在其他文章有提過,不要用巨硬公司 windows server 當成 NTP Server. 它會給你製造非常多的麻煩。
網路上已經有一堆文章在講 how to install ntp/chrony on centos 7。說明的非常清楚,操作完成的時間大約幾分鐘就可以搞定,所以…要嘛就直接使用外部精良的 NTP Server,要嘛就自己建一台 (基於重重阻擋的政策)
為 Chrony 為例:
安裝 Chrony
# yum install -y chrony
開通或是關閉 Firewall
# firewall-cmd –add-service=ntp –permanent && firewall-cmd –add-service=ntp
or
# systemctl stop firewalld.service && systemctl disable firewalld.service
/etc/chrony.conf 改成下面:
我這邊使用 time.google.com.
放入允許的 RFC1918 private IP addresses
關掉 RTC
Use public servers from the pool.ntp.org project. Please consider joining the pool (http://www.pool.ntp.org/join.html). server time.google.com iburst Record the rate at which the system clock gains/losses time. driftfile /var/lib/chrony/drift Allow the system clock to be stepped in the first three updates if its offset is larger than 1 second. makestep 1.0 3 Enable kernel synchronization of the real-time clock (RTC). rtcsync Enable hardware timestamping on all interfaces that support it. hwtimestamp * Increase the minimum number of selectable sources required to adjust the system clock. minsources 2 Allow NTP client access from local network. allow 192.168.0.0/16 allow 172.0.0.0/8 allow 10.0.0.0/8 Serve time even if not synchronized to a time source. local stratum 10 Specify file containing keys for NTP authentication. keyfile /etc/chrony.keys Specify directory for log files. logdir /var/log/chrony Select which information is logged. log measurements statistics tracking
常用的 chrony troubleshooting CLI
# chronyc tracking # chronyc sources -v # chronyc sourcestats -v # systemctl status chronyd
Simon Cheng 的儲思盆 