NTPサーバとの同期状態の確認などでchronyc sources
を使ったりするが、
ほかにもいろいろできるみたい。
一部のコマンドは認証しないと実行できない。
(ただしデフォルトではパスワードは設定されていないため、認証要求の-aを付与するだけでOK)
また、chronyc やchronyc -aで対話モードが利用できる。
試しにhelpを実行すると、、、多い。
とはいっても、chrony.confを編集する代わりにコマンド操作できるものがほとんど。
[root@server ~]# chronyc -a
chrony version 2.1.1
Copyright (C) 1997-2003, 2007, 2009-2015 Richard P. Curnow and others
chrony comes with ABSOLUTELY NO WARRANTY. This is free software, and
you are welcome to redistribute it under certain conditions. See the
GNU General Public License version 2 for details.
chronyc> help
Commands:
accheck <address> : Check whether NTP access is allowed to <address>
activity : Check how many NTP sources are online/offline
add peer <address> ... : Add a new NTP peer
add server <address> ... : Add a new NTP server
allow [<subnet-addr>] : Allow NTP access to that subnet as a default
allow all [<subnet-addr>] : Allow NTP access to that subnet and all children
burst <n-good>/<n-max> [<mask>/<masked-address>] : Start a rapid set of measurements
clients : Report on clients that have accessed the server
cmdaccheck <address> : Check whether command access is allowed to <address>
cmdallow [<subnet-addr>] : Allow command access to that subnet as a default
cmdallow all [<subnet-addr>] : Allow command access to that subnet and all children
cmddeny [<subnet-addr>] : Deny command access to that subnet as a default
cmddeny all [<subnet-addr>] : Deny command access to that subnet and all children
cyclelogs : Close and re-open logs files
delete <address> : Remove an NTP server or peer
deny [<subnet-addr>] : Deny NTP access to that subnet as a default
deny all [<subnet-addr>] : Deny NTP access to that subnet and all children
dump : Dump all measurements to save files
local off : Disable server capability for unsynchronised clock
local stratum <stratum> : Enable server capability for unsynchronised clock
makestep [<threshold> <updates>] : Correct clock by stepping
manual off|on|reset : Disable/enable/reset settime command and statistics
manual list : Show previous settime entries
maxdelay <address> <new-max-delay> : Modify maximum round-trip valid sample delay for source
maxdelayratio <address> <new-max-ratio> : Modify max round-trip delay ratio for source
maxdelaydevratio <address> <new-max-ratio> : Modify max round-trip delay dev ratio for source
maxpoll <address> <new-maxpoll> : Modify maximum polling interval of source
maxupdateskew <new-max-skew> : Modify maximum skew for a clock frequency update to be made
minpoll <address> <new-minpoll> : Modify minimum polling interval of source
minstratum <address> <new-min-stratum> : Modify minimum stratum of source
offline [<mask>/<masked-address>] : Set sources in subnet to offline status
online [<mask>/<masked-address>] : Set sources in subnet to online status
password [<new-password>] : Set command authentication password
polltarget <address> <new-poll-target> : Modify poll target of source
reselect : Reselect synchronisation source
rtcdata : Print current RTC performance parameters
settime <date/time (e.g. Nov 21, 1997 16:30:05 or 16:30:05)> : Manually set the daemon time
smoothing : Display current time smoothing state
smoothtime reset|activate : Reset/activate time smoothing
sources [-v] : Display information about current sources
sourcestats [-v] : Display estimation information about current sources
tracking : Display system time information
trimrtc : Correct RTC relative to system clock
waitsync [max-tries [max-correction [max-skew]]] : Wait until synchronised
writertc : Save RTC parameters to file
authhash <name>: Set command authentication hash function
dns -n|+n : Disable/enable resolving IP addresses to hostnames
dns -4|-6|-46 : Resolve hostnames only to IPv4/IPv6/both addresses
timeout <milliseconds> : Set initial response timeout
retries <n> : Set maximum number of retries
exit|quit : Leave the program
help : Generate this help
とりあえず使えそうなものをいくつか
上位NTPサーバとの同期状態を確認する。
同期状態を確認するためのコマンドとしては、
#chronyc sources
#chronyc sourcestats
#chronyc tracking
あたり。
-vをつけると、各項目の説明も表示される。
- S列
[*]表示となっているサーバが、現在同期しているサーバ。
これが出ていれば同期できている。
[-]は同期可能だが、使用していないサーバ
[?]は切断されたサーバ -
Pool列
ポーリング間隔。10の場合、1024秒間隔で同期する。 -
Reach列
最近8回の同期可否を8進数で表現している。成功した場合1、失敗した場合は0
8回連続で成功している場合は377(1111 1111) -
LastRx列
最後に同期してからの経過時間(秒)を表示する。 -
Last sample列
最後に同期した際の時刻のズレを表示する。
[]カッコ内の表示が実際のズレで、同期先サーバから見て遅れている(-)か、進んでいる(+)かわかる。
[root@hserver ~]# chronyc sources -v
210 Number of sources = 3
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^+ ntp1.jst.mfeed.ad.jp 2 6 377 56 -3868us[-3868us] +/- 98ms
^* ntp2.jst.mfeed.ad.jp 2 6 377 57 -118us[+1540us] +/- 109ms
^+ ntp3.jst.mfeed.ad.jp 2 6 377 57 -2908us[-2908us] +/- 147ms
[root@server ~]# chronyc sourcestats -v
210 Number of sources = 3
.- Number of sample points in measurement set.
