zoukankan      html  css  js  c++  java
  • 网络时间服务和chrony

    ⽹络时间服务和chrony

    实验练习:

    1. 准备实验环境:
        可用的centos6、7系统。  
        centos6 :192.168.37.6      
        centos7 :192.168.37.7
        关闭selinux
        关闭防火墙:cetos6 systemctl disable firewalld
                   centos7 chkconfig iptables off
    
    1. 时间同步(centos6)
    【例1】date命令查看系统时间
    [root@Magedu ~]# date
    Tue Jan 29 14:32:00 CST 2019
    
    【例2】查看硬件时钟
    [root@Magedu ~]# clock
    Tue 29 Jan 2019 02:49:13 PM CST -0.334741 seconds
    
    【例3】修改系统时间为2018年
    [root@Magedu ~]# date -s '-1 year'
    [root@Magedu ~]# date
    Tue Jan 29 14:33:00 CST 2019
    
    但此时硬件时间依然没修改,若要修改硬件时间则:
    [root@Magedu ~]# clock -w
    
    1. ntp软件实现时间同步(centos6)
      centos6上默认安装了ntp软件包(包括客户端和服务器端),但是ntp同步需要⼀定时间才能完全同步时间的,⽽chrony同步时间⽐ntp快。centos7默认安装了chronyd服务。
    【例4】在 centos6上查看ntp软件、修改配置⽂件  
    [root@centos6 ~]$rpm -ql ntp
    /etc/dhcp/dhclient.d
    /etc/dhcp/dhclient.d/ntp.sh
    /etc/ntp.conf
    /etc/ntp/crypto
    /etc/ntp/crypto/pw
    /etc/rc.d/init.d/ntpd
    /etc/sysconfig/ntpd
    /usr/bin/ntpstat
    /usr/sbin/ntp-keygen
    /usr/sbin/ntpd
    /usr/sbin/ntpdc
    /usr/sbin/ntpq
    /usr/sbin/ntptime
    /usr/sbin/tickadj
    (查看ntp包)
    
    [root@centos6 ~]$vim /etc/ntp.conf 
    #server 0.centos.pool.ntp.org iburst
    #server 1.centos.pool.ntp.org iburst
    #server 2.centos.pool.ntp.org iburst
    #server 3.centos.pool.ntp.org iburst
    (以上都注释掉)
    server ntp.aliyun.com iburst(这里加这一行作为同步时间服务器)
    
    [root@centos6 ~]$service ntpd start   (启动ntpd服务)
    Starting ntpd:                                             [  OK  ]
    
    [root@centos6 ~]$chkconfig ntpd on    (开机启动)
    
    [root@centos6 ~]$ss -nul   (监听了udp的123端口;)
    State       Recv-Q Send-Q                                              Local Address:Port                                                Peer Address:Port 
    UNCONN      0      0                                                               *:870                                                            *:*     
    UNCONN      0      0                                                               *:111                                                            *:*     
    UNCONN      0      0                                                               *:631                                                            *:*     
    UNCONN      0      0                                                    192.168.39.6:123                                                            *:*     
    UNCONN      0      0                                                       127.0.0.1:123                                                            *:*     
    UNCONN      0      0                                                               *:123                                                            *:*     
    UNCONN      0      0                                                       127.0.0.1:928                                                            *:*     
    UNCONN      0      0                                                               *:34866                                                          *:*     
    UNCONN      0      0                                                              :::46157                                                         :::*     
    UNCONN      0      0                                                              :::870                                                           :::*     
    UNCONN      0      0                                                              :::111                                                           :::*     
    UNCONN      0      0                                        fe80::20c:29ff:fed0:823c:123                                                           :::*     
    UNCONN      0      0                                                             ::1:123                                                           :::*     
    UNCONN      0      0                                                              :::123                                                           :::*   
    
    [root@centos6 ~]$ntpq -p   (查看同步状态)
         remote           refid      st t when poll reach   delay   offset  jitter
    ==============================================================================
    *203.107.6.88    100.107.25.114   2 u   62   64    7   14.783  -14.752   1.787   (前面为*时同步成功)
    
