chronyd.service - NTP server 服务端下的配置(服务端IP:192.168.1.129)
修改配置前
[root@neokylin ~]# vi /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
# Ignore stratum in source selection.
stratumweight 0
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Enable kernel RTC synchronization.
rtcsync
# In first three updates step the system clock instead of slew
# if the adjustment is larger than 100 seconds.
makestep 100 3
# Allow client access from local network.
allow 192.168/16
# Serve time even if not synchronized to any NTP server.
#local stratum 10
keyfile /etc/chrony.keys
# Specify the key used as password for chronyc.
commandkey 1
# Disable logging of client accesses.
noclientlog
# Send a message to syslog if a clock adjustment is larger than 0.5 seconds.
logchange 0.5
logdir /var/log/chrony
#log measurements statistics tracking
修改配置后
①:“allow 192.168.1.0/24”;允许客户端从本地网络访问。
②:取消“local stratum 10”的注释;即使未与任何NTP服务器同步,也能提供服务时间。
重启chronyd服务。
[root@neokylin ~]# systemctl restart chronyd.service
[root@neokylin ~]# systemctl status chronyd.service
chronyd.service - NTP client/server
Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled)
Active: active (running) since 五 2023-04-14 09:16:47 CST; 1s ago
Process: 4943 ExecStartPost=/usr/libexec/chrony-helper add-dhclient-servers (code=exited, status=0/SUCCESS)
Process: 4938 ExecStart=/usr/sbin/chronyd -u chrony $OPTIONS (code=exited, status=0/SUCCESS)
Process: 4933 ExecStartPre=/usr/libexec/chrony-helper generate-commandkey (code=exited, status=0/SUCCESS)
Main PID: 4941 (chronyd)
CGroup: name=systemd:/system/chronyd.service
└─4941 /usr/sbin/chronyd -u chrony
4月 14 09:16:47 neokylin systemd[1]: Starting NTP client/server...
4月 14 09:16:47 neokylin chronyd[4941]: chronyd version 1.27 starting
4月 14 09:16:47 neokylin chronyd[4941]: Linux kernel major=3 minor=12 patch=11
4月 14 09:16:47 neokylin chronyd[4941]: hz=100 shift_hz=7 freq_scale=1.00000000 nominal_tick=10000 slew_delta_tick=833 max_tick_bias=1000 shift_pll=2
4月 14 09:16:47 neokylin chronyd[4941]: Frequency -37.153 +/- 0.015 ppm read from /var/lib/chrony/drift
4月 14 09:16:47 neokylin systemd[1]: Started NTP client/server.
[root@neokylin ~]#
chronyd.service - NTP client 客户端下的配置(客户端IP:192.168.1.131)
修改配置前
[root@rhel7 ~]# vi /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3
# Enable kernel synchronization of the real-time clock (RTC).
rtcsync
# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *
# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2
# Allow NTP client access from local network.
#allow 192.168.0.0/16
# Serve time even if not synchronized to a time source.
#local stratum 10
# Specify file containing keys for NTP authentication.
#keyfile /etc/chrony.keys
# Specify directory for log files.
logdir /var/log/chrony
# Select which information is logged.
#log measurements statistics tracking
修改后配置
①:设置NTP服务器IP为192.168.1.129
重启客户端chronyd.service
[root@rhel7 ~]# systemctl restart chronyd.service
您在 /var/spool/mail/root 中有新邮件
[root@rhel7 ~]# systemctl status chronyd.service
● chronyd.service - NTP client/server
Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
Active: active (running) since 五 2023-04-14 09:17:31 CST; 3s ago
Docs: man:chronyd(8)
man:chrony.conf(5)
Process: 52020 ExecStartPost=/usr/libexec/chrony-helper update-daemon (code=exited, status=0/SUCCESS)
Process: 52017 ExecStart=/usr/sbin/chronyd $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 52019 (chronyd)
Tasks: 1
CGroup: /system.slice/chronyd.service
└─52019 /usr/sbin/chronyd
4月 14 09:17:31 rhel7 systemd[1]: Starting NTP client/server...
4月 14 09:17:31 rhel7 chronyd[52019]: chronyd version 3.4 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +SECHASH +IPV6 +DEBUG)
4月 14 09:17:31 rhel7 chronyd[52019]: Frequency -29.232 +/- 4.059 ppm read from /var/lib/chrony/drift
4月 14 09:17:31 rhel7 systemd[1]: Started NTP client/server.
[root@rhel7 ~]#
验证是否能连上NTP服务器(neokylin)
[root@rhel7 ~]# chronyc sources
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* neokylin 10 6 17 20 -3748ns[ -87us] +/- 182us
[root@rhel7 ~]#
MS=^* 的意思是当前已同步NTP服务器neokylin(192.168.1.129)
[root@rhel7 ~]# ping neokylin
PING neokylin (192.168.1.129) 56(84) bytes of data.
