如何修复过长的ntpd同步时间？

Question

我目前正经历着与ntpd的长时间同步延迟，在谷歌上搜索了很多之后，我决定开始一条新的线索，因为所有的‘补救’都失败了。

这台机器是一个Raspberry Pi 3B运行Raspi OS 'Buster‘( 5/7/21 lite/非GUI映像)。由于它是一个小型集群的头节点，它有两个NIC - eth0 (内置NIC和内部接口)设置为192.168.4.100/24，而eth1 (USB和外部接口)设置为192.168.1.220/24。我目前正在使用dhcpcd来配置接口，并在/etc/ servers中定义了名称服务器。ntpd 将最终同步，但只有在我重新启动Pi时才会同步，尽管在/etc/fake hwclock.data中，ntpd节省了时间，但ntpd又回到了第一步，并再次启动了长达小时的同步进程。我应该注意到，在/etc/fake hwclock中节省的时间是UTC时间，而不是时区调整时间，但我不认为这会影响ntpd的同步时间。

下面是我的/etc/ntp.conf文件。取消注释“修补程序恐慌0”行似乎根本不影响同步。

总之，我的问题是：

1. 如何减少同步时间延迟？
2. 如果我在ntpd同步后重新启动Pi，运行'date‘命令将给我适当的时间，但是ntpd将返回到起点，同步需要几个小时。如何才能避免这种情况？(逻辑上说，不需要很长时间来协调本地和远程的时间，而它们只是间隔几秒钟)。

systemd-timesyncd是禁用的<#>。

/etc/ntp.conf

# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help

#tinker panic 0

driftfile /var/lib/ntp/ntp.drift

# Leap seconds definition provided by tzdata
leapfile /usr/share/zoneinfo/leap-seconds.list

# Enable this if you want statistics to be logged.
#statsdir /var/log/ntpstats/

statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable

# You do need to talk to an NTP server or two (or three).

server time-a-g.nist.gov iburst
server time-a-wwv.nist.gov iburst

server 0.debian.pool.ntp.org iburst
server 1.debian.pool.ntp.org iburst

# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
# details.  The web page 
# might also be helpful.
#
# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery limited

# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1

# Needed for adding pool entries
restrict source notrap nomodify noquery

# If you want to provide time to your local subnet, change the next line.
# (Again, the address is an example only.)

broadcast 192.168.4.255

11:07 AM CDT (根据我的-p Pro的时钟)输出的“正常运行时间”和“ntpq-p”：

charles@Chimera-Head-Node:~ $ uptime
 10:12:52 up 34 min,  1 user,  load average: 0.00, 0.00, 0.00
charles@Chimera-Head-Node:~ $ ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 192.168.4.255   .XFAC.          16 B    -   64    0    0.000    0.000   0.002
 time-a-g.nist.g .INIT.          16 u    - 1024    0    0.000    0.000   0.000
 time-a-wwv.nist .INIT.          16 u    - 1024    0    0.000    0.000   0.000
 ec.sedley.net   .INIT.          16 u    - 1024    0    0.000    0.000   0.000
 ntp1.doctor.com .INIT.          16 u    - 1024    0    0.000    0.000   0.000

注意:每当我启动/重新启动Pi时，广播地址总是显示为.XFAC。如果我执行一个简单的'sudo服务ntp重新启动‘，那么refid将更改为.BCST。我还没有解决这个问题，尽管这是另一个线程的问题，但欢迎任何建议:-)

