[转帖]CentOS8时间同步服务

时间同步服务

CentOS7之前的版本用的是ntpdate服务，之后用的是chrony服务 默认是安装的了

查看版本

[root@centos8 ~]#rpm -qi chrony
Name        : chrony
Version     : 3.5
Release     : 2.el8
Architecture: x86_64
Install Date: Sun 13 Jun 2021 12:40:02 PM CST
Group       : System Environment/Daemons
Size        : 537759
License     : GPLv2
Signature   : RSA/SHA256, Wed 03 Mar 2021 12:26:24 AM CST, Key ID 05b555b38483c65d
Source RPM  : chrony-3.5-2.el8.src.rpm
Build Date  : Tue 02 Mar 2021 03:04:32 PM CST
Build Host  : x86-01.mbox.centos.org
Relocations : (not relocatable)
Packager    : CentOS Buildsys <bugs@centos.org>
Vendor      : CentOS
URL         : https://chrony.tuxfamily.org
Summary     : An NTP client/server
Description :
chrony is a versatile implementation of the Network Time Protocol (NTP).
It can synchronise the system clock with NTP servers, reference clocks
(e.g. GPS receiver), and manual input using wristwatch and keyboard. It
can also operate as an NTPv4 (RFC 5905) server and peer to provide a time
service to other computers in the network.
[root@centos7 ~]#cat /etc/redhat-release

CentOS Linux release 7.2.1511 (Core)

[root@centos7 ~]#uname -r

3.10.0-327.el7.x86_64
[root@centos7 ~]#rpm -qi chrony

Name        : chrony

Version     : 2.1.1

Release     : 1.el7.centos

Architecture: x86_64

Install Date: 2019年11月25日 星期一 20时17分23秒

Group       : System Environment/Daemons

Size        : 479430

License     : GPLv2

Signature   : RSA/SHA256, 2015年11月25日 星期三 22时19分35秒, Key ID 24c6a8a7f4a80eb5

Source RPM  : chrony-2.1.1-1.el7.centos.src.rpm

Build Date  : 2015年11月24日 星期二 05时36分12秒

Build Host  : worker1.bsys.centos.org

Relocations : (not relocatable)

Packager    : CentOS BuildSystem <http://bugs.centos.org>

Vendor      : CentOS

URL         : http://chrony.tuxfamily.org

Summary     : An NTP client/server

Description :

A client/server for the Network Time Protocol, this program keeps your

computer's clock accurate. It was specially designed to support

systems with intermittent internet connections, but it also works well

in permanently connected environments. It can use also hardware reference

clocks, system real-time clock or manual input as time references.

服务端配置

主配置文件/etc/chrony 重点是： allow 0.0.0.0/0 local stratum 10

简单解释： 允许NTP客户端从本地网络访问。 即使不能和一个远程服务器时间源同步，也能继续为其他客户端提供时间同步服务. 10 代表当前服务器设置为第10层， 按照 原子钟为第一层，互联网上的若干时间服务器为第N层，第10层足够表示当前主机所在的局域网 iburst：并行同步，加快同步速度

[root@centos8 ~]#vim /etc/chrony.conf
Use public servers from the pool.ntp.org project.
Please consider joining the pool (http://www.pool.ntp.org/join.html).
pool 2.centos.pool.ntp.org iburst

server ntp.aliyun.com iburst iburst

server ntp.ecslb.sjtu.edu.cn iburst

server time1.cloud.tencent.com iburst
Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
Allow the system clock to be stepped in the first three updates
if its offset is larger than 1 second.
makestep 1.0 3
Enable kernel synchronization of the real-time clock (RTC).
rtcsync
Enable hardware timestamping on all interfaces that support it.
hwtimestamp *
Increase the minimum number of selectable sources required to adjust
the system clock.
minsources 2
Allow NTP client access from local network.
allow 192.168.0.0/16
allow 0.0.0.0/0
Serve time even if not synchronized to a time source.
local stratum 10
local stratum 10
Specify file containing keys for NTP authentication.
keyfile /etc/chrony.keys
Get TAI-UTC offset and leap seconds from the system tz database.
leapsectz right/UTC
Specify directory for log files.
logdir /var/log/chrony
Select which information is logged.
log measurements statistics tracking