    说明:ntp.aliyun.com 是时间服务器的ip地址;iburst是加速同步时间。如果时间相差较⼤,是不能完成实时同步的。
    
    【例5】ntpdate命令,⽴即同步
    [root@centos6 ~]$date
    Mon Nov 11 22:02:55 CST 2019
    
    [root@centos6 ~]$date -s '-1 day'
    Sun Nov 10 22:03:10 CST 2019
    
    [root@centos6 ~]$ntpdate ntp.aliyun.com
    10 Nov 22:03:13 ntpdate[4232]: the NTP socket is in use, exiting
    
    [root@centos6 ~]$date
    Sun Nov 10 22:03:16 CST 2019
    
    [root@centos6 ~]$service ntpd stop
    Shutting down ntpd:                                        [  OK  ]
    
    [root@centos6 ~]$ntpdate ntp.aliyun.com
    11 Nov 22:04:06 ntpdate[4253]: step time server 203.107.6.88 offset 86399.986747 sec
    
    [root@centos6 ~]$date
    Mon Nov 11 22:04:08 CST 2019
      ntp时间相差较⼤,是不能完成实时同步,那么可以⽤ntpdate命令来完成:
    (注意:如果按上述实验操作的话,切记关闭ntpd服务,在使用ntpdate同步时间,之前是为了查看同步状态才开启,这两个服务不可以同时启用。)
    
    【例6】根据上例,centos6开启了ntpd服务,也可当做时间服务器被它⼈使⽤
    [root@centos6 ~]$service ntpd start
    Starting ntpd:                                             [  OK  ]
    [root@centos7 ~]#date -s '-1 day'
    Mon Nov 11 09:56:26 CST 2019
    [root@centos7 ~]#ntpdate 192.168.39.6
    12 Nov 09:56:33 ntpdate[12472]: step time server 192.168.39.6 offset 86397.761731 sec
    [root@centos7 ~]#date
    Tue Nov 12 09:56:35 CST 2019
    
    (同上例使用ntpdate时不可以开启ntpd服务)
    [root@centos7 ~]#date -s '-1 year'
    Mon Nov 12 10:01:33 CST 2018
    [root@centos7 ~]#systemctl start ntpd
    [root@centos7 ~]#ntpdate 192.168.39.6
    12 Nov 10:01:37 ntpdate[12561]: the NTP socket is in use, exiting
    [root@centos7 ~]#date
    Mon Nov 12 10:01:42 CST 2018
    [root@centos7 ~]#date 
    Mon Nov 12 10:01:44 CST 2018
    [root@centos7 ~]#date 
    Mon Nov 12 10:01:52 CST 2018
    [root@centos7 ~]#date
    Mon Nov 12 10:02:02 CST 2018
    
    (关闭ntpd同步时间)
    [root@centos7 ~]#systemctl stop ntpd
    [root@centos7 ~]#ntpdate 192.168.39.6
    12 Nov 10:04:16 ntpdate[12603]: step time server 192.168.39.6 offset 31536000.031123 sec
    [root@centos7 ~]#date
    Tue Nov 12 10:04:19 CST 2019
    
    注意:(如果你的centos7配置了/etc/chrony.conf文件的上游服务器,时间会自动同步)
    【例】更改centos7时间为一天以前,开启ntpd服务同步时间,同时实验chrony.conf配置文件设置上游服务器和不设置的区别。
    [root@centos7 ~]#vim /etc/chrony.conf
    # Use public servers from the pool.ntp.org project.
    # Please consider joining the pool (http://www.pool.ntp.org/join.html).
    #server 0.centos.pool.ntp.org iburst
    #server 1.centos.pool.ntp.org iburst
    #server 2.centos.pool.ntp.org iburst
    #server 3.centos.pool.ntp.org iburst
    server ntp.aliyun.com iburst(开启服务并配置chrony.conf文件上游服务器)
    
