如何解决 ntpd 同步时间过长的问题?

tag-icon tag-icon ntpd
如何解决 ntpd 同步时间过长的问题?

我目前正在经历与 ntpd 的令人难以置信的长时间同步延迟,经过多次谷歌搜索后,我决定开始一个新的线程,因为所有“补救措施”都不起作用。

有问题的机器是运行 Raspi OS“Buster”(2021 年 5 月 7 日精简版/非 GUI 映像)的 Raspberry Pi 3B。由于它是小型集群的头节点,因此它有 2 个 NIC - eth0(内置 NIC 和内部接口)设置为 192.168.4.100/24,eth1(USB 加密狗和外部接口)设置为 192.168。 1.220/24。我目前正在使用 dhcpcd 来配置接口并在 /etc/resolvconf.conf 中定义名称服务器。恩特普德将要最终同步,但只有几个小时后,当我重新启动 Pi 时,尽管 fake-hwclock 将时间保存在 /etc/fake-hwclock.data 中,ntpd 又回到了第一个位置,并再次开始了长达数小时的同步过程。我应该注意 /etc/fake-hwclock 中保存的时间是 UTC 时间,而不是时区调整时间,但我不认为这会影响 ntpd 的同步时间。

下面是我的 /etc/ntp.conf 文件。取消注释“tinker panic 0”行似乎根本不会影响同步。

总而言之,我的问题是:

  1. 如何减少同步时间延迟?

  2. 如果我在 ntpd 同步后重新启动 Pi,运行“date”命令将为我提供正确的时间,但 ntpd 将返回到第一个位置,并且需要几个小时才能同步。如何避免这种情况? (逻辑上说,当本地时间和远程时间仅相差几秒时,协调本地时间和远程时间应该不会花费很长时间)

systemd-timesyncd 是残疾人

/etc/ntp.conf

# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help

#tinker panic 0

driftfile /var/lib/ntp/ntp.drift

# Leap seconds definition provided by tzdata
leapfile /usr/share/zoneinfo/leap-seconds.list

# Enable this if you want statistics to be logged.
#statsdir /var/log/ntpstats/

statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable

# You do need to talk to an NTP server or two (or three).

server time-a-g.nist.gov iburst
server time-a-wwv.nist.gov iburst

server 0.debian.pool.ntp.org iburst
server 1.debian.pool.ntp.org iburst

# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
# details.  The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
# might also be helpful.
#
# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery limited

# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1

# Needed for adding pool entries
restrict source notrap nomodify noquery

# If you want to provide time to your local subnet, change the next line.
# (Again, the address is an example only.)

broadcast 192.168.4.255

CDT 上午 11:07 的“uptime”和“ntpq -p”输出(根据我的 MacBook Pro 时钟):

charles@Chimera-Head-Node:~ $ uptime
 10:12:52 up 34 min,  1 user,  load average: 0.00, 0.00, 0.00
charles@Chimera-Head-Node:~ $ ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 192.168.4.255   .XFAC.          16 B    -   64    0    0.000    0.000   0.002
 time-a-g.nist.g .INIT.          16 u    - 1024    0    0.000    0.000   0.000
 time-a-wwv.nist .INIT.          16 u    - 1024    0    0.000    0.000   0.000
 ec.sedley.net   .INIT.          16 u    - 1024    0    0.000    0.000   0.000
 ntp1.doctor.com .INIT.          16 u    - 1024    0    0.000    0.000   0.000

注意:每当我启动/重新启动 Pi 时,广播地址始终显示为 .XFAC。对于重新改装。如果我执行简单的“sudo service ntp restart”,refid 会更改为 .BCST。 (它需要是什么)。我还没有解决这个问题,虽然这是另一个线程的问题,但欢迎提出任何建议:-)

启动时系统日志的输出(已删除非 ntpd/dhcpcd 条目):

