Chrony 和 NTP 都是用于网络时间同步的工具，但它们有不同的工作方式和特点。

• NTP (Network Time Protocol):

        
        - NTP 是一种用于同步计算机系统时钟的协议。它通过在计算机之间传递时间信息来实现精确的时间同步。NTP 有一个分层的服务器体系结构，其中包含一组公共的时间服务器，这些服务器彼此同步并提供时间信息给其他计算机。

        - 特点：
            - 历史悠久：NTP 是最早用于网络时间同步的协议之一，具有广泛的支持和成熟的实现。
            - 精度高：NTP 可以提供高精度的时间同步，通常可以达到毫秒级别的准确度。
            - 复杂性：NTP 的配置和管理可能相对复杂，特别是对于大型网络和要求高精度同步的环境。

• Chrony:

        - Chrony 是一个相对较新的时间同步工具，旨在改进传统 NTP 的一些方面，并提供更简单、更稳定的时间同步解决方案。Chrony 在计算机之间传递时间信息时采用了不同的算法，以提高时间同步的稳定性和准确性。
        
        - 特点：
            - 简单性：Chrony 设计为易于配置和管理，尤其适用于普通用户或小型网络环境。
            - 稳定性：Chrony 使用了一些优化技术，如更快的时钟步进和更准确的时钟漂移计算，以提高同步的稳定性。
            - 灵活性：Chrony 支持多种时间源，包括 NTP 服务器、本地时钟和 GPS 接收器等，可以根据实际需求进行配置。
            - 总的来说，NTP 是一个经过广泛验证和成熟的时间同步协议，适用于对时间精度有较高要求的环境。而 Chrony 则更注重简单性和稳定性，在一些小型网络或普通用户中较为流行。选择使用哪个取决于你的需求和偏好，以及你对时间同步的要求。

阿里云 ntp服务器地址

• 中国大陆地区：

    ntp.aliyun.com
    ntp1.aliyun.com
    ntp2.aliyun.com

• 国际地区：

    ntp.ntp.aliyun.com   

Ubuntu 安装chrony

• 更改云源地址为阿里云,参考文档: https://developer.aliyun.com/mirror/ubuntu?spm=a2c6h.13651102.0.0.139f1b11I1qXb0

• 更新软件包列表:

    sudo apt update

• 安装 Chrony

    sudo apt install chrony

• 配置 NTP 服务器(服务端): 修改/etc/chrony/chrony.conf

# Welcome to the chrony configuration file. See chrony.conf(5) for more
# information about usuable directives.

# This will use (up to):
# - 4 sources from ntp.ubuntu.com which some are ipv6 enabled
# - 2 sources from 2.ubuntu.pool.ntp.org which is ipv6 enabled as well
# - 1 source from [01].ubuntu.pool.ntp.org each (ipv4 only atm)
# This means by default, up to 6 dual-stack and up to 2 additional IPv4-only
# sources will be used.
# At the same time it retains some protection against one of the entries being
# down (compare to just using one of the lines). See (LP: #1754358) for the
# discussion.
#
# About using servers from the NTP Pool Project in general see (LP: #104525).
# Approved by Ubuntu Technical Board on 2011-02-08.
# See http://www.pool.ntp.org/join.html for more information.
#pool ntp.ubuntu.com        iburst maxsources 4
#pool 0.ubuntu.pool.ntp.org iburst maxsources 1
#pool 1.ubuntu.pool.ntp.org iburst maxsources 1
#pool 2.ubuntu.pool.ntp.org iburst maxsources 2

server ntp.aliyun.com iburst maxsources 4


# This directive specify the location of the file containing ID/key pairs for
# NTP authentication.
keyfile /etc/chrony/chrony.keys

# This directive specify the file into which chronyd will store the rate
# information.
driftfile /var/lib/chrony/chrony.drift

