Chrony

由 datahunter 在二, 19/09/2017 - 15:29 發表

最後更新: 2021-04-20

介紹

在 Centos 8 上 ntpdate cli 被 chrony 取代了

它同時可以充當 NTPv4(RFC 5905) Server 或 Client

/usr/sbin/chronyd # Server
/usr/bin/chronyc # Client

什麼是 Stratum

Stratum: The stratum indicates how many hops away from a computer with an attached reference clock we are.

stratum-0 # A reference clock

stratum-1 # A server that is directly connected to a stratum-0

stratum-2 # server is connected to the stratum-1 server OVER A NETWORK PATH

stratum-3 # server gets its time via NTP packet requests from a stratum-2 server, and so on.

Diagram

stratum-3(PC)-stratum-2-stratum-1-stratum-0(超準的時間來源)

Installation

dnf install chrony

Enable Service

Checking Service

systemctl status chronyd

● chronyd.service - NTP client/server
   Loaded: loaded (/usr/lib/systemd/system/chronyd.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:chronyd(8)
           man:chrony.conf(5)

Start Service

systemctl enable chronyd --now

systemctl status chronyd # Active: active (running) ...

Status

Tracking

# tracking: displays parameters about the system’s clock performance

chronyc tracking

Reference ID    : DEA60082 (ott130.hkcable.com.hk)
Stratum         : 4
Ref time (UTC)  : Fri Jan 14 02:13:14 2022
System time     : 0.000065437 seconds slow of NTP time
Last offset     : +0.000580471 seconds
RMS offset      : 0.000580471 seconds
Frequency       : 9.562 ppm fast
Residual freq   : -0.008 ppm
Skew            : 7.212 ppm
Root delay      : 0.005420379 seconds
Root dispersion : 0.043671418 seconds
Update interval : 1.4 seconds
Leap status     : Normal

Reference ID: Server to which the computer is currently synchronized
Ref time (UTC): The system's time was last synchronized with the reference time source.
The Stratum indicates the level of the time source in the NTP hierarchy.
閏秒
The leap status can have three possible values: Normal, Insert second, and Delete second.

Sync time now

如果發現系統的時間(System time)跟校時來源的時間差很遠, 但不想等 chrony 慢慢校時, 而是想立刻校時成 Ref time, 那可執行

# makestep: cancel any remaining correction that was being slewed and jump the system clock by the equivalent amount

chronyc -a makestep

200 OK

Time sources

# -v can be specified, meaning verbose

chronyc sources

MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^+ time.cloudflare.com           3   6    77    25  +7888us[+7888us] +/-   57ms
^- ntp.hkg10.hk.leaseweb.net     2   6    77    24    -30ms[  -30ms] +/-  212ms
^+ undefined.hostname.local>     2   6    77    24  -4055us[-4055us] +/-   79ms
^* ott130.hkcable.com.hk         3   6    77    25  -4188us[-3362us] +/-   48ms

^ means a server
= means a peer
# indicates a locally connected reference clock

"*" indicates the source to which chronyd is currently synchronised
"+" indicates acceptable sources which are combined with the selected source
"-" indicates acceptable sources which are excluded by the combining algorithm
# displays information about the drift rate and offset estimation process

chronyc sourcestats

Name/IP Address            NP  NR  Span  Frequency  Freq Skew  Offset  Std Dev
==============================================================================
time.cloudflare.com         7   6   201     +0.037      1.536  +8784us    38us
ntp.hkg10.hk.leaseweb.net   7   5   202     -1.398      3.812    -29ms   108us
undefined.hostname.local>   7   6   201     +0.111      2.204  -3233us    64us
ott130.hkcable.com.hk       7   3   201     -0.052      1.294  -3385us    32us

Config File

/etc/chrony.conf

# 連那 Server
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst

# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3

# number of selectable sources (Default: 1)
# a larger number can be used to improve the reliability,
# because multiple sources will need to correspond with each other.
minsources 2

Server Options

# iburst

When the server is unreachable, send a burst of eight packets instead of the usual one packet.

The packet spacing is normally 2 s;

# Poll Interval (Default: 2^6 & 2^10)

minpoll 6

maxpoll 10

Firewall Settings

# 當做 NTP server 時, allow 那 host 連自己

firewall-cmd --permanent --add-port=123/udp

allow 192.0.2.0/24

firewall-cmd --reload

Hardware Timestamping

A feature supported in some Network Interface Controller (NICs)

which provides accurate timestamping of incoming and outgoing packets.

NTP timestamps are usually created by the kernel and chronyd with the use of the system clock.

However, when HW timestamping is enabled,

the NIC uses its own clock to generate the timestamps when packets are entering or leaving the link layer or the physical layer.

When used with NTP, hardware timestamping can significantly improve the accuracy of synchronization.

For best accuracy, both NTP servers and NTP clients need to use hardware timestamping.

Unlike NTP, PTP relies on assistance in network switches and routers.

If you want to reach the best accuracy of synchronization, use PTP on networks that have switches and routers with PTP support,

and prefer NTP on networks that do not have such switches and routers.

# To verify that hardware timestamping with NTP is supported by an interface

ethtool -T eth0

Time stamping parameters for eth0:
Capabilities:
        software-receive      (SOF_TIMESTAMPING_RX_SOFTWARE)
        software-system-clock (SOF_TIMESTAMPING_SOFTWARE)
PTP Hardware Clock: none
Hardware Transmit Timestamp Modes: none
Hardware Receive Filter Modes: none

立即 sync 時間 (代替 ntpdate)

systemctl start chronyd