[Linux] Rocky Linux 폐쇄망, 내부망, NTP, chrony 설치, 설정, 연동

 

개요

chrony는 시간 동기화를 제공하는 프로그램으로 NTP의 대안 중 하나이다.

chrony 서버 환경은 Rocky Linux 9.3, chrony 클라이언트 환경은 Rocky Linux 8.9으로 테스트를 진행했다.

로컬 레포지토리 설정은 이미 포스팅을 했으니 생략하겠다.

---

설치 및 설정

Server

1. chrony 설치

yum install chrony

[root@localhost ~]# yum install chrony
마지막 메타자료 만료확인(0:06:22 이전): 2024년 07월 17일 (수) 오전 11시 02분 55초.
종속성이 해결되었습니다.
================================================================================
 꾸러미           구조             버전                  저장소            크기
================================================================================
설치 중:
 chrony           x86_64           4.5-1.el9             baseos           333 k

연결 요약
================================================================================
설치  1 꾸러미

전체 내려받기 크기: 333 k
설치된 크기 : 653 k
진행할까요? [y/N]:

 

2. 서버 chrony 설정

vi /etc/chrony.conf

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (https://www.pool.ntp.org/join.html).
#pool 2.rocky.pool.ntp.org iburst	# 주석 처리
server 127.127.1.0 iburst

# Use NTP servers from DHCP.
sourcedir /run/chrony-dhcp

# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift

# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3

# Enable kernel synchronization of the real-time clock (RTC).
rtcsync

# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *

# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2

# Allow NTP client access from local network.
allow 허용 서버 대역/24		# ex) 192.168.111.0/24

# Serve time even if not synchronized to a time source.
local stratum 10		# 주석 해제

# Require authentication (nts or key option) for all NTP sources.
#authselectmode require

# Specify file containing keys for NTP authentication.
keyfile /etc/chrony.keys

# Save NTS keys and cookies.
ntsdumpdir /var/lib/chrony

# Insert/delete leap seconds by slewing instead of stepping.
#leapsecmode slew

# Get TAI-UTC offset and leap seconds from the system tz database.
leapsectz right/UTC

# Specify directory for log files.
logdir /var/log/chrony

# Select which information is logged.
#log measurements statistics tracking

 

3. 방화벽 등록

firewall-cmd --add-service=ntp --permanent
firewall-cmd --reload

 

4. 서버 chrony 재시작 및 상태 확인

systemctl restart chronyd
systemctl status chronyd

---

Client

1. 클라이언트 chrony 설치

yum install chrony

 

 

2. 클라이언트 chrony 설정 및 연동

vi /etc/chrony.conf

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (https://www.pool.ntp.org/join.html).
#pool 2.rocky.pool.ntp.org iburst	# 주석 처리
server NTP 서버 IP iburst		# 이 외 수정할 부분 딱히 없음

# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift

# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3

# Enable kernel synchronization of the real-time clock (RTC).
rtcsync

# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *

# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2

# Allow NTP client access from local network.
#allow 192.168.0.0/8

# Serve time even if not synchronized to a time source.
#local stratum 10

# Require authentication (nts or key option) for all NTP sources.
#authselectmode require

# Specify file containing keys for NTP authentication.
keyfile /etc/chrony.keys

# Insert/delete leap seconds by slewing instead of stepping.
#leapsecmode slew

# Get TAI-UTC offset and leap seconds from the system tz database.
leapsectz right/UTC

# Specify directory for log files.
logdir /var/log/chrony

# Select which information is logged.
#log measurements statistics tracking

 

3. 방화벽 등록

firewall-cmd --add-service=ntp --permanent
firewall-cmd --reload

 

4. 연동 확인

chronyc sources -v

[root@localhost ~]# chronyc sources -v
.-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current best, '+' = combined, '-' = not combined,
| /             'x' = may be in error, '~' = too variable, '?' = unusable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^*    NTP 서버 IP               10   6   377    32    +96us[  +86us] +/-  547us

---

특이사항

timedatectl status

[root@localhost ~]# timedatectl status
               Local time: 토 2024-08-24 12:21:26 KST
           Universal time: 토 2024-08-24 03:21:26 UTC
                 RTC time: 토 2024-08-24 03:21:26
                Time zone: Asia/Seoul (KST, +0900)
System clock synchronized: no		# 해당 부분이 no로 나와있을 수 있음
              NTP service: active
          RTC in local TZ: no

 

해당 부분이 no로 나와있으면,

timedatectl set-ntp yes
timedatectl set-ntp true
systemctl restart chronyd

 

입력 후 연동 확인