时间同步服务 chromy

• 目录

  • 1. chrony 服务器端配置
  • 2. chrony 客户端配置
  • 3. systemd 服务文件
  • 4. /etc/chrony.conf 释义
  • 5. 其他

1. chrony 服务器端配置

假设chrony服务器端192.168.1.1

$ cat /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
server ntp1.aliyun.com iburst
server ntp2.aliyun.com iburst
pool pool.ntp.org iburst

# Ignor source level
stratumweight 0

# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift

# Allow the system clock to be stepped in the first five updates
# if its offset is larger than 1 second.
makestep 1 5

# Enable kernel synchronization of the real-time clock (RTC).
rtcsync

# Allow NTP client access from local network.
allow 0.0.0.0/0

# Serve time even if not synchronized to a time source.
local stratum 10

# Select which information is logged.
#log measurements statistics tracking

#
noclientlog

2. chrony 客户端配置

$ cat /etc/chrony.conf
# Use local chrony server.
server 192.168.1.1 iburst

# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift

# Allow the system clock to be stepped in the first five updates
# if its offset is larger than 1 second.
makestep 1 5

# Enable kernel synchronization of the real-time clock (RTC).
rtcsync

# Select which information is logged.
#log measurements statistics tracking

3. systemd 服务文件

/etc/systemd/system/chrony.service

[Unit]
Description=chrony
Documentation=https://github.com/kubeasz/dockerfiles/chrony
After=docker.service
Requires=docker.service

[Service]
User=root
ExecStart=/opt/kube/bin/docker run 
  --cap-add SYS_TIME 
  --name chrony 
  --network host 
  --volume /etc/chrony.conf:/etc/chrony/chrony.conf 
  --volume /var/lib/chrony:/var/lib/chrony 
  easzlab/chrony:0.1.0
ExecStartPost=/sbin/iptables -t raw -A PREROUTING -p udp -m udp --dport 123 -j NOTRACK
ExecStartPost=/sbin/iptables -t raw -A OUTPUT -p udp -m udp --sport 123 -j NOTRACK
ExecStop=/opt/kube/bin/docker rm -f chrony
Restart=always
RestartSec=10
Delegate=yes

[Install]
WantedBy=multi-user.target

4. /etc/chrony.conf 释义

# 同步使用的端口
acquisitionport 1123

# 存储Server时间的本地目录
dumpdir /var/run/chrony

# Ignore stratum in source selection.
stratumweight 0.01

# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift

# 闰秒配置,17h34m消化1s
leapsecmode slew
maxslewrate 1000
smoothtime 400 0.001 leaponly

# In first three updates step the system clock instead of slew
# if the adjustment is larger than 10 seconds.
# makestep 0.1 3

## Server config
# Allow NTP client access from local network.
allow 0.0.0.0/0

# Listen for commands only on localhost.
bindaddress 0.0.0.0
port 123
clientloglimit 1073741824
#ratelimit interval 1
#ratelimit burst 16
# Serve time even if not synchronized to any NTP server.
local stratum 5 distance 20
maxdistance 20

## Command config
bindcmdaddress 127.0.0.1
bindcmdaddress /var/run/chrony/chronyd.sock
cmdallow all

## Real Time clock(RTC)
hwclockfile /etc/adjtime
rtcautotrim 10
rtcsync

keyfile /etc/chrony.keys

# Specify the key used as password for chronyc.
commandkey 1

# Generate command key if missing.
generatecommandkey

## Log
# Send a message to syslog if a clock adjustment is larger than 0.5 seconds.
logchange 0.1
log measurements statistics tracking
logdir /var/log/chrony

# Server配置
#ip address is the stable clock source which customer provided
bindacqaddress 172.16.79.6
server ntp.aliyun.com iburst minpoll 4 maxpoll 6 prefer
server cn.ntp.org.cn iburst minpoll 4 maxpoll 6

5. 其他

chronyc sources -v   	 # 查看时间同步情况
chronyc -n tracking -v   # 查看偏移时间
ntpd -q