使用ntp协议同步时间，chronyc sources -v 同步时间

我们找一台服务器让它的时间和互联网同步，其他的主机和该服务器同步，带宽可以充分利用，效率也更高。
因为ntp服务器既是客户端又是服务器，默认情况下，ntp是没有启用的，我们先要搞清楚是要当客户端or服务器，
例如，目前我们的时间是错误的，要和远程的服务器同步
我们拿172.20.0.1来做远程主机，它是服务器，

1、[root@Centos6 ~]# yum install ntp

Loaded plugins: fastestmirror, refresh-packagekit, security
Setting up Install Process
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package ntp.x86_64 0:4.2.6p5-12.el6.centos.2 will be updated
---> Package ntp.x86_64 0:4.2.6p5-15.el6.centos will be an update
--> Processing Dependency: ntpdate = 4.2.6p5-15.el6.centos for package: ntp-4.2.6p5-15.el6.centos.x86_64
--> Running transaction check
---> Package ntpdate.x86_64 0:4.2.6p5-12.el6.centos.2 will be updated
---> Package ntpdate.x86_64 0:4.2.6p5-15.el6.centos will be an update
--> Finished Dependency Resolution

Dependencies Resolved

=====================================================================
Package Arch Version Repository Size

Updating:
ntp x86_64 4.2.6p5-15.el6.centos updates 600 k
Updating for dependencies:
ntpdate x86_64 4.2.6p5-15.el6.centos updates 79 k

Transaction Summary

Upgrade 2 Package(s)

Total download size: 679 k
Is this ok [y/N]: y
Downloading Packages:
(1/2): ntp-4.2.6p5-15.el6.centos.x86_64.rpm | 600 kB 00:00
(2/2): ntpdate-4.2.6p5-15.el6.centos.x86_64.r | 79 kB 00:00

Total 2.3 MB/s | 679 kB 00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Updating : ntpdate-4.2.6p5-15.el6.centos.x86_64 1/4
Updating : ntp-4.2.6p5-15.el6.centos.x86_64 2/4
Cleanup : ntp-4.2.6p5-12.el6.centos.2.x86_64 3/4
Cleanup : ntpdate-4.2.6p5-12.el6.centos.2.x86_64 4/4
Verifying : ntpdate-4.2.6p5-15.el6.centos.x86_64 1/4
Verifying : ntp-4.2.6p5-15.el6.centos.x86_64 2/4
Verifying : ntpdate-4.2.6p5-12.el6.centos.2.x86_64 3/4
Verifying : ntp-4.2.6p5-12.el6.centos.2.x86_64 4/4

Updated:
ntp.x86_64 0:4.2.6p5-15.el6.centos

Dependency Updated:
ntpdate.x86_64 0:4.2.6p5-15.el6.centos

Complete!

2、[root@centos7 ~]# rpm -ql ntp

/etc/dhcp/dhclient.d
/etc/dhcp/dhclient.d/ntp.sh
/etc/ntp.conf
/etc/ntp/crypto
/etc/ntp/crypto/pw
/etc/sysconfig/ntpd
/usr/bin/ntpstat
/usr/lib/systemd/ntp-units.d/60-ntpd.list
/usr/lib/systemd/system/ntpd.service
/usr/sbin/ntp-keygen
/usr/sbin/ntpd
/usr/sbin/ntpdc
/usr/sbin/ntpq
/usr/sbin/ntptime
/usr/sbin/tickadj
/usr/share/doc/ntp-4.2.6p5
/usr/share/doc/ntp-4.2.6p5/COPYRIGHT
/usr/share/doc/ntp-4.2.6p5/ChangeLog
/usr/share/doc/ntp-4.2.6p5/NEWS
/usr/share/man/man5/ntp.conf.5.gz
/usr/share/man/man5/ntp_acc.5.gz
/usr/share/man/man5/ntp_auth.5.gz
/usr/share/man/man5/ntp_clock.5.gz
/usr/share/man/man5/ntp_decode.5.gz
/usr/share/man/man5/ntp_misc.5.gz
/usr/share/man/man5/ntp_mon.5.gz
/usr/share/man/man8/ntp-keygen.8.gz
/usr/share/man/man8/ntpd.8.gz
/usr/share/man/man8/ntpdc.8.gz
/usr/share/man/man8/ntpq.8.gz
/usr/share/man/man8/ntpstat.8.gz
/usr/share/man/man8/ntptime.8.gz
/usr/share/man/man8/tickadj.8.gz
/var/lib/ntp
/var/lib/ntp/drift
/var/log/ntpstats

3、[root@Centos6 ~]# vim /etc/ntp.conf

# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile /var/lib/ntp/drift
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict -6 ::1
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 172.20.0.1 iburst:
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
"/etc/ntp.conf" 54L, 1804C      

我们添加上server 172.20.0.1 iburst(该词为加速同步的关键词)