64 bytes from neokylin (192.168.1.129): icmp_seq=1 ttl=64 time=0.443 ms
64 bytes from neokylin (192.168.1.129): icmp_seq=2 ttl=64 time=0.299 ms
64 bytes from neokylin (192.168.1.129): icmp_seq=3 ttl=64 time=0.371 ms
64 bytes from neokylin (192.168.1.129): icmp_seq=4 ttl=64 time=0.338 ms
64 bytes from neokylin (192.168.1.129): icmp_seq=5 ttl=64 time=0.394 ms
64 bytes from neokylin (192.168.1.129): icmp_seq=6 ttl=64 time=0.367 ms
64 bytes from neokylin (192.168.1.129): icmp_seq=7 ttl=64 time=0.353 ms
^C
--- neokylin ping statistics ---
7 packets transmitted, 7 received, 0% packet loss, time 6000ms
rtt min/avg/max/mdev = 0.299/0.366/0.443/0.045 ms
您在 /var/spool/mail/root 中有新邮件
[root@rhel7 ~]#
ntpd.service - NTP client 客户端下的配置(客户端IP:192.168.1.128)
修改配置前
[root@centos ~]# vi /etc/ntp.conf
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile /var/lib/ntp/drift
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict ::1
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
#broadcast 192.168.1.255 autokey # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 autokey # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 autokey # manycast client
# Enable public key cryptography.
#crypto
includefile /etc/ntp/crypto/pw
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats
# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor
修改配置后
①:注释去访问外网NTP服务器;添加内网NTP服务器IP:192.168.1.129
重启客户端ntpd.service
[root@centos ~]# service ntpd restart
Redirecting to /bin/systemctl restart ntpd.service
[root@centos ~]# service ntpd status
Redirecting to /bin/systemctl status ntpd.service
● ntpd.service - Network Time Service
Loaded: loaded (/usr/lib/systemd/system/ntpd.service; disabled; vendor preset: disabled)
Active: active (running) since 五 2023-04-14 09:32:22 CST; 9s ago
Process: 36949 ExecStart=/usr/sbin/ntpd -u ntp:ntp $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 36950 (ntpd)
CGroup: /system.slice/ntpd.service
└─36950 /usr/sbin/ntpd -u ntp:ntp -g
4月 14 09:32:22 centos ntpd[36950]: Listen normally on 2 lo 127.0.0.1 UDP 123
4月 14 09:32:22 centos ntpd[36950]: Listen normally on 3 ens33 192.168.1.128 UDP 123
4月 14 09:32:22 centos ntpd[36950]: Listen normally on 4 virbr0 192.168.122.1 UDP 123
4月 14 09:32:22 centos ntpd[36950]: Listen normally on 5 lo ::1 UDP 123
4月 14 09:32:22 centos ntpd[36950]: Listen normally on 6 ens33 fe80::5c2:5947:9c48:633b UDP 123
4月 14 09:32:22 centos ntpd[36950]: Listening on routing socket on fd #23 for interface updates
4月 14 09:32:22 centos ntpd[36950]: 0.0.0.0 c016 06 restart
4月 14 09:32:22 centos ntpd[36950]: 0.0.0.0 c012 02 freq_set kernel 0.000 PPM
4月 14 09:32:22 centos ntpd[36950]: 0.0.0.0 c011 01 freq_not_set
4月 14 09:32:29 centos ntpd[36950]: 0.0.0.0 c614 04 freq_mode
[root@centos ~]#
验证是否能连上NTP服务器(neokylin)
[root@centos ~]# ntpstat
synchronised to NTP server (192.168.1.129) at stratum 11
time correct to within 1019 ms
polling server every 64 s
[root@centos ~]# ntpq -4p
remote refid st t when poll reach delay offset jitter
==============================================================================
*neokylin LOCAL(1) 10 u 57 64 3 0.350 79.413 5.843
[root@centos ~]#
*neokylin的意思是当前已同步NTP服务器neokylin(192.168.1.129)
ntpd.service - NTP server 服务端下的配置(服务端IP:192.168.1.130)
[root@rhel6 ~]# vi /etc/ntp.conf
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile /var/lib/ntp/drift
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict ::1
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
#broadcast 192.168.1.255 autokey # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 autokey # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 autokey # manycast client
# Enable public key cryptography.
#crypto
includefile /etc/ntp/crypto/pw
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats
# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor
修改后配置
注释去访问外网NTP服务器;本地时间提供服务时间。
重启服务端ntpd.service
[root@rhel6 ~]# service ntpd restart
Shutting down ntpd: [ OK ]
Starting ntpd: [ OK ]
[root@rhel6 ~]# service ntpd status
ntpd (pid 2212) is running...
[root@rhel6 ~]#
在客户端192.168.1.128加入第二台NTP服务器192.168.1.130
[root@centos ~]# vi /etc/ntp.conf
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile /var/lib/ntp/drift
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict ::1
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server 192.168.1.129 iburst
server 192.168.1.130 iburst
#broadcast 192.168.1.255 autokey # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 autokey # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 autokey # manycast client
# Enable public key cryptography.
#crypto
includefile /etc/ntp/crypto/pw
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats
# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor
重启客户端ntpd.service并验证是否能连上NTP服务器(neokylin:192.168.129;rhel6:192.168.1.130)
[root@centos ~]# service ntpd restart
Redirecting to /bin/systemctl restart ntpd.service
[root@centos ~]# ntpstat
synchronised to NTP server (192.168.1.129) at stratum 11
time correct to within 967 ms
polling server every 64 s
[root@centos ~]# ntpq -4p
remote refid st t when poll reach delay offset jitter
==============================================================================
*neokylin LOCAL(1) 10 u 27 64 3 0.317 27.537 1.399
rhel6 LOCAL(0) 6 u 23 64 3 0.208 -86.811 2.311
[root@centos ~]#