之前centos6我们一直用的ntp时间服务器,虽然到CentOS7上也可以装ntp。但是各种坑啊。这次换一个时间同步工具---->chrony
=========================环境========================
server端
[root@zabbix ~]# hostname
zabbix
[root@zabbix ~]# hostname -I
10.0.0.120 172.16.1.120
先说下环境,我这里是用ansible批量执行的。server端为外网为10.0.0.120。
目标是让客户端四台机器做到时间同步,一秒不差.
小提示:在利用ansible批量分发文件的时候,覆盖文件是一件很危险的事,如果原文件存在,最好先备份。其实不管是ansible还是其它操作,覆盖都是很危险的
[root@zabbix ~]# cat /etc/ansible/hosts
[client]
172.16.1.51
172.16.1.52
172.16.1.53
172.16.1.250
防火墙关闭:
[root@zabbix ~]# systemctl status firewalld.service
???firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
selinux关闭:
[root@zabbix ~]# getenforce
Disabled
[root@localhost ~]# systemctl status chrony
● chrony.service
Loaded: not-found (Reason: No such file or directory)
Active: inactive (dead)
========================服务端=========================
1.安装chrony(所有机器)
yum install chrony -y
2.启动chrony
[root@zabbix ~]# systemctl start chronyd.service
[root@zabbix ~]# systemctl status chronyd.service
???chronyd.service - NTP client/server
Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2017-05-27 11:47:43 CST; 4s ago
3.编辑配置文件(注意:现在是服务器端的修改)
22 allow 10.0.0.0/24
23
24 # Listen for commands only on localhost.
25 bindcmdaddress 127.0.0.1
26 bindcmdaddress ::1
27
28 # Serve time even if not synchronized to any NTP server.
29 local stratum 10
#第22行设置为本网段
#第29行的注释取消
4.查看配置文件如下
[root@zabbix ~]# egrep -v "#|^$" /etc/chrony.conf
server ntp1.aliyun.com
server time1.aliyun.com
stratumweight 0
driftfile /var/lib/chrony/drift
rtcsync
makestep 10 3
allow 10.0.0.0/24
bindcmdaddress 127.0.0.1
bindcmdaddress ::1
local stratum 10
keyfile /etc/chrony.keys
commandkey 1
generatecommandkey
noclientlog
logchange 0.5
logdir /var/log/chrony
5.重启时间同步服务
[root@zabbix ~]# systemctl restart chronyd.service
======================客户端=====================
方法一:
客户端的配置文件是同一个文件(/etc/chrony.conf)
1.删掉哪些没用的server xxxxxxxxxx iburst
1 # Use public servers from the pool.ntp.org project.
2 # Please consider joining the pool (http://www.pool.ntp.org/j oin.html).
3 server 10.0.0.120 iburst
4 # Ignore stratum in source selection.
2.在server端把配置文件编辑好然后用ansible批量分发过去
[root@zabbix ~]# ansible client -m copy -a "src=/root/chrony.conf dest=/etc/"
172.16.1.250 | SUCCESS => {
"changed": true,
"checksum": "52bda81d895de3c7c54886d342e5eec074df757e",
"dest": "/etc/chrony.conf",
"gid": 0,
"group": "root",
"md5sum": "aee9cc7faa70a0c189033cdb8692e4b1",
"mode": "0644",
"owner": "root",
"size": 1038,
"src": "/root/.ansible/tmp/ansible-tmp-1495860905.35-183232559888238/source",
"state": "file",
"uid": 0
}
172.16.1.53 | SUCCESS => {
"changed": true,
"checksum": "52bda81d895de3c7c54886d342e5eec074df757e",
"dest": "/etc/chrony.conf",
"gid": 0,
"group": "root",
"md5sum": "aee9cc7faa70a0c189033cdb8692e4b1",
"mode": "0644",
"owner": "root",
"size": 1038,
"src": "/root/.ansible/tmp/ansible-tmp-1495860905.34-134007063835838/source",
"state": "file",
"uid": 0
}
172.16.1.51 | SUCCESS => {
