内容大纲
内容简介:本文风哥教程参考Linux官方文档、Red Hat Enterprise Linux官方文档、Ansible Automation Platform官方文档、Docker官方文档、Kubernetes官方文档和Podman官方文档等内容,详细介绍了相关技术的配置和使用方法。
本文档详细介绍chronyd时间同步服务的安装、配置和管理,包括服务安
风哥提示:
装、配置文件修改、时间同步验证等实战操作。
Part01-chronyd服务安装
1.1 安装chronyd服务
$ rpm -qa | grep chrony
# 安装chronyd服务
$ sudo dnf install -y chrony
Last metadata expiration check: 0:45:23 ago on Thu 03 Apr 2026 10:30:15 AM CST.
Dependencies resolved.
================================================================================
Package Architecture Version Repository Size
================================================================================
Installing:
chrony x86_64 4.5-1.el10 baseos 347 k
Installing dependencies:
libseccomp x86_64 2.5.4-1.el10 baseos 73 k
Transaction Summary
================================================================================
Install 2 Packages
Total download size: 420 k
Installed size: 1.2 M
Downloading Packages:
[1/2] chrony-4.5-1.el10.x86_64.rpm 2.1 MB/s | 347 kB 00:00
[2/2] libseccomp-2.5.4-1.el10.x86_64.rpm 1.8 MB/s | 73 kB 00:00
——————————————————————————–
Total 3.9 MB/s | 420 kB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : libseccomp-2.5.4-1.el10.x86_64 1/2
Installing : chrony-4.5-1.el10.x86_64 2/2
Running scriptlet: chrony-4.5-1.el10.x86_64 2/2
Verifying : libseccomp-2.5.4-1.el10.x86_64 1/2
Verifying : chrony-4.5-1.el10.x86_64 2/2
Installed:
chrony-4.5-1.el10.x86_64 libseccomp-2.5.4-1.el10.学习交流加群风哥QQ113257174x86_64
Complete!
# 验证安装
$ rpm -qa | grep chrony
chrony-4.5-1.el10.x86_64
Part02-chronyd服务配置
2.1 配置文件修改
$ cat /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
pool 2.rhel.pool.ntp.org iburst
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3
# Enable kernel RTC synchronization.
rtcsync
# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *
# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2
# Allow NTP client access from local network.
#allow 192.168.0.0/16
# Serve time even if not synchronized to a time source.
#local stratum 10
# Specify directory for log files.
logdir /var/log/chrony
# Select which information is logged.
#log measurements statistics tracking
# 备份原配置文件
$ sudo cp /etc/chrony.conf /etc/chrony.conf.bak
# 编辑配置文件,添加国内NTP服务器
$ sudo vi /etc/chrony.conf
# 修改后的配置文件内容
$ cat /etc/chrony.conf
# 使用阿里云NTP服务器
server ntp.aliyun.com iburst
server ntp1.aliyun.com iburst
server ntp2.aliyun.com iburst
# 记录时钟漂移
driftfile /var/lib/chrony/drift
# 允许前三次调整超过1秒的时间偏差
makestep 1.0 3
# 启用内核RTC同步
rtcsync
# 允许本地网络访问
allow 192.168.1.0/24
# 日志目录
logdir /var/log/chrony
Part03-chronyd服务管理
3.1 启动和启用chronyd服务
$ sudo systemctl start chronyd
# 设置开机自启
$ sudo systemctl enable chronyd
Created symlink /etc/systemd/system/multi-user.target.wants/chronyd.service → /usr/lib/systemd/system/chronyd.service.
# 查看服务状态
$ sudo systemctl status chronyd
● chronyd.service – NTP client/server
Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; preset: enabled)
Active: active (running) since Thu 2026-04-03 10:35:20 CST; 5s ago
Docs: man:chronyd(8)
man:chrony.conf(5)
https://chrony.tuxfamily.org/documentation.html
Main PID: 12345 (chronyd)
Tasks: 2 (limit: 49152)
Memory: 1.2M
CPU: 15ms
CGroup: /system.slice/chronyd.service
└─12345 /usr/sbin/chronyd
Apr 03 10:35:20 rhel10 systemd[1]: Starting NTP client/server…
Apr 03 10:35:20 rhel10 chronyd[12345]: chronyd version 4.5 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +DEBUG +ASYNCDNS +SECHASH +IPV6 -NETSPEAK)
Apr 03 10:35:20 rhel10 chronyd[12345]: Frequency -1.234 ppm from /var/lib/chrony/drift
Apr 03 10:35:20 rhel10 systemd[1]: Started NTP client/server.
