一、搭建时间同步服务

实验拓扑：

1.1 server端配置

1.安装chrony
root@server:~# apt install -y chrony

2.配置时间同步服务器并开启本地时间同步
root@server:~# cat /etc/chrony/chrony.conf 
#配置时间同步服务器
server ntp.aliyun.com iburst
server ntp1.aliyun.com iburst
server ntp2.aliyun.com iburst

#指定允许同步的网段
allow 192.168.1.0/24

#互联网无法连接,仍然可以为客户端提供时间同步服务
local stratum 10

3.重启服务
root@server:~# systemctl restart chronyd
root@server:~# systemctl status chronyd

4.检查123/udp是否正常监听
root@server:~# ss -ntlu | grep 123
udp    UNCONN  0       0              0.0.0.0:123          0.0.0.0:* 

1.2 客户端配置

1.安装chrony
root@client1:~# apt install chrony -y
root@client2:~# apt install chrony -y

2.添加192.168.1.172为时间同步服务端
#client1
root@client1:~# cat /etc/chrony/chrony.conf
#添加server端地址
server 192.168.1.172 iburst
root@client1:~# systemctl restart chronyd
root@client1:~# systemctl status  chronyd
#检查时间同步是否成功
root@client1:~# chronyc sources -v
210 Number of sources = 1

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| /   '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* 192.168.1.172                 3   6    17    51    +50us[  +26us] +/-   32ms

#client2
root@client2:~# cat /etc/chrony/chrony.conf
server 192.168.1.172 iburst
root@client2:~# systemctl restart chronyd.service 
root@client2:~# systemctl status chronyd.service
root@client2:~# chronyc sources -v
210 Number of sources = 1
  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| /   '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* 192.168.1.172                 3   6    17    10  +3537ns[  +15us] +/-   33ms

1.3 常见chrony 配置选项

# 指定 NTP 服务器
server pool.ntp.org iburst

# 指定备用 NTP 服务器
server 0.debian.pool.ntp.org iburst

# 如果可能的话，保持系统时钟的频率
makestep 1.0 .01

# 允许本地系统时钟作为时间源
local stratum 10

# 允许客户端查询时间
rtcsync

# 允许客户端进行广播更新
broadcast

# 禁止客户端通过 chronyd 来修改系统时钟
sanity

# 设置日志文件
logdir /var/log/chrony