重启服务

systemctl restart chronyd

• 1

查看chrony服务默认监听的UDP端口123是否打开

[root@centos8 ~]#ss -ntlu
Netid          State           Recv-Q          Send-Q                   Local Address:Port                      Peer Address:Port          Process
udp            UNCONN          0               0                              0.0.0.0:111                            0.0.0.0:*
udp            UNCONN          0               0                              0.0.0.0:123                            0.0.0.0:*
udp            UNCONN          0               0                              0.0.0.0:39087                          0.0.0.0:*
udp            UNCONN          0               0                              0.0.0.0:5353                           0.0.0.0:*
udp            UNCONN          0               0                            127.0.0.1:323                            0.0.0.0:*
udp            UNCONN          0               0                                 [::]:111                               [::]:*
udp            UNCONN          0               0                                 [::]:50298                             [::]:*
udp            UNCONN          0               0                                 [::]:5353                              [::]:*
udp            UNCONN          0               0                                [::1]:323                               [::]:*
tcp            LISTEN          0               128                          127.0.0.1:6010                           0.0.0.0:*
tcp            LISTEN          0               128                          127.0.0.1:6011                           0.0.0.0:*
tcp            LISTEN          0               128                          127.0.0.1:6012                           0.0.0.0:*
tcp            LISTEN          0               128                          127.0.0.1:6013                           0.0.0.0:*
tcp            LISTEN          0               128                            0.0.0.0:111                            0.0.0.0:*
tcp            LISTEN          0               128                            0.0.0.0:22                             0.0.0.0:*
tcp            LISTEN          0               5                            127.0.0.1:631                            0.0.0.0:*
tcp            LISTEN          0               128                              [::1]:6010                              [::]:*
tcp            LISTEN          0               128                              [::1]:6011                              [::]:*
tcp            LISTEN          0               128                              [::1]:6012                              [::]:*
tcp            LISTEN          0               128                              [::1]:6013                              [::]:*
tcp            LISTEN          0               128                               [::]:111                               [::]:*
tcp            LISTEN          0               128                                  *:80                                   *:*
tcp            LISTEN          0               128                               [::]:22                                [::]:*
tcp            LISTEN          0               5                                [::1]:631                               [::]:*

客户端测试

[root@centos7 ~]#date -s "-1 year"
2020年 08月 27日 星期四 20:09:11 CST
[root@centos7 ~]#date
2020年 08月 27日 星期四 20:09:17 CST
[root@centos7 ~]#ntpdate 10.0.0.5
27 Aug 16:09:37 ntpdate[4935]: step time server 10.0.0.5 offset 31521600.000748 sec
[root@centos7 ~]#date
2021年 08月 27日 星期五 16:09:40 CST
更改配置文件使客户端时间服务默认指向10.0.0.5
[root@centos7 ~]#vim /etc/chrony.conf
Use public servers from the pool.ntp.org project.
Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
server 10.0.0.5 iburst

重启服务

systemctl restart chronyd

• 1

测试

[root@centos7 ~]#date -s "-1 year"
2020年 08月 27日 星期四 16:17:28 CST
查看同步详细信息
[root@centos7 ~]#chronyc sources -v

210 Number of sources = 1
.-- Source mode  '^' = server, '=' = peer, '#' = local clock.

/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,

| /   '?' = unreachable, 'x' = time may be in error, '~' = time too variable.

||                                                 .- xxxx [ yyyy ] +/- zzzz

||      Reachability register (octal) -.           |  xxxx = adjusted offset,

||      Log2(Polling interval) --.      |          |  yyyy = measured offset,

||                                \     |          |  zzzz = estimated error.

||                                 |    |           

MS Name/IP address         Stratum Poll Reach LastRx Last sample
^? 10.0.0.5                      3   6   377    17   -8760h[ -8760h] +/-   17ms
同步成功
[root@centos7 ~]#chronyc sources -v

210 Number of sources = 1
.-- Source mode  '^' = server, '=' = peer, '#' = local clock.

/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,

| /   '?' = unreachable, 'x' = time may be in error, '~' = time too variable.

||                                                 .- xxxx [ yyyy ] +/- zzzz

||      Reachability register (octal) -.           |  xxxx = adjusted offset,

||      Log2(Polling interval) --.      |          |  yyyy = measured offset,

||                                \     |          |  zzzz = estimated error.

||                                 |    |           

MS Name/IP address         Stratum Poll Reach LastRx Last sample
^* 10.0.0.5                      3   6   377     1    +76us[ -8760h] +/-   16ms

注：使用默认同步需要稍微等待几分钟，立即同步可以用ntpdate 10.0.0.5 或者重启chrony服务 systemctl restart chronyd

国内常见的NTP时间服务器地址

清华大学 https://tuna.moe/help/ntp/

ntp.tuna.tsinghua.edu.cn

上海交通大学

ntp.sjtu.edu.cn
ntp.ecslb.sjtu.edu.cn

腾讯

time1.cloud.tencent.com
time2.cloud.tencent.com
time3.cloud.tencent.com
time4.cloud.tencent.com
time5.cloud.tencent.com

微软 windows自带

time.windows.com