syslog在引导时的输出(删除了非ntpd/dhcpcd条目)：

Sep  1 09:38:53 Chimera-Head-Node ntpd[546]: ntpd 4.2.8p12@1.3728-o (1): Starting
Sep  1 09:38:53 Chimera-Head-Node ntpd[546]: Command line: /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 109:114
Sep  1 09:38:53 Chimera-Head-Node systemd[1]: Started Network Time Service.
Sep  1 09:38:53 Chimera-Head-Node ntpd[554]: proto: precision = 1.458 usec (-19)
Sep  1 09:38:53 Chimera-Head-Node ntpd[554]: leapsecond file ('/usr/share/zoneinfo/leap-seconds.list'): good hash s
ignature
Sep  1 09:38:53 Chimera-Head-Node ntpd[554]: leapsecond file ('/usr/share/zoneinfo/leap-seconds.list'): loaded, exp
ire=2021-12-28T00:00:00Z last=2017-01-01T00:00:00Z ofs=37
Sep  1 09:38:53 Chimera-Head-Node ntpd[554]: Listen and drop on 0 v6wildcard [::]:123
Sep  1 09:38:53 Chimera-Head-Node ntpd[554]: Listen and drop on 1 v4wildcard 0.0.0.0:123
Sep  1 09:38:53 Chimera-Head-Node ntpd[554]: Listen normally on 2 lo 127.0.0.1:123
Sep  1 09:38:53 Chimera-Head-Node ntpd[554]: Listen normally on 3 eth1 192.168.1.220:123
Sep  1 09:38:53 Chimera-Head-Node ntpd[554]: Listen normally on 4 lo [::1]:123
Sep  1 09:38:53 Chimera-Head-Node ntpd[554]: Listen normally on 5 eth0 [fe80::ba27:ebff:fed5:8e4d%2]:123
Sep  1 09:38:53 Chimera-Head-Node ntpd[554]: Listen normally on 6 eth1 [fe80::1f2d:3bb6:af44:5cbb%3]:123
Sep  1 09:38:53 Chimera-Head-Node ntpd[554]: Listening on routing socket on fd #23 for interface updates
Sep  1 09:38:53 Chimera-Head-Node ntpd[554]: kernel reports TIME_ERROR: 0x41: Clock Unsynchronized
Sep  1 09:38:53 Chimera-Head-Node ntpd[554]: kernel reports TIME_ERROR: 0x41: Clock Unsynchronized
Sep  1 09:38:54 Chimera-Head-Node dhcpcd[541]: eth0: using static address 192.168.4.100/24
Sep  1 09:38:54 Chimera-Head-Node dhcpcd[541]: eth0: adding route to 192.168.4.0/24
Sep  1 09:38:55 Chimera-Head-Node ntpd[554]: Listen normally on 7 eth0 192.168.4.100:123
Sep  1 09:38:55 Chimera-Head-Node ntpd[554]: 192.168.4.255 local addr 192.168.1.220 -> 192.168.4.100
Sep  1 09:38:55 Chimera-Head-Node ntpd[554]: new interface(s) found: waking up resolver
Sep  1 09:39:01 Chimera-Head-Node dhcpcd[541]: eth1: no IPv6 Routers available
Sep  1 09:39:03 Chimera-Head-Node dhcpcd[541]: eth0: no IPv6 Routers available

Answer 1

(原为问题案文的一部分)。

问题已经解决了(我只是到目前为止还没有机会发布这个)。解决办法分为两部分：

1. 虽然我的SynologyRT-2600ac路由器打开了和的NTP服务，理论上，端口123是打开的，但我关闭了该服务，然后制定了一个防火墙规则，即显式地将udp端口123从任何IP地址打开到任何IP地址。
2. 下面是我现在使用的ntp.conf文件。虽然我不知道是否可以删除head节点的ntp.conf顶部的接口命令，但我很确定192.168.4.0网络的限制行对192.168.4.0网络上的NTP发行版起了作用。

簇头节点ntp.conf

# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help

# default to listening to nothing
#
interface ignore all

# Listen on the inside interface
#
interface listen 192.168.4.100/24

# Listen on the outside interface
#
interface listen 192.168.1.220/24


driftfile /var/lib/ntp/ntp.drift

leapfile /usr/share/zoneinfo/leap-seconds.list

statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable


server time-a-g.nist.gov iburst
server time-a-wwv.nist.gov iburst

server 2.debian.pool.ntp.org iburst
server 3.debian.pool.ntp.org iburst

# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery limited

# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1

restrict 192.168.4.0 mask 255.255.255.0 nomodify

# Needed for adding pool entries
restrict source notrap nomodify noquery

集群计算节点ntp.conf

# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help

driftfile /var/lib/ntp/ntp.drift

# Leap seconds definition provided by tzdata
leapfile /usr/share/zoneinfo/leap-seconds.list

statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable


# You do need to talk to an NTP server or two (or three).

server 192.168.4.100 iburst


# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery limited

# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1

# Needed for adding pool entries
restrict source notrap nomodify noquery

到目前为止，上述文件似乎运行良好。