chronycを使う

NTPサーバとの同期状態の確認などでchronyc sourcesを使ったりするが、
ほかにもいろいろできるみたい。

一部のコマンドは認証しないと実行できない。
(ただしデフォルトではパスワードは設定されていないため、認証要求の-aを付与するだけでOK)

また、chronyc やchronyc -aで対話モードが利用できる。

試しにhelpを実行すると、、、多い。
とはいっても、chrony.confを編集する代わりにコマンド操作できるものがほとんど。

[root@server ~]# chronyc -a
chrony version 2.1.1
Copyright (C) 1997-2003, 2007, 2009-2015 Richard P. Curnow and others
chrony comes with ABSOLUTELY NO WARRANTY.  This is free software, and
you are welcome to redistribute it under certain conditions.  See the
GNU General Public License version 2 for details.

chronyc> help
Commands:
accheck <address> : Check whether NTP access is allowed to <address>
activity : Check how many NTP sources are online/offline
add peer <address> ... : Add a new NTP peer
add server <address> ... : Add a new NTP server
allow [<subnet-addr>] : Allow NTP access to that subnet as a default
allow all [<subnet-addr>] : Allow NTP access to that subnet and all children
burst <n-good>/<n-max> [<mask>/<masked-address>] : Start a rapid set of measurements
clients : Report on clients that have accessed the server
cmdaccheck <address> : Check whether command access is allowed to <address>
cmdallow [<subnet-addr>] : Allow command access to that subnet as a default
cmdallow all [<subnet-addr>] : Allow command access to that subnet and all children
cmddeny [<subnet-addr>] : Deny command access to that subnet as a default
cmddeny all [<subnet-addr>] : Deny command access to that subnet and all children
cyclelogs : Close and re-open logs files
delete <address> : Remove an NTP server or peer
deny [<subnet-addr>] : Deny NTP access to that subnet as a default
deny all [<subnet-addr>] : Deny NTP access to that subnet and all children
dump : Dump all measurements to save files
local off : Disable server capability for unsynchronised clock
local stratum <stratum> : Enable server capability for unsynchronised clock
makestep [<threshold> <updates>] : Correct clock by stepping
manual off|on|reset : Disable/enable/reset settime command and statistics
manual list : Show previous settime entries
maxdelay <address> <new-max-delay> : Modify maximum round-trip valid sample delay for source
maxdelayratio <address> <new-max-ratio> : Modify max round-trip delay ratio for source
maxdelaydevratio <address> <new-max-ratio> : Modify max round-trip delay dev ratio for source
maxpoll <address> <new-maxpoll> : Modify maximum polling interval of source
maxupdateskew <new-max-skew> : Modify maximum skew for a clock frequency update to be made
minpoll <address> <new-minpoll> : Modify minimum polling interval of source
minstratum <address> <new-min-stratum> : Modify minimum stratum of source
offline [<mask>/<masked-address>] : Set sources in subnet to offline status
online [<mask>/<masked-address>] : Set sources in subnet to online status
password [<new-password>] : Set command authentication password
polltarget <address> <new-poll-target> : Modify poll target of source
reselect : Reselect synchronisation source
rtcdata : Print current RTC performance parameters
settime <date/time (e.g. Nov 21, 1997 16:30:05 or 16:30:05)> : Manually set the daemon time
smoothing : Display current time smoothing state
smoothtime reset|activate : Reset/activate time smoothing
sources [-v] : Display information about current sources
sourcestats [-v] : Display estimation information about current sources
tracking : Display system time information
trimrtc : Correct RTC relative to system clock
waitsync [max-tries [max-correction [max-skew]]] : Wait until synchronised
writertc : Save RTC parameters to file

authhash <name>: Set command authentication hash function
dns -n|+n : Disable/enable resolving IP addresses to hostnames
dns -4|-6|-46 : Resolve hostnames only to IPv4/IPv6/both addresses
timeout <milliseconds> : Set initial response timeout
retries <n> : Set maximum number of retries
exit|quit : Leave the program
help : Generate this help

とりあえず使えそうなものをいくつか

上位NTPサーバとの同期状態を確認する。

同期状態を確認するためのコマンドとしては、

#chronyc sources
#chronyc sourcestats
#chronyc tracking

あたり。

-vをつけると、各項目の説明も表示される。

  • S列
    [*]表示となっているサーバが、現在同期しているサーバ。
    これが出ていれば同期できている。
    [-]は同期可能だが、使用していないサーバ
    [?]は切断されたサーバ

