使用ntp协议同步时间，chronyc sources -v 同步时间

咱们找一台服务器让它的时间和互联网同步，其余的主机和该服务器同步，带宽能够充分利用，效率也更高。
由于ntp服务器既是客户端又是服务器，默认状况下，ntp是没有启用的，咱们先要搞清楚是要当客户端or服务器，
例如，目前咱们的时间是错误的，要和远程的服务器同步
咱们拿172.20.0.1来作远程主机，它是服务器，

一、[root@Centos6 ~]# yum install ntp

Loaded plugins: fastestmirror, refresh-packagekit, security
Setting up Install Process
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package ntp.x86_64 0:4.2.6p5-12.el6.centos.2 will be updated
---> Package ntp.x86_64 0:4.2.6p5-15.el6.centos will be an update
--> Processing Dependency: ntpdate = 4.2.6p5-15.el6.centos for package: ntp-4.2.6p5-15.el6.centos.x86_64
--> Running transaction check
---> Package ntpdate.x86_64 0:4.2.6p5-12.el6.centos.2 will be updated
---> Package ntpdate.x86_64 0:4.2.6p5-15.el6.centos will be an update
--> Finished Dependency Resolution

Dependencies Resolved

=====================================================================
Package Arch Version Repository Size

Updating:
ntp x86_64 4.2.6p5-15.el6.centos updates 600 k
Updating for dependencies:
ntpdate x86_64 4.2.6p5-15.el6.centos updates 79 k

Transaction Summary

Upgrade 2 Package(s)

Total download size: 679 k
Is this ok [y/N]: y
Downloading Packages:
(1/2): ntp-4.2.6p5-15.el6.centos.x86_64.rpm | 600 kB 00:00
(2/2): ntpdate-4.2.6p5-15.el6.centos.x86_64.r | 79 kB 00:00

Total 2.3 MB/s | 679 kB 00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Updating : ntpdate-4.2.6p5-15.el6.centos.x86_64 1/4
Updating : ntp-4.2.6p5-15.el6.centos.x86_64 2/4
Cleanup : ntp-4.2.6p5-12.el6.centos.2.x86_64 3/4
Cleanup : ntpdate-4.2.6p5-12.el6.centos.2.x86_64 4/4
Verifying : ntpdate-4.2.6p5-15.el6.centos.x86_64 1/4
Verifying : ntp-4.2.6p5-15.el6.centos.x86_64 2/4
Verifying : ntpdate-4.2.6p5-12.el6.centos.2.x86_64 3/4
Verifying : ntp-4.2.6p5-12.el6.centos.2.x86_64 4/4

Updated:
ntp.x86_64 0:4.2.6p5-15.el6.centos

Dependency Updated:
ntpdate.x86_64 0:4.2.6p5-15.el6.centos

Complete!

二、[root@centos7 ~]# rpm -ql ntp

/etc/dhcp/dhclient.d
/etc/dhcp/dhclient.d/ntp.sh
/etc/ntp.conf
/etc/ntp/crypto
/etc/ntp/crypto/pw
/etc/sysconfig/ntpd
/usr/bin/ntpstat
/usr/lib/systemd/ntp-units.d/60-ntpd.list
/usr/lib/systemd/system/ntpd.service
/usr/sbin/ntp-keygen
/usr/sbin/ntpd
/usr/sbin/ntpdc
/usr/sbin/ntpq
/usr/sbin/ntptime
/usr/sbin/tickadj
/usr/share/doc/ntp-4.2.6p5
/usr/share/doc/ntp-4.2.6p5/COPYRIGHT
/usr/share/doc/ntp-4.2.6p5/ChangeLog
/usr/share/doc/ntp-4.2.6p5/NEWS
/usr/share/man/man5/ntp.conf.5.gz
/usr/share/man/man5/ntp_acc.5.gz
/usr/share/man/man5/ntp_auth.5.gz
/usr/share/man/man5/ntp_clock.5.gz
/usr/share/man/man5/ntp_decode.5.gz
/usr/share/man/man5/ntp_misc.5.gz
/usr/share/man/man5/ntp_mon.5.gz
/usr/share/man/man8/ntp-keygen.8.gz
/usr/share/man/man8/ntpd.8.gz
/usr/share/man/man8/ntpdc.8.gz
/usr/share/man/man8/ntpq.8.gz
/usr/share/man/man8/ntpstat.8.gz
/usr/share/man/man8/ntptime.8.gz
/usr/share/man/man8/tickadj.8.gz
/var/lib/ntp
/var/lib/ntp/drift
/var/log/ntpstats

三、[root@Centos6 ~]# vim /etc/ntp.conf

# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile /var/lib/ntp/drift
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict -6 ::1
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 172.20.0.1 iburst:
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
"/etc/ntp.conf" 54L, 1804C

咱们添加上server 172.20.0.1 iburst(该词为加速同步的关键词)

四、启动脚本

[root@Centos6 ~]# service ntpd status
ntpd is stopped
[root@Centos6 ~]# service ntpd start
Starting ntpd: [ OK ]
[root@Centos6 ~]# date
Mon Jan 29 17:24:06 CST 2018
此时一旦启动脚本，瞬间同步时间

