⽹絡時間服務和chrony 實驗練習: 1. 準備實驗環境: 2. 時間同步(centos6) 3. ntp軟體實現時間同步(centos6) centos6上預設安裝了ntp軟體包(包括客戶端和伺服器端),但是ntp同步需要⼀定時間才能完全同步時間的,⽽chrony同步時間⽐ntp快。centos ...
⽹絡時間服務和chrony
實驗練習:
- 準備實驗環境:
可用的centos6、7系統。
centos6 :192.168.37.6
centos7 :192.168.37.7
關閉selinux
關閉防火牆:cetos6 systemctl disable firewalld
centos7 chkconfig iptables off- 時間同步(centos6)
【例1】date命令查看系統時間
[root@Magedu ~]# date
Tue Jan 29 14:32:00 CST 2019
【例2】查看硬體時鐘
[root@Magedu ~]# clock
Tue 29 Jan 2019 02:49:13 PM CST -0.334741 seconds
【例3】修改系統時間為2018年
[root@Magedu ~]# date -s '-1 year'
[root@Magedu ~]# date
Tue Jan 29 14:33:00 CST 2019
但此時硬體時間依然沒修改,若要修改硬體時間則:
[root@Magedu ~]# clock -w- ntp軟體實現時間同步(centos6)
centos6上預設安裝了ntp軟體包(包括客戶端和伺服器端),但是ntp同步需要⼀定時間才能完全同步時間的,⽽chrony同步時間⽐ntp快。centos7預設安裝了chronyd服務。
【例4】在 centos6上查看ntp軟體、修改配置⽂件
[root@centos6 ~]$rpm -ql ntp
/etc/dhcp/dhclient.d
/etc/dhcp/dhclient.d/ntp.sh
/etc/ntp.conf
/etc/ntp/crypto
/etc/ntp/crypto/pw
/etc/rc.d/init.d/ntpd
/etc/sysconfig/ntpd
/usr/bin/ntpstat
/usr/sbin/ntp-keygen
/usr/sbin/ntpd
/usr/sbin/ntpdc
/usr/sbin/ntpq
/usr/sbin/ntptime
/usr/sbin/tickadj
(查看ntp包)
[root@centos6 ~]$vim /etc/ntp.conf
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
(以上都註釋掉)
server ntp.aliyun.com iburst(這裡加這一行作為同步時間伺服器)
[root@centos6 ~]$service ntpd start (啟動ntpd服務)
Starting ntpd: [ OK ]
[root@centos6 ~]$chkconfig ntpd on (開機啟動)
[root@centos6 ~]$ss -nul (監聽了udp的123埠;)
State Recv-Q Send-Q Local Address:Port Peer Address:Port
UNCONN 0 0 *:870 *:*
UNCONN 0 0 *:111 *:*
UNCONN 0 0 *:631 *:*
UNCONN 0 0 192.168.39.6:123 *:*
UNCONN 0 0 127.0.0.1:123 *:*
UNCONN 0 0 *:123 *:*
UNCONN 0 0 127.0.0.1:928 *:*
UNCONN 0 0 *:34866 *:*
UNCONN 0 0 :::46157 :::*
UNCONN 0 0 :::870 :::*
UNCONN 0 0 :::111 :::*
UNCONN 0 0 fe80::20c:29ff:fed0:823c:123 :::*
UNCONN 0 0 ::1:123 :::*
UNCONN 0 0 :::123 :::*
[root@centos6 ~]$ntpq -p (查看同步狀態)
remote refid st t when poll reach delay offset jitter
==============================================================================
*203.107.6.88 100.107.25.114 2 u 62 64 7 14.783 -14.752 1.787 (前面為*時同步成功)
說明:ntp.aliyun.com 是時間伺服器的ip地址;iburst是加速同步時間。如果時間相差較⼤,是不能完成實時同步的。【例5】ntpdate命令,⽴即同步
[root@centos6 ~]$date
Mon Nov 11 22:02:55 CST 2019
[root@centos6 ~]$date -s '-1 day'
Sun Nov 10 22:03:10 CST 2019
[root@centos6 ~]$ntpdate ntp.aliyun.com
10 Nov 22:03:13 ntpdate[4232]: the NTP socket is in use, exiting
[root@centos6 ~]$date
Sun Nov 10 22:03:16 CST 2019
[root@centos6 ~]$service ntpd stop
Shutting down ntpd: [ OK ]
[root@centos6 ~]$ntpdate ntp.aliyun.com
