莱芜网站建设最近在维护服务器时遇到对时问题,解决处理整理资料如下:
所需端口:
chrony兼容ntpd监听在udp123端口上,自己则监听在udp的323端口上。
程序环境:
rpm安装需要文件:
rpm -ivh libseccomp-2.3.1-3.el7.x86_64.rpm
rpm -ivh chrony-3.2-2.el7.x86_64.rpm
配置文件:/etc/chrony.conf 主程序文件:chronyd #一个守护daemon程序 工具程序:chronyc #一个交互式命令行工具 unit file: chronyd.service
配置文件:chrony.conf
NTP 客户端需要知道它要连接到哪个 NTP 服务器来获取当前时间。我们可以直接在该 NTP 配置文件中的 server 或者 pool 项指定 NTP 服务器。通常,默认的配置文件位于 /etc/chrony/chrony.conf 或者 /etc/chrony.conf,取决于 Linux 发行版版本。为了更可靠的同步时间,建议指定至少三个服务器。
server:指明时间服务器地址; allow NETADD/NETMASK allow all:允许所有客户端主机; deny NETADDR/NETMASK deny all:拒绝所有客户端; bindcmdaddress:命令管理接口监听的地址; local stratum 10:即使自己未能通过网络时间服务器同步到时间,也允许将本地时间作为标准时间授时给其它客户
chrony的交互工具chronyc
chrony 有一个命令行工具叫做 chronyc 用来控制和监控 chrony 守护进程(chronyd)。
chronyc有很多的子命令,可以输入help来查看 chronyc help 选项: sources [-v] 显示关于当前来源的信息 sourcestats [-v] 显示时间同步状态(如时间偏移了多少之类) #例如: chronyc sources -v 210 Number of sources = 1 .-- Source mode '^' = server, '=' = peer, '#' = local clock. / .- Source state '*' = current synced, '+' = combined , '-' = not combined, | / '?' = unreachable, 'x' = time may be in error, '~' = time too variable. || .- xxxx [ yyyy ] +/- zzzz || Reachability register (octal) -. | xxxx = adjusted offset, || Log2(Polling interval) --. | | yyyy = measured offset, || \ | | zzzz = estimated error. || | | \ MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* 37.22.10.49 2 10 104 64m +1485us[ +417us] +/- 81ms #主要关注第一列的MS, ^* ^是指该行所给出的IP是服务器,也就是我们指定的互联网时间服务器;*是指当前已同步 ######## chronyc sourcestats -v #sourcestats是显示同步状态,-v是详细西信息 210 Number of sources = 1 .- Number of sample points in measurement set. / .- Number of residual runs with same sign. | / .- Length of measurement set (time). | | / .- Est. clock freq error (ppm). | | | / .- Est. error in freq. | | | | / .- Est. offset. | | | | | | On the -. | | | | | | samples. \ | | | | | | | Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev ============================================================================== 37.22.10.49 29 18 18h -0.003 0.132 -14us 5055us
为了检查是否 chrony 已经同步,我们可以使用下面展示的 tracking 命令。
$ chronyc trackingReference ID : 6A0ABAC8 (t1.time.sg3.yahoo.com)Stratum : 3Ref time (UTC) : Wed Oct 17 11:48:51 2018System time : 0.000984587 seconds slow of NTP timeLast offset : -0.000912981 secondsRMS offset : 0.007983995 secondsFrequency : 23.704 ppm slowResidual freq : +0.006 ppmSkew : 1.734 ppmRoot delay : 0.089718960 secondsRoot dispersion : 0.008760406 secondsUpdate interval : 515.1 secondsLeap status : Normal
