測試作業系統 CentOS 8 x86_64 (虛擬機)
目前 Linux 上的時間同步 NTP ( Network Time Protocol , 透過這個協定跟 NTP Server 的時間來同步) 是透過 chronyd 這個服務,下面來看一下用法.
timedatectl
先來看一下 timedatectl 這個指令,之前通常會使用 date 來修改時間,不過在 CentOS 7 / CentOS 8 使用 systemd 的系統,改使用 timedatectl 來設定與檢視日期時間 ( 該指令是由 systemd 套件提供).
[root@localhost ~]# rpm -qf /usr/bin/timedatectl systemd-239-39.el8.x86_64
設定日期時間.
[root@localhost ~]# timedatectl set-time "2019-08-08 11:50:00"
設定時區 (TimeZone).
[root@localhost ~]# timedatectl list-timezones | grep -i taipei Asia/Taipei
[root@localhost ~]# timedatectl set-timezone "Asia/Taipei"
[root@localhost ~]# timedatectl
Local time: Thu 2019-08-08 11:55:49 CST
Universal time: Thu 2019-08-08 03:55:49 UTC
RTC time: Thu 2019-08-08 03:55:49
Time zone: Asia/Taipei (CST, +0800)
NTP enabled: yes
NTP synchronized: yes
RTC in local TZ: no
DST active: n/a
Note: 改時區需把 rsyslog – https://benjr.tw/34103 日誌 log 服務重啟,避免時間與 log 紀錄的時間不相同.
[root@localhost ~]# systemctl restart rsyslog
chronyd (NTP Client)
如需與 NTP Server 做時間同步, 從 RHEL / CentOS 7 之後使用 Chrony 為預設校時服務 (NTP :Network Time Protocol ) ,預設應該都有安裝, chrony 套件如下.
[root@localhost ~]# yum install chrony
設定 NTP 可以透過 timedatectl 指令來啟動 NTP 的網路校時.
[root@localhost ~]# timedatectl set-ntp yes
[root@localhost ~]# timedatectl
Local time: Thu 2019-08-08 11:54:53 CST
Universal time: Thu 2019-08-08 03:54:53 UTC
RTC time: Thu 2019-08-08 03:54:00
Time zone: Asia/Taipei (CST, +0800)
NTP enabled: yes
NTP synchronized: no
RTC in local TZ: no
DST active: n/a
[root@localhost ~]# systemctl status chronyd.service
● chronyd.service - NTP client/server
Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2024-05-28 10:57:40 CST; 12min ago
Docs: man:chronyd(8)
man:chrony.conf(5)
Process: 3741 ExecStartPost=/usr/libexec/chrony-helper update-daemon (code=exited, status=0/SUCCESS)
Process: 3709 ExecStart=/usr/sbin/chronyd $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 3739 (chronyd)
Tasks: 1 (limit: 22887)
Memory: 924.0K
CGroup: /system.slice/chronyd.service
└─3739 /usr/sbin/chronyd
May 28 10:57:40 localhost.localdomain systemd[1]: Starting NTP client/server...
May 28 10:57:40 localhost.localdomain chronyd[3739]: chronyd version 4.5 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDRO>
May 28 10:57:40 localhost.localdomain chronyd[3739]: Loaded 0 symmetric keys
May 28 10:57:40 localhost.localdomain chronyd[3739]: Frequency 0.000 +/- 1000000.000 ppm read from /var/lib/chrony/drift
May 28 10:57:40 localhost.localdomain chronyd[3739]: Using right/UTC timezone to obtain leap second data
May 28 10:57:40 localhost.localdomain systemd[1]: Started NTP client/server.
May 28 10:57:46 localhost.localdomain chronyd[3739]: Selected source 183.177.72.201 (2.centos.pool.ntp.org)
May 28 10:57:46 localhost.localdomain chronyd[3739]: System clock TAI offset set to 37 seconds
[root@localhost ~]# systemctl enable chronyd.service
當我們設定 NTP (Network Time Protocol) 為 Yes 時,會把 chronyd 這個 NTP 服務打開.