"changed": true,
"checksum": "52bda81d895de3c7c54886d342e5eec074df757e",
"dest": "/etc/chrony.conf",
"gid": 0,
"group": "root",
"md5sum": "aee9cc7faa70a0c189033cdb8692e4b1",
"mode": "0644",
"owner": "root",
"size": 1038,
"src": "/root/.ansible/tmp/ansible-tmp-1495860905.43-104570916452677/source",
"state": "file",
"uid": 0
}
172.16.1.52 | SUCCESS => {
"changed": true,
"checksum": "52bda81d895de3c7c54886d342e5eec074df757e",
"dest": "/etc/chrony.conf",
"gid": 0,
"group": "root",
"md5sum": "aee9cc7faa70a0c189033cdb8692e4b1",
"mode": "0644",
"owner": "root",
"size": 1038,
"src": "/root/.ansible/tmp/ansible-tmp-1495860905.43-40575778655199/source",
"state": "file",
"uid": 0
}
3.启动同步服务,防火墙也需要关闭
[root@zabbix ~]# ansible client -m shell -a "systemctl start chronyd.service"
172.16.1.53 | SUCCESS | rc=0 >>
172.16.1.250 | SUCCESS | rc=0 >>
172.16.1.52 | SUCCESS | rc=0 >>
172.16.1.51 | SUCCESS | rc=0 >>
4.注意客户端时间同步定时任务关闭
[root@zabbix ~]# ansible client -m shell -a "crontab -l"
172.16.1.51 | SUCCESS | rc=0 >>
172.16.1.250 | SUCCESS | rc=0 >>
172.16.1.53 | SUCCESS | rc=0 >>
172.16.1.52 | SUCCESS | rc=0 >>
5.Centos7依然可以用ntpdate命令同步时间
[root@zabbix ~]# ansible client -m shell -a "ntpdate 10.0.0.120"
172.16.1.53 | SUCCESS | rc=0 >>
27 May 13:05:57 ntpdate[26817]: adjust time server 10.0.0.120 offset -0.001686 sec
172.16.1.250 | SUCCESS | rc=0 >>
27 May 13:05:57 ntpdate[17419]: adjust time server 10.0.0.120 offset -0.004419 sec
172.16.1.52 | SUCCESS | rc=0 >>
27 May 13:05:57 ntpdate[50111]: adjust time server 10.0.0.120 offset -0.004410 sec
172.16.1.51 | SUCCESS | rc=0 >>
27 May 13:05:57 ntpdate[114089]: adjust time server 10.0.0.120 offset -0.000597 sec
6.查看时间,现在已经都同步了,一秒不差
[root@zabbix ~]# ansible client -m shell -a "date"
172.16.1.250 | SUCCESS | rc=0 >>
Sat May 27 13:06:04 CST 2017
172.16.1.51 | SUCCESS | rc=0 >>
Sat May 27 13:06:04 CST 2017
172.16.1.53 | SUCCESS | rc=0 >>
Sat May 27 13:06:04 CST 2017
172.16.1.52 | SUCCESS | rc=0 >>
Sat May 27 13:06:04 CST 2017
方法二:
放入定时任务
[root@zabbix ~]# ansible client -m cron -a "name='time sync' minute=*/5 job='/usr/sbin/ntpdate 10.0.0.120 &>/dev/null'"
172.16.1.51 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"time sync"
]
}
172.16.1.52 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"time sync"
]
}
172.16.1.53 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"time sync"
]
}
172.16.1.250 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"time sync"
]
}
[root@zabbix ~]# ansible client -m shell -a "crontab -l"
172.16.1.51 | SUCCESS | rc=0 >>
#Ansible: time sync
*/5 * * * * /usr/sbin/ntpdate 10.0.0.120 &>/dev/null
172.16.1.52 | SUCCESS | rc=0 >>
#Ansible: time sync
*/5 * * * * /usr/sbin/ntpdate 10.0.0.120 &>/dev/null
172.16.1.53 | SUCCESS | rc=0 >>
#Ansible: time sync
*/5 * * * * /usr/sbin/ntpdate 10.0.0.120 &>/dev/null
172.16.1.250 | SUCCESS | rc=0 >>
#Ansible: time sync
*/5 * * * * /usr/sbin/ntpdate 10.0.0.120 &>/dev/null
网友评论