文章目录
- 1. 问题描述
- 2.检查chrony.conf配置
- 3.检查 Chronyd 进程状态
- 4.检查 Chrony 是否在跟踪时间
- 5.检查 Chrony 是否获取了 NTP 源
- 6.检查防火墙
- 7.检查网络连接性
- 8.根因
- 9.解决方案
- 10.验证
1. 问题描述
在一台 Linux 服务器上配置了 Chrony 作为 NTP 客户端,配置文件 /etc/chrony.conf 指定了两个 NTP 服务器:
2.检查chrony.conf配置
cat /etc/chrony.conf |grep -v ^#|grep -v -E '^[[:space:]]*$'
server time.pci.com prefer iburst
server time.pchen.com iburst
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
keyfile /etc/chrony.keys
leapsectz right/UTC
logdir /var/log/chrony
3.检查 Chronyd 进程状态
systemctl status chronyd.service
● chronyd.service - NTP client/serverLoaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)Active: active (running) since Mon 2025-02-10 16:06:37 +07; 21h agoDocs: man:chronyd(8)man:chrony.conf(5)Process: 486036 ExecStartPost=/usr/libexec/chrony-helper update-daemon (code=exited, status=0/SUCCESS)Process: 486030 ExecStart=/usr/sbin/chronyd $OPTIONS (code=exited, status=0/SUCCESS)Main PID: 486034 (chronyd)Tasks: 1 (limit: 410330)Memory: 904.0KCGroup: /system.slice/chronyd.service└─486034 /usr/sbin/chronyd
输出显示 Chronyd 进程是 active (running),说明服务已经启动,并且没有明显的错误。
4.检查 Chrony 是否在跟踪时间
chronyc tracking
Reference ID : 00000000 ()
Stratum : 0
Ref time (UTC) : Thu Jan 01 00:00:00 1970
System time : 0.000000000 seconds slow of NTP time
Last offset : +0.000000000 seconds
RMS offset : 0.000000000 seconds
Frequency : 1.114 ppm slow
Residual freq : +0.000 ppm
Skew : 0.000 ppm
Root delay : 1.000000000 seconds
Root dispersion : 1.000000000 seconds
Update interval : 0.0 seconds
Leap status : Not synchronised
chronyc tracking 也显示 Leap status: Not synchronised,表明 Chrony 没有同步到任何时间源。
Reference ID: 00000000 (),表明 Chrony 还没有成功同步任何时间源。
5.检查 Chrony 是否获取了 NTP 源
chronyc sources -v
210 Number of sources = 0.-- Source mode '^' = server, '=' = peer, '#' = local clock./ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
输出显示 Number of sources = 0,意味着 Chrony 没有从任何 NTP 服务器获取时间。
6.检查防火墙
iptables -L|grep ntp
ACCEPT udp -- anywhere anywhere udp dpt:ntp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ntp
输出表明,防火墙已经放行ntp相关的连接
7.检查网络连接性
7.1 使用ping命令检查连接性
ping time.pci.com
ping: time.pci.com: Name or service not known
结果显示无法解析time.pci.com
7.2 检查 DNS 解析是否正常
nslookup time.pci.com
Server: 8.8.8.8
Address: 8.8.8.8#53
** server can't find time.pci.com: NXDOMAIN
7.3 直接ping ntp server 的ip
ping 172.19.1.5
PING 172.19.1.5 (172.19.1.5) 56(84) bytes of data.
64 bytes from 172.19.1.5: icmp_seq=1 ttl=63 time=0.195 ms
64 bytes from 172.19.1.5: icmp_seq=2 ttl=63 time=0.197 ms
7.4 使用nc测试
nc -uzv -w 2 172.19.1.5 123
Connection to 172.19.1.5 123 port [udp/ntp] succeeded!
8.根因
通过上述检查,chrony.conf中透过fqdn的形式指定的两台ntp server,均属于内部的ntp server,而这台主机的默认dns server 是8.8.8.8(外部public dns server),无法解析内部的ntp server的fqdn
9.解决方案
再/etc/hosts中增加本地的dns解析条目
172.19.1.5 time.pci.com
172.16.5.196 time.pchen.com
10.验证
重启chronyd.service
systemctl restart chronyd.service
验证Chrony 是否在跟踪时间
ping time.pci.com
ping: time.pci.com: Name or service not known
[root@pcimgwctr1-p ~]# vi /etc/hosts
[root@pcimgwctr1-p ~]# systemctl restart chronyd.service
[root@pcimgwctr1-p ~]# chronyc tracking
Reference ID : AC130105 (time.pci.com)
Stratum : 4
Ref time (UTC) : Tue Feb 11 08:56:50 2025
System time : 0.000000006 seconds slow of NTP time
Last offset : +0.000005784 seconds
RMS offset : 0.000005784 seconds
Frequency : 1.114 ppm slow
Residual freq : +6.548 ppm
Skew : 0.076 ppm
Root delay : 0.073076181 seconds
Root dispersion : 0.048127584 seconds
Update interval : 2.1 seconds
Leap status : Normal
Leap status:已经变为Normal,表明 Chrony 同步正常。
验证Chrony NTP 源
chronyc sources -v
210 Number of sources = 2.-- Source mode '^' = server, '=' = peer, '#' = local clock./ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* time.pci.com 3 6 77 54 +725ns[ +11us] +/- 86ms
^- time.pchen.com 2 6 77 54 -134us[ -124us] +/- 67ms
以上输出表明,主机已经开始与ntp server正常同步时间