NTP在linux下有兩種時鐘同步方式,分別為直接同步和平滑同步:
直接同步
使用ntpdate命令進行同步,直接進行時間變更。如果服務器上存在一個12點運行的任務,當前服務器時間是13點,但標准時間時11點,使用此命令可能會造成任務重復執行。因此使用ntpdate同步可能會引發風險,因此該命令也多用於配置時鐘同步服務時第一次同步時間時使用。
平滑同步
使用ntpd進行時鐘同步,可以保證一個時間不經歷兩次,它每次同步時間的偏移量不會太陡,是慢慢來的,這正因為這樣,ntpd平滑同步可能耗費的時間比較長。
標准時鐘同步服務
http://www.pool.ntp.org/zone/cn網站包含全球的標准時間同步服務,也包括對中國時間的同步,對應的URL為cn.pool.ntp.org,在其中也描述了ntp配置文件中的建議寫法:
server 1.cn.pool.ntp.org
server 3.asia.pool.ntp.org
server 2.asia.pool.ntp.org
准備四台電腦,分別為:
[root@localhost kevin]# rpm -q ntpntp-4.2.6p5-19.el7.centos.3.x86_64
-如果已經安裝則略過此步,否則使用yum進行安裝,並設置系統開機自動啟動並啟動服務
[root@localhost kevin]# yum -y install ntp[root@localhost kevin]# systemctl enable ntpd[root@localhost kevin]# systemctl start ntpd
配置前先使用命令:ntpdate -u cn.pool.ntp.org,同步服務器 -修改/etc/ntp.conf文件,紅色字體是修改的內容 # For more information about this file, see the man pages # ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5). driftfile /var/lib/ntp/drift # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. restrict default nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1 restrict ::1
# Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap restrict 172.16.248.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst server 2.cn.pool.ntp.org server 1.asia.pool.ntp.org server 2.asia.pool.ntp.org
#broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # 允許上層時間服務器主動修改本機時間 restrict 2.cn.pool.ntp.org nomodify notrap noquery restrict 1.asia.pool.ntp.org nomodify notrap noquery restrict 2.asia.pool.ntp.org nomodify notrap noquery
server 127.0.0.1 # local clock fudge 127.0.0.1 stratum 10
# Enable public key cryptography. #crypto
includefile /etc/ntp/crypto/pw
# Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys
# Specify the key identifiers which are trusted. #trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility. #requestkey 8
# Specify the key identifier to use with the ntpq utility. #controlkey 8
# Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats
# Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor
修改完成後重啟ntpd服務systemctl restart ntpd
使用ntpq -p 查看網絡中的NTP服務器,同時顯示客戶端和每個服務器的關系
使用ntpstat 命令查看時間同步狀態,這個一般需要5-10分鐘後才能成功連接和同步。所以,服務器啟動後需要稍等下: 剛啟動的時候,一般是:
# ntpstat unsynchronised time server re-starting polling server every 64 s
連接並同步後:
# ntpstat synchronised to NTP server (202.112.10.36) at stratum 3 time correct to within 275 ms polling server every 256 s
安裝ntp服務並設置為自動啟動,和前面的設置方式相同。然後編輯/etc/ntp.conf文件,紅色字體為變化的內容。
# For more information about this file, see the man pages # ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile /var/lib/ntp/drift
# Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. restrict default nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1 restrict ::1
# Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst server 172.16.248.1 restrict 172.16.248.1 nomodify notrap noquery server 127.0.0.1 fudge 127.0.0.1 stratum 10
#broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client
# Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw
# Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys
# Specify the key identifiers which are trusted. #trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility. #requestkey 8
# Specify the key identifier to use with the ntpq utility. #controlkey 8
# Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats
# Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor
重啟ntpd服務 #systemctl restart ntpd
啟動後,查看同步情況 # ntpq -p # ntpstat
因為是內網,一般ntpstat很快就可以同步上。
http://xxxxxx/Linuxjc/1184701.html TechArticle