Linux Chrony 时间同步
Time plays an important role in Linux servers specially when they are used in banking, stock markets and other financial sectors. If we want all our Linux servers should have the correct time, then we must configure some NTP client which will fetch correct time always from remote NTP Servers and if needed makes the required adjustments for syncing the time.
In this article we will demonstrate how we can sync time with NTP servers in Linux Server using Chrony (NTP Client).
Chrony synchronize the system clock’s time faster and with better accuracy than the ntp. As of RHEL8/CentOS8, ntp is not available anymore, being replaced by the chrony.
安装 Chrony
Debian/Ubuntu 系统
sudo apt install -y chrony
sudo apt install chrony
RedHat/CentOS 系统
yum install -y chrony
Fedora 系统
dnf install -y chrony
安装完成后,Linux 系统会增加两个命令:
- chronyc : It is command line interface of chrony
- chronyd : It is daemon for chrony which start and enable chrony service across the reboot.
配置 Chrony
Chrony 的配置文件在不同发行版上的位置略有不同,通常是 /etc/chrony.conf 或者 /etc/chrony/chrony.conf,
# Welcome to the chrony configuration file. See chrony.conf(5) for more
# information about usuable directives.
# This will use (up to):
# - 4 sources from ntp.ubuntu.com which some are ipv6 enabled
# - 2 sources from 2.ubuntu.pool.ntp.org which is ipv6 enabled as well
# - 1 source from [01].ubuntu.pool.ntp.org each (ipv4 only atm)
# This means by default, up to 6 dual-stack and up to 2 additional IPv4-only
# sources will be used.
# At the same time it retains some protection against one of the entries being
# down (compare to just using one of the lines). See (LP: #1754358) for the
# discussion.
#
# About using servers from the NTP Pool Project in general see (LP: #104525).
# Approved by Ubuntu Technical Board on 2011-02-08.
# See http://www.pool.ntp.org/join.html for more information.
pool ntp.ubuntu.com iburst maxsources 4
pool 0.ubuntu.pool.ntp.org iburst maxsources 1
pool 1.ubuntu.pool.ntp.org iburst maxsources 1
pool 2.ubuntu.pool.ntp.org iburst maxsources 2
# This directive specify the location of the file containing ID/key pairs for
# NTP authentication.
keyfile /etc/chrony/chrony.keys
# This directive specify the file into which chronyd will store the rate
# information.
driftfile /var/lib/chrony/chrony.drift
# Uncomment the following line to turn logging on.
#log tracking measurements statistics
# Log files location.
logdir /var/log/chrony
# Stop bad estimates upsetting machine clock.
maxupdateskew 100.0
# This directive enables kernel synchronisation (every 11 minutes) of the
# real-time clock. Note that it can’t be used along with the 'rtcfile' directive.
rtcsync
# Step the system clock instead of slewing it if the adjustment is larger than
# one second, but only in the first three clock updates.
makestep 1 3
其中:
pool 0.europe.pool.ntp.org iburstis the remote NTP server from where chrony will fetch the time.driftfile /var/lib/chrony/driftis the drift file which contains drift datamakestep 1.0 3is the parameter which will step system clock (speedup or slow down) if adjustment is larger than 1 second but only for first 3 clock updateskeyfile /etc/chrony.keysas the name suggest this file contains keys for NTP authentication.logdir /var/log/chrony, it is the log file which logs of Chrony.
Testing Chrony
Just like ntpdate command in NTP distribution, we can use chronyd to sync time of our Linux server with remote NTP server manually,
语法
chronyd -q 'server {ntp_server_name} iburst'
例如:
$ date
$ chronyd -q 'server 0.europe.pool.ntp.org iburst'
$ date
As we can see in above output, chrony has corrected the system time, before running the chronyd command system time was almost 2 hours behind from accurate time.