/ .- Number of residual runs with same sign.
| / .- Length of measurement set (time).
| | / .- Est. clock freq error (ppm).
| | | / .- Est. error in freq.
| | | | / .- Est. offset.
| | | | | | On the -.
| | | | | | samples. \
| | | | | | |
Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev
==============================================================================
ntp1.jst.mfeed.ad.jp 10 6 395 +11.713 39.434 +636us 2994us
ntp2.jst.mfeed.ad.jp 10 6 394 +13.079 23.023 +822us 2001us
ntp3.jst.mfeed.ad.jp 10 7 394 +1.576 24.893 -798us 2215us
[root@server ~]$ chronyc tracking
Reference ID : 210.173.160.57 (ntp2.jst.mfeed.ad.jp)
Stratum : 3
Ref time (UTC) : Sat May 20 10:06:32 2017
System time : 0.000845202 seconds fast of NTP time
Last offset : +0.000433457 seconds
RMS offset : 0.000963310 seconds
Frequency : 12.189 ppm slow
Residual freq : +0.008 ppm
Skew : 0.252 ppm
Root delay : 0.063902 seconds
Root dispersion : 0.049442 seconds
Update interval : 1027.2 seconds
Leap status : Normal
クライアントの情報を確認する。
ちなみに、chronyc -a clientsでも可
chronyc> clients
Hostname Client Peer CmdAuth CmdNorm CmdBad LstN LstC
========================= ====== ====== ====== ====== ====== ==== ====
localhost 0 0 6 30 0 47y 0
192.168.10.xxx 887 0 0 0 0 60 47y
192.168.15.xxx 103 0 0 0 0 316 47y
192.168.10.xxx 66 0 0 0 0 188 47y
gateway 735 0 0 0 0 21 47y
192.168.50.xx 65 0 0 0 0 511 47y
アクセス許可の確認をする
chronyc> accheck 192.168.1.1
208 Access allowed
chronyc> accheck 1.1.1.1
209 Access denied
一時的な設定変更をサービス再起動無しにおこなう。
試しにserverを削除・追加する。
chronyc> sources
210 Number of sources = 3
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^+ ntp1.jst.mfeed.ad.jp 2 10 377 150 +5444us[+5444us] +/- 119ms
^* ntp2.jst.mfeed.ad.jp 2 10 337 258 +4111us[+5821us] +/- 96ms
^- ntp3.jst.mfeed.ad.jp 2 10 377 607 +8519us[ +10ms] +/- 135ms
chronyc>
chronyc> delete ntp3.jst.mfeed.ad.jp
200 OK
chronyc> sources
210 Number of sources = 2
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^+ ntp1.jst.mfeed.ad.jp 2 10 377 165 +5444us[+5444us] +/- 119ms
^* ntp2.jst.mfeed.ad.jp 2 10 337 272 +4111us[+5821us] +/- 96ms
ただじchrony.confには残ったままのため、chronydを再起動すると元に戻る。
[root@horizon ~]# cat /etc/chrony.conf | grep server
server ntp1.jst.mfeed.ad.jp iburst
server ntp2.jst.mfeed.ad.jp iburst
server ntp3.jst.mfeed.ad.jp iburst