1、配置chrony服务,实现服务器时间自动同步
chrony介绍
包:chrony
两个主要程序:chronyd和chronyc
chronyd:后台运行的守护进程,用于调整内核中运行的系统时钟和时钟服务
器同步。它确定计算机增减时间的比率,并对此进行补偿
chronyc:命令行用户工具,用于监控性能并进行多样化的配置。它可以在
chronyd实例控制的计算机上工作,也可在一台不同的远程计算机上工作
服务unit 文件: /usr/lib/systemd/system/chronyd.service
监听端口: 323/udp,123/udp
配置文件: /etc/chrony.conf
配置文件chrony.conf
(1)server - 可用于时钟服务器,iburst 选项当服务器可达时,发送一个八个数据包而不是通常的一个数据包。 包间隔通常为2秒,可加快初始同步速度。
(2)driftfile - 根据实际时间计算出计算机增减时间的比率,将它记录到一个文件中,会在重启后为系统时钟作出补偿
(3)rtcsync - 启用内核模式,系统时间每11分钟会拷贝到实时时钟(RTC)
(4)allow / deny - 指定一台主机、子网,或者网络以允许或拒绝访问本服务器
(5)cmdallow / cmddeny - 可以指定哪台主机可以通过chronyd使用控制命令
(6)bindcmdaddress - 允许chronyd监听哪个接口来接收由chronyc执行的命令
(7)makestep - 通常chronyd将根据需求通过减慢或加速时钟,使得系统逐步纠正所有时间偏差。在某些特定情况下,系统时钟可能会漂移过快,导致该调整过程消耗很长的时间来纠正系统时钟。该指令强制chronyd在调整期大于某个阀值时调整系统时钟
(8)ocal stratum 10 - 即使server指令中时间服务器不可用,也允许将本地时间作为标准时间授时给其它客户端
chronyc命令
chronyc命令
help命令可以查看更多chronyc的交互命令
accheck 检查是否对特定主机可访问当前服务器
activity 显示有多少NTP源在线/离线
sources [-v] 显示当前时间源的同步信息
sourcestats [-v]显示当前时间源的同步统计信息
add server 手动添加一台新的NTP服务器
clients 报告已访问本服务器的客户端列表
delete 手动移除NTP服务器或对等服务器
settime 手动设置守护进程时间
sracking 显示系统时间信息
chrony服务文件列表
[root@centos7 ~]# rpm -ql chrony
/etc/NetworkManager/dispatcher.d/20-chrony
/etc/chrony.conf--#chrony配置文件(既是服务器配置文件,又是客户端配置文件)
/etc/chrony.keys
/etc/dhcp/dhclient.d/chrony.sh
/etc/logrotate.d/chrony
/etc/sysconfig/chronyd
/usr/bin/chronyc--#(专门的客户端工具,查看同步信息)
/usr/lib/systemd/ntp-units.d/50-chronyd.list
/usr/lib/systemd/system/[email protected]
/usr/lib/systemd/system/[email protected]
/usr/lib/systemd/system/chrony-wait.service
/usr/lib/systemd/system/chronyd.service---#(chrony的服务)
/usr/libexec/chrony-helper
/usr/sbin/chronyd--#(chrony服务主程序)
/usr/share/doc/chrony-3.4
/usr/share/doc/chrony-3.4/COPYING
/usr/share/doc/chrony-3.4/FAQ
/usr/share/doc/chrony-3.4/NEWS
/usr/share/doc/chrony-3.4/README
/usr/share/man/man1/chronyc.1.gz
/usr/share/man/man5/chrony.conf.5.gz
/usr/share/man/man8/chronyd.8.gz
/var/lib/chrony
/var/lib/chrony/drift
/var/lib/chrony/rtc
/var/log/chrony
chrony配置操作步骤----(防火墙关闭的情况)
1.安装chrony
[root@centos7 ~]# rpm -q chrony
package chrony is not installed
[root@centos7 ~]# yum install chrony -y
[root@centos7 ~]# systemctl start chronyd--#启动服务
[root@centos7 ~]# systemctl enable chronyd--#开机自启
[root@centos7 ~]# systemctl status chronyd
● chronyd.service - NTP client/server
Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2020-02-25 13:42:08 CST; 16s ago
Docs: man:chronyd(8)
man:chrony.conf(5)
CGroup: /system.slice/chronyd.service
└─24544 /usr/sbin/chronyd
Feb 25 13:42:08 centos7.localdomain systemd[1]: Starting NTP client/server...
