refer : https://chrony.tuxfamily.org/documentation.html

概念梳理

chrony is a versatile implementation of the Network Time Protocol (NTP). It can synchronise the system clock with NTP servers, reference clocks (e.g. GPS receiver), and manual input using wristwatch and keyboard. It can also operate as an NTPv4 (RFC 5905) server and peer to provide a time service to other computers in the network.

It is designed to perform well in a wide range of conditions, including intermittent network connections, heavily congested networks, changing temperatures (ordinary computer clocks are sensitive to temperature), and systems that do not run continuosly, or run on a virtual machine.

Typical accuracy between two machines synchronised over the Internet is within a few milliseconds; on a LAN, accuracy is typically in tens of microseconds. With hardware timestamping, or a hardware reference clock, sub-microsecond accuracy may be possible.

Two programs are included in chrony, chronyd is a daemon that can be started at boot time and chronyc is a command-line interface program which can be used to monitor chronyd’s performance and to change various operating parameters whilst it is running.

3个重要的组成部分:

• chronyc - command-line interface for chrony daemon
• chronyd - a daemon for synchronisation of the system clock
• chrony.conf - chronyd configuration file /etc/chrony.conf

chronyd

refer to : https://chrony.tuxfamily.org/doc/4.3/chronyd.html

chronyd is a daemon for synchronisation of the system clock. It can synchronise the clock with NTP servers, reference clocks (e.g. a GPS receiver), and manual input using wristwatch and keyboard via chronyc. It can also operate as an NTPv4 (RFC 5905) server and peer to provide a time service to other computers in the network.

If no configuration directives are specified on the command line, chronyd will read them from a configuration file. The compiled-in default location of the file is /etc/chrony.conf.

Informational messages, warnings, and errors will be logged to syslog.

chrony.conf

refer to : https://chrony.tuxfamily.org/doc/4.3/chrony.conf.html

This file configures the chronyd daemon. The compiled-in location is /etc/chrony.conf. Other locations can be specified on the chronyd command line with the -f option.

Each directive in the configuration file is placed on a separate line. The following sections describe each of the directives in turn. The directives are not case-sensitive. Generally, the directives can occur in any order in the file and if a directive is specified multiple times, only the last one will be effective. Exceptions are noted in the descriptions.

The configuration directives can also be specified directly on the chronyd command line. In this case each argument is parsed as a new line and the configuration file is ignored.

While the number of supported directives is large, only a few of them are typically needed. See the EXAMPLES section for configuration in typical operating scenarios.

The configuration file might contain comment lines. A comment line is any line that starts with zero or more spaces followed by any one of the following characters: !, ;, #, %. Any line with this format will be ignored.

DIRECTIVES

Time sources

server hostname [option]…​

The server directive specifies an NTP server which can be used as a time source. The client-server relationship is strictly hierarchical: a client might synchronise its system time to that of the server, but the server’s system time will never be influenced by that of a client.

The server can be specified by its hostname or IP address. If the hostname cannot be resolved on start, chronyd will try it again in increasing intervals, and also when the online command is issued in chronyc.

The DNS record can change over time. The used address will be replaced with a newly resolved address when the server becomes unreachable (i.e. no valid response to last 8 requests), unsynchronised, a falseticker (i.e. does not agree with a majority of other sources), or the root distance is too large (the limit can be configured by the maxdistance directive). The automatic replacement happens at most once per 30 minutes. It can also be triggered manually for all sources by the refresh command in chronyc.

This directive can be used multiple times to specify multiple servers.

The directive supports the following options:

minpoll poll
This option specifies the minimum interval between requests sent to the server as a power of 2 in seconds. For example, minpoll 5 would mean that the polling interval should not drop below 32 seconds. The default is 6 (64 seconds), the minimum is -7 (1/128th of a second), and the maximum is 24 (6 months). Note that intervals shorter than 6 (64 seconds) should generally not be used with public servers on the Internet, because it might be considered abuse. A sub-second interval will be enabled only when the server is reachable and the round-trip delay is shorter than 10 milliseconds, i.e. the server should be in a local network.