    (显示是ntpd正在使用无法同步但是之后会把时间自动同步回来)
    [root@centos7 ~]#date -s '-1 day'
    Mon Nov 11 10:05:40 CST 2019
    [root@centos7 ~]#systemctl start ntpd
    [root@centos7 ~]#ntpdate 192.168.39.6
    11 Nov 10:06:07 ntpdate[12644]: the NTP socket is in use, exiting
    [root@centos7 ~]#date
    Mon Nov 11 10:06:09 CST 2019
    [root@centos7 ~]#date
    Tue Nov 12 10:06:12 CST 2019
    You have new mail in /var/spool/mail/root
    
    (注释掉配置的上游服务器)
    [root@centos7 ~]#vim /etc/chrony.conf
    # Use public servers from the pool.ntp.org project.
    # Please consider joining the pool (http://www.pool.ntp.org/join.html).
    #server 0.centos.pool.ntp.org iburst
    #server 1.centos.pool.ntp.org iburst
    #server 2.centos.pool.ntp.org iburst
    #server 3.centos.pool.ntp.org iburst
    #server ntp.aliyun.com iburst
    
    (这里我做实验时发现注释掉chrony.conf文件的服务器还会自动同步,找到原因是ntp.conf文件还有时间服务器会自动同步所有都注释掉之后不会自动同步。)
    [root@centos7 ~]#vim /etc/ntp.conf 
    # Use public servers from the pool.ntp.org project.
    # Please consider joining the pool (http://www.pool.ntp.org/join.html).
    server 0.centos.pool.ntp.org iburst
    server 1.centos.pool.ntp.org iburst
    server 2.centos.pool.ntp.org iburst
    server 3.centos.pool.ntp.org iburst
    
    [root@centos7 ~]#date -s '-1 day'
    Mon Nov 11 10:25:47 CST 2019
    [root@centos7 ~]#systemctl start ntpd
    [root@centos7 ~]#ntpdate 192.168.39.6
    11 Nov 10:26:00 ntpdate[13032]: the NTP socket is in use, exiting
    [root@centos7 ~]#date
    Mon Nov 11 10:26:02 CST 2019
    [root@centos7 ~]#date
    Mon Nov 11 10:26:03 CST 2019
    [root@centos7 ~]#date
    Mon Nov 11 10:26:05 CST 2019
    [root@centos7 ~]#daet
    bash: daet: command not found...
    Similar command is: 'date'
    [root@centos7 ~]#date
    Mon Nov 11 10:26:09 CST 2019
    [root@centos7 ~]#date
    Mon Nov 11 10:26:11 CST 2019
    [root@centos7 ~]#date
    Mon Nov 11 10:26:13 CST 2019
    
    (这里关闭ntpd服务之后时间同步就可以用了,当然只是做实验做成这样的环境,正常可以自动同步时间,就不用调了,只是证明一下这个ntpd和ntpdate不可以同时使用。)
    [root@centos7 ~]#systemctl stop ntpd
    [root@centos7 ~]#ntpdate 192.168.39.6
    12 Nov 10:30:39 ntpdate[13126]: step time server 192.168.39.6 offset 86400.017498 sec
    [root@centos7 ~]#date
    Tue Nov 12 10:30:42 CST 2019
    
