网络时间服务和chrony
程序员文章站
2023-02-06 21:12:14
⽹络时间服务和chrony 实验练习: 1. 准备实验环境: 2. 时间同步(centos6) 3. ntp软件实现时间同步(centos6) centos6上默认安装了ntp软件包(包括客户端和服务器端),但是ntp同步需要⼀定时间才能完全同步时间的,⽽chrony同步时间⽐ntp快。centos ......
⽹络时间服务和chrony
实验练习:
- 准备实验环境:
可用的centos6、7系统。 centos6 :192.168.37.6 centos7 :192.168.37.7 关闭selinux 关闭防火墙:cetos6 systemctl disable firewalld centos7 chkconfig iptables off
- 时间同步(centos6)
【例1】date命令查看系统时间 [root@magedu ~]# date tue jan 29 14:32:00 cst 2019 【例2】查看硬件时钟 [root@magedu ~]# clock tue 29 jan 2019 02:49:13 pm cst -0.334741 seconds 【例3】修改系统时间为2018年 [root@magedu ~]# date -s '-1 year' [root@magedu ~]# date tue jan 29 14:33:00 cst 2019 但此时硬件时间依然没修改,若要修改硬件时间则: [root@magedu ~]# clock -w
- ntp软件实现时间同步(centos6)
centos6上默认安装了ntp软件包(包括客户端和服务器端),但是ntp同步需要⼀定时间才能完全同步时间的,⽽chrony同步时间⽐ntp快。centos7默认安装了chronyd服务。
【例4】在 centos6上查看ntp软件、修改配置⽂件 [root@centos6 ~]$rpm -ql ntp /etc/dhcp/dhclient.d /etc/dhcp/dhclient.d/ntp.sh /etc/ntp.conf /etc/ntp/crypto /etc/ntp/crypto/pw /etc/rc.d/init.d/ntpd /etc/sysconfig/ntpd /usr/bin/ntpstat /usr/sbin/ntp-keygen /usr/sbin/ntpd /usr/sbin/ntpdc /usr/sbin/ntpq /usr/sbin/ntptime /usr/sbin/tickadj (查看ntp包) [root@centos6 ~]$vim /etc/ntp.conf #server 0.centos.pool.ntp.org iburst #server 1.centos.pool.ntp.org iburst #server 2.centos.pool.ntp.org iburst #server 3.centos.pool.ntp.org iburst (以上都注释掉) server ntp.aliyun.com iburst(这里加这一行作为同步时间服务器) [root@centos6 ~]$service ntpd start (启动ntpd服务) starting ntpd: [ ok ] [root@centos6 ~]$chkconfig ntpd on (开机启动) [root@centos6 ~]$ss -nul (监听了udp的123端口;) state recv-q send-q local address:port peer address:port unconn 0 0 *:870 *:* unconn 0 0 *:111 *:* unconn 0 0 *:631 *:* unconn 0 0 192.168.39.6:123 *:* unconn 0 0 127.0.0.1:123 *:* unconn 0 0 *:123 *:* unconn 0 0 127.0.0.1:928 *:* unconn 0 0 *:34866 *:* unconn 0 0 :::46157 :::* unconn 0 0 :::870 :::* unconn 0 0 :::111 :::* unconn 0 0 fe80::20c:29ff:fed0:823c:123 :::* unconn 0 0 ::1:123 :::* unconn 0 0 :::123 :::* [root@centos6 ~]$ntpq -p (查看同步状态) remote refid st t when poll reach delay offset jitter ============================================================================== *203.107.6.88 100.107.25.114 2 u 62 64 7 14.783 -14.752 1.787 (前面为*时同步成功) 说明:ntp.aliyun.com 是时间服务器的ip地址;iburst是加速同步时间。如果时间相差较⼤,是不能完成实时同步的。
【例5】ntpdate命令,⽴即同步 [root@centos6 ~]$date mon nov 11 22:02:55 cst 2019 [root@centos6 ~]$date -s '-1 day' sun nov 10 22:03:10 cst 2019 [root@centos6 ~]$ntpdate ntp.aliyun.com 10 nov 22:03:13 ntpdate[4232]: the ntp socket is in use, exiting [root@centos6 ~]$date sun nov 10 22:03:16 cst 2019 [root@centos6 ~]$service ntpd stop shutting down ntpd: [ ok ] [root@centos6 ~]$ntpdate ntp.aliyun.com 11 nov 22:04:06 ntpdate[4253]: step time server 203.107.6.88 offset 86399.986747 sec [root@centos6 ~]$date mon nov 11 22:04:08 cst 2019 ntp时间相差较⼤,是不能完成实时同步,那么可以⽤ntpdate命令来完成: (注意:如果按上述实验操作的话,切记关闭ntpd服务,在使用ntpdate同步时间,之前是为了查看同步状态才开启,这两个服务不可以同时启用。)
