Debian

NTP 伺服器在啟動時不同步

  • May 15, 2019

背景故事:我有幾個帶 GPS 接收器的內部 startum 1 NTP 時鐘,以及在 VMware ESXi 之上虛擬化的 2 個公共 NTP 伺服器,它們從 S1 時鐘中獲取時間並分發它。否則,與其他公共伺服器相比,此設置工作得相當好並且提供了良好的時間。

問題:當我重新啟動虛擬機時,它們無法正確開始同步,並陷入不同步狀態。下面是重啟後的 ntpq -p 輸出。

root@server:~$ ntpq -p
remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
192.168.1.40    .GPS.            1 u   27   64    3    1.533  -258.43 5948.73
192.168.2.40    .GPS.            1 u   24   64    3    1.118  -258.47 6138.19
192.168.3.42    .GPS.            1 u   24   64    3    0.709  -258.42 5655.02
194.100.49.151  194.100.49.134   2 u   22   64    3    8.124  -258.74 7131.65
gbg1.ntp.se     .PPS.            1 u   26   64    3   21.856  -258.43 4876.90
ntp2.sptime.se  .PPS.            1 u   23   64    3   19.991  -258.42 7764.97
ntp1.sptime.se  .PPS.            1 u   27   64    3   20.489  -258.41 8574.46

如果我然後執行 ntp service restart 我得到這個:

root@server:~$ ntpq -p
    remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
192.168.1.40    .GPS.            1 u    2   64    1    1.517  -258.45   0.065
192.168.2.40    .GPS.            1 u    1   64    1    1.126  -258.46   0.025
192.168.3.42    .GPS.            1 u    2   64    1    0.719  -258.42   0.020
194.100.49.151  194.100.49.134   2 u    5   64    1    8.041  -258.72   0.000
gbg1.ntp.se     .PPS.            1 u    6   64    1   21.839  -258.41   0.000
ntp2.sptime.se  .PPS.            1 u    4   64    1   19.968  -258.41   0.000
ntp1.sptime.se  .PPS.            1 u    3   64    1   20.418  -258.43   0.000

一秒鐘後,它會執行以下步驟:

root@server:~$ ntpq -p
    remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
192.168.1.40    .STEP.          16 u    2   64    0    0.000    0.000   0.000
192.168.2.40    .STEP.          16 u    2   64    0    0.000    0.000   0.000
192.168.3.42    .STEP.          16 u    8   64    0    0.000    0.000   0.000
194.100.49.151  194.100.49.134   2 u    -   64    1    7.976   -0.261   0.000
gbg1.ntp.se     .PPS.            1 u    -   64    1   21.840    0.060   0.000
ntp2.sptime.se  .STEP.          16 u    6   64    0    0.000    0.000   0.000
ntp1.sptime.se  .STEP.          16 u    6   64    0    0.000    0.000   0.000

之後我們恢復正常操作:

root@server:~$ ntpq -p
    remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
192.168.1.40    .GPS.            1 u    1   64    1    1.474    0.044   0.017
*192.168.2.40    .GPS.            1 u    1   64    1    1.102    0.030   0.005
192.168.3.42    .GPS.            1 u    1   64    1    0.674    0.049   0.009
194.100.49.151  194.100.49.134   2 u    8   64    1    7.976   -0.261   0.000
gbg1.ntp.se     .PPS.            1 u    8   64    1   21.840    0.060   0.000
ntp2.sptime.se  .PPS.            1 u    6   64    1   19.979    0.059   0.000
ntp1.sptime.se  .PPS.            1 u    5   64    1   20.440    0.048   0.000

因此,似乎在重新啟動後系統時鐘關閉了很多,這是可以預料的,但是為什麼 ntpd 不會恐慌並且只是步進時鐘對我來說有點難以理解。

這是我的 ntp.conf

tinker panic 0
# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help

driftfile /var/lib/ntp/ntp.drift


# Enable this if you want statistics to be logged.
statsdir /var/log/ntpstats/

statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable


# You do need to talk to an NTP server or two (or three).
#server ntp.your-provider.example

# pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server will
# pick a different set every time it starts up.  Please consider joining the
# pool: <http://www.pool.ntp.org/join.html>
server 192.168.1.40  iburst
server 192.168.2.40 iburst
server 192.168.3.42 iburst
server time1.mikes.fi
server ntp1.gbg.netnod.se
server ntp2.sptime.se
server ntp1.sptime.se

# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
# details.  The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
# might also be helpful.
#
# Note that "restrict" applies to both servers and clients, so a configuration
# that might be intended to block requests from certain clients could also end
# up blocking replies from your own upstream servers.

# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery

# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1

# Clients from this (example!) subnet have unlimited access, but only if
# cryptographically authenticated.
#restrict 192.168.123.0 mask 255.255.255.0 notrust


# If you want to provide time to your local subnet, change the next line.
# (Again, the address is an example only.)
#broadcast 192.168.123.255

# If you want to listen to time broadcasts on your local subnet, de-comment the
# next lines.  Please do this only if you trust everybody on the network!
#disable auth
#broadcastclient

ntpd 預設步長門檻值為 0.125 秒,第一個數據包後的恐慌門檻值為 1000 秒。換句話說,超出設計條件包括偏移量跳躍超過 15 分鐘。

您擷取了初始數據包、步驟以及最終的對等選擇。由於 NTP 算法的工作方式,即使您使用該iburst選項,也需要一兩分鐘來建立。Reach 為 3 表示到目前為止只收到了兩個數據包。如果您沒有丟棄 NTP 數據包,請等待更長時間。

如果初始偏移量或步進不可接受,您可以等到 ntpd 或作業系統報告同步。對於 Linux 上的 systemd,請嘗試依賴systemd-time-wait-sync.service.

引用自:https://serverfault.com/questions/967313