    【例7】ntp充当服务器(最好在centos6做这个实验,centos7的话要更改chrony的配置文件或者禁用服务。)
    [root@centos6 ~]#vim /etc/ntp.conf
    # Please consider joining the pool (http://www.pool.ntp.org/join.html).
    #server 0.centos.pool.ntp.org iburst
    #server 1.centos.pool.ntp.org iburst
    #server 2.centos.pool.ntp.org iburst
    #Server 3.centos.pool.ntp.org iburst
    server ntp.aliyun.com iburst     (以上都注释掉使用自己配置的时间服务器)
    [root@centos6 ~]$service ntpd start (开启ntpd服务)
    Starting ntpd:                                             [  OK  ]
    [root@centos6 ~]$chkconfig ntpd on  (开机启动ntpd)
    [root@centos6 ~]$ss -nul  (查看监听123端口)
    State       Recv-Q Send-Q                                              Local Address:Port                                                Peer Address:Port 
    UNCONN      0      0                                                               *:870                                                            *:*     
    UNCONN      0      0                                                               *:111                                                            *:*     
    UNCONN      0      0                                                               *:631                                                            *:*     
    UNCONN      0      0                                                    192.168.39.6:123                                                            *:*     
    UNCONN      0      0                                                       127.0.0.1:123                                                            *:*     
    UNCONN      0      0                                                               *:123                                                            *:*     
    UNCONN      0      0                                                       127.0.0.1:928                                                            *:*     
    UNCONN      0      0                                                               *:34866                                                          *:*     
    UNCONN      0      0                                                              :::46157                                                         :::*     
    UNCONN      0      0                                                              :::870                                                           :::*     
    UNCONN      0      0                                                              :::111                                                           :::*     
    UNCONN      0      0                                        fe80::20c:29ff:fed0:823c:123                                                           :::*     
    UNCONN      0      0                                                             ::1:123                                                           :::*     
    UNCONN      0      0                                                              :::123                                                           :::*     
    
    (这样就可以作为时间服务器使用了,但是只能在NAT内网环境使用。)
    
    1. 在centos7上chrony软件实现时间同步
      说明: /usr/bin/chronyc是客户端程序; /usr/sbin/chronyd是服务器端查询;
      /usr/lib/systemd/system/chronyd.service是服务控制⽂件。
    【例8】配置chrony为客户端,配置3个时间服务器地址
    [root@centos7 ~]#date -s '-1 day'
    Mon Nov 11 11:07:57 CST 2019
    
    [root@centos7 ~]#vim /etc/chrony.conf (添加三个时间服务器地址,把之前的注释掉。)
    server ntp.aliyun.com iburst
    server 172.16.0.1 iburst
    server ntp1.aliyun.com iburst
    [root@centos7 ~]#systemctl start chronyd   (开启服务)
    [root@centos7 ~]#systemctl enable chronyd   (开机自启动)
    Created symlink from /etc/systemd/system/multi-user.target.wants/chronyd.service to /usr/lib/systemd/system/chronyd.service.
    [root@centos7 ~]#ss -nul (查看udp监听323端口)
    State       Recv-Q Send-Q                                 Local Address:Port                                                Peer Address:Port              
    UNCONN      0      0                                                  *:39900                                                          *:*                  
    UNCONN      0      0                                      192.168.122.1:53                                                             *:*                  
    UNCONN      0      0                                           *%virbr0:67                                                             *:*                  
    UNCONN      0      0                                                  *:111                                                            *:*                  
    UNCONN      0      0                                                  *:123                                                            *:*                  
    UNCONN      0      0                                                  *:5353                                                           *:*                  
    UNCONN      0      0                                                  *:34053                                                          *:*                  
    UNCONN      0      0                                          127.0.0.1:323                                                            *:*                  
    UNCONN      0      0                                                  *:929                                                            *:*                  
    UNCONN      0      0                                          127.0.0.1:930                                                            *:*                  
    UNCONN      0      0                                                 :::111                                                           :::*                  
    UNCONN      0      0                                                ::1:323                                                           :::*                  
    UNCONN      0      0                                                 :::37213                                                         :::*                  
    UNCONN      0      0                                                 :::929                                                           :::*                  
    
    [root@centos7 ~]#date
    Tue Nov 12 11:07:40 CST 2019
    
    (但是注意要是在启动服务之后在更改时间不会自动同步,需要重新启动服务立即同步时间。)
    [root@centos7 ~]#date -s '-1 day'
    Mon Nov 11 11:07:57 CST 2019
    [root@centos7 ~]#date
    Mon Nov 11 11:07:59 CST 2019
    [root@centos7 ~]#date
    Mon Nov 11 11:08:01 CST 2019
    [root@centos7 ~]#date
    Mon Nov 11 11:08:02 CST 2019
    [root@centos7 ~]#date
    Mon Nov 11 11:08:03 CST 2019
    [root@centos7 ~]#systemctl start chronyd
    [root@centos7 ~]#date
    Tue Nov 12 11:07:40 CST 2019
    
