Chronyd synchronization time (Server/Client) configuration

The chronyd time server, like the previous NTP function, provides time.

I'm not good at basic concepts. Cronyd was born after NTP.

Recently, I downloaded the latest Centos Linux 8.1, and found that there is no ntp service in it. Baidu yisou found that it was changed to Chronyd. This article is to deploy a server + client test.

1. Server side

Centos Linux 8.1 has the cronyd service installed by default. We just need to configure it.

Profile configuration

The red part requires server configuration, which is the basic configuration, mainly to realize the basic functions.

vim /etc/chrony.conf

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
# pool 2.centos.pool.ntp.org iburst
# Synchronize time on which server
server 192.168.94.133 iburst
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift

# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3

# Enable kernel synchronization of the real-time clock (RTC).
rtcsync

# Allow NTP client access from local network.
# allow 192.168.0.0/16
# Which network segment's client synchronization time is allowed? 133 this is the server.
allow 192.168.94.0/24

# Serve time even if not synchronized to a time source.
# Literal translation, providing time even without synchronizing a time source.
local stratum 10
# Specify file containing keys for NTP authentication.
keyfile /etc/chrony.keys

# Get TAI-UTC offset and leap seconds from the system tz database.
leapsectz right/UTC

Start the chronyd and set it to start automatically

[root@filesystem ~]# systemctl start chronyd
[root@filesystem ~]# systemctl enable chronyd

View the time synchronization. Only when the local node can synchronize, can other nodes synchronize

timedatectl is a time configuration tool, which is used to set time, time related configuration, etc.

[root@filesystem ~]# timedatectl
               Local time: V. 2020-05-29 11:17:46 EDT
           Universal time: V. 2020-05-29 15:17:46 UTC
                 RTC time: V. 2020-05-29 15:17:46
                Time zone: America/New_York (EDT, -0400)
# When the value is yes, the synchronization is successful, if no, the synchronization is not successful, or the synchronization fails.
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no
[root@filesystem ~]#

Check where the current time is synchronized from. The host name is shown here. No impact.

[root@filesystem ~]# chronyc sources
210 Number of sources = 1
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^* filesystem                   10   7   377   537    +11us[  +25us] +/-   30us
[root@filesystem ~]#

Firewall configuration

The firewall shall be able to release this service, close the firewall or release the corresponding ports and services.

Turn off the firewall and set the power on / off mode

[root@filesystem ~]# systemctl stop firewalld
[root@filesystem ~]# systemctl disable firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@filesystem ~]#

Set firewall release rules

[root@filesystem ~]# netstat -antup | grep chrony
udp        0      0 127.0.0.1:323           0.0.0.0:*                           35191/chronyd
udp        0      0 0.0.0.0:123             0.0.0.0:*                           35191/chronyd
udp6       0      0 ::1:323                 :::*                                35191/chronyd
[root@filesystem ~]#
# Only upd 123 port
[root@filesystem ~]# firewall-cmd --permanent --add-port=123/tcp
success
[root@filesystem ~]# firewall-cmd --reload
success
[root@filesystem ~]#

2. Client configuration

Profile configuration

vim /etc/chrony.conf

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
# pool 2.centos.pool.ntp.org iburst
server 192.168.94.133 iburst

Configure power on self start

[root@node1 ~]# systemctl restart chronyd
[root@node1 ~]# systemctl enable chronyd
[root@node1 ~]#

View synchronization status and information

[root@node1 ~]# timedatectl
               Local time: V. 2020-05-29 11:28:12 EDT
           Universal time: V. 2020-05-29 15:28:12 UTC
                 RTC time: V. 2020-05-29 15:28:12
                Time zone: America/New_York (EDT, -0400)
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no
[root@node1 ~]# chronyc sources
210 Number of sources = 1
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^* filesystem                   11   6    17    34   -520ns[+7955ns] +/-   15ms
[root@node1 ~]#

We see yes, but how to judge whether it is the original time or synchronization. After all, the asynchronous time of many systems is similar.

3. Set time

We modify the time of the acronyd server.

This shows that the time can only be modified when the time is not synchronized, that is, if the time is in synchronization, it is not allowed to modify the time. Protect time.

[root@filesystem ~]# timedatectl
               Local time: V. 2020-05-29 11:30:40 EDT
           Universal time: V. 2020-05-29 15:30:40 UTC
                 RTC time: V. 2020-05-29 15:30:40
                Time zone: America/New_York (EDT, -0400)
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no
[root@filesystem ~]#

We test the effect, turn off ntp, change the time

timedatectl set-ntp 0

[root@filesystem ~]# timedatectl set-ntp 0
[root@filesystem ~]# timedatectl set-time "2020-06-01 01:01:01"
[root@filesystem ~]# timedatectl set-ntp 1
[root@filesystem ~]# systemctl restart chronyd
[root@filesystem ~]# timedatectl
               Local time: I. 2020-06-01 01:01:20 EDT
           Universal time: I. 2020-06-01 05:01:20 UTC
                 RTC time: I. 2020-06-01 05:01:20
                Time zone: America/New_York (EDT, -0400)
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no
[root@filesystem ~]#

Client view time

[root@node1 ~]# systemctl restart chronyd
[root@node1 ~]#
[root@node1 ~]# timedatectl
               Local time: I. 2020-06-01 01:01:55 EDT
           Universal time: I. 2020-06-01 05:01:55 UTC
                 RTC time: V. 2020-05-29 15:46:52
                Time zone: America/New_York (EDT, -0400)
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no
[root@node1 ~]#

The client can also be synchronized without restarting the service. If you go to do the experiment, you can test it.


There is always one on the way to study and keep fit

Tags: Linux firewall CentOS vim

Posted on Fri, 29 May 2020 03:53:18 -0400 by valtido