1. chrony service
chrony is a general-purpose implementation of Network Time Protocol (NTP). It can synchronize the system clock with an NTP server, a reference clock (such as a GPS receiver), and manual input using a watch and keyboard. It can also operate as an NTPv4 (RFC 5905) server and peer, providing time services to other computers on the network.
It is designed to run well under a wide range of conditions, including intermittent network connections, severely congested networks, changing temperatures (normal computer clocks are temperature sensitive), and systems that cannot run continuously or on virtual machines.
Typical accuracy between two machines synchronized over the Internet is within a few milliseconds; on a LAN, accuracy is often tens of microseconds. Submicrosecond accuracy may be possible using hardware timestamps or hardware reference clocks.
There are two programs included in chrony, chronyd is a daemon process that can be started at boot time, and chronyc is a command line interface program that can be used to monitor the performance of chronyd and change various operating parameters while it is running.
centos7+ supports chrony time synchronization configuration. NTP is no longer supported on centos8.
Compared with ntp time synchronization configuration, chrony is simpler and more efficient. It is an open source software that can keep the system always synchronized with the server time.
2. Introduction to OS testing environment
Server side: RedHat8.2- 172.20.10.6
Client: CentOS8.3- 172.20.10.7
This test is a minimal system installation. After configuring the local yum source, the chrony service is installed (the service is installed on both the server and client, as follows)
[root@centos8-3 ~]# yum install -y chrony
Last metadata expiration check: 0:00:05 ago on Tue 15 Jun 2021 08:02:45 PM CST.
Dependencies resolved.
=================================================================================================================================================================
Package Architecture Version Repository Size
=================================================================================================================================================================
Installing:
chrony x86_64 3.5-1.el8 centos8-OS 271 k
Installing weak dependencies:
timedatex x86_64 0.5-3.el8 centos8-OS 32 k
Transaction Summary
=================================================================================================================================================================
Install 2 Packages
Total size: 303 k
Installed size: 731 k
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : timedatex-0.5-3.el8.x86_64 1/2
Running scriptlet: timedatex-0.5-3.el8.x86_64 1/2
Running scriptlet: chrony-3.5-1.el8.x86_64 2/2
Installing : chrony-3.5-1.el8.x86_64 2/2
Running scriptlet: chrony-3.5-1.el8.x86_64 2/2
Verifying : chrony-3.5-1.el8.x86_64 1/2
Verifying : timedatex-0.5-3.el8.x86_64 2/2
Installed:
chrony-3.5-1.el8.x86_64 timedatex-0.5-3.el8.x86_64
Complete!
3. Server and client configuration
(1) Server-side configuration and explanation (3 modifications)
[root@RedHat8-2 ~]# cat /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#pool 2.rhel.pool.ntp.org iburst --注释这行,外网时间服务器的网址
server 172.20.10.6 iburst --添加这行,表示与本机同步时间(视情况自行更改)