4、启动脚本

[root@Centos6 ~]# service ntpd status
ntpd is stopped
[root@Centos6 ~]# service ntpd start
Starting ntpd: [ OK ]
[root@Centos6 ~]# date
Mon Jan 29 17:24:06 CST 2018
此时一旦启动脚本，瞬间同步时间

5、我们故意把时间弄错，再启动脚本

[root@Centos6 ~]# date -s "-1 year"
Mon Jan 29 17:23:25 CST 2018
[root@Centos6 ~]# date
Mon Jan 29 17:23:28 CST 2018
[root@Centos6 ~]# service ntpd restart
Shutting down ntpd: [ OK ]
Starting ntpd: [ OK ]
[root@Centos6 ~]# date
Mon Jan 29 17:24:06 CST 2018
它是逐步同步的过程，所以不会马上同步，然而，我们用如下命令它与主机时间同步：

[root@Centos6 ~]# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 172.20.0.1      5.103.139.163    2 u   37   64    1    1.979  -15.289   0.000
+ntp7.flashdance 194.58.202.20    2 u   33   64    1  490.878  -13.246  19.820
*85.199.214.101  .GPS.            1 u   30   64    1  309.518   39.975   1.333
 ntp.wdc1.us.lea .STEP.          16 u    -   64    0    0.000    0.000   0.000
 jp.linode.oxoox .STEP.          16 u    -   64    0    0.000    0.000   0.000

而我们应该用ntpdate命令实现与主机立即同步

[root@Centos6 ~]# ntpdate 172.20.0.1
29 Jan 17:25:33 ntpdate[29759]: the NTP socket is in use, exiting
它会报错，因为开启了service ntpd restart ntp服务，
应该先暂停服务，再立即同步，最后再开启服务。

[root@Centos6 ~]# service ntpd stop
Shutting down ntpd:                                        [  OK  ]
[root@Centos6 ~]# ntpdate 172.20.0.1
29 Jan 17:26:00 ntpdate[29779]: adjust time server 172.20.0.1 offset -0.015599 sec
[root@Centos6 ~]# service ntpd start
Starting ntpd:                                             [  OK  ]
[root@Centos6 ~]# date
Tue Jan 29 17:26:28 CST 2019

先确保时间一致，再走ntp协议！

ntp协议走的是udp协议的123端口，将来配置防火墙时，要把123端口打开.

使用chrony实现时间同步
首先，chrony也可以既当客户端又可作服务器

1、先配置chrony客户端

[root@centos7 ~]# vim /etc/chrony.conf

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
sercer 172.20.0.1
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst                                 

# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3
# Enable kernel synchronization of the real-time clock (RTC).
rtcsync
# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *
# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2
# Allow NTP client access from local network.

我们只需添加sercer 172.20.0.1把其他的server都注释掉即可完成配置。

2、打开chrony状态，此时为关闭 如下：

[root@centos7 ~]# systemctl status chronyd.service
● chronyd.service - NTP client/server
Loaded: loaded (/usr/lib/systemd/system/chronyd.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:chronyd(8)
man:chrony.conf(5)

打开chronyc 专门的客户端工具

[root@centos7 ~]# chronyc
chrony version 3.2
Copyright (C) 1997-2003, 2007, 2009-2017 Richard P. Curnow and others
chrony comes with ABSOLUTELY NO WARRANTY. This is free software, and
you are welcome to redistribute it under certain conditions. See the
GNU General Public License version 2 for details.

chronyc> help
System clock:
tracking Display system time information
makestep Correct clock by stepping immediately
makestep
Configure automatic clock stepping
maxupdateskew Modify maximum valid skew to update frequency
waitsync [ [ [ []]]]
Wait until synchronised in specified limits
Time sources:
sources [-v] Display information about current sources
sourcestats [-v] Display statistics about collected measurements
reselect Force reselecting synchronisation source
reselectdist Modify reselection distance
使用chronyc sources -v
root@Centos6 ~]# chronyc sources -v
chronyc> sources -v
210 Number of sources = 1

.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample

^* gateway 2 6 177 23 +160us[ +271us] +/- 252ms
chronyc>

#####  vim /etc/chrony.conf 
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.s

server ntp.aliyun.com iburst
server ntp1.aliyun.com iburst
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst

# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift

# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3

我们添加了server ntp.aliyun.com iburst server ntp1.aliyun.com iburst 两项，与互联网同步的操作
把时间搞错，把服务重新启动：
[root@centos7 ~]# date -s "2 year"
Fri Jan 29 18:55:06 CST 2021
[root@centos7 ~]# systemctl restart chronyd
[root@centos7 ~]# date
Tue Jan 29 18:56:49 CST 2021
[root@centos7 ~]# chronyc sources -v
210 Number of sources = 2

.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample

^* 203.107.6.88 2 6 77 1 -1324us[-3791us] +/- 19ms
^+ 120.25.115.20 2 6 77 0 +1182us[+1182us] +/- 22ms
[root@centos7 ~]# date
Tue Jan 29 18:58:51 CST 2019
此时时间同步完成，相差两年也会马上同步，速度可见一斑。