Debian
NTP 伺服器在啟動時不同步
背景故事:我有幾個帶 GPS 接收器的內部 startum 1 NTP 時鐘,以及在 VMware ESXi 之上虛擬化的 2 個公共 NTP 伺服器,它們從 S1 時鐘中獲取時間並分發它。否則,與其他公共伺服器相比,此設置工作得相當好並且提供了良好的時間。
問題:當我重新啟動虛擬機時,它們無法正確開始同步,並陷入不同步狀態。下面是重啟後的 ntpq -p 輸出。
root@server:~$ ntpq -p remote refid st t when poll reach delay offset jitter ============================================================================== 192.168.1.40 .GPS. 1 u 27 64 3 1.533 -258.43 5948.73 192.168.2.40 .GPS. 1 u 24 64 3 1.118 -258.47 6138.19 192.168.3.42 .GPS. 1 u 24 64 3 0.709 -258.42 5655.02 194.100.49.151 194.100.49.134 2 u 22 64 3 8.124 -258.74 7131.65 gbg1.ntp.se .PPS. 1 u 26 64 3 21.856 -258.43 4876.90 ntp2.sptime.se .PPS. 1 u 23 64 3 19.991 -258.42 7764.97 ntp1.sptime.se .PPS. 1 u 27 64 3 20.489 -258.41 8574.46
如果我然後執行 ntp service restart 我得到這個:
root@server:~$ ntpq -p remote refid st t when poll reach delay offset jitter ============================================================================== 192.168.1.40 .GPS. 1 u 2 64 1 1.517 -258.45 0.065 192.168.2.40 .GPS. 1 u 1 64 1 1.126 -258.46 0.025 192.168.3.42 .GPS. 1 u 2 64 1 0.719 -258.42 0.020 194.100.49.151 194.100.49.134 2 u 5 64 1 8.041 -258.72 0.000 gbg1.ntp.se .PPS. 1 u 6 64 1 21.839 -258.41 0.000 ntp2.sptime.se .PPS. 1 u 4 64 1 19.968 -258.41 0.000 ntp1.sptime.se .PPS. 1 u 3 64 1 20.418 -258.43 0.000
一秒鐘後,它會執行以下步驟:
root@server:~$ ntpq -p remote refid st t when poll reach delay offset jitter ============================================================================== 192.168.1.40 .STEP. 16 u 2 64 0 0.000 0.000 0.000 192.168.2.40 .STEP. 16 u 2 64 0 0.000 0.000 0.000 192.168.3.42 .STEP. 16 u 8 64 0 0.000 0.000 0.000 194.100.49.151 194.100.49.134 2 u - 64 1 7.976 -0.261 0.000 gbg1.ntp.se .PPS. 1 u - 64 1 21.840 0.060 0.000 ntp2.sptime.se .STEP. 16 u 6 64 0 0.000 0.000 0.000 ntp1.sptime.se .STEP. 16 u 6 64 0 0.000 0.000 0.000
之後我們恢復正常操作:
root@server:~$ ntpq -p remote refid st t when poll reach delay offset jitter ============================================================================== 192.168.1.40 .GPS. 1 u 1 64 1 1.474 0.044 0.017 *192.168.2.40 .GPS. 1 u 1 64 1 1.102 0.030 0.005 192.168.3.42 .GPS. 1 u 1 64 1 0.674 0.049 0.009 194.100.49.151 194.100.49.134 2 u 8 64 1 7.976 -0.261 0.000 gbg1.ntp.se .PPS. 1 u 8 64 1 21.840 0.060 0.000 ntp2.sptime.se .PPS. 1 u 6 64 1 19.979 0.059 0.000 ntp1.sptime.se .PPS. 1 u 5 64 1 20.440 0.048 0.000
因此,似乎在重新啟動後系統時鐘關閉了很多,這是可以預料的,但是為什麼 ntpd 不會恐慌並且只是步進時鐘對我來說有點難以理解。
這是我的 ntp.conf
tinker panic 0 # /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help driftfile /var/lib/ntp/ntp.drift # Enable this if you want statistics to be logged. statsdir /var/log/ntpstats/ statistics loopstats peerstats clockstats filegen loopstats file loopstats type day enable filegen peerstats file peerstats type day enable filegen clockstats file clockstats type day enable # You do need to talk to an NTP server or two (or three). #server ntp.your-provider.example # pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will # pick a different set every time it starts up. Please consider joining the # pool: <http://www.pool.ntp.org/join.html> server 192.168.1.40 iburst server 192.168.2.40 iburst server 192.168.3.42 iburst server time1.mikes.fi server ntp1.gbg.netnod.se server ntp2.sptime.se server ntp1.sptime.se # Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for # details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions> # might also be helpful. # # Note that "restrict" applies to both servers and clients, so a configuration # that might be intended to block requests from certain clients could also end # up blocking replies from your own upstream servers. # By default, exchange time with everybody, but don't allow configuration. restrict -4 default kod notrap nomodify nopeer noquery restrict -6 default kod notrap nomodify nopeer noquery # Local users may interrogate the ntp server more closely. restrict 127.0.0.1 restrict ::1 # Clients from this (example!) subnet have unlimited access, but only if # cryptographically authenticated. #restrict 192.168.123.0 mask 255.255.255.0 notrust # If you want to provide time to your local subnet, change the next line. # (Again, the address is an example only.) #broadcast 192.168.123.255 # If you want to listen to time broadcasts on your local subnet, de-comment the # next lines. Please do this only if you trust everybody on the network! #disable auth #broadcastclient
ntpd 預設步長門檻值為 0.125 秒,第一個數據包後的恐慌門檻值為 1000 秒。換句話說,超出設計條件包括偏移量跳躍超過 15 分鐘。
您擷取了初始數據包、步驟以及最終的對等選擇。由於 NTP 算法的工作方式,即使您使用該
iburst
選項,也需要一兩分鐘來建立。Reach 為 3 表示到目前為止只收到了兩個數據包。如果您沒有丟棄 NTP 數據包,請等待更長時間。如果初始偏移量或步進不可接受,您可以等到 ntpd 或作業系統報告同步。對於 Linux 上的 systemd,請嘗試依賴
systemd-time-wait-sync.service
.