Sep  1 09:38:53 Chimera-Head-Node ntpd[546]: ntpd [email protected] (1): Starting
Sep  1 09:38:53 Chimera-Head-Node ntpd[546]: Command line: /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 109:114
Sep  1 09:38:53 Chimera-Head-Node systemd[1]: Started Network Time Service.
Sep  1 09:38:53 Chimera-Head-Node ntpd[554]: proto: precision = 1.458 usec (-19)
Sep  1 09:38:53 Chimera-Head-Node ntpd[554]: leapsecond file ('/usr/share/zoneinfo/leap-seconds.list'): good hash s
ignature
Sep  1 09:38:53 Chimera-Head-Node ntpd[554]: leapsecond file ('/usr/share/zoneinfo/leap-seconds.list'): loaded, exp
ire=2021-12-28T00:00:00Z last=2017-01-01T00:00:00Z ofs=37
Sep  1 09:38:53 Chimera-Head-Node ntpd[554]: Listen and drop on 0 v6wildcard [::]:123
Sep  1 09:38:53 Chimera-Head-Node ntpd[554]: Listen and drop on 1 v4wildcard 0.0.0.0:123
Sep  1 09:38:53 Chimera-Head-Node ntpd[554]: Listen normally on 2 lo 127.0.0.1:123
Sep  1 09:38:53 Chimera-Head-Node ntpd[554]: Listen normally on 3 eth1 192.168.1.220:123
Sep  1 09:38:53 Chimera-Head-Node ntpd[554]: Listen normally on 4 lo [::1]:123
Sep  1 09:38:53 Chimera-Head-Node ntpd[554]: Listen normally on 5 eth0 [fe80::ba27:ebff:fed5:8e4d%2]:123
Sep  1 09:38:53 Chimera-Head-Node ntpd[554]: Listen normally on 6 eth1 [fe80::1f2d:3bb6:af44:5cbb%3]:123
Sep  1 09:38:53 Chimera-Head-Node ntpd[554]: Listening on routing socket on fd #23 for interface updates
Sep  1 09:38:53 Chimera-Head-Node ntpd[554]: kernel reports TIME_ERROR: 0x41: Clock Unsynchronized
Sep  1 09:38:53 Chimera-Head-Node ntpd[554]: kernel reports TIME_ERROR: 0x41: Clock Unsynchronized
Sep  1 09:38:54 Chimera-Head-Node dhcpcd[541]: eth0: using static address 192.168.4.100/24
Sep  1 09:38:54 Chimera-Head-Node dhcpcd[541]: eth0: adding route to 192.168.4.0/24
Sep  1 09:38:55 Chimera-Head-Node ntpd[554]: Listen normally on 7 eth0 192.168.4.100:123
Sep  1 09:38:55 Chimera-Head-Node ntpd[554]: 192.168.4.255 local addr 192.168.1.220 -> 192.168.4.100
Sep  1 09:38:55 Chimera-Head-Node ntpd[554]: new interface(s) found: waking up resolver
Sep  1 09:39:01 Chimera-Head-Node dhcpcd[541]: eth1: no IPv6 Routers available
Sep  1 09:39:03 Chimera-Head-Node dhcpcd[541]: eth0: no IPv6 Routers available

答案1

(从最初是问题文本的一部分移至此处)。

问题已经解决(我只是直到现在才有机会发布这个)。解决方案分为两部分:

  1. 当我的 Synology RT-2600ac 路由器开启了 NTP 服务时,理论上123端口是开放的,我关闭了该服务,然后做了一个防火墙规则明确地打开从任何IP地址到任何IP地址的udp端口123。

  2. 下面是我现在使用的 ntp.conf 文件。虽然我不知道是否可以删除头节点 ntp.conf 顶部的接口命令,但我非常确定 192.168.4.0 网络的限制行可以解决 192.168.4.0 网络上的 NTP 分发问题。

簇头节点ntp.conf

# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help

# default to listening to nothing
#
interface ignore all

# Listen on the inside interface
#
interface listen 192.168.4.100/24

# Listen on the outside interface
#
interface listen 192.168.1.220/24


driftfile /var/lib/ntp/ntp.drift

leapfile /usr/share/zoneinfo/leap-seconds.list

statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable


server time-a-g.nist.gov iburst
server time-a-wwv.nist.gov iburst

server 2.debian.pool.ntp.org iburst
server 3.debian.pool.ntp.org iburst

# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery limited

# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1

restrict 192.168.4.0 mask 255.255.255.0 nomodify

# Needed for adding pool entries
restrict source notrap nomodify noquery

集群计算节点ntp.conf

# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help

driftfile /var/lib/ntp/ntp.drift

# Leap seconds definition provided by tzdata
leapfile /usr/share/zoneinfo/leap-seconds.list

statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable


# You do need to talk to an NTP server or two (or three).

server 192.168.4.100 iburst


# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery limited

# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1

# Needed for adding pool entries
restrict source notrap nomodify noquery

到目前为止,上述文件似乎运行良好。

相关内容