如果你的系统没有连接到互联网,你需要告知 Chrony 系统没有连接到 互联网。为了这样做,运行:
# chronyc offline200 OK
为了确认你的 NTP 源的状态,只需要运行:
$ chronyc activity200 OK0 sources online3 sources offline0 sources doing burst (return to online)0 sources doing burst (return to offline)0 sources with unknown address
可以看到,我的所有源此时都是离线状态。
一旦你连接到互联网,只需要使用命令告知 Chrony 你的系统已经回到在线状态:
# chronyc online200 OK
所有选项和参数的详细解释,请参考其帮助手册。
$ man chronyc$ man chronyd
关闭NTP服务,防止123端口占用:
[dabao@lwwz ~]# service ntpd stop
[dabao@lwwz ~]# chkconfig ntpd off
防火墙关闭:
[dabao@lwwz ~]# systemctl status firewalld.service
???firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
selinux关闭:
[dabao@lwwz ~]# getenforce
Disabled
[dabao@lwwz ~]# systemctl status chrony
● chrony.service
Loaded: not-found (Reason: No such file or directory)
Active: inactive (dead)
========================服务端=========================
1.安装chrony(所有机器)
yum install chrony -y
2.启动chrony
[dabao@lwwz ~]# systemctl start chronyd.service
[dabao@lwwz ~]# systemctl status chronyd.service
● chrony.service - chrony, an NTP client/serverLoaded: loaded (/lib/systemd/system/chrony.service; enabled; vendor preset: enaActive: active (running) since Wed 2018-10-17 10:34:53 UTC; 3min 15s agoDocs: man:chronyd(8)man:chronyc(1)man:chrony.conf(5)Main PID: 2482 (chronyd)Tasks: 1 (limit: 2320)CGroup: /system.slice/chrony.service└─2482 /usr/sbin/chronyd
每次重启自动运行
[dabao@lwwz ~]# systemctl enable chronyd.service
3.编辑配置文件(注意:现在是服务器端的修改)
22 allow 37.0.0.0/8
23 allow 192.168.0.0/16
24 # Listen for commands only on localhost.
25 bindcmdaddress 127.0.0.1
26 bindcmdaddress ::1
27
28 # Serve time even if not synchronized to any NTP server.
29 local stratum 10
#第22行设置为本网段
#第29行的注释取消
4.查看配置文件如下
[dabao@lwwz ~]# egrep -v "#|^$" /etc/chrony.conf
server ntp1.aliyun.com
server time1.aliyun.com
stratumweight 0
driftfile /var/lib/chrony/drift
rtcsync
makestep 10 3
allow 37.0.0.0/8
allow 192.168.0.0/16
bindcmdaddress 127.0.0.1
bindcmdaddress ::1
local stratum 10
keyfile /etc/chrony.keys
commandkey 1
generatecommandkey
noclientlog
logchange 0.5
logdir /var/log/chrony
5.重启时间同步服务
[dabao@lwwz ~]# systemctl restart chronyd.service
======================客户端=====================
客户端的配置文件是同一个文件(/etc/chrony.conf)
1.删掉哪些没用的server xxxxxxxxxx iburst
1 # Use public servers from the pool.ntp.org project.
2 # Please consider joining the pool (http://www.pool.ntp.org/j oin.html).
3 server 37.22.10.49 iburst
4 # Ignore stratum in source selection.