五、咱们故意把时间弄错，再启动脚本

[root@Centos6 ~]# date -s "-1 year"
Mon Jan 29 17:23:25 CST 2018
[root@Centos6 ~]# date
Mon Jan 29 17:23:28 CST 2018
[root@Centos6 ~]# service ntpd restart
Shutting down ntpd: [ OK ]
Starting ntpd: [ OK ]
[root@Centos6 ~]# date
Mon Jan 29 17:24:06 CST 2018
它是逐步同步的过程，因此不会立刻同步，然而，咱们用以下命令它与主机时间同步：

[root@Centos6 ~]# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 172.20.0.1      5.103.139.163    2 u   37   64    1    1.979  -15.289   0.000
+ntp7.flashdance 194.58.202.20    2 u   33   64    1  490.878  -13.246  19.820
*85.199.214.101  .GPS.            1 u   30   64    1  309.518   39.975   1.333
 ntp.wdc1.us.lea .STEP.          16 u    -   64    0    0.000    0.000   0.000
 jp.linode.oxoox .STEP.          16 u    -   64    0    0.000    0.000   0.000

而咱们应该用ntpdate命令实现与主机当即同步

[root@Centos6 ~]# ntpdate 172.20.0.1
29 Jan 17:25:33 ntpdate[29759]: the NTP socket is in use, exiting
它会报错，由于开启了service ntpd restart ntp服务，
应该先暂停服务，再当即同步，最后再开启服务。

[root@Centos6 ~]# service ntpd stop
Shutting down ntpd:                                        [  OK  ]
[root@Centos6 ~]# ntpdate 172.20.0.1
29 Jan 17:26:00 ntpdate[29779]: adjust time server 172.20.0.1 offset -0.015599 sec
[root@Centos6 ~]# service ntpd start
Starting ntpd:                                             [  OK  ]
[root@Centos6 ~]# date
Tue Jan 29 17:26:28 CST 2019

先确保时间一致，再走ntp协议！

ntp协议走的是udp协议的123端口，未来配置防火墙时，要把123端口打开.

使用chrony实现时间同步
首先，chrony也能够既当客户端又可做服务器

一、先配置chrony客户端

[root@centos7 ~]# vim /etc/chrony.conf

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
sercer 172.20.0.1
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst                                 

# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3
# Enable kernel synchronization of the real-time clock (RTC).
rtcsync
# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *
# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2
# Allow NTP client access from local network.

咱们只需添加sercer 172.20.0.1把其余的server都注释掉便可完成配置。

二、打开chrony状态，此时为关闭 以下：

[root@centos7 ~]# systemctl status chronyd.service
● chronyd.service - NTP client/server
Loaded: loaded (/usr/lib/systemd/system/chronyd.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:chronyd(8)
man:chrony.conf(5)

打开chronyc 专门的客户端工具

[root@centos7 ~]# chronyc
chrony version 3.2
Copyright (C) 1997-2003, 2007, 2009-2017 Richard P. Curnow and others
chrony comes with ABSOLUTELY NO WARRANTY. This is free software, and
you are welcome to redistribute it under certain conditions. See the
GNU General Public License version 2 for details.

chronyc> help
System clock:
tracking Display system time information
makestep Correct clock by stepping immediately
makestep <threshold> <updates>
Configure automatic clock stepping
maxupdateskew <skew> Modify maximum valid skew to update frequency
waitsync [<max-tries> [<max-correction> [<max-skew> [<interval>]]]]
Wait until synchronised in specified limits
Time sources:
sources [-v] Display information about current sources
sourcestats [-v] Display statistics about collected measurements
reselect Force reselecting synchronisation source
reselectdist <dist> Modify reselection distance
使用chronyc sources -v
root@Centos6 ~]# chronyc sources -v
chronyc> sources -v
210 Number of sources = 1

.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample

^* gateway 2 6 177 23 +160us[ +271us] +/- 252ms
chronyc>

#####  vim /etc/chrony.conf 
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.s

server ntp.aliyun.com iburst
server ntp1.aliyun.com iburst
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst

# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift

# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3

咱们添加了server ntp.aliyun.com iburst server ntp1.aliyun.com iburst 两项，与互联网同步的操做
把时间搞错，把服务从新启动：
[root@centos7 ~]# date -s "2 year"
Fri Jan 29 18:55:06 CST 2021
[root@centos7 ~]# systemctl restart chronyd
[root@centos7 ~]# date
Tue Jan 29 18:56:49 CST 2021
[root@centos7 ~]# chronyc sources -v
210 Number of sources = 2

.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample

^* 203.107.6.88 2 6 77 1 -1324us[-3791us] +/- 19ms^+ 120.25.115.20 2 6 77 0 +1182us[+1182us] +/- 22ms[root@centos7 ~]# dateTue Jan 29 18:58:51 CST 2019此时时间同步完成，相差两年也会立刻同步，速度可见一斑。