linux 时间同步ntp和chrony服务搭建配置

admin

查看时间同步源的信息。
# i/ R& I! _( @1 q# chronyc sourcestats -v
210 Number of sources = 1
! w. g8 K9 Y4 I+ q& Y                             .- Number of sample points in measurement set.
4 W& V  U. \( E3 v+ ], T                            /    .- Number of residual runs with same sign.
                           |    /    .- Length of measurement set (time).
                           |   |    /      .- Est. clock freq error (ppm).
/ i% p' `% g8 S- S/ n8 {* ?                           |   |   |      /           .- Est. error in freq.
* J6 H1 O* b3 y! F$ z" w                           |   |   |     |           /         .- Est. offset.
                           |   |   |     |          |          |   On the -.
                           |   |   |     |          |          |   samples. \
2 Z+ p( @0 Z5 ?% n* B8 V0 A                           |   |   |     |          |          |             |
Name/IP Address            NP  NR  Span  Frequency  Freq Skew  Offset  Std Dev
: Y1 H" v$ T! P- J- l4 v, l/ }==============================================================================
promote.cache-dns.local     0   0     0     +0.000   2000.000     +0ns  4000ms

admin

[root@361way ~]# chronyc
1 C# z* q" a( E2 T* L) C3 }' _chrony version 1.29.1
1 i( o" b/ g8 M! }9 i2 nCopyright (C) 1997-2003, 2007, 2009-2013 Richard P. Curnow and others
; j* u6 n- K( r/ p' D% D! E  ?chrony comes with ABSOLUTELY NO WARRANTY.  This is free software, and
2 V9 R2 A2 ~0 ?* g4 xyou are welcome to redistribute it under certain conditions.  See the
GNU General Public License version 2 for details.
chronyc> activity
* e4 {2 k$ E% n3 v/ Q) K. @  C200 OK
" @6 F$ d8 k) K$ D1 C3 sources online
0 sources offline
5 B" B( w# F4 ?) p" r: F# z; O) K7 O. o0 sources doing burst (return to online)
  C# G0 k7 Z7 J7 @0 sources doing burst (return to offline)
0 sources with unknown address
chronyc> help
7 R& ~: I, H( E# U# \Commands:
accheck <address> : Check whether NTP access is allowed to <address>
activity : Check how many NTP sources are online/offline
8 G! w" j+ r+ |. o: P( uadd peer <address> ... : Add a new NTP peer
5 v0 p  ]- i5 ?& B! `6 W* oadd server <address> ... : Add a new NTP server
allow [<subnet-addr>] : Allow NTP access to that subnet as a default
, N. _6 v( M, P" P$ R3 u+ ^+ B1 @/ \allow all [<subnet-addr>] : Allow NTP access to that subnet and all children
burst <n-good>/<n-max> [<mask>/<masked-address>] : Start a rapid set of measurements
5 s" ~) @: {8 M7 J* v8 vclients : Report on clients that have accessed the server
* u1 x3 o( V( e! tcmdaccheck <address> : Check whether command access is allowed to <address>
cmdallow [<subnet-addr>] : Allow command access to that subnet as a default
cmdallow all [<subnet-addr>] : Allow command access to that subnet and all children
cmddeny [<subnet-addr>] : Deny command access to that subnet as a default
1 L; i- k) u! L  f……………………省略

admin

配置NTP server 服务器 #yum install -y ntp
! M5 }4 `3 [+ X, _  V9 w+ v- V, G●        编辑ntp 配置  vim /etc/ntp.conf
: X! i) [0 ]2 {: X: A3 xdriftfile /var/lib/ntp/drift
# e, ]0 ~$ ^( `+ b5 ~restrict default nomodify notrap nopeer noquery
2 X9 o! r" l" ~1 d6 Jrestrict 127.0.0.1
7 g% o" c( U1 L9 ^1 c. w% erestrict ::1
server 127.127.1.0                              　　
# s# b/ M0 B4 qfudge 127.127.1.0 stratum 0                  
& S! j1 {, J. |includefile /etc/ntp/crypto/pw
7 i1 @& M6 J# H) \3 v0 O0 qkeys /etc/ntp/keys
4 u" o3 A7 J8 Y; D6 D( Odisable monitor
●        编辑ntp 服务器的配置
# vim  /etc/sysconfig/iptables

; h( w3 |% g0 ?6 Q; ]2 E& O; M6 g0 e  -A INPUT -p udp --dport 123 -j ACCEPT
! w' ^- `+ J- M8 W8 B4 `
4 O; R* c( a0 M# systemctl restart iptables
- f- f1 K: C4 f& G0 q# systemctl restart iptables.service
  x! n3 ]2 p7 j. l1 D7 D●        将系统时间写入硬件
  # hwclock --systohc
( w3 P, D4 R  F+ o; B●        重新启动NTP服务
    # service ntpd restart

admin

设定NTP主机来源（其中prefer表示优先主机），192.168.7.49是本地的NTP服务器，所以优先指定从该主机同步时间。

& K" [; w/ T3 N  p2 Iserver 192.168.7.49 prefer