# 查看服务是否监听123端口
$ sudo netstat -tulnp | grep chronyd
udp 0 0 0.0.0.0:123 0.0.0.0:* 12345/chronyd
udp6 0 0 :::123 :::* 12345/chronyd
Part04-时间同步验证
4.1 查看时间同步状态
$ chronyc sources
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* ntp.aliyun.com 2 6 377 25 -234us[ -567us] +/- 10ms
^+ ntp1.aliyun.com 2 6 377 25 +123us[ +456us] +/- 11ms
^+ ntp2.aliyun.com 2 6 377 25 +345us[ +678us] +/- 12ms
# 查看详细同步状态
$ chronyc sourcestats
Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev
==============================================================================
ntp.aliyun.com 15 9 321 +0.000 0.009 -234us 234us
ntp1.aliyun.com 15 9 321 -0.000 0.010 +123us 123us
ntp2.aliyun.com 15 9 321 +0.000 0.011 +345us 345us
# 查看跟踪状态
$ chronyc tracking
Reference ID : C0A80101 (ntp.aliyun.com)
Stratum : 3
Ref time (UTC) : Thu Apr 3 02:36:45 2026
System time : 0.000000000 seconds fast of NTP time
Last offset : -0.000234567 seconds
RMS offset : 0.000123456 seconds
Frequency : 1.234 ppm fast
Residual freq : -0.567 ppm
Skew : 0.123 ppm
Root delay : 0.012345678 seconds
Root dispersion : 0.001234567 seconds
Update interval : 64.6 seconds
Leap status : Normal
4.2 手动同步时间
$ date
Thu Apr 3 10:37:20 CST 2026
# 手动同步时间
$ sudo chronyc makestep
200 OK
# 查看同步后的时间
$ date
Thu Apr 3 10:37:25 CST 2026
# 查看硬件时钟
$ sudo hwclock –show
2026-04-03 10:37:30.123456+08:00
# 同步系统时间到硬件时钟
$ sudo hwclock –systohc
# 验证硬件时钟同步
$ sudo hwclock –show
2026-04-03 10:37:35.123456+08:00
Part05-故障排查
5.学习交流加群风哥微信: itpux-com1 常见问题排查
$ sudo systemctl is-active chronyd
active
# 检查防火墙是否允许NTP端口
$ sudo firewall-cmd –list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens33
sources:
services: cockpit dhcpv6-client ssh
ports:
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
# 开放NTP端口(UDP 123)
$ sudo firewall-cmd –permanent –add-service=ntp
success
$ sudo firewall-cmd –reload
success
# 验证端口已开放
$ sudo firewall-cmd –list-services
cockpit dhcpv6-client ntp ssh
# 查看chronyd日志
$ sudo journalctl -u chronyd -n 50
— Logs begin at Thu 2026-04-03 10:00:00 CST, end at Thu 2026-04-03 10:38:00 CST. —
Apr 03 10:35:20 rhel10 systemd[1]: Starting NTP client/server.更多视频教程www.fgedu.net.cn..
Apr 03 10:35:20 rhel10 chronyd[12345]: chronyd version 4.5 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +DEBUG +ASYNCDNS +SECHASH +IPV6 -NETSPEAK)
Apr 03 10:35:20 rhel10 chronyd[12345]: Frequency -1.234 ppm from /var/lib/chrony/drift
Apr 03 10:35:20 rhel10 systemd[1]: Started NTP client/server.
Apr 03 10:35:25 rhel10 chronyd[12345]: Selected source 203.107.6.88
Apr 03 10:35:30 rhel10 chronyd[12345]: System clock wrong by -0.234567 seconds
Apr 03 1更多学习教程公众号风哥教程itpux_com0:35:30 rhel10 chronyd[12345]: System clock was stepped by -0.234567 seconds
1. 使用多个NTP服务器以提高可靠性
2. 配置allow规则限制访问范围
3. 定期检查时间同步状态
4. 配置日志记录便于故障排查
5. 在防火墙中开放NTP端口(UDP 123)
本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html
