RHEL7学习之NTP配置

一,安装NTP

[root@localhost ~]# yum install ntp
Loaded plugins: product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
cdrom                                                                 | 4.1 kB  00:00:00     
Resolving Dependencies
--> Running transaction check
---> Package ntp.x86_64 0:4.2.6p5-18.el7 will be installed
--> Processing Dependency: ntpdate = 4.2.6p5-18.el7 for package: ntp-4.2.6p5-18.el7.x86_64
--> Processing Dependency: libopts.so.25()(64bit) for package: ntp-4.2.6p5-18.el7.x86_64
--> Running transaction check
---> Package autogen-libopts.x86_64 0:5.18-5.el7 will be installed
---> Package ntpdate.x86_64 0:4.2.6p5-18.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================================
 Package                   Arch             Version                    Repository       Size
=============================================================================================
Installing:
 ntp                       x86_64           4.2.6p5-18.el7             cdrom           539 k
Installing for dependencies:
 autogen-libopts           x86_64           5.18-5.el7                 cdrom            66 k
 ntpdate                   x86_64           4.2.6p5-18.el7             cdrom            82 k

Transaction Summary
=============================================================================================
Install  1 Package (+2 Dependent packages)

Total download size: 687 k
Installed size: 1.6 M
Is this ok [y/d/N]: y
Downloading packages:
---------------------------------------------------------------------------------------------
Total                                                         10 MB/s | 687 kB  00:00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : autogen-libopts-5.18-5.el7.x86_64                                         1/3 
  Installing : ntpdate-4.2.6p5-18.el7.x86_64                                             2/3 
  Installing : ntp-4.2.6p5-18.el7.x86_64                                                 3/3 
  Verifying  : ntpdate-4.2.6p5-18.el7.x86_64                                             1/3 
  Verifying  : autogen-libopts-5.18-5.el7.x86_64                                         2/3 
  Verifying  : ntp-4.2.6p5-18.el7.x86_64                                                 3/3 

Installed:
  ntp.x86_64 0:4.2.6p5-18.el7                                                                

Dependency Installed:
  autogen-libopts.x86_64 0:5.18-5.el7             ntpdate.x86_64 0:4.2.6p5-18.el7            

Complete!
View Code

二,编辑NTP配置文件"/etc/ntp.conf"

[root@localhost ~]# vim /etc/ntp.conf 

# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).

driftfile /var/lib/ntp/drift

# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify notrap nopeer noquery  

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict ::1

# Hosts on local network are less restricted.
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap  //允许"192.168.1.0"使用NTP服务,nomodify notrap 不允许客户端配置服务器或者作为同步时间的节点。

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.rhel.pool.ntp.org iburst
#server 1.rhel.pool.ntp.org iburst
#server 2.rhel.pool.ntp.org iburst
#server 3.rhel.pool.ntp.org iburst
server 0.asia.pool.ntp.org   //NTP官方服务器池:http://www.pool.ntp.org/zone/asia 
server 1.asia.pool.ntp.org
server 2.asia.pool.ntp.org
server 3.asia.pool.ntp.org

  server 127.127.1.0        
  fudge 127.127.1.0 stratum 8  //当NTP服务不可用时,使用NTP服务器当前时间同步给客户机

#broadcast 192.168.1.255 autokey        # broadcast server
#broadcastclient                        # broadcast client
#broadcast 224.0.1.1 autokey            # multicast server
#multicastclient 224.0.1.1              # multicast client
#manycastserver 239.255.254.254         # manycast server
#manycastclient 239.255.254.254 autokey # manycast client

# Enable public key cryptography.
#crypto

includefile /etc/ntp/crypto/pw

# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography. 
keys /etc/ntp/keys

# Specify the key identifiers which are trusted.
#trustedkey 4 8 42

# Specify the key identifier to use with the ntpdc utility.
#requestkey 8

# Specify the key identifier to use with the ntpq utility.
#controlkey 8

# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats

# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor

  logfile /var/log/ntp.log

三,验证NTP服务

1,验证NTP服务器从官方NTP服务器同步时间

[root@localhost ~]# ntpstat  //查看这台服务器是否连接到NTP官方服务器
synchronised to NTP server (160.16.201.66) at stratum 3 
   time correct to within 4090 ms
   polling server every 64 s