启动 Chronyd 服务
Run the following commands to start and enable chronyd daemon so that it will be available across the reboots.
sudo systemctl start chronyd
sudo systemctl enable chronyd
Run the beneath command to verify the chronys service status
systemctl status chronyd
验证时间同步
Verify and Track Chrony Synchronization
To verify whether your system’s time is synchronized using chrony, issue the following command,
$ chronyc tracking
Reference ID : 78197314 (120.25.115.20)
Stratum : 3
Ref time (UTC) : Wed Dec 14 07:14:30 2022
System time : 0.000070560 seconds fast of NTP time
Last offset : +0.000299871 seconds
RMS offset : 0.007765118 seconds
Frequency : 18.610 ppm fast
Residual freq : +0.004 ppm
Skew : 0.193 ppm
Root delay : 0.009446586 seconds
Root dispersion : 0.006204020 seconds
Update interval : 1041.1 seconds
Leap status : Normal
其中,
- Reference ID is the ID and name of server to which your system’s time currently synced.
- Stratum , it indicates the number of hops away from the server with an attached reference clock we are.
Check Chrony Sources
To list information about the current time sources that the chronyd is using, run the following command,
$ chronyc sources
210 Number of sources = 7
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^- prod-ntp-3.ntp4.ps5.cano> 2 10 137 68 -16ms[ -16ms] +/- 129ms
^? prod-ntp-4.ntp4.ps5.cano> 0 6 0 - +0ns[ +0ns] +/- 0ns
^? prod-ntp-5.ntp4.ps5.cano> 0 6 0 - +0ns[ +0ns] +/- 0ns
^- 139.199.214.202 2 10 377 697 -1328us[-1328us] +/- 35ms
^- time.neu.edu.cn 1 10 277 411 +2588us[+2588us] +/- 29ms
^- ntp1.flashdance.cx 2 10 375 452 +35ms[ +35ms] +/- 203ms
^* 120.25.115.20 2 10 374 65m +574us[ +874us] +/- 7174us
To list more detailed information about sources then run the following command
$ chronyc sources -v
210 Number of sources = 7
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^- prod-ntp-3.ntp4.ps5.cano> 2 10 137 97 -16ms[ -16ms] +/- 129ms
^? prod-ntp-4.ntp4.ps5.cano> 0 6 0 - +0ns[ +0ns] +/- 0ns
^? prod-ntp-5.ntp4.ps5.cano> 0 6 0 - +0ns[ +0ns] +/- 0ns
^- 139.199.214.202 2 10 377 724 -1328us[-1328us] +/- 35ms
^- time.neu.edu.cn 1 10 277 438 +2588us[+2588us] +/- 29ms
^- ntp1.flashdance.cx 2 10 375 479 +35ms[ +35ms] +/- 203ms
^* 120.25.115.20 2 10 374 65m +574us[ +874us] +/- 7174us
Check Chrony Source Statistics
To list the information about drift speed and offset estimation of each source that the chronyd is using, run the following command
chronyc sourcestats -v
Configure Chrony NTP Server
Let’s assume you want to configure your Linux Server as a Chrony NTP server for all internal systems. To accomplish this, we need to uncomment two lines from configuration file “/etc/chrony.conf”
- local stratum 10
- allow 192.168.0.0/16
Execute the following commands
sed -i "s/#local stratum 10/local stratum 10/g" /etc/chrony.conf
sed -i "s/#allow 192.168.0.0\/16/allow 192.168.0.0\/16/" /etc/chrony.conf
When we uncomment the line “local stratum 10″ then makes our Linux Server as chrony NTP server and continue to work normally even if it is disconnected from network. Whereas “allow 192.168.0.0/26” indicates that clients from this network is allowed to make connection to our Chrony NTP server for time syncing.
After making changes restart chrony service and track chrony
systemctl restart chronyd ; watch chronyc tracking
Allow NTP Service in firewall using following command,
firewall-cmd --add-service=ntp –permanent
firewall-cmd --reload
That’s all from this article, I hope you get an idea how we can sync our linux system’s time with NTP server using chrony service and apart from this we have also learned how we can configure our own Chrony NTP server. Please do share your valuable feedback and comments.