使用ntp協議同步時間，chronyc sources -v 同步時間

我們找一臺服務器讓它的時間和互聯網同步，其他的主機和該服務器同步，帶寬可以充分利用，效率也更高。
因爲ntp服務器既是客戶端又是服務器，默認情況下，ntp是沒有啓用的，我們先要搞清楚是要當客戶端or服務器，
例如，目前我們的時間是錯誤的，要和遠程的服務器同步
我們拿172.20.0.1來做遠程主機，它是服務器，

1、[root@Centos6 ~]# yum install ntp

Loaded plugins: fastestmirror, refresh-packagekit, security
Setting up Install Process
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package ntp.x86_64 0:4.2.6p5-12.el6.centos.2 will be updated
---> Package ntp.x86_64 0:4.2.6p5-15.el6.centos will be an update
--> Processing Dependency: ntpdate = 4.2.6p5-15.el6.centos for package: ntp-4.2.6p5-15.el6.centos.x86_64
--> Running transaction check
---> Package ntpdate.x86_64 0:4.2.6p5-12.el6.centos.2 will be updated
---> Package ntpdate.x86_64 0:4.2.6p5-15.el6.centos will be an update
--> Finished Dependency Resolution

Dependencies Resolved

=====================================================================
Package Arch Version Repository Size

Updating:
ntp x86_64 4.2.6p5-15.el6.centos updates 600 k
Updating for dependencies:
ntpdate x86_64 4.2.6p5-15.el6.centos updates 79 k

Transaction Summary

Upgrade 2 Package(s)

Total download size: 679 k
Is this ok [y/N]: y
Downloading Packages:
(1/2): ntp-4.2.6p5-15.el6.centos.x86_64.rpm | 600 kB 00:00
(2/2): ntpdate-4.2.6p5-15.el6.centos.x86_64.r | 79 kB 00:00

Total 2.3 MB/s | 679 kB 00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Updating : ntpdate-4.2.6p5-15.el6.centos.x86_64 1/4
Updating : ntp-4.2.6p5-15.el6.centos.x86_64 2/4
Cleanup : ntp-4.2.6p5-12.el6.centos.2.x86_64 3/4
Cleanup : ntpdate-4.2.6p5-12.el6.centos.2.x86_64 4/4
Verifying : ntpdate-4.2.6p5-15.el6.centos.x86_64 1/4
Verifying : ntp-4.2.6p5-15.el6.centos.x86_64 2/4
Verifying : ntpdate-4.2.6p5-12.el6.centos.2.x86_64 3/4
Verifying : ntp-4.2.6p5-12.el6.centos.2.x86_64 4/4

Updated:
ntp.x86_64 0:4.2.6p5-15.el6.centos

Dependency Updated:
ntpdate.x86_64 0:4.2.6p5-15.el6.centos

Complete!

2、[root@centos7 ~]# rpm -ql ntp

/etc/dhcp/dhclient.d
/etc/dhcp/dhclient.d/ntp.sh
/etc/ntp.conf
/etc/ntp/crypto
/etc/ntp/crypto/pw
/etc/sysconfig/ntpd
/usr/bin/ntpstat
/usr/lib/systemd/ntp-units.d/60-ntpd.list
/usr/lib/systemd/system/ntpd.service
/usr/sbin/ntp-keygen
/usr/sbin/ntpd
/usr/sbin/ntpdc
/usr/sbin/ntpq
/usr/sbin/ntptime
/usr/sbin/tickadj
/usr/share/doc/ntp-4.2.6p5
/usr/share/doc/ntp-4.2.6p5/COPYRIGHT
/usr/share/doc/ntp-4.2.6p5/ChangeLog
/usr/share/doc/ntp-4.2.6p5/NEWS
/usr/share/man/man5/ntp.conf.5.gz
/usr/share/man/man5/ntp_acc.5.gz
/usr/share/man/man5/ntp_auth.5.gz
/usr/share/man/man5/ntp_clock.5.gz
/usr/share/man/man5/ntp_decode.5.gz
/usr/share/man/man5/ntp_misc.5.gz
/usr/share/man/man5/ntp_mon.5.gz
/usr/share/man/man8/ntp-keygen.8.gz
/usr/share/man/man8/ntpd.8.gz
/usr/share/man/man8/ntpdc.8.gz
/usr/share/man/man8/ntpq.8.gz
/usr/share/man/man8/ntpstat.8.gz
/usr/share/man/man8/ntptime.8.gz
/usr/share/man/man8/tickadj.8.gz
/var/lib/ntp
/var/lib/ntp/drift
/var/log/ntpstats

3、[root@Centos6 ~]# vim /etc/ntp.conf

# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile /var/lib/ntp/drift
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict -6 ::1
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 172.20.0.1 iburst:
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
"/etc/ntp.conf" 54L, 1804C      

我們添加上server 172.20.0.1 iburst(該詞爲加速同步的關鍵詞)

4、啓動腳本

[root@Centos6 ~]# service ntpd status
ntpd is stopped
[root@Centos6 ~]# service ntpd start
Starting ntpd: [ OK ]
[root@Centos6 ~]# date
Mon Jan 29 17:24:06 CST 2018
此時一旦啓動腳本，瞬間同步時間