  • Pool列
    ポーリング間隔。10の場合、1024秒間隔で同期する。

  • Reach列
    最近8回の同期可否を8進数で表現している。成功した場合1、失敗した場合は0
    8回連続で成功している場合は377(1111 1111)

  • LastRx列
    最後に同期してからの経過時間(秒)を表示する。

  • Last sample列
    最後に同期した際の時刻のズレを表示する。
    []カッコ内の表示が実際のズレで、同期先サーバから見て遅れている(-)か、進んでいる(+)かわかる。

[root@hserver ~]# chronyc sources -v
210 Number of sources = 3

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| /   '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^+ ntp1.jst.mfeed.ad.jp          2   6   377    56  -3868us[-3868us] +/-   98ms
^* ntp2.jst.mfeed.ad.jp          2   6   377    57   -118us[+1540us] +/-  109ms
^+ ntp3.jst.mfeed.ad.jp          2   6   377    57  -2908us[-2908us] +/-  147ms


[root@server ~]# chronyc sourcestats -v
210 Number of sources = 3
                             .- Number of sample points in measurement set.
                            /    .- Number of residual runs with same sign.
                           |    /    .- Length of measurement set (time).
                           |   |    /      .- Est. clock freq error (ppm).
                           |   |   |      /           .- Est. error in freq.
                           |   |   |     |           /         .- Est. offset.
                           |   |   |     |          |          |   On the -.
                           |   |   |     |          |          |   samples. \
                           |   |   |     |          |          |             |
Name/IP Address            NP  NR  Span  Frequency  Freq Skew  Offset  Std Dev
==============================================================================
ntp1.jst.mfeed.ad.jp       10   6   395    +11.713     39.434   +636us  2994us
ntp2.jst.mfeed.ad.jp       10   6   394    +13.079     23.023   +822us  2001us
ntp3.jst.mfeed.ad.jp       10   7   394     +1.576     24.893   -798us  2215us

[root@server ~]$ chronyc tracking
Reference ID    : 210.173.160.57 (ntp2.jst.mfeed.ad.jp)
Stratum         : 3
Ref time (UTC)  : Sat May 20 10:06:32 2017
System time     : 0.000845202 seconds fast of NTP time
Last offset     : +0.000433457 seconds
RMS offset      : 0.000963310 seconds
Frequency       : 12.189 ppm slow
Residual freq   : +0.008 ppm
Skew            : 0.252 ppm
Root delay      : 0.063902 seconds
Root dispersion : 0.049442 seconds
Update interval : 1027.2 seconds
Leap status     : Normal

クライアントの情報を確認する。

ちなみに、chronyc -a clientsでも可

chronyc> clients
Hostname                   Client    Peer CmdAuth CmdNorm  CmdBad  LstN  LstC
=========================  ======  ======  ======  ======  ======  ====  ====
localhost                       0       0       6      30       0   47y     0
192.168.10.xxx                887       0       0       0       0    60   47y
192.168.15.xxx                103       0       0       0       0   316   47y
192.168.10.xxx                 66       0       0       0       0   188   47y
gateway                       735       0       0       0       0    21   47y
192.168.50.xx                  65       0       0       0       0   511   47y

アクセス許可の確認をする

chronyc> accheck 192.168.1.1
208 Access allowed
chronyc> accheck 1.1.1.1
209 Access denied

一時的な設定変更をサービス再起動無しにおこなう。

試しにserverを削除・追加する。

chronyc> sources
210 Number of sources = 3
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^+ ntp1.jst.mfeed.ad.jp          2  10   377   150  +5444us[+5444us] +/-  119ms
^* ntp2.jst.mfeed.ad.jp          2  10   337   258  +4111us[+5821us] +/-   96ms
^- ntp3.jst.mfeed.ad.jp          2  10   377   607  +8519us[  +10ms] +/-  135ms
chronyc>
chronyc> delete ntp3.jst.mfeed.ad.jp
200 OK
chronyc> sources
210 Number of sources = 2
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^+ ntp1.jst.mfeed.ad.jp          2  10   377   165  +5444us[+5444us] +/-  119ms
^* ntp2.jst.mfeed.ad.jp          2  10   337   272  +4111us[+5821us] +/-   96ms

ただじchrony.confには残ったままのため、chronydを再起動すると元に戻る。

[root@horizon ~]# cat /etc/chrony.conf | grep server
server ntp1.jst.mfeed.ad.jp iburst
server ntp2.jst.mfeed.ad.jp iburst
server ntp3.jst.mfeed.ad.jp iburst

Leave a Reply

メールアドレスが公開されることはありません。 * が付いている欄は必須項目です

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>