Chrony 是一个开源的自由软件,它能帮助你保持系统时钟与时钟服务器(NTP)同步,让你的时间保持精确。它由两个程序组成,分别是chronyd和chronyc。chronyd 是一个后台运行的守护进程,用于调整内核中运行的系统时钟和时钟服务器同步,它确定计算机增减时间的比率,并对此进行补偿。chronyc 提供一个用户界面,用于监控性能并进行多样化的配置,可以在 chronyd 实例控制的计算机上工作,也可以在一台不同的远程计算机上工作。本教程是在 Debian 10搭建,如有错误,请联系我更正。
安装 ChronyDebian/Ubuntu 系统
root@LimeLinux:~# apt  install chrony -yReading package lists... DoneBuilding dependency tree       Reading state information... DoneSuggested packages:  dnsutils networkd-dispatcherThe following NEW packages will be installed:  chrony0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.Need to get 234 kB of archives.After this operation, 510 kB of additional disk space will be used.Get:1 http://mirrors.aliyun.com/debian buster/main amd64 chrony amd64 3.4-4+deb10u1 [234 kB]Fetched 234 kB in 0s (1,255 kB/s)Selecting previously unselected package chrony.(Reading database ... 27613 files and directories currently installed.)Preparing to unpack .../chrony_3.4-4+deb10u1_amd64.deb ...Unpacking chrony (3.4-4+deb10u1) ...Setting up chrony (3.4-4+deb10u1) ...Creating '_chrony' system user/group for the chronyd daemon…Creating config file /etc/chrony/chrony.conf with new versionCreating config file /etc/chrony/chrony.keys with new versionCreated symlink /etc/systemd/system/chronyd.service → /lib/systemd/system/chrony.service.Created symlink /etc/systemd/system/multi-user.target.wants/chrony.service → /lib/systemd/system/chrony.service.Processing triggers for man-db (2.8.5-2) ...Processing triggers for systemd (241-7~deb10u5) ...root@LimeLinux:~#
chrony 的配置文件是“ /etc/chrony.conf ”
各项参数含义:
1.server - 指:pool 2.debian.pool.ntp.org iburst, 该参数可以多次用于添加时钟服务器,一般来说,你想添加多少服务器,就可以添加多少服务器。2.driftfile - chronyd程序的主要行为之一,就是根据实际时间计算出计算机增减时间的比率,将它记录到一个文件中最合理的,会在重启后为系统时钟作出补偿,甚至可能的话,会从时钟服务器获得较好的估值。3.rtcsync - rtcsync指令将启用一个内核模式,在该模式中,系统时间每11分钟会拷贝到实时时钟(RTC)。4.allow / deny - 可以指定一台主机、子网,或者网络以允许或拒绝NTP连接到时钟服务器的机器。简而言之,就是设置那些IP地址可以使用NTP服务。allow 192.168.4.5/32 #允许某个IPdeny 192.168.1.0/24  #拒绝一个网段allow 0.0.0.0./0 #允许所有IP来同步时间5.makestep - 通常,chronyd将根据需求通过减慢或加速时钟,使得系统逐步纠正所有时间偏差。在某些特定情况下,系统时钟可能会漂移过快,导致该调整过程消耗很长的时间来纠正系统时钟。该指令强制chronyd在调整期大于某个阀值时步进调整系统时钟,但只有在因为chronyd - 启动时间超过指定限制(可使用负值来禁用限制),没有更多时钟更新时才生效。
提示:整个配置文件,只需要添加 allow 0.0.0.0/0 即可,不需要作其它修改。
如下简单配置文件:
root@LimeLinux:~# nano /etc/chrony/chrony.conf#pool 2.debian.pool.ntp.org iburst# add servers in your timezone to sync timesserver ntp.aliyun.com iburstserver ntp1.aliyun.com iburst# add to the end : add the network range you allow to receive requestsallow 192.168.10.0/24root@LimeLinux:~#chrony 相关命令
测试时间
像NTP发行版中的ntpdate命令一样,我们可以使用chronyd手动将Linux服务器的时间与远程NTP服务器同步
语法:# chronyd -q ‘server {ntp_server_name} iburst’
root@LimeLinux:/etc/chrony# chronyd -q 'server 2.debian.pool.ntp.org iburst'2020-12-27T03:40:09Z chronyd version 3.4 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +SECHASH +IPV6 -DEBUG)2020-12-27T03:40:09Z Initial frequency -25.488 ppm2020-12-27T03:40:14Z System clock wrong by 0.001955 seconds (step)2020-12-27T03:40:14Z chronyd exitingroot@LimeLinux:/etc/chrony# 
启动 chronyd 守护程序,并开机自启
root@LimeLinux:~# systemctl start chrony #root@LimeLinux:~# systemctl enable chrony
查看chrony状态
root@LimeLinux:~# systemctl status chrony● chrony.service - chrony, an NTP client/server   Loaded: loaded (/lib/systemd/system/chrony.service; enabled; vendor preset: enabled)   Active: active (running) since Sun 2020-12-27 11:16:22 CST; 27min ago     Docs: man:chronyd(8)           man:chronyc(1)           man:chrony.conf(5) Main PID: 1163 (chronyd)    Tasks: 2 (limit: 2327)   Memory: 1.2M   CGroup: /system.slice/chrony.service           ├─1163 /usr/sbin/chronyd -F -1           └─1164 /usr/sbin/chronyd -F -1Dec 27 11:16:22 LimeLinux systemd[1]: Starting chrony, an NTP client/server...Dec 27 11:16:22 LimeLinux chronyd[1163]: chronyd version 电脑 3.4 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +SECHASH +IPV6 -DEBUG)Dec 27 11:16:22 LimeLinux chronyd[1163]: Initial frequency -81.770 ppmDec 27 11:16:22 LimeLinux chronyd[1163]: Loaded seccomp filterDec 27 11:16:22 LimeLinux systemd[1]: Started chrony, an NTP client/server.Dec 27 11:16:28 LimeLinux chronyd[1163]: Selected source 193.182.111.12Dec 27 11:17:34 LimeLinux chronyd[1163]: Selected source 78.46.102.180Dec 27 11:28:22 LimeLinux chronyd[1163]: Selected source 94.130.49.186root@LimeLinux:~#