【例6】根据上例,centos6开启了ntpd服务,也可当做时间服务器被它⼈使⽤ [root@centos6 ~]$service ntpd start starting ntpd: [ ok ] [root@centos7 ~]#date -s '-1 day' mon nov 11 09:56:26 cst 2019 [root@centos7 ~]#ntpdate 192.168.39.6 12 nov 09:56:33 ntpdate[12472]: step time server 192.168.39.6 offset 86397.761731 sec [root@centos7 ~]#date tue nov 12 09:56:35 cst 2019 (同上例使用ntpdate时不可以开启ntpd服务) [root@centos7 ~]#date -s '-1 year' mon nov 12 10:01:33 cst 2018 [root@centos7 ~]#systemctl start ntpd [root@centos7 ~]#ntpdate 192.168.39.6 12 nov 10:01:37 ntpdate[12561]: the ntp socket is in use, exiting [root@centos7 ~]#date mon nov 12 10:01:42 cst 2018 [root@centos7 ~]#date mon nov 12 10:01:44 cst 2018 [root@centos7 ~]#date mon nov 12 10:01:52 cst 2018 [root@centos7 ~]#date mon nov 12 10:02:02 cst 2018 (关闭ntpd同步时间) [root@centos7 ~]#systemctl stop ntpd [root@centos7 ~]#ntpdate 192.168.39.6 12 nov 10:04:16 ntpdate[12603]: step time server 192.168.39.6 offset 31536000.031123 sec [root@centos7 ~]#date tue nov 12 10:04:19 cst 2019 注意:(如果你的centos7配置了/etc/chrony.conf文件的上游服务器,时间会自动同步) 【例】更改centos7时间为一天以前,开启ntpd服务同步时间,同时实验chrony.conf配置文件设置上游服务器和不设置的区别。 [root@centos7 ~]#vim /etc/chrony.conf # use public servers from the pool.ntp.org project. # please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst #server 1.centos.pool.ntp.org iburst #server 2.centos.pool.ntp.org iburst #server 3.centos.pool.ntp.org iburst server ntp.aliyun.com iburst(开启服务并配置chrony.conf文件上游服务器) (显示是ntpd正在使用无法同步但是之后会把时间自动同步回来) [root@centos7 ~]#date -s '-1 day' mon nov 11 10:05:40 cst 2019 [root@centos7 ~]#systemctl start ntpd [root@centos7 ~]#ntpdate 192.168.39.6 11 nov 10:06:07 ntpdate[12644]: the ntp socket is in use, exiting [root@centos7 ~]#date mon nov 11 10:06:09 cst 2019 [root@centos7 ~]#date tue nov 12 10:06:12 cst 2019 you have new mail in /var/spool/mail/root (注释掉配置的上游服务器) [root@centos7 ~]#vim /etc/chrony.conf # use public servers from the pool.ntp.org project. # please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst #server 1.centos.pool.ntp.org iburst #server 2.centos.pool.ntp.org iburst #server 3.centos.pool.ntp.org iburst #server ntp.aliyun.com iburst (这里我做实验时发现注释掉chrony.conf文件的服务器还会自动同步,找到原因是ntp.conf文件还有时间服务器会自动同步所有都注释掉之后不会自动同步。) [root@centos7 ~]#vim /etc/ntp.conf # use public servers from the pool.ntp.org project. # please consider joining the pool (http://www.pool.ntp.org/join.html). server 0.centos.pool.ntp.org iburst server 1.centos.pool.ntp.org iburst server 2.centos.pool.ntp.org iburst server 3.centos.pool.ntp.org iburst [root@centos7 ~]#date -s '-1 day' mon