Chrony time synchronization! !

 time synchronization

         We know that a computer host has a normal startup time every time. That is because our computer is configured with a time synchronization server address. After networking, our local time will be verified through the time server on the Internet. When the host is in the internal network, our system time is guaranteed to be consistent through the bios time. There is a button battery on the bios. When the battery is dead and the Internet time cannot be synchronized, the system time of the computer will be caused. Wrong situation.

1. What is time synchronization?

         Time synchronization is the process of checking the local time with the Internet time to provide a unified time for the system.
Due to the inconsistency of the timing rate of local time and the operating environment; even if all local clocks are calibrated at a certain moment, after a period of time, these local clocks will also appear inconsistent. In order for the local clock to reach the same time value again, a time synchronization operation is required.

2. Why time synchronization? 

         In the operation and maintenance scenario, there are many hosts working together to complete different tasks, such as the LNMP architecture, which can be deployed on three different hosts; In fact, they need to decide how to display the results of the response to the client according to the time when the file or data stream is generated; at this time, the time of the hosts in the unified network needs to be consistent. But the same time does not mean that it must be correct. If the current time is 3 pm, but the time of the three hosts is exactly 6 am yesterday, there is no problem.
But it doesn’t work for some scenarios where the time is incorrect, such as https applications; when the client communicates with the server, if the client’s time is accurate, but the server’s time comes from yesterday or the response from the future, it will prompt that there is a risk, and Not acceptable.

3. Commonly used time synchronization servers

 1) NTP time service: Let the time check fluctuate faster like a watch, instead of jumping directly like the date command: other servers have 60s a minute, while ntp has 30s a minute to achieve time checks; problem: In order to catch up with the slow 24 hours, it may take a very long time to proofread
2) Chrony time service: Chrony is a substitute for NTP, which can synchronize clocks more accurately and faster. Traditional ntp takes hours, while chrony only takes seconds or Time synchronization can be completed in milliseconds; the speed of adjusting the time is as fast as the speed of shaking the hands of the watch;

4. Public network time server address

Aliyun NTP server: ntp1.aliyun.com; ntp2.aliyun.com; ntp3.aliyun.com; ntp4.aliyun.com

Tencent Cloud NTP server: time1.cloud.tencent.com; time2.cloud.tencent.com;
time3.cloud.tencent.com

How to use: ntpdate ntp1.aliyun.com 

Chrony 

 1. Introduction to chrony

1) chrony is a time synchronization service based on the ntp protocol. It can be used as a server or a client; 2
) chrony is a substitute for NTP, which can synchronize clocks with more accurate time and faster speed;
3) chrony occupies less system resources, and only takes up a small part of the CPU when it is awakened. chrony is compatible with ntpdate;
4) chrony allows other hosts in the local network to perform time synchronization like a local host;

Chrony official website: https://chrony.tuxfamily.org
Chrony official documentation: https://chrony.tuxfamily.org/documentation.html

 2. Intranet activation server architecture 

 3. Chrony server installation

 3.1 apt command installation

root@web1:~# apt install chrony
root@web1:~#
root@web1:~#

主配置文件：/etc/chrony.conf
客户端程序：/usr/bin/chronyc
服务端程序：/usr/sbin/chronyd

3.2 Configure Chrony server

root@web1:/etc/chrony#vim /etc/chrony.conf
###使用同步的远程时钟源，理论上可以同步无限个
pool ntp.ubuntu.com        iburst maxsources 4
pool 0.ubuntu.pool.ntp.org iburst maxsources 1
pool 1.ubuntu.pool.ntp.org iburst maxsources 1
pool 2.ubuntu.pool.ntp.org iburst maxsources 2

# Use time sources from DHCP.
sourcedir /run/chrony-dhcp

# Use NTP sources found in /etc/chrony/sources.d.
sourcedir /etc/chrony/sources.d

# This directive specify the location of the file containing ID/key pairs for
# NTP authentication.
keyfile /etc/chrony/chrony.keys

# This directive specify the file into which chronyd will store the rate
# information.
driftfile /var/lib/chrony/chrony.drift

# Save NTS keys and cookies.
ntsdumpdir /var/lib/chrony


## 日志文件目录
logdir /var/log/chrony

# Stop bad estimates upsetting machine clock.
maxupdateskew 100.0

## #启用实时时钟（RTC）的内核同步
rtcsync

# Step the system clock instead of slewing it if the adjustment is larger than
# one second, but only in the first three clock updates.
## #如果系统时钟的偏移量大于1秒，则允许系统时钟在前三次更新中步进
makestep 1 3

# Get TAI-UTC offset and leap seconds from the system tz database.
# This directive must be commented out when using time sources serving
# leap-smeared time.
leapsectz right/UTC

 Chrony server configuration, modify the /etc/chrony.conf file in three places, set the external time server, allow the intranet to synchronize the server, and set the network to continue to synchronize

root@web1:/etc/chrony#vim /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server ntp.aliyun.com iburst  #1 指定三台阿里云时间同步服务器
server ntp1.aliyun.com iburst
server ntp2.aliyun.com iburst

# Allow NTP client access from local network.
allow 172.16.1.0/24    #2 允许172.16.1.0网段同步此服务器

# Serve time even if not synchronized to a time source.
local stratum 10   #3 断网继续同步开启

4. Chrony client installation

 install chrony

root@web2:#  apt install chrony
root@web2:# 

Configure server address

root@web2:/etc/chrony/conf.d# touch  test1.conf
root@web2:/etc/chrony/conf.d# cat test1.conf 
server 192.168.65.130 iburst

restart service

root@web2:/etc/chrony/conf.d# systemctl restart chronyd

start sync

root@web2:~# chronyc sources
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* 192.168.65.130                3   6   177    61   +164us[ +269us] +/-   42ms
root@web2:~# 

或者


root@web2:~# chronyc sources -v

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current best, '+' = combined, '-' = not combined,
| /             'x' = may be in error, '~' = too variable, '?' = unusable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* 192.168.65.130                3   6   377    16   +428us[+1449us] +/-   33ms
root@web2:~#