maxpoll poll
This option specifies the maximum interval between requests sent to the server as a power of 2 in seconds. For example, maxpoll 9 indicates that the polling interval should stay at or below 9 (512 seconds). The default is 10 (1024 seconds), the minimum is -7 (1/128th of a second), and the maximum is 24 (6 months).

iburst
With this option, chronyd will start with a burst of 4-8 requests in order to make the first update of the clock sooner. It will also repeat the burst every time the source is switched from the offline state to online with the online command in chronyc.

burst
With this option, chronyd will send a burst of up to 4 requests when it cannot get a good measurement from the server. The number of requests in the burst is limited by the current polling interval to keep the average interval at or above the minimum interval, i.e. the current interval needs to be at least two times longer than the minimum interval in order to allow a burst with two requests.

pool name [option]…​

The syntax of this directive is similar to that for the server directive, except that it is used to specify a pool of NTP servers rather than a single NTP server. The pool name is expected to resolve to multiple addresses which might change over time.

This directive can be used multiple times to specify multiple pools.

All options valid in the server directive can be used in this directive too. There is one option specific to the pool directive:

maxsources sources
This option sets the desired number of sources to be used from the pool. chronyd will repeatedly try to resolve the name until it gets this number of sources responding to requests. The default value is 4 and the maximum value is 16.

An example of the pool directive is

pool pool.ntp.org iburst maxsources 3

chronyc

refer to: https://chrony.tuxfamily.org/doc/4.3/chronyc.html

chronyc is a command-line interface program which can be used to monitor chronyd’s performance and to change various operating parameters whilst it is running.

If no commands are specified on the command line, chronyc will expect input from the user. The prompt chronyc> will be displayed when it is being run from a terminal. If chronyc’s input or output are redirected from or to a file, the prompt will not be shown.

There are two ways chronyc can access chronyd. One is the Internet Protocol (IPv4 or IPv6) and the other is a Unix domain socket, which is accessible locally by the root or chrony user. By default, chronyc first tries to connect to the Unix domain socket. The compiled-in default path is /var/run/chrony/chronyd.sock. If that fails (e.g. because chronyc is running under a non-root user), it will try to connect to 127.0.0.1 and then ::1.

Only the following monitoring commands, which do not affect the behaviour of chronyd, are allowed from the network: activity, manual list, rtcdata, smoothing, sourcename, sources, sourcestats, tracking, waitsync. The set of hosts from which chronyd will accept these commands can be configured with the cmdallow directive in the chronyd’s configuration file or the cmdallow command in chronyc. By default, the commands are accepted only from localhost (127.0.0.1 or ::1).

All other commands are allowed only through the Unix domain socket. When sent over the network, chronyd will respond with a ‘Not authorised’ error, even if it is from localhost.

Having full access to chronyd via chronyc is more or less equivalent to being able to modify the chronyd’s configuration file and restart it.

COMMANDS

This section describes each of the commands available within the chronyc program.

System clock

tracking

The tracking command displays parameters about the system’s clock performance. An example of the output is shown below.

Reference ID : CB00710F (foo.example.net)
Stratum : 3
Ref time (UTC) : Fri Jan 27 09:49:17 2017
System time : 0.000006523 seconds slow of NTP time
Last offset : -0.000006747 seconds
RMS offset : 0.000035822 seconds
Frequency : 3.225 ppm slow
Residual freq : -0.000 ppm
Skew : 0.129 ppm
Root delay : 0.013639022 seconds
Root dispersion : 0.001100737 seconds
Update interval : 64.2 seconds
Leap status : Normal
The fields are explained as follows:

Time sources

sources [-a] [-v]

This command displays information about the current time sources that chronyd is accessing.

If the -a option is specified, all sources are displayed, including those that do not have a known address yet. Such sources have an identifier in the format ID#XXXXXXXXXX, which can be used in other commands expecting a source address.

The -v option enables a verbose output. In this case, extra caption lines are shown as a reminder of the meanings of the columns.

MS Name/IP address Stratum Poll Reach LastRx Last sample

#* GPS0 0 4 377 11 -479ns[ -621ns] +/- 134ns
^? foo.example.net 2 6 377 23 -923us[ -924us] +/- 43ms
^+ bar.example.net 1 6 377 21 -2629us[-2619us] +/- 86ms