Chronyd synchronization time (Server/Client) configuration

I'm not good at basic concepts. Cronyd was born after NTP.

Recently, I downloaded the latest Centos Linux 8.1, and found that there is no ntp service in it. Baidu yisou found that it was changed to Chronyd. This article is to deploy a server + client test.

Centos Linux 8.1 has the cronyd service installed by default. We just need to configure it.

Profile configuration

The red part requires server configuration, which is the basic configuration, mainly to realize the basic functions.

vim /etc/chrony.conf

# Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). # pool 2.centos.pool.ntp.org iburst # Synchronize time on which server server 192.168.94.133 iburst # Record the rate at which the system clock gains/losses time. driftfile /var/lib/chrony/drift # Allow the system clock to be stepped in the first three updates # if its offset is larger than 1 second. makestep 1.0 3 # Enable kernel synchronization of the real-time clock (RTC). rtcsync # Allow NTP client access from local network. # allow 192.168.0.0/16 # Which network segment's client synchronization time is allowed? 133 this is the server. allow 192.168.94.0/24 # Serve time even if not synchronized to a time source. # Literal translation, providing time even without synchronizing a time source. local stratum 10 # Specify file containing keys for NTP authentication. keyfile /etc/chrony.keys # Get TAI-UTC offset and leap seconds from the system tz database. leapsectz right/UTC

Start the chronyd and set it to start automatically

[root@filesystem ~]# systemctl start chronyd [root@filesystem ~]# systemctl enable chronyd

View the time synchronization. Only when the local node can synchronize, can other nodes synchronize

timedatectl is a time configuration tool, which is used to set time, time related configuration, etc.

[root@filesystem ~]# timedatectl Local time: V. 2020-05-29 11:17:46 EDT Universal time: V. 2020-05-29 15:17:46 UTC RTC time: V. 2020-05-29 15:17:46 Time zone: America/New_York (EDT, -0400) # When the value is yes, the synchronization is successful, if no, the synchronization is not successful, or the synchronization fails. System clock synchronized: yes NTP service: active RTC in local TZ: no [root@filesystem ~]#

Check where the current time is synchronized from. The host name is shown here. No impact.

[root@filesystem ~]# chronyc sources 210 Number of sources = 1 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* filesystem 10 7 377 537 +11us[ +25us] +/- 30us [root@filesystem ~]#

Firewall configuration

The firewall shall be able to release this service, close the firewall or release the corresponding ports and services.

Turn off the firewall and set the power on / off mode

Set firewall release rules

[root@filesystem ~]# netstat -antup | grep chrony udp 0 0 127.0.0.1:323 0.0.0.0:* 35191/chronyd udp 0 0 0.0.0.0:123 0.0.0.0:* 35191/chronyd udp6 0 0 ::1:323 :::* 35191/chronyd [root@filesystem ~]# # Only upd 123 port [root@filesystem ~]# firewall-cmd --permanent --add-port=123/tcp success [root@filesystem ~]# firewall-cmd --reload success [root@filesystem ~]#

Profile configuration

vim /etc/chrony.conf

# Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). # pool 2.centos.pool.ntp.org iburst server 192.168.94.133 iburst

Configure power on self start

[root@node1 ~]# systemctl restart chronyd [root@node1 ~]# systemctl enable chronyd [root@node1 ~]#

View synchronization status and information

[root@node1 ~]# timedatectl Local time: V. 2020-05-29 11:28:12 EDT Universal time: V. 2020-05-29 15:28:12 UTC RTC time: V. 2020-05-29 15:28:12 Time zone: America/New_York (EDT, -0400) System clock synchronized: yes NTP service: active RTC in local TZ: no [root@node1 ~]# chronyc sources 210 Number of sources = 1 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* filesystem 11 6 17 34 -520ns[+7955ns] +/- 15ms [root@node1 ~]#

We see yes, but how to judge whether it is the original time or synchronization. After all, the asynchronous time of many systems is similar.

We modify the time of the acronyd server.

This shows that the time can only be modified when the time is not synchronized, that is, if the time is in synchronization, it is not allowed to modify the time. Protect time.

[root@filesystem ~]# timedatectl Local time: V. 2020-05-29 11:30:40 EDT Universal time: V. 2020-05-29 15:30:40 UTC RTC time: V. 2020-05-29 15:30:40 Time zone: America/New_York (EDT, -0400) System clock synchronized: yes NTP service: active RTC in local TZ: no [root@filesystem ~]#

We test the effect, turn off ntp, change the time

timedatectl set-ntp 0

[root@filesystem ~]# timedatectl set-ntp 0 [root@filesystem ~]# timedatectl set-time "2020-06-01 01:01:01" [root@filesystem ~]# timedatectl set-ntp 1 [root@filesystem ~]# systemctl restart chronyd [root@filesystem ~]# timedatectl Local time: I. 2020-06-01 01:01:20 EDT Universal time: I. 2020-06-01 05:01:20 UTC RTC time: I. 2020-06-01 05:01:20 Time zone: America/New_York (EDT, -0400) System clock synchronized: yes NTP service: active RTC in local TZ: no [root@filesystem ~]#

Client view time

[root@node1 ~]# systemctl restart chronyd [root@node1 ~]# [root@node1 ~]# timedatectl Local time: I. 2020-06-01 01:01:55 EDT Universal time: I. 2020-06-01 05:01:55 UTC RTC time: V. 2020-05-29 15:46:52 Time zone: America/New_York (EDT, -0400) System clock synchronized: yes NTP service: active RTC in local TZ: no [root@node1 ~]#

The client can also be synchronized without restarting the service. If you go to do the experiment, you can test it.

There is always one on the way to study and keep fit

29 May 2020, 03:53 | Views: 4608