更改下时间,改为“错误”的时间。然后等待NTP服务自动同步准确的时间。

[root@localhost ~]# date
Wed Jan 23 11:44:34 CST 2013

使用命令"watch ntpq -p"查看NTP详细信息

Every 2.0s: ntpq -p                                                                                                                                Sat Jan 23 00:04:35 2010

     remote           refid     st t when poll reach   delay   offset  jitter
==============================================================================
 y.ns.gin.ntt.ne 249.224.99.213   2 u   69   64   17  110.259  1916229 1106335
 time1.maxonline .GPS.            1 u    9   64   37  330.752  1916229 9581147
 send.mx.cdnetwo 133.100.8.2      2 u   10   64   37   87.927  1916229 9581147
*LOCAL(0)        .LOCL.           8 l   17   64   21    0.000    0.000   0.000

大约10分钟,同步成功。下面是同步成功的时间。时间同步成功后,并不会同步给硬件时间。系统重启后还会读取硬件时间同步给系统时间,所以需要重启前"clock -w"或者写入crontab。

Every 2.0s: ntpq -p                                                                                                                                Fri Feb 19 10:15:49 2016

     remote           refid     st t when poll reach   delay   offset  jitter
==============================================================================
 LOCAL(0)        .LOCL.           8 l   50   64    1    0.000    0.000   0.000
+218.189.210.4   118.143.17.82    2 u   50   64    1   80.928    4.568   0.000
*x.ns.gin.ntt.ne 249.224.99.213   2 u   48   64    1   84.978   -9.332   0.000
+31.193.144.2.ar 131.107.13.100   2 u   50   64    1  311.808  -52.737   0.000
-202-65-114-202. 218.100.41.254   2 u   50   64    1  464.010  114.567   0.000

2,验证Linux客户端从NTP服务器(192.168.10.10)同步时间

手动同步时间成功,说明NTP服务没问题。可以在Linux客户机上建立crontab任务或者配置NTP服务来同步时间。

[root@localhost ~]# ntpdate -u 192.168.1.10
18 Feb 12:45:50 ntpdate[2835]: adjust time server 192.168.1.10 offset -0.000051 sec
[root@localhost ~]# date
Thu Feb 18 12:45:54 CST 2016

四,配置Linux客户机自动同步时间的两种方法

1,使用crontab从NTP服务器同步时间

[root@localhost ~]# crontab -e

30 3 * * *  /usr/sbin/ntpdate -u  192.168.10.10; /usr/sbin/clock -w  //每天3:30从NTP服务器同步时间,并把系统时间同步给硬件时间。

2,使用NTP服务同步时间

安装NTP服务

[root@localhost ~]# yum install ntp
Loaded plugins: product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Resolving Dependencies
--> Running transaction check
---> Package ntp.x86_64 0:4.2.6p5-18.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

===========================================================================================================================================================================
 Package                              Arch                                    Version                                         Repository                              Size
===========================================================================================================================================================================
Installing:
 ntp                                  x86_64                                  4.2.6p5-18.el7                                  cdrom                                  539 k

Transaction Summary
===========================================================================================================================================================================
Install  1 Package

Total download size: 539 k
Installed size: 1.4 M
Is this ok [y/d/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : ntp-4.2.6p5-18.el7.x86_64                                                                                                                               1/1 
  Verifying  : ntp-4.2.6p5-18.el7.x86_64                                                                                                                               1/1 

Installed:
  ntp.x86_64 0:4.2.6p5-18.el7      
View Code

更改"/etc/ntp.conf",注释掉原有NTP服务器地址,加入"server 192.168.10.10"

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.rhel.pool.ntp.org iburst
#server 1.rhel.pool.ntp.org iburst
#server 2.rhel.pool.ntp.org iburst
#server 3.rhel.pool.ntp.org iburst
server 192.168.10.10

将当前时间修改成“错误时间”,通过NTP服务来验证是否能够同步时间。

[root@localhost ~]# date
Sat Feb 20 00:29:18 CST 2016
[root@localhost ~]# date -s 20130123 
Wed Jan 23 00:00:00 CST 2013
[root@localhost ~]# watch ntpq -p
Every 2.0s: ntpq -p                                                                                                                                Wed Jan 23 00:02:09 2013

     remote           refid     st t when poll reach   delay   offset  jitter
==============================================================================
 192.168.10.10   211.233.84.186   3 u   49   64    3    0.707  9702897 9702897
Every 2.0s: ntpq -p                                                                                                                                Sat Feb 20 00:49:06 2016

     remote           refid     st t when poll reach   delay   offset  jitter
==============================================================================
*192.168.10.10   194.225.150.25   3 u   13   64   17    0.746   98.114  70.556

 

posted on 2016-02-18 12:52  rdashu  阅读(7881)  评论(0编辑  收藏  举报

导航