11 Nov 22:04:06 ntpdate[4253]: step time server 203.107.6.88 offset 86399.986747 sec
[root@centos6 ~]$date
Mon Nov 11 22:04:08 CST 2019
ntp時間相差較⼤,是不能完成實時同步,那麼可以⽤ntpdate命令來完成:
(註意:如果按上述實驗操作的話,切記關閉ntpd服務,在使用ntpdate同步時間,之前是為了查看同步狀態才開啟,這兩個服務不可以同時啟用。)【例6】根據上例,centos6開啟了ntpd服務,也可當做時間伺服器被它⼈使⽤
[root@centos6 ~]$service ntpd start
Starting ntpd: [ OK ]
[root@centos7 ~]#date -s '-1 day'
Mon Nov 11 09:56:26 CST 2019
[root@centos7 ~]#ntpdate 192.168.39.6
12 Nov 09:56:33 ntpdate[12472]: step time server 192.168.39.6 offset 86397.761731 sec
[root@centos7 ~]#date
Tue Nov 12 09:56:35 CST 2019
(同上例使用ntpdate時不可以開啟ntpd服務)
[root@centos7 ~]#date -s '-1 year'
Mon Nov 12 10:01:33 CST 2018
[root@centos7 ~]#systemctl start ntpd
[root@centos7 ~]#ntpdate 192.168.39.6
12 Nov 10:01:37 ntpdate[12561]: the NTP socket is in use, exiting
[root@centos7 ~]#date
Mon Nov 12 10:01:42 CST 2018
[root@centos7 ~]#date
Mon Nov 12 10:01:44 CST 2018
[root@centos7 ~]#date
Mon Nov 12 10:01:52 CST 2018
[root@centos7 ~]#date
Mon Nov 12 10:02:02 CST 2018
(關閉ntpd同步時間)
[root@centos7 ~]#systemctl stop ntpd
[root@centos7 ~]#ntpdate 192.168.39.6
12 Nov 10:04:16 ntpdate[12603]: step time server 192.168.39.6 offset 31536000.031123 sec
[root@centos7 ~]#date
Tue Nov 12 10:04:19 CST 2019
註意:(如果你的centos7配置了/etc/chrony.conf文件的上游伺服器,時間會自動同步)
【例】更改centos7時間為一天以前,開啟ntpd服務同步時間,同時實驗chrony.conf配置文件設置上游伺服器和不設置的區別。
[root@centos7 ~]#vim /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server ntp.aliyun.com iburst(開啟服務並配置chrony.conf文件上游伺服器)
(顯示是ntpd正在使用無法同步但是之後會把時間自動同步回來)
[root@centos7 ~]#date -s '-1 day'
Mon Nov 11 10:05:40 CST 2019
[root@centos7 ~]#systemctl start ntpd
[root@centos7 ~]#ntpdate 192.168.39.6
11 Nov 10:06:07 ntpdate[12644]: the NTP socket is in use, exiting
[root@centos7 ~]#date
Mon Nov 11 10:06:09 CST 2019
[root@centos7 ~]#date
Tue Nov 12 10:06:12 CST 2019
You have new mail in /var/spool/mail/root
(註釋掉配置的上游伺服器)
[root@centos7 ~]#vim /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
#server ntp.aliyun.com iburst
(這裡我做實驗時發現註釋掉chrony.conf文件的伺服器還會自動同步,找到原因是ntp.conf文件還有時間伺服器會自動同步所有都註釋掉之後不會自動同步。)
[root@centos7 ~]#vim /etc/ntp.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
[root@centos7 ~]#date -s '-1 day'
Mon Nov 11 10:25:47 CST 2019
[root@centos7 ~]#systemctl start ntpd
[root@centos7 ~]#ntpdate 192.168.39.6
11 Nov 10:26:00 ntpdate[13032]: the NTP socket is in use, exiting
[root@centos7 ~]#date
Mon Nov 11 10:26:02 CST 2019
[root@centos7 ~]#date
Mon Nov 11 10:26:03 CST 2019
[root@centos7 ~]#date
Mon Nov 11 10:26:05 CST 2019
[root@centos7 ~]#daet
bash: daet: command not found...