    【例9】chronyc客户端⼯具
    [root@centos6 ~]# chronyc (进入交互式命令行)
    chronyc> help (查看帮助子命令)
    chronyc> sources -v (同步时钟)
    chronyc> quit (退出)
    
    [root@centos7 ~]#chronyc sources -v  (非交互式命令查看同步时钟)
    210 Number of sources = 3
    
      .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
     / .- Source state '*' = current synced, '+' = combined , '-' = not combined,
    | /   '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
    ||                                                 .- xxxx [ yyyy ] +/- zzzz
    ||      Reachability register (octal) -.           |  xxxx = adjusted offset,
    ||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
    ||                                     |          |  zzzz = estimated error.
    ||                                 |    |           
    MS Name/IP address         Stratum Poll Reach LastRx Last sample               
    ===============================================================================
    ^? 172.16.0.1                    0   8     0     -     +0ns[   +0ns] +/-    0ns
    ^* 203.107.6.88                  2   7   377    79  -1017us[-1218us] +/-   17ms
    ^+ 120.25.115.20                 2   7   377    78   -304us[ -304us] +/-   23ms
    
    [root@centos7 ~]#systemctl status chronyd(查看开机是否启动)
    [root@centos7 ~]#systemctl enable chronyd(设置开机自启动)
    
    在centos6上安装chrony软件包:
    [root@centos ~]# yum -y install chrony
    [root@centos ~]# service ntpd stop
    
    查看ntpd是否开机启动:
    [root@centos ~]# chkconfig --list ntpd
    
    把centos7当中时间服务器:
    [root@centos ~]# vim /etc/chorny.conf
    其中:
    server 192.168.37.7 iburst
    
    [root@centos ~]# service chornyd start
    [root@centos ~]# chronyc sources -v
    在centos7上配置,充当时间同步服务器:
    
    [root@centos ~]# vim /etc/chrony.conf
    其中:
    server 172.16.0.1 iburst
    allow 192.168.37.0/24
    local stratum 10
    
    [root@centos ~]# systemctl restart chronyd
    说明:
     allow 192.168.37.0/24表示哪些主机可以向该主机同步时间;
     allow 0.0.0.0/0表示允许所有主机向该主机同步时间;
     local stratum 10表示当互联网不能访问时间服务器时,仍然使用本机时间提供时间服务。
    再回到centos6,同步:
    
    [root@centos ~]# chronyc sources -v 同步时间较慢。
    显示:^* 192.168.37.7 即为成功。
    总结:实现了使⽤⼀台主机向互联⽹上的时间服务器同步时间,在局域⽹内部,由其他主机向该主机同步时间即可。
    在初始化脚本里,修改chrony配置文件。
    sed 's/^server.*/#&/' /etc/chrony.conf
    echo server 172.16.0.1 iburst >> /etc/chrony.conf
    
    1. timedatectl命令
    【例10】列出所有时区
    [root@centos ~]# timedatectl list-timezones
    【例11】查看当前时区状态
    [root@centos ~]# timedatectl status
    【例12】修改时区
    [root@centos ~]# timedatectl set-timezone Asia/Shanghai
    [root@centos ~]# date
    【例13】查看有效的配置⽂件
    [root@centos ~]# grep -Ev "^(#.*|)$" /etc/chrony.conf
    或:
    [root@centos ~]# grep -Ev "^#|^$" /etc/chrony.conf
    
  • 相关阅读:
    curl命令具体解释
    奇妙的go语言(聊天室的开发)
    python fabric实现远程操作和部署
    未来将是越界的时代
    Impala与Hive的比較
    不用加减乘除做加法
    跟我学系列教程——《13天让你学会Redis》火热报名中
    JavaScript(19)jQuery HTML 获取和设置内容和属性
    springMVC3学习(六)--SimpleFormController
    hdu 4908 BestCoder Sequence
  • 原文地址:https://www.cnblogs.com/www233ii/p/11840821.html
Copyright © 2011-2022 走看看