nov 11 10:25:47 cst 2019 [root@centos7 ~]#systemctl start ntpd [root@centos7 ~]#ntpdate 192.168.39.6 11 nov 10:26:00 ntpdate[13032]: the ntp socket is in use, exiting [root@centos7 ~]#date mon nov 11 10:26:02 cst 2019 [root@centos7 ~]#date mon nov 11 10:26:03 cst 2019 [root@centos7 ~]#date mon nov 11 10:26:05 cst 2019 [root@centos7 ~]#daet bash: daet: command not found... similar command is: 'date' [root@centos7 ~]#date mon nov 11 10:26:09 cst 2019 [root@centos7 ~]#date mon nov 11 10:26:11 cst 2019 [root@centos7 ~]#date mon nov 11 10:26:13 cst 2019 (这里关闭ntpd服务之后时间同步就可以用了,当然只是做实验做成这样的环境,正常可以自动同步时间,就不用调了,只是证明一下这个ntpd和ntpdate不可以同时使用。) [root@centos7 ~]#systemctl stop ntpd [root@centos7 ~]#ntpdate 192.168.39.6 12 nov 10:30:39 ntpdate[13126]: step time server 192.168.39.6 offset 86400.017498 sec [root@centos7 ~]#date tue nov 12 10:30:42 cst 2019
【例7】ntp充当服务器(最好在centos6做这个实验,centos7的话要更改chrony的配置文件或者禁用服务。) [root@centos6 ~]#vim /etc/ntp.conf # please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst #server 1.centos.pool.ntp.org iburst #server 2.centos.pool.ntp.org iburst #server 3.centos.pool.ntp.org iburst server ntp.aliyun.com iburst (以上都注释掉使用自己配置的时间服务器) [root@centos6 ~]$service ntpd start (开启ntpd服务) starting ntpd: [ ok ] [root@centos6 ~]$chkconfig ntpd on (开机启动ntpd) [root@centos6 ~]$ss -nul (查看监听123端口) state recv-q send-q local address:port peer address:port unconn 0 0 *:870 *:* unconn 0 0 *:111 *:* unconn 0 0 *:631 *:* unconn 0 0 192.168.39.6:123 *:* unconn 0 0 127.0.0.1:123 *:* unconn 0 0 *:123 *:* unconn 0 0 127.0.0.1:928 *:* unconn 0 0 *:34866 *:* unconn 0 0 :::46157 :::* unconn 0 0 :::870 :::* unconn 0 0 :::111 :::* unconn 0 0 fe80::20c:29ff:fed0:823c:123 :::* unconn 0 0 ::1:123 :::* unconn 0 0 :::123 :::* (这样就可以作为时间服务器使用了,但是只能在nat内网环境使用。)
- 在centos7上chrony软件实现时间同步
说明: /usr/bin/chronyc是客户端程序; /usr/sbin/chronyd是服务器端查询;
/usr/lib/systemd/system/chronyd.service是服务控制⽂件。
【例8】配置chrony为客户端,配置3个时间服务器地址 [root@centos7 ~]#date -s '-1 day' mon nov 11 11:07:57 cst 2019 [root@centos7 ~]#vim /etc/chrony.conf (添加三个时间服务器地址,把之前的注释掉。) server ntp.aliyun.com iburst server 172.16.0.1 iburst server ntp1.aliyun.com iburst [root@centos7 ~]#systemctl start chronyd (开启服务) [root@centos7 ~]#systemctl enable chronyd (开机自启动) created symlink from /etc/systemd/system/multi-user.target.wants/chronyd.service to /usr/lib/systemd/system/chronyd.service. [root@centos7 ~]#ss -nul (查看udp监听323端口) state recv-q send-q local address:port peer address:port unconn 0 0 *:39900 *:* unconn 0 0 192.168.122.1:53 *:* unconn 0 0 *%virbr0:67 *:* unconn 0 0 *:111 *:* unconn 0 0 *:123 *:* unconn 0 0 *:5353 *:* unconn 0 0 *:34053 *:* unconn 0 0 127.0.0.1:323 *:* unconn 0 0 *:929 *:* unconn 0 0 127.0.0.1:930 *:* unconn 