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3
# Enable kernel synchronization of the real-time clock (RTC).
rtcsync
# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *
# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2
# Allow NTP client access from local network.
allow 172.20.10.0/28 -->>允许哪些服务器或客户端到这台时间服务器来同步时间。必须配置
# Serve time even if not synchronized to a time source.
local stratum 10 -->>该行注释取消掉不然NTP synchronized: 为no 取消掉后变为 NTP synchronized:yes
# Specify file containing keys for NTP authentication.
keyfile /etc/chrony.keys
# Get TAI-UTC offset and leap seconds from the system tz database.
leapsectz right/UTC
# Specify directory for log files.
logdir /var/log/chrony
# Select which information is logged.
#log measurements statistics tracking
Start the chrony service and check
启动chronyd
[root@RedHat8-2 ~]# systemctl start chronyd
加入开机自启
[root@RedHat8-2 ~]# systemctl enable chronyd
检查
[root@RedHat8-2 ~]# netstat -antulp|grep chronyd
udp 0 0 0.0.0.0:123 0.0.0.0:* 7745/chronyd
udp 0 0 127.0.0.1:323 0.0.0.0:* 7745/chronyd
udp6 0 0 ::1:323 :::* 7745/chronyd
[root@RedHat8-2 ~]# ss -antulp|grep chronyd
udp UNCONN 0 0 0.0.0.0:123 0.0.0.0:* users:(("chronyd",pid=7745,fd=9))
udp UNCONN 0 0 127.0.0.1:323 0.0.0.0:* users:(("chronyd",pid=7745,fd=7))
udp UNCONN 0 0 [::1]:323 [::]:* users:(("chronyd",pid=7745,fd=8))
(2) Client configuration
[root@centos8-3 ~]# cat /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#pool 2.centos.pool.ntp.org iburst
server 172.20.10.6 iburst -->>添加该行,表示到这台服务器去同步时间
Start chronyd and add auto-start at boot
[root@centos8-3 ~]# systemctl start chronyd
[root@centos8-3 ~]# systemctl enable chronyd
4. Check status
[root@centos8-3 ~]# timedatectl
Local time: Tue 2021-06-15 16:45:10 CST
Universal time: Tue 2021-06-15 08:45:10 UTC
RTC time: Tue 2021-06-15 16:45:10
Time zone: Asia/Shanghai (CST, +0800)
System clock synchronized: yes --表示已同步完成
NTP service: active
RTC in local TZ: no
5. View time source information
Server
[root@RedHat8-2 ~]# chronyc sources -v
210 Number of sources = 1
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^? RedHat8-2.localdomain 0 7 377 - +0ns[ +0ns] +/- 0ns
client
[root@centos8-3 ~]# chronyc sources -v
210 Number of sources = 1
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 172.20.10.6 11 6 177 50 +2087ns[ -33us] +/- 227ms
6. Test
Test instructions, manually change the time on the server to see if the client is synchronized
(1) View the current time on the client and server
服务端
[root@RedHat8-2 ~]# date
Tue Jun 15 16:43:22 CST 2021
客户端
[root@centos8-3 ~]# date
Tue Jun 15 16:43:22 CST 2021
(2) Manually change the server time
[root@RedHat8-2 ~]# date
Tue Jun 15 17:14:03 CST 2021
[root@RedHat8-2 ~]# date -s "2021-6-15 18:00:00"
Tue Jun 15 18:00:00 CST 2021
(3) Wait for the client to automatically synchronize (the test synchronization time is relatively slow)
[root@centos8-3 ~]# chronyc sources -v
210 Number of sources = 1
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^~ 172.20.10.6 11 6 37 11 -2716s[ -2716s] +/- 265ms
[root@centos8-3 ~]# date
Tue Jun 15 17:16:44 CST 2021
[root@centos8-3 ~]# timedatectl
Local time: Tue 2021-06-15 17:16:53 CST
Universal time: Tue 2021-06-15 09:16:53 UTC
RTC time: Tue 2021-06-15 09:17:19
Time zone: Asia/Shanghai (CST, +0800)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
[root@centos8-3 ~]# date
Tue Jun 15 18:06:49 CST 2021
During the test, a problem was discovered. The synchronization time was relatively slow, but the synchronization was successfully performed.
Set up startup and restart the service
systemctl enable chronyd
systemctl restart chronyd
Use chronyc sources to view time synchronization status
[root@jingcheng ~]# chronyc sources
- *Indicates the clock source that chronyd is currently synchronized to
- ? Indicates a source that has lost connectivity or whose packets failed all tests. It also displays on startup until at least 3 samples have been collected from it.
- + indicates that acceptable sources are grouped with the selected source
- - Indicates acceptable sources excluded by the merge algorithm
- x represents a clock that chronyd considers to be a fake ticker (i.e., its time is inconsistent with most other sources).
- ~ indicates a source where time seems to have too much variability.
View ntp_servers:chronyc sources
View ntp_servers status: chronyc sourcestats
Check whether ntp_servers is online: chronyc activity
View ntp details: chronyc tracking
Time-related commands: timedatectl
View date, time, time zone and NTP status: timedatectl
View time zone list: timedatectl list-timezones
Modify time zone: timedatectl set-timezone + time zone to be modified
Modify date and time: timedatectl set-time "Date to be modified"
7. Discovery and resolution of problems in chrony configuration
1. Will it appear when adding a client clock source? (a source that has lost connectivity or whose packets failed all tests) resulting in an inability to synchronize the clock source
Solution: ① Check whether the firewall is turned off ② Check whether selinux is in permissive or disable status ③ Ping to see if the link is open ④ Check the network configuration ⑤ The allow command in the chrony configuration does not allow NTP client access by default