RHEL7学习之NTP配置
一,安装NTP
[root@localhost ~]# yum install ntp Loaded plugins: product-id, subscription-manager This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register. cdrom | 4.1 kB 00:00:00 Resolving Dependencies --> Running transaction check ---> Package ntp.x86_64 0:4.2.6p5-18.el7 will be installed --> Processing Dependency: ntpdate = 4.2.6p5-18.el7 for package: ntp-4.2.6p5-18.el7.x86_64 --> Processing Dependency: libopts.so.25()(64bit) for package: ntp-4.2.6p5-18.el7.x86_64 --> Running transaction check ---> Package autogen-libopts.x86_64 0:5.18-5.el7 will be installed ---> Package ntpdate.x86_64 0:4.2.6p5-18.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ============================================================================================= Package Arch Version Repository Size ============================================================================================= Installing: ntp x86_64 4.2.6p5-18.el7 cdrom 539 k Installing for dependencies: autogen-libopts x86_64 5.18-5.el7 cdrom 66 k ntpdate x86_64 4.2.6p5-18.el7 cdrom 82 k Transaction Summary ============================================================================================= Install 1 Package (+2 Dependent packages) Total download size: 687 k Installed size: 1.6 M Is this ok [y/d/N]: y Downloading packages: --------------------------------------------------------------------------------------------- Total 10 MB/s | 687 kB 00:00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : autogen-libopts-5.18-5.el7.x86_64 1/3 Installing : ntpdate-4.2.6p5-18.el7.x86_64 2/3 Installing : ntp-4.2.6p5-18.el7.x86_64 3/3 Verifying : ntpdate-4.2.6p5-18.el7.x86_64 1/3 Verifying : autogen-libopts-5.18-5.el7.x86_64 2/3 Verifying : ntp-4.2.6p5-18.el7.x86_64 3/3 Installed: ntp.x86_64 0:4.2.6p5-18.el7 Dependency Installed: autogen-libopts.x86_64 0:5.18-5.el7 ntpdate.x86_64 0:4.2.6p5-18.el7 Complete!
二,编辑NTP配置文件"/etc/ntp.conf"
[root@localhost ~]# vim /etc/ntp.conf # For more information about this file, see the man pages # ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5). driftfile /var/lib/ntp/drift # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. restrict default nomodify notrap nopeer noquery # Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1 restrict ::1 # Hosts on local network are less restricted. restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap //允许"192.168.1.0"使用NTP服务,nomodify notrap 不允许客户端配置服务器或者作为同步时间的节点。 # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.rhel.pool.ntp.org iburst #server 1.rhel.pool.ntp.org iburst #server 2.rhel.pool.ntp.org iburst #server 3.rhel.pool.ntp.org iburst server 0.asia.pool.ntp.org //NTP官方服务器池:http://www.pool.ntp.org/zone/asia server 1.asia.pool.ntp.org server 2.asia.pool.ntp.org server 3.asia.pool.ntp.org
server 127.127.1.0
fudge 127.127.1.0 stratum 8 //当NTP服务不可用时,使用NTP服务器当前时间同步给客户机
#broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys # Specify the key identifiers which are trusted. #trustedkey 4 8 42 # Specify the key identifier to use with the ntpdc utility. #requestkey 8 # Specify the key identifier to use with the ntpq utility. #controlkey 8 # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor
logfile /var/log/ntp.log
三,验证NTP服务
1,验证NTP服务器从官方NTP服务器同步时间
[root@localhost ~]# ntpstat //查看这台服务器是否连接到NTP官方服务器 synchronised to NTP server (160.16.201.66) at stratum 3 time correct to within 4090 ms polling server every 64 s
更改下时间,改为“错误”的时间。然后等待NTP服务自动同步准确的时间。
[root@localhost ~]# date Wed Jan 23 11:44:34 CST 2013
使用命令"watch ntpq -p"查看NTP详细信息
Every 2.0s: ntpq -p Sat Jan 23 00:04:35 2010 remote refid st t when poll reach delay offset jitter ============================================================================== y.ns.gin.ntt.ne 249.224.99.213 2 u 69 64 17 110.259 1916229 1106335 time1.maxonline .GPS. 1 u 9 64 37 330.752 1916229 9581147 send.mx.cdnetwo 133.100.8.2 2 u 10 64 37 87.927 1916229 9581147 *LOCAL(0) .LOCL. 8 l 17 64 21 0.000 0.000 0.000
大约10分钟,同步成功。下面是同步成功的时间。时间同步成功后,并不会同步给硬件时间。系统重启后还会读取硬件时间同步给系统时间,所以需要重启前"clock -w"或者写入crontab。
Every 2.0s: ntpq -p Fri Feb 19 10:15:49 2016 remote refid st t when poll reach delay offset jitter ============================================================================== LOCAL(0) .LOCL. 8 l 50 64 1 0.000 0.000 0.000 +218.189.210.4 118.143.17.82 2 u 50 64 1 80.928 4.568 0.000 *x.ns.gin.ntt.ne 249.224.99.213 2 u 48 64 1 84.978 -9.332 0.000 +31.193.144.2.ar 131.107.13.100 2 u 50 64 1 311.808 -52.737 0.000 -202-65-114-202. 218.100.41.254 2 u 50 64 1 464.010 114.567 0.000
2,验证Linux客户端从NTP服务器(192.168.10.10)同步时间
手动同步时间成功,说明NTP服务没问题。可以在Linux客户机上建立crontab任务或者配置NTP服务来同步时间。
[root@localhost ~