[root@localhost ~]# cat /var/log/messages May 28 11:10:33 localhost systemd[1]: Starting NTP client/server... May 28 11:10:33 localhost chronyd[3940]: chronyd version 4.5 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +NTS +SECHASH +IPV6 +DEBUG) May 28 11:10:33 localhost chronyd[3940]: Loaded 0 symmetric keys May 28 11:10:33 localhost chronyd[3940]: Frequency -2.622 +/- 15.251 ppm read from /var/lib/chrony/drift May 28 11:10:33 localhost chronyd[3940]: Using right/UTC timezone to obtain leap second data May 28 11:10:33 localhost systemd[1]: Started NTP client/server. May 28 11:10:41 localhost chronyd[3940]: Selected source 114.34.171.136 (2.centos.pool.ntp.org) May 28 11:10:41 localhost chronyd[3940]: System clock TAI offset set to 37 seconds May 28 11:10:42 localhost chronyd[3940]: Selected source 114.33.15.129 (2.centos.pool.ntp.org) May 28 11:11:05 localhost systemd[1]: timedatex.service: Succeeded. May 28 11:11:45 localhost chronyd[3940]: Selected source 118.163.81.61 (2.centos.pool.ntp.org)
或是透過啟動 chrony 服務來開啟 NTP.
[root@localhost ~]# timedatectl set-ntp no
[root@localhost ~]# timedatectl
Local time: Tue 2024-05-28 11:10:18 CST
Universal time: Tue 2024-05-28 03:10:18 UTC
RTC time: Tue 2024-05-28 03:10:18
Time zone: Asia/Taipei (CST, +0800)
System clock synchronized: yes
NTP service: inactive
RTC in local TZ: no
[root@localhost ~]# systemctl status chronyd.service
● chronyd.service - NTP client/server
Loaded: loaded (/usr/lib/systemd/system/chronyd.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:chronyd(8)
man:chrony.conf(5)
May 28 10:57:40 localhost.localdomain chronyd[3739]: Loaded 0 symmetric keys
May 28 10:57:40 localhost.localdomain chronyd[3739]: Frequency 0.000 +/- 1000000.000 ppm read from /var/lib/chrony/drift
May 28 10:57:40 localhost.localdomain chronyd[3739]: Using right/UTC timezone to obtain leap second data
May 28 10:57:40 localhost.localdomain systemd[1]: Started NTP client/server.
May 28 10:57:46 localhost.localdomain chronyd[3739]: Selected source 183.177.72.201 (2.centos.pool.ntp.org)
May 28 10:57:46 localhost.localdomain chronyd[3739]: System clock TAI offset set to 37 seconds
May 28 11:10:16 localhost.localdomain systemd[1]: Stopping NTP client/server...
May 28 11:10:16 localhost.localdomain chronyd[3739]: chronyd exiting
May 28 11:10:16 localhost.localdomain systemd[1]: chronyd.service: Succeeded.
May 28 11:10:16 localhost.localdomain systemd[1]: Stopped NTP client/server.
[root@localhost ~]# systemctl start chronyd.service
[root@localhost ~]# timedatectl
Local time: Tue 2024-05-28 11:10:35 CST
Universal time: Tue 2024-05-28 03:10:35 UTC
RTC time: Tue 2024-05-28 03:10:35
Time zone: Asia/Taipei (CST, +0800)
System clock synchronized: no
NTP service: active
RTC in local TZ: no
設定檔位於 /etc/chrony.conf 預設使用 pool 2.centos.pool.ntp.org ,在官方的說明 – https://www.ntppool.org/zh/use.html 其中 0, 1, 2 and 3.pool.ntp.org 的網域名稱解析會每一個小時更新,隨機指向一個離你最近的伺服器.
我們可以透過下面指令來檢視其 NTP 是哪一個.
- tracking : The tracking command displays parameters about the system’s clock performance.
[root@localhost ~]# chronyc tracking Reference ID : B7B148CA (t2.time.tw1.yahoo.com) Stratum : 3 Ref time (UTC) : Thu Mar 12 03:43:18 2020 System time : 0.118893698 seconds slow of NTP time Last offset : +0.091888450 seconds RMS offset : 1.505703568 seconds Frequency : 100000.000 ppm fast Residual freq : -17442.777 ppm Skew : 1000000.000 ppm Root delay : 0.048257317 seconds Root dispersion : 19.612304688 seconds Update interval : 68.3 seconds Leap status : Normal
- sources : This command displays information about the current time sources that chronyd is accessing.