验证和跟踪时间同步
要验证系统时间是否已使用chrony同步,使用以下命令
root@LimeLinux:~# chronyc tracking Reference ID    : 5E8231BA (94.130.49.186)Stratum         : 4Ref time (UTC)  : Sun Dec 27 03:44:34 2020System time     : 0.000223043 seconds slow of NTP timeLast offset 电脑     : +0.000090305 secondsRMS offset      : 0.002856454 secondsFrequency       : 23.360 ppm slowResidual freq   : +0.038 ppmSkew            : 2.059 ppmRoot delay      : 0.208674118 secondsRoot dispersion : 0.002633217 secondsUpdate interval : 65.1 secondsLeap status     : Normalroot@LimeLinux:~#Reference ID 是系统时间当前同步到的服务器的ID和名称。Stratum 表示带有附加参考时钟的离开服务器的跳数。
检查时间来源
要列出有关chronyd使用的当前时间源的信息,命令如下:
root@LimeLinux:~# chronyc sources210 Number of sources = 4MS Name/IP address         Stratum Poll Reach LastRx Last sample               ===============================================================================^+ 193.182.111.12                2   8   377    30    +54ms[  +54ms] +/-  179ms^+ 78.46.102.180                 3   8   377   294    -15ms[  -15ms] +/-  128ms^+ 108.59.2.24  电脑                  2   7   377    31  +1782us[+1782us] +/-  260ms^* 94.130.49.186                 3   7   377   227    -16ms[  -16ms] +/-  106msroot@LimeLinux:~# 
要列出有关源的更多详细信息:
root@LimeLinux:~# chronyc sources -v210 Number of sources = 4  .-- Source mode  '^' = server, '=' = peer, '#' = local clock. / .- Source state '*' = current synced, '+' = combined , '-' = not combined,| /   '?' = unreachable, 'x' = time may be in error, '~' = time too variable.||                                                 .- xxxx [ yyyy ] +/- zzzz||      Reachability register (octal) -.           |  xxxx = adjusted offset,||      Log2(Polling interval) --.      |          |  yyyy = measured offset,||                                \     |          |  zzzz = estimated error.||                                 |    |           \MS Name/IP address         Stratum Poll Reach LastRx Last sample               ===============================================================================^+ 193.182.111.12                2   8   377   153    +53ms[  +54ms] +/-  179ms^+ 78.46.102.180                 3   8   377    31    -15ms[  -14ms] +/-  134ms^+ 108.59.2.24                   2   7   377    24   +566us[ +566us] +/-  261ms^* 94.130.49.186                 3   7   377    27    -19ms[  -18ms] +/-  110msroot@LimeLinux:~#  查看时间来源统计
查看时间来源统计
要列出有关chronyd使用的每个源的漂移速度和偏移估计的信息,命令如下:
root@LimeLinux:~# chronyc sourcestats -v210 Number of sources = 4                             .- Number of sample points in measurement set.                            /    .- Number of residual runs with same sign.                           |    /    .- Length of measurement set (time).                           |   |    /      .- Est. clock freq error (ppm).                           |   |   |      /           .- Est. error in freq.                           |   |   |     |           /         .- Est. offset.                           |   |   |     |          |          |   On the -.                           |   |   |     |          |          |   samples. \                           |   |   |     |          |          |             |Name/IP Address            NP  NR  Span  Frequency  Freq Skew  Offset  Std Dev==============================================================================193.182.111.12             23  12   32m     -1.740      6.255    +48ms  4329us78.46.102.180              23  10   34m     -0.728      2.353    -20ms  1435us108.59.2.24                18  13   23m     +0.278      2.966  +2534us  1259us94.130.49.186              13   6  1164     +0.863      4.477    -16ms  1017usroot@LimeLinux:~# 
设置防火墙
允许ntp服务 123/udp 通过
root@LimeLinux:~# ufw allow 123/udp
Linux改变生活,技术更好的工作!
电脑