# Uncomment the following line to turn logging on.
#log tracking measurements statistics

# Log files location.
logdir /var/log/chrony

# Stop bad estimates upsetting machine clock.
maxupdateskew 100.0

# This directive enables kernel synchronisation (every 11 minutes) of the
# real-time clock. Note that it can’t be used along with the 'rtcfile' directive.
rtcsync

# Step the system clock instead of slewing it if the adjustment is larger than
# one second, but only in the first three clock updates.
makestep 1 3

# Allow NTP client access from local network.
#allow 192.168.0.0/16
#allow all
allow 172.200.6.0/24
allow 10.0.100.0/24

• 配置 NTP 服务器(客户端): 修改/etc/chrony/chrony.conf

# Welcome to the chrony configuration file. See chrony.conf(5) for more
# information about usuable directives.

# This will use (up to):
# - 4 sources from ntp.ubuntu.com which some are ipv6 enabled
# - 2 sources from 2.ubuntu.pool.ntp.org which is ipv6 enabled as well
# - 1 source from [01].ubuntu.pool.ntp.org each (ipv4 only atm)
# This means by default, up to 6 dual-stack and up to 2 additional IPv4-only
# sources will be used.
# At the same time it retains some protection against one of the entries being
# down (compare to just using one of the lines). See (LP: #1754358) for the
# discussion.
#
# About using servers from the NTP Pool Project in general see (LP: #104525).
# Approved by Ubuntu Technical Board on 2011-02-08.
# See http://www.pool.ntp.org/join.html for more information.
#pool ntp.ubuntu.com        iburst maxsources 4
#pool 0.ubuntu.pool.ntp.org iburst maxsources 1
#pool 1.ubuntu.pool.ntp.org iburst maxsources 1
#pool 2.ubuntu.pool.ntp.org iburst maxsources 2

server 172.200.6.101 iburst maxsources 1


# This directive specify the location of the file containing ID/key pairs for
# NTP authentication.
keyfile /etc/chrony/chrony.keys

# This directive specify the file into which chronyd will store the rate
# information.
driftfile /var/lib/chrony/chrony.drift

# Uncomment the following line to turn logging on.
#log tracking measurements statistics

# Log files location.
logdir /var/log/chrony

# Stop bad estimates upsetting machine clock.
maxupdateskew 100.0

# This directive enables kernel synchronisation (every 11 minutes) of the
# real-time clock. Note that it can’t be used along with the 'rtcfile' directive.
rtcsync

# Step the system clock instead of slewing it if the adjustment is larger than
# one second, but only in the first three clock updates.
makestep 1 3

• 启动并设置 NTP 客户端开机自启动：

    sudo systemctl start chronyd
    sudo systemctl enable chronyd

• 验证时间同步

    chronyc tracking

查询结果: Leap status : Normal 为同步成功

成功例:

Reference ID    : AC1C1014 (172.28.16.20)
Stratum         : 4
Ref time (UTC)  : Fri May 10 10:10:50 2024
System time     : 0.000929535 seconds slow of NTP time
Last offset     : -0.002262334 seconds
RMS offset      : 0.002262334 seconds
Frequency       : 1.078 ppm slow
Residual freq   : -8.604 ppm
Skew            : 4.322 ppm
Root delay      : 0.060497474 seconds
Root dispersion : 0.005537998 seconds
Update interval : 64.7 seconds
Leap status     : Normal

失败例:

Reference ID    : 00000000 ()
Stratum         : 0
Ref time (UTC)  : Thu Jan 01 00:00:00 1970
System time     : 0.000000000 seconds fast of NTP time
Last offset     : +0.000000000 seconds
RMS offset      : 0.000000000 seconds
Frequency       : 0.000 ppm slow
Residual freq   : +0.000 ppm
Skew            : 0.000 ppm
Root delay      : 1.000000000 seconds
Root dispersion : 1.000000000 seconds
Update interval : 0.0 seconds
Leap status     : Not synchronised