Similar command is: 'date'
[root@centos7 ~]#date
Mon Nov 11 10:26:09 CST 2019
[root@centos7 ~]#date
Mon Nov 11 10:26:11 CST 2019
[root@centos7 ~]#date
Mon Nov 11 10:26:13 CST 2019
(這裡關閉ntpd服務之後時間同步就可以用了,當然只是做實驗做成這樣的環境,正常可以自動同步時間,就不用調了,只是證明一下這個ntpd和ntpdate不可以同時使用。)
[root@centos7 ~]#systemctl stop ntpd
[root@centos7 ~]#ntpdate 192.168.39.6
12 Nov 10:30:39 ntpdate[13126]: step time server 192.168.39.6 offset 86400.017498 sec
[root@centos7 ~]#date
Tue Nov 12 10:30:42 CST 2019【例7】ntp充當伺服器(最好在centos6做這個實驗,centos7的話要更改chrony的配置文件或者禁用服務。)
[root@centos6 ~]#vim /etc/ntp.conf
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#Server 3.centos.pool.ntp.org iburst
server ntp.aliyun.com iburst (以上都註釋掉使用自己配置的時間伺服器)
[root@centos6 ~]$service ntpd start (開啟ntpd服務)
Starting ntpd: [ OK ]
[root@centos6 ~]$chkconfig ntpd on (開機啟動ntpd)
[root@centos6 ~]$ss -nul (查看監聽123埠)
State Recv-Q Send-Q Local Address:Port Peer Address:Port
UNCONN 0 0 *:870 *:*
UNCONN 0 0 *:111 *:*
UNCONN 0 0 *:631 *:*
UNCONN 0 0 192.168.39.6:123 *:*
UNCONN 0 0 127.0.0.1:123 *:*
UNCONN 0 0 *:123 *:*
UNCONN 0 0 127.0.0.1:928 *:*
UNCONN 0 0 *:34866 *:*
UNCONN 0 0 :::46157 :::*
UNCONN 0 0 :::870 :::*
UNCONN 0 0 :::111 :::*
UNCONN 0 0 fe80::20c:29ff:fed0:823c:123 :::*
UNCONN 0 0 ::1:123 :::*
UNCONN 0 0 :::123 :::*
(這樣就可以作為時間伺服器使用了,但是只能在NAT內網環境使用。)- 在centos7上chrony軟體實現時間同步
說明: /usr/bin/chronyc是客戶端程式; /usr/sbin/chronyd是伺服器端查詢;
/usr/lib/systemd/system/chronyd.service是服務控制⽂件。
【例8】配置chrony為客戶端,配置3個時間伺服器地址
[root@centos7 ~]#date -s '-1 day'
Mon Nov 11 11:07:57 CST 2019
[root@centos7 ~]#vim /etc/chrony.conf (添加三個時間伺服器地址,把之前的註釋掉。)
server ntp.aliyun.com iburst
server 172.16.0.1 iburst
server ntp1.aliyun.com iburst
[root@centos7 ~]#systemctl start chronyd (開啟服務)
[root@centos7 ~]#systemctl enable chronyd (開機自啟動)
Created symlink from /etc/systemd/system/multi-user.target.wants/chronyd.service to /usr/lib/systemd/system/chronyd.service.