Feb 25 13:42:08 centos7.localdomain chronyd[24544]: chronyd version 3.4 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP ...EBUG)
Feb 25 13:42:08 centos7.localdomain chronyd[24544]: Initial frequency -29.465 ppm
Feb 25 13:42:08 centos7.localdomain systemd[1]: Permission denied while opening PID file or unsafe symlink chain: /var/r...d.pid
Feb 25 13:42:08 centos7.localdomain systemd[1]: Started NTP client/server.
Feb 25 13:42:13 centos7.localdomain chronyd[24544]: Selected source 203.107.6.88
Feb 25 13:42:16 centos7.localdomain chronyd[24544]: Source 193.182.111.141 replaced with 120.25.115.20
Hint: Some lines were ellipsized, use -l to show in full.
修改/etc/chrony.conf配置文件
[root@centos7 ~]# vim /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.centos.pool.ntp.org iburst
#(此项是客户端用来设置同步时间服务器的地址,iburst参数加快同步时间效率,以下三行一样)
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3
# Enable kernel synchronization of the real-time clock (RTC).
rtcsync
# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *
# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2
# Allow NTP client access from local network.
allow 192.168.0.0/16---#(取消注释,填写允许某网段ntp客户端来同步,用ss -utlnp查看,看到ntp的123端口打开)
# Serve time even if not synchronized to a time source.
local stratum 10---#(取消注释表示与时间服务器断开情况下,可以使自己作为时间服务器,允许其它客户端来同步)
# Specify file containing keys for NTP authentication.
#keyfile /etc/chrony.keys
# Specify directory for log files.
logdir /var/log/chrony
# Select which information is logged.
#log measurements statistics tracking
chrony客户端只需要修改下面的配置
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.centos.pool.ntp.org iburst
#(作为客户端只要这里填入chrony服务器的ip)
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
chrony客户端查看命令
[root@centos6-10 ~]# chronyc sources -v
210 Number of sources = 1
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 192.168.109.221 3 6 17 0 +45ns[ +55us] +/- 17ms
2、实现cobbler+pxe自动化装机
1、cobbler
Cobbler是一个Linux服务器安装的服务,可以通过网络启动(PXE)的方式来快速安装、重装物理服务器和虚拟机,同时还可以管理DHCP,DNS等。
Cobbler可以使用命令行方式管理,也提供了基于Web的界面管理工具(cobbler-web),还提供了API接口,可以方便二次开发使用。
cobbler集成的服务有;
PXE服务支持
DHCP服务管理
DNS服务管理(可选bind,dnsmasq)
Kickstart服务支持
YUM仓库管理
TFTP(PXE启动时需要)
Apache(提供kickstart的安装源,并提供定制化的kickstart配置)
2、cobbler的三个层次:
distro:不同的发行版系统
profile:不同配置的同一发行版系统
system:不同ip地址同一配置的同一发行版系统
3、安装配置
安装:cobbler安装yum仓库是epel源
[root@vs ~]#yum -y install cobbler dhcp tftp-server tftp httpd #安装服务
[root@vs ~]# useradd user1#创建用户
[root@vs ~]# echo "123" | passwd --stdin user1#添加密码
[root@vs ~]# tail -1 /etc/shadow#查询密码