2.在server端把配置文件编辑好然后用ansible批量分发过去
[dabao@lwwz ~]# ansible client -m copy -a "src=/etc/chrony.conf dest=/etc/"
192.168.17.250 | SUCCESS => {
"changed": true,
"checksum": "52bda81d895de3c7c54886d342e5eec074df757e",
"dest": "/etc/chrony.conf",
"gid": 0,
"group": "root",
"md5sum": "aee9cc7faa70a0c189033cdb8692e4b1",
"mode": "0644",
"owner": "root",
"size": 1038,
"src": "/root/.ansible/tmp/ansible-tmp-1495860905.35-183232559888238/source",
"state": "file",
"uid": 0
}
192.168.17.53 | SUCCESS => {
"changed": true,
"checksum": "52bda81d895de3c7c54886d342e5eec074df757e",
"dest": "/etc/chrony.conf",
"gid": 0,
"group": "root",
"md5sum": "aee9cc7faa70a0c189033cdb8692e4b1",
"mode": "0644",
"owner": "root",
"size": 1038,
"src": "/root/.ansible/tmp/ansible-tmp-1495860905.34-134007063835838/source",
"state": "file",
"uid": 0
}
192.168.17.51 | SUCCESS => {
"changed": true,
"checksum": "52bda81d895de3c7c54886d342e5eec074df757e",
"dest": "/etc/chrony.conf",
"gid": 0,
"group": "root",
"md5sum": "aee9cc7faa70a0c189033cdb8692e4b1",
"mode": "0644",
"owner": "root",
"size": 1038,
"src": "/root/.ansible/tmp/ansible-tmp-1495860905.43-104570916452677/source",
"state": "file",
"uid": 0
}
192.168.17.52 | SUCCESS => {
"changed": true,
"checksum": "52bda81d895de3c7c54886d342e5eec074df757e",
"dest": "/etc/chrony.conf",
"gid": 0,
"group": "root",
"md5sum": "aee9cc7faa70a0c189033cdb8692e4b1",
"mode": "0644",
"owner": "root",
"size": 1038,
"src": "/root/.ansible/tmp/ansible-tmp-1495860905.43-40575778655199/source",
"state": "file",
"uid": 0
}
3.启动同步服务,防火墙也需要关闭
[dabao@lwwz ~]# ansible client -m shell -a "systemctl start chronyd.service"
192.168.17.53 | SUCCESS | rc=0 >>
192.168.17.250 | SUCCESS | rc=0 >>
192.168.17.52 | SUCCESS | rc=0 >>
192.168.17.51 | SUCCESS | rc=0 >>
4.注意客户端时间同步定时任务关闭
[dabao@lwwz ~]# ansible client -m shell -a "crontab -l"
192.168.17.51 | SUCCESS | rc=0 >>
192.168.17.250 | SUCCESS | rc=0 >>
192.168.17.53 | SUCCESS | rc=0 >>
192.168.17.52 | SUCCESS | rc=0 >>
5.Centos7依然可以用ntpdate命令同步时间
[dabao@lwwz ~]# ansible client -m shell -a "ntpdate 10.0.0.120"
192.168.17.53 | SUCCESS | rc=0 >>
27 May 13:05:57 ntpdate[26817]: adjust time server 10.0.0.120 offset -0.001686 sec
192.168.17.250 | SUCCESS | rc=0 >>
27 May 13:05:57 ntpdate[17419]: adjust time server 10.0.0.120 offset -0.004419 sec
192.168.17.52 | SUCCESS | rc=0 >>
27 May 13:05:57 ntpdate[50111]: adjust time server 10.0.0.120 offset -0.004410 sec
192.168.17.51 | SUCCESS | rc=0 >>
27 May 13:05:57 ntpdate[114089]: adjust time server 10.0.0.120 offset -0.000597 sec
6.查看时间,现在已经都同步了,一秒不差
[dabao@lwwz ~]# ansible client -m shell -a "date"
192.168.17.250 | SUCCESS | rc=0 >>
Sat May 27 13:06:04 CST 2017
192.168.17.51 | SUCCESS | rc=0 >>
Sat May 27 13:06:04 CST 2017
192.168.17.53 | SUCCESS | rc=0 >>
Sat May 27 13:06:04 CST 2017
192.168.17.52 | SUCCESS | rc=0 >>
Sat May 27 13:06:04 CST 2017
小提示:在利用ansible批量分发文件的时候,覆盖文件是一件很危险的事,如果原文件存在,最好先备份。其实不管是ansible还是其它操作,覆盖都是很危险的
莱芜网站建设莱芜网站制作中心欢迎您随时拨打服务电话,我们将竭诚为您服务。
非书面授权,禁止转载。本作品采用 CC BY-NC-ND/2.5/CN 许可协议。
如果帮您解决了问题,可以给小编打赏,小编不抽烟不喝酒,6元就够吃个泡面了,感激不尽。
