linux服务之ntp
南宫俊逸2019-04-20运维基础1439 浏览
一、简介
在Linux系统中,为了避免主机时间因为在长时间运行下所导致的时间偏差,进行时间同步(synchronize)的工作是非常必要的。一般使用ntp服务来同步不同机器的时间。NTP 是网络时间协议(Network Time Protocol)的简称,就是通过网络协议使计算机之间的时间同步化
二、环境准备
序号 主机名 IP 操作系统 内核版本
1 linux-node1 192.168.100.133 CentOS release 6.6 2.6.32-504.el6.x86_64
2 linux-node2 192.168.100.128 CentOS release 6.6 2.6.32-504.el6.x86_64
三、服务端安装配置
[root@linux-node1 ~]# cat /etc/redhat-release
CentOS release 6.6 (Final)
[root@linux-node1 ~]# uname -r
2.6.32-504.el6.x86_64
[root@linux-node1 ~]# uname -m
x86_64
[root@linux-node1 ~]# rpm -qa ntp
ntp-4.2.6p5-1.el6.centos.x86_64
[root@linux-node1 ~]# cp -a /etc/ntp.conf /etc/ntp.conf_$(date +%F)
[root@linux-node1 ~]# vim /etc/ntp.conf
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile /var/lib/ntp/drift #记录上次ntp服务器与上层ntp服务器连接所花费的时间
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery #IPV4默认客户端权限
restrict -6 default kod nomodify notrap nopeer noquery #IPV6默认客户端权限
# restrict参数说明
# 语法格式:restrict IP地址 mask子网掩码 参数
# default:表示所有IP地址(客户端)
# -6:表示IPV6地址的权限设置
# ignore:关闭所有的ntp联机服务
# nomodify:客户端不能更改服务端的时间参数,但客户端可以通过服务端进行网络校时
# notrust:客户端除非通过认证,否则该客户端来源将被视为不信任子网
# noquery:不提供客户端的时间查询,客户端不能使用ntpq,ntpc等命令来查询ntp服务器
# notrap:不提供trap远端登陆,拒绝为匹配的主机提供模式6控制消息陷阱服务,陷阱服务是ntpdq控制消息协议的子系统,用于远程事件日志记录程序
# nopeer:用于阻止主机尝试与服务器对等,并允许欺诈性服务器控制时钟
# kod:访问违规时发送kod包
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1 #允许本机地址时间同步
restrict 192.168.100.133 #允许指定地址时间同步
restrict 192.168.100.0 mask 255.255.255.0 notrust notrap nomodify #允许指定网段时间同步
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.pool.ntp.org prefer #设置本时间服务器与上层时间服务器同步列表,prefer表示首选地址
server time.nist.gov
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
#broadcast 192.168.1.255 autokey # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 autokey # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 autokey # manycast client
# Enable public key cryptography.
#crypto
includefile /etc/ntp/crypto/pw
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats
[root@linux-node1 ~]# /etc/init.d/ntpd start
Starting ntpd: [ OK ]
[root@linux-node1 ~]# netstat -tnlup|grep "123"|grep -v "grep"
udp 0 0 192.168.100.133:123 0.0.0.0:* 2014/ntpd
udp 0 0 127.0.0.1:123 0.0.0.0:* 2014/ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:* 2014/ntpd
udp 0 0 fe80::20c:29ff:fe27:e560:123 :::* 2014/ntpd
udp 0 0 ::1:123 :::* 2014/ntpd
udp 0 0 :::123 :::* 2014/ntpd
[root@linux-node1 ~]# ps -ef|grep "ntpd"|grep -v "grep"
ntp 2014 1 0 11:57 ? 00:00:00 ntpd -u ntp:ntp -p /var/run/ntpd.pid -g
[root@linux-node1 ~]# lsof -i:123
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
ntpd 2014 ntp 16u IPv4 20402 0t0 UDP *:ntp
ntpd 2014 ntp 17u IPv6 20403 0t0 UDP *:ntp
ntpd 2014 ntp 18u IPv4 20409 0t0 UDP localhost:ntp
ntpd 2014 ntp 19u IPv4 20410 0t0 UDP linux-node1:ntp
ntpd 2014 ntp 20u IPv6 20411 0t0 UDP localhost:ntp
ntpd 2014 ntp 21u IPv6 20412 0t0 UDP [fe80::20c:29ff:fe27:e560]:ntp
[root@linux-node1 ~]# chkconfig --level 3 ntpd on
[root@linux-node1 ~]# chkconfig --list ntpd
ntpd 0:off 1:off 2:off 3:on 4:off 5:off 6:off
[root@linux-node1 ~]# ping -c 1 0.pool.ntp.org
PING 0.pool.ntp.org (203.135.184.123) 56(84) bytes of data.
64 bytes from leontp.ccgs.wa.edu.au (203.135.184.123): icmp_seq=1 ttl=128 time=282 ms
--- 0.pool.ntp.org ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 291ms
rtt min/avg/max/mdev = 282.951/282.951/282.951/0.000 ms
[root@linux-node1 ~]# ntpstat #查看ntp服务器有无与上层ntp服务器连通
synchronised to NTP server (85.199.214.100) at stratum 2
time correct to within 278 ms
polling server every 128 s
四、客户端安装配置
[root@linux-node2 ~]# crontab -e
####Synchronization Network Time Server####
*/5 * * * * /usr/sbin/ntpdate 192.168.100.133 &>/dev/null
[root@linux-node2 ~]# crontab -l
####Synchronization Network Time Server####
*/5 * * * * /usr/sbin/ntpdate 192.168.100.133 &>/dev/null
[root@linux-node2 ~]# /etc/init.d/crond restart
Stopping crond: [ OK ]
Starting crond: [ OK ]
发表评论