一、chrony介绍

chrony是网络时间协议 (NTP) 的通用实现。它可以将系统时钟与 NTP 服务器、参考时钟（例如 GPS 接收器）以及使用手表和键盘的手动输入同步。

二、容器镜像介绍

默认情况下，此容器使用 CloudFlare 的时间服务器 (time.cloudflare.com)。如果您想使用一个或多个不同的 NTP 服务器，您可以向该容器传递一个NTP_SERVERS 环境变量。

env=NTP_SERVERS="

三、检查本地docker状态

[root@jeven docs]# systemctl status docker
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2022-12-02 04:34:05 CST; 12h ago
     Docs: https://docs.docker.com
 Main PID: 10004 (dockerd)
    Tasks: 77
   Memory: 2.0G
   CGroup: /system.slice/docker.service
           ├─10004 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
           ├─12091 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 8190 -container-ip 172.17.0.2 -container-port 8090
           ├─12097 /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 8190 -container-ip 172.17.0.2 -container-port 8090
           ├─12109 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 8016 -container-ip 172.31.0.2 -container-port 80
           ├─12115 /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 8016 -container-ip 172.31.0.2 -container-port 80
           ├─12127 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 453 -container-ip 172.31.0.2 -container-port 443
           ├─12133 /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 453 -container-ip 172.31.0.2 -container-port 443
           ├─14964 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 3300 -container-ip 192.168.64.2 -container-port 3300
           ├─14970 /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 3300 -container-ip 192.168.64.2 -container-port 3300
           ├─43254 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 7890 -container-ip 172.17.0.3 -container-port 8000
           └─43261 /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 7890 -container-ip 172.17.0.3 -container-port 8000

Dec 02 15:45:55 jeven dockerd[10004]: time="2022-12-02T15:45:55.364855562+08:00" level=info msg="ignoring event" container=59ece461228f7c0...skDelete"
Dec 02 15:45:56 jeven dockerd[10004]: time="2022-12-02T15:45:56.582197016+08:00" level=info msg="ignoring event" container=59ece461228f7c0...skDelete"
Dec 02 15:45:58 jeven dockerd[10004]: time="2022-12-02T15:45:58.010358602+08:00" level=info msg="ignoring event" container=59ece461228f7c0...skDelete"
Dec 02 15:45:59 jeven dockerd[10004]: time="2022-12-02T15:45:59.822979906+08:00" level=info msg="ignoring event" container=59ece461228f7c0...skDelete"
Dec 02 15:46:02 jeven dockerd[10004]: time="2022-12-02T15:46:02.451854240+08:00" level=info msg="ignoring event" container=59ece461228f7c0...skDelete"
Dec 02 15:46:06 jeven dockerd[10004]: time="2022-12-02T15:46:06.662259690+08:00" level=info msg="ignoring event" container=59ece461228f7c0...skDelete"
Dec 02 15:46:14 jeven dockerd[10004]: time="2022-12-02T15:46:14.083579709+08:00" level=info msg="ignoring event" container=59ece461228f7c0...skDelete"
Dec 02 15:46:28 jeven dockerd[10004]: time="2022-12-02T15:46:28.185437247+08:00" level=info msg="ignoring event" container=59ece461228f7c0...skDelete"
Dec 02 15:46:55 jeven dockerd[10004]: time="2022-12-02T15:46:55.193222004+08:00" level=info msg="ignoring event" container=59ece461228f7c0...skDelete"
Dec 02 15:47:50 jeven dockerd[10004]: time="2022-12-02T15:47:50.424840407+08:00" level=info msg="ignoring event" container=c16d42dd96e202a...skDelete"
Hint: Some lines were ellipsized, use -l to show in full.

四、下载ntp镜像

[root@jeven ~]# docker pull cturra/ntp
Using default tag: latest
latest: Pulling from cturra/ntp
59bf1c3509f3: Already exists 
45b0d9aa13f5: Pull complete 
7b02bd2e0aba: Pull complete 
Digest: sha256:b4cf0bb0aba53b4438605ef30913f1fbf69d0f5ad5d3781ead43353cd64d5b92
Status: Downloaded newer image for cturra/ntp:latest
docker.io/cturra/ntp:latest

五、部署ntp服务器

1.创建ntp容器

docker run -it --name=ntp                           \
              --restart=always                     \
              --detach                             \
              --publish=123:123/udp                \
              --read-only                          \
              -e NTP_SERVERS="ntp.aliyun.com"    \
              --tmpfs=/etc/chrony:rw,mode=1750     \
              --tmpfs=/run/chrony:rw,mode=1750     \
              --tmpfs=/var/lib/chrony:rw,mode=1750 \
              cturra/ntp 

2.查看ntp容器状态

[root@jeven ~]# docker ps
CONTAINER ID   IMAGE                                 COMMAND                  CREATED             STATUS                             PORTS                                                                          NAMES
58091922ab8d   cturra/ntp                            "/bin/sh /opt/startu…"   20 seconds ago      Up 20 seconds (health: starting)   0.0.0.0:123->123/udp, :::123->123/udp                                          ntp

六、检查ntp服务器的时间源

检测为阿里的时间源，ntp服务器配置正确

[root@jeven ~]# docker exec ntp chronyc sources
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* 203.107.6.88                  2   6   377    13   +532us[+1324us] +/-   21ms

七、客户端测试

1.客户端查看chronyd服务状态

[root@server001 ~]# systemctl status chronyd
● chronyd.service - NTP client/server
   Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2022-12-02 04:22:11 EST; 3min 27s ago
     Docs: man:chronyd(8)
           man:chrony.conf(5)
  Process: 4479 ExecStartPost=/usr/libexec/chrony-helper update-daemon (code=exited, status=0/SUCCESS)
  Process: 4476 ExecStart=/usr/sbin/chronyd $OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 4478 (chronyd)
    Tasks: 1
   Memory: 304.0K
   CGroup: /system.slice/chronyd.service
           └─4478 /usr/sbin/chronyd

Dec 02 04:22:11 server001 systemd[1]: Starting NTP client/server...
Dec 02 04:22:11 server001 chronyd[4478]: chronyd version 3.2 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SECHASH +SIGND +ASY... +DEBUG)
Dec 02 04:22:11 server001 chronyd[4478]: Frequency -12.895 +/- 0.065 ppm read from /var/lib/chrony/drift
Dec 02 04:22:11 server001 systemd[1]: Started NTP client/server.
Dec 02 04:22:15 server001 chronyd[4478]: Selected source 192.168.3.166
Hint: Some lines were ellipsized, use -l to show in full.

2.修改配置文件

[root@server001 ~]# grep iburst  /etc/chrony.conf
server 192.168.3.166 iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst

3.查看时间同步状态

[root@server001 ~]# chronyc sources
210 Number of sources = 1
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* 192.168.3.166                 3   6   377    19   -233us[-1027us] +/-   26ms