• 查看时间源列表

chronyc sources -v

例

[root@dzzhdj20 ~]# chronyc sources -v
210 Number of sources = 1

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| /   '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* ntp.aliyun.com                2   9   377   258   -891us[-1048us] +/-   40ms

• chronyd 服务端开放端口: 123

使用 ss 命令 可查看端口使用情况,可发现使用的是udp协议

[root@dzzhdj20 ~]# sudo ss -tuln | grep 123
  udp    UNCONN     0      0         *:123                   *:*  

使用对应操作系统的防火墙指令开放防火墙端口123/udp

CentOS 安装chrony

• 更改云源地址为阿里云,参考文档: https://developer.aliyun.com/mirror/centos?spm=a2c6h.13651102.0.0.139f1b11I1qXb0

• 更新软件包列表:

    yum makecache

• 安装 Chrony

    sudo apt install chrony

• 配置 NTP 服务器(服务端): 修改/etc/chrony.conf

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst

server ntp.aliyun.com iburst

# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift

# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3

# Enable kernel synchronization of the real-time clock (RTC).
rtcsync

# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *

# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2

# Allow NTP client access from local network.
#allow 192.168.0.0/16
#allow all
allow 172.200.6.0/24
allow 10.0.100.0/24


# Serve time even if not synchronized to a time source.
#local stratum 10

# Specify file containing keys for NTP authentication.
#keyfile /etc/chrony.keys

# Specify directory for log files.
logdir /var/log/chrony

# Select which information is logged.
#log measurements statistics tracking

• 配置 NTP 服务器(客户端): 修改/etc/chrony.conf

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst

server 10.0.100.101 iburst

# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift

# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3

# Enable kernel synchronization of the real-time clock (RTC).
rtcsync

# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *

# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2

# Allow NTP client access from local network.
#allow 192.168.0.0/16
#allow all


# Serve time even if not synchronized to a time source.
#local stratum 10

# Specify file containing keys for NTP authentication.
#keyfile /etc/chrony.keys

# Specify directory for log files.
logdir /var/log/chrony

# Select which information is logged.
#log measurements statistics tracking

• 启动并设置 NTP 客户端开机自启动：

    sudo systemctl start chronyd
    sudo systemctl enable chronyd

• 验证时间同步

    chronyc tracking

查询结果: Leap status : Normal 为同步成功

成功例:

Reference ID    : AC1C1014 (172.28.16.20)
Stratum         : 4
Ref time (UTC)  : Fri May 10 10:10:50 2024
System time     : 0.000929535 seconds slow of NTP time
Last offset     : -0.002262334 seconds
RMS offset      : 0.002262334 seconds
Frequency       : 1.078 ppm slow
Residual freq   : -8.604 ppm
Skew            : 4.322 ppm
Root delay      : 0.060497474 seconds
Root dispersion : 0.005537998 seconds
Update interval : 64.7 seconds
Leap status     : Normal

失败例:

Reference ID    : 00000000 ()
Stratum         : 0
Ref time (UTC)  : Thu Jan 01 00:00:00 1970
System time     : 0.000000000 seconds fast of NTP time
Last offset     : +0.000000000 seconds
RMS offset      : 0.000000000 seconds
Frequency       : 0.000 ppm slow
Residual freq   : +0.000 ppm
Skew            : 0.000 ppm
Root delay      : 1.000000000 seconds
Root dispersion : 1.000000000 seconds
Update interval : 0.0 seconds
Leap status     : Not synchronised

• 查看时间源列表

chronyc sources -v

例

[root@dzzhdj20 ~]# chronyc sources -v
210 Number of sources = 1

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| /   '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* ntp.aliyun.com                2   9   377   258   -891us[-1048us] +/-   40ms

• chronyd 服务端开放端口: 123

使用 ss 命令 可查看端口使用情况,可发现使用的是udp协议

[root@dzzhdj20 ~]# sudo ss -tuln | grep 123
  udp    UNCONN     0      0         *:123                   *:*  

使用对应操作系统的防火墙指令开放防火墙端口123/udp