0 0 :::111 :::* unconn 0 0 ::1:323 :::* unconn 0 0 :::37213 :::* unconn 0 0 :::929 :::* [root@centos7 ~]#date tue nov 12 11:07:40 cst 2019 (但是注意要是在启动服务之后在更改时间不会自动同步,需要重新启动服务立即同步时间。) [root@centos7 ~]#date -s '-1 day' mon nov 11 11:07:57 cst 2019 [root@centos7 ~]#date mon nov 11 11:07:59 cst 2019 [root@centos7 ~]#date mon nov 11 11:08:01 cst 2019 [root@centos7 ~]#date mon nov 11 11:08:02 cst 2019 [root@centos7 ~]#date mon nov 11 11:08:03 cst 2019 [root@centos7 ~]#systemctl start chronyd [root@centos7 ~]#date tue nov 12 11:07:40 cst 2019 【例9】chronyc客户端⼯具 [root@centos6 ~]# chronyc (进入交互式命令行) chronyc> help (查看帮助子命令) chronyc> sources -v (同步时钟) chronyc> quit (退出) [root@centos7 ~]#chronyc sources -v (非交互式命令查看同步时钟) 210 number of sources = 3 .-- source mode '^' = server, '=' = peer, '#' = local clock. / .- source state '*' = current synced, '+' = combined , '-' = not combined, | / '?' = unreachable, 'x' = time may be in error, '~' = time too variable. || .- xxxx [ yyyy ] +/- zzzz || reachability register (octal) -. | xxxx = adjusted offset, || log2(polling interval) --. | | yyyy = measured offset, || \ | | zzzz = estimated error. || | | \ ms name/ip address stratum poll reach lastrx last sample =============================================================================== ^? 172.16.0.1 0 8 0 - +0ns[ +0ns] +/- 0ns ^* 203.107.6.88 2 7 377 79 -1017us[-1218us] +/- 17ms ^+ 120.25.115.20 2 7 377 78 -304us[ -304us] +/- 23ms [root@centos7 ~]#systemctl status chronyd(查看开机是否启动) [root@centos7 ~]#systemctl enable chronyd(设置开机自启动)
在centos6上安装chrony软件包: [root@centos ~]# yum -y install chrony [root@centos ~]# service ntpd stop 查看ntpd是否开机启动: [root@centos ~]# chkconfig --list ntpd 把centos7当中时间服务器: [root@centos ~]# vim /etc/chorny.conf 其中: server 192.168.37.7 iburst [root@centos ~]# service chornyd start [root@centos ~]# chronyc sources -v 在centos7上配置,充当时间同步服务器: [root@centos ~]# vim /etc/chrony.conf 其中: server 172.16.0.1 iburst allow 192.168.37.0/24 local stratum 10 [root@centos ~]# systemctl restart chronyd 说明: allow 192.168.37.0/24表示哪些主机可以向该主机同步时间; allow 0.0.0.0/0表示允许所有主机向该主机同步时间; local stratum 10表示当互联网不能访问时间服务器时,仍然使用本机时间提供时间服务。 再回到centos6,同步: [root@centos ~]# chronyc sources -v 同步时间较慢。 显示:^* 192.168.37.7 即为成功。 总结:实现了使⽤⼀台主机向互联⽹上的时间服务器同步时间,在局域⽹内部,由其他主机向该主机同步时间即可。 在初始化脚本里,修改chrony配置文件。 sed 's/^server.*/#&/' /etc/chrony.conf echo server 172.16.0.1 iburst >> /etc/chrony.conf
- timedatectl命令
【例10】列出所有时区 [root@centos ~]# timedatectl list-timezones 【例11】查看当前时区状态 [root@centos ~]# timedatectl status 【例12】修改时区 [root@centos ~]# timedatectl set-timezone asia/shanghai [root@centos ~]# date 【例13】查看有效的配置⽂件 [root@centos ~]# grep -ev "^(#.*|)$" /etc/chrony.conf 或: [root@centos ~]# grep -ev "^#|^$" /etc/chrony.conf