[root@localhost ~]# chronyc sources 210 Number of sources = 4 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* t2.time.tw1.yahoo.com 2 6 377 40 +98ms[ +190ms] +/- 35ms ^- zimbra.alqualonde.org 3 6 377 40 +102ms[ +102ms] +/- 155ms ^- 103.122.188.3 2 6 377 40 +99ms[ +99ms] +/- 51ms ^- 106-104-162-193.adsl.sta> 2 6 375 45 +95ms[ +95ms] +/- 84ms
chronyd (NTP Server)
- chronyd Server (IP: 192.168.31.132)
當 chronyd.service 服務啟動後,其他電腦就可以把這一台當作 NTP(Network Time Protocol) 伺服器,需調整 chrony.conf 設定檔(須設定哪些網段可以使用).[root@localhost ~]# vi /etc/chrony.conf # Allow NTP client access from local network. allow 192.168.0.0/16 [root@localhost ~]# systemctl restart chronyd.service
allow 這一行設定允許特定網段的使用者把你當做時間伺服器,如果只寫 allow 就是允許全部.
- NTP Client (Internal chronyd)
要使用剛剛設定好的 NTP Server (chronyd IP: 192.168.31.132 ), Client 須把設定檔 /etc/chrony.conf 指定為這一台 IP.[root@localhost ~]# vi /etc/chrony.conf # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). # pool 2.centos.pool.ntp.org iburst server 192.168.31.132 iburst [root@localhost ~]# systemctl restart chronyd
測試一下 NTP Server 是否正常.
[root@localhost ~]# chronyc activity 200 OK 1 sources online 0 sources offline 0 sources doing burst (return to online) 0 sources doing burst (return to offline) 0 sources with unknown address
測試時 Source state 必須為 ‘*’ ( current best )
[root@localhost ~]# chronyc sources -v .-- Source mode '^' = server, '=' = peer, '#' = local clock. / .- Source state '*' = current best, '+' = combined, '-' = not combined, | / 'x' = may be in error, '~' = too variable, '?' = unusable. || .- xxxx [ yyyy ] +/- zzzz || Reachability register (octal) -. | xxxx = adjusted offset, || Log2(Polling interval) --. | | yyyy = measured offset, || \ | | zzzz = estimated error. || | | \ MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* 192.168.31.132 3 6 377 52 +132us[ +143us] +/- 36ms
手動校正時間.
[root@localhost ~]# chronyc -a makestep 200 OK
chronyd (Internal NTP Server)
如果你的 Chrony (NTP Server) 是在內部無法對外,這樣還能當 NTP Server 嗎? 找了一下資料 https://serverfault.com/questions/995101/how-to-synchronize-clocks-on-servers-with-no-internet-access 設定如下.
[root@localhost ~]# vi /etc/chrony.conf # Allow NTP client access from local network. allow # Record the rate at which the system clock gains/losses time. driftfile /var/lib/chrony/drift # Serve time even if not synchronized to a time source. local stratum 10 manual [root@localhost ~]# systemctl restart chronyd.service
說明:
- driftfile /var/lib/chrony/drift
儲存本地端主機與上層 NTP Server 的誤差 (單位 : PPM – Parts Per Million , 1 PPM (Part Per Million) -> 1 microsecond per second -> 1*60*60/1000 (m) = 3.6ms per hour -> 3.6ms*24= 86.4ms per day) - local stratum 8
NTP是階層架構 (stratum) ,把服務設定在 local 階層架構 (stratum) 8 . - manual
?
遇過的問題
發現 NTP Client 要去連線自行架設的 NTP Server 狀態是 ‘?’ = unusable.
[root@localhost ~]# chronyc sources -v .-- Source mode '^' = server, '=' = peer, '#' = local clock. / .- Source state '*' = current best, '+' = combined, '-' = not combined, | / 'x' = may be in error, '~' = too variable, '?' = unusable. || .- xxxx [ yyyy ] +/- zzzz || Reachability register (octal) -. | xxxx = adjusted offset, || Log2(Polling interval) --. | | yyyy = measured offset, || \ | | zzzz = estimated error. || | | \ MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^? 192.168.31.129 0 10 0 - +0ns[ +0ns] +/- 0ns
[root@localhost ~]# ntpstat unsynchronised poll interval unknown
我的 Server 都是架設在 VMware Workwork 的 VM , 有查到是可能跟 open-vm-tools enable time sync 有關 – https://serverfault.com/questions/1073299/ntp-chrony-not-keeping-time-synchronized-on-centos-7-9-vm-running-on-vmware-esx
後來是先把 Firewalld 與 SELinux 先關閉,再把 VM 與 Host 時間同步關閉,方式有2種.
- 指令 disable
[root@localhost ~]# vmware-toolbox-cmd timesync disable Disabled [root@localhost ~]# vmware-toolbox-cmd timesync status Disabled
- 設定
這樣再連線就沒遇過問題了.
沒有解決問題,試試搜尋本站其他內容 - driftfile /var/lib/chrony/drift