user1:$6$tFcPsnxL$zoUdRFzeBCSbAgIOfFepsR4UI2uyUJCfoSe9cWCttpbGiHHWZI5sASzfrDf.y0wn.UhXMmN76t1GaGkc4uESu0:17754:0:99999:7:::
[root@vs ~]# cp /usr/share/syslinux/{pxelinux.0,menu.c32} /var/lib/cobbler/loaders/ #复制文件到cobbler目录
[root@vs ~]# vim /etc/cobbler/settings
server: 192.168.1.6 #修改成可以访问外网的ip地址
next_server: 192.168.1.6 #修改成可以访问外网的ip地址
default_password_crypted: "$6$tFcPsnxL$zoUdRFzeBCSbAgIOfFepsR4UI2uyUJCfoSe9cWCttpbGiHHWZI5sASzfrDf.y0wn.UhXMmN76t1GaGkc4uESu0"#修改用户密码
[root@vs ~]# systemctl start dhcpd#启动dhcp服务
[root@vs ~]# systemctl start tftp#启动tftp服务
[root@vs ~]# systemctl start rsyncd#同步启动
[root@vs ~]# systemctl start httpd#启动httpd服务
[root@vs ~]# systemctl start cobblerd#cobbler启动
[root@vs ~]# cobblerd check#配置检查
[root@vs ~]# cobblerd sync
[root@vs ~]# vim /etc/cobbler/settings#编辑配置文件
使用cobbler管理dhcp、dns、tftp、rsync启用或停止,这里我们都是默认为0,不使用cobbler管理这些服务,我们自己手动管理。
=====
cobbler <distro|profile|system|repo|image|mgmtclass|package|file> ...
[add|edit|copy|getks*|list|remove|rename|report] [options|--help]
cobbler <aclsetup|buildiso|import|list|replicate|report|reposync|sync|validateks|version|signature|get-loaders|hardlink> [options|--help]
[root@vs ~]# cobbler distro add --help#添加一个发行版系统
--name=NAME Name (Ex: Fedora-11-i386) #指明发行版名字
--kernel=KERNEL Kernel (Absolute path to kernel on filesystem)发行版特定的内核
--initrd=INITRD Initrd (Absolute path to kernel on filesystem)特定的inittrd
--arch=ARCH Architecture (valid options:
i386,x86_64,ia64,ppc,ppc64,ppc64le,s390,arm)指明此发行版的平台架构
[root@vs ~]# cobbler import --help #导入光盘镜像方式,自动生成一个distro
Usage: cobbler import [options]
Options:
-h, --help show this help message and exit
--arch=ARCH OS architecture being imported平台架构
--breed=BREED the breed being imported
--os-version=OS_VERSION
the version being imported
--path=PATH local path or rsync location
--name=NAME name, ex 'RHEL-5'对应的导入的名字
--available-as=AVAILABLE_AS
tree is here, don't mirror
--kickstart=KICKSTART_FILE
assign this kickstart file
--rsync-flags=RSYNC_FLAGS
pass additional flags to rsync
当使用命令时候,cobbler将把挂载的光盘内容自动复制到/var/www/html/目录下,因此要确保磁盘空间充足
[root@vs ~]# cobbler import --name="CentOS-7.0_x86_64" --path=/media/cdrom
task started: 2018-08-12_150622_import
task started (id=Media import, time=Sun Aug 12 15:06:22 2018)
.................
*** TASK COMPLETE ***
[root@vs ~]# cobbler distro list#查询已生成的distro
CentOS-7.0-x86_64
[root@vs ~]# cobbler profile list#查询已生成的profile,但此时没有kiskstart
[root@vs ~]# cobbler sync#同步配置
[root@vs ~]# systemctl restart cobblerd
CentOS-7.0-x86_64
测试安装,此时profile并没有kiskstart文件,但cobbler会自动提供一个最小化安装的kiskstart文件,并完成安装