5、我們故意把時間弄錯，再啓動腳本

[root@Centos6 ~]# date -s "-1 year"
Mon Jan 29 17:23:25 CST 2018
[root@Centos6 ~]# date
Mon Jan 29 17:23:28 CST 2018
[root@Centos6 ~]# service ntpd restart
Shutting down ntpd: [ OK ]
Starting ntpd: [ OK ]
[root@Centos6 ~]# date
Mon Jan 29 17:24:06 CST 2018
它是逐步同步的過程，所以不會馬上同步，然而，我們用如下命令它與主機時間同步：

[root@Centos6 ~]# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 172.20.0.1      5.103.139.163    2 u   37   64    1    1.979  -15.289   0.000
+ntp7.flashdance 194.58.202.20    2 u   33   64    1  490.878  -13.246  19.820
*85.199.214.101  .GPS.            1 u   30   64    1  309.518   39.975   1.333
 ntp.wdc1.us.lea .STEP.          16 u    -   64    0    0.000    0.000   0.000
 jp.linode.oxoox .STEP.          16 u    -   64    0    0.000    0.000   0.000

而我們應該用ntpdate命令實現與主機立即同步

[root@Centos6 ~]# ntpdate 172.20.0.1
29 Jan 17:25:33 ntpdate[29759]: the NTP socket is in use, exiting
它會報錯，因爲開啓了service ntpd restart ntp服務，
應該先暫停服務，再立即同步，最後再開啓服務。

[root@Centos6 ~]# service ntpd stop
Shutting down ntpd:                                        [  OK  ]
[root@Centos6 ~]# ntpdate 172.20.0.1
29 Jan 17:26:00 ntpdate[29779]: adjust time server 172.20.0.1 offset -0.015599 sec
[root@Centos6 ~]# service ntpd start
Starting ntpd:                                             [  OK  ]
[root@Centos6 ~]# date
Tue Jan 29 17:26:28 CST 2019

先確保時間一致，再走ntp協議！

ntp協議走的是udp協議的123端口，將來配置防火牆時，要把123端口打開.

使用chrony實現時間同步
首先，chrony也可以既當客戶端又可作服務器

1、先配置chrony客戶端

[root@centos7 ~]# vim /etc/chrony.conf

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
sercer 172.20.0.1
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst                                 

# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3
# Enable kernel synchronization of the real-time clock (RTC).
rtcsync
# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *
# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2
# Allow NTP client access from local network.

我們只需添加sercer 172.20.0.1把其他的server都註釋掉即可完成配置。

2、打開chrony狀態，此時爲關閉 如下：

[root@centos7 ~]# systemctl status chronyd.service
● chronyd.service - NTP client/server
Loaded: loaded (/usr/lib/systemd/system/chronyd.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:chronyd(8)
man:chrony.conf(5)

打開chronyc 專門的客戶端工具

[root@centos7 ~]# chronyc
chrony version 3.2
Copyright (C) 1997-2003, 2007, 2009-2017 Richard P. Curnow and others
chrony comes with ABSOLUTELY NO WARRANTY. This is free software, and
you are welcome to redistribute it under certain conditions. See the
GNU General Public License version 2 for details.

chronyc> help
System clock:
tracking Display system time information
makestep Correct clock by stepping immediately
makestep <threshold> <updates>
Configure automatic clock stepping
maxupdateskew <skew> Modify maximum valid skew to update frequency
waitsync [<max-tries> [<max-correction> [<max-skew> [<interval>]]]]
Wait until synchronised in specified limits
Time sources:
sources [-v] Display information about current sources
sourcestats [-v] Display statistics about collected measurements
reselect Force reselecting synchronisation source
reselectdist <dist> Modify reselection distance
使用chronyc sources -v
root@Centos6 ~]# chronyc sources -v
chronyc> sources -v
210 Number of sources = 1

.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample

^* gateway 2 6 177 23 +160us[ +271us] +/- 252ms
chronyc>

#####  vim /etc/chrony.conf 
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.s

server ntp.aliyun.com iburst
server ntp1.aliyun.com iburst
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst

# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift

# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3

我們添加了server ntp.aliyun.com iburst server ntp1.aliyun.com iburst 兩項，與互聯網同步的操作
把時間搞錯，把服務重新啓動：
[root@centos7 ~]# date -s "2 year"
Fri Jan 29 18:55:06 CST 2021
[root@centos7 ~]# systemctl restart chronyd
[root@centos7 ~]# date
Tue Jan 29 18:56:49 CST 2021
[root@centos7 ~]# chronyc sources -v
210 Number of sources = 2

.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample

^* 203.107.6.88 2 6 77 1 -1324us[-3791us] +/- 19ms
^+ 120.25.115.20 2 6 77 0 +1182us[+1182us] +/- 22ms
[root@centos7 ~]# date
Tue Jan 29 18:58:51 CST 2019
此時時間同步完成，相差兩年也會馬上同步，速度可見一斑。