[root@centos7 ~]#ss -nul (查看udp監聽323埠)
State Recv-Q Send-Q Local Address:Port Peer Address:Port
UNCONN 0 0 *:39900 *:*
UNCONN 0 0 192.168.122.1:53 *:*
UNCONN 0 0 *%virbr0:67 *:*
UNCONN 0 0 *:111 *:*
UNCONN 0 0 *:123 *:*
UNCONN 0 0 *:5353 *:*
UNCONN 0 0 *:34053 *:*
UNCONN 0 0 127.0.0.1:323 *:*
UNCONN 0 0 *:929 *:*
UNCONN 0 0 127.0.0.1:930 *:*
UNCONN 0 0 :::111 :::*
UNCONN 0 0 ::1:323 :::*
UNCONN 0 0 :::37213 :::*
UNCONN 0 0 :::929 :::*
[root@centos7 ~]#date
Tue Nov 12 11:07:40 CST 2019
(但是註意要是在啟動服務之後在更改時間不會自動同步,需要重新啟動服務立即同步時間。)
[root@centos7 ~]#date -s '-1 day'
Mon Nov 11 11:07:57 CST 2019
[root@centos7 ~]#date
Mon Nov 11 11:07:59 CST 2019
[root@centos7 ~]#date
Mon Nov 11 11:08:01 CST 2019
[root@centos7 ~]#date
Mon Nov 11 11:08:02 CST 2019
[root@centos7 ~]#date
Mon Nov 11 11:08:03 CST 2019
[root@centos7 ~]#systemctl start chronyd
[root@centos7 ~]#date
Tue Nov 12 11:07:40 CST 2019
【例9】chronyc客戶端⼯具
[root@centos6 ~]# chronyc (進入互動式命令行)
chronyc> help (查看幫助子命令)
chronyc> sources -v (同步時鐘)
chronyc> quit (退出)
[root@centos7 ~]#chronyc sources -v (非互動式命令查看同步時鐘)
210 Number of sources = 3
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^? 172.16.0.1 0 8 0 - +0ns[ +0ns] +/- 0ns
^* 203.107.6.88 2 7 377 79 -1017us[-1218us] +/- 17ms
^+ 120.25.115.20 2 7 377 78 -304us[ -304us] +/- 23ms
[root@centos7 ~]#systemctl status chronyd(查看開機是否啟動)
[root@centos7 ~]#systemctl enable chronyd(設置開機自啟動)在centos6上安裝chrony軟體包:
[root@centos ~]# yum -y install chrony
[root@centos ~]# service ntpd stop
查看ntpd是否開機啟動:
[root@centos ~]# chkconfig --list ntpd
把centos7當中時間伺服器:
[root@centos ~]# vim /etc/chorny.conf
其中:
server 192.168.37.7 iburst
[root@centos ~]# service chornyd start
[root@centos ~]# chronyc sources -v
在centos7上配置,充當時間同步伺服器:
[root@centos ~]# vim /etc/chrony.conf
其中:
server 172.16.0.1 iburst
allow 192.168.37.0/24
local stratum 10
[root@centos ~]# systemctl restart chronyd
說明:
allow 192.168.37.0/24表示哪些主機可以向該主機同步時間;
allow 0.0.0.0/0表示允許所有主機向該主機同步時間;
local stratum 10表示當互聯網不能訪問時間伺服器時,仍然使用本機時間提供時間服務。
再回到centos6,同步:
[root@centos ~]# chronyc sources -v 同步時間較慢。
顯示:^* 192.168.37.7 即為成功。
總結:實現了使⽤⼀台主機向互聯⽹上的時間伺服器同步時間,在局域⽹內部,由其他主機向該主機同步時間即可。
在初始化腳本里,修改chrony配置文件。
sed 's/^server.*/#&/' /etc/chrony.conf
echo server 172.16.0.1 iburst >> /etc/chrony.conf- timedatectl命令
【例10】列出所有時區
[root@centos ~]# timedatectl list-timezones
【例11】查看當前時區狀態
[root@centos ~]# timedatectl status
【例12】修改時區
[root@centos ~]# timedatectl set-timezone Asia/Shanghai
[root@centos ~]# date
【例13】查看有效的配置⽂件
[root@centos ~]# grep -Ev "^(#.*|)$" /etc/chrony.conf
或:
[root@centos ~]# grep -Ev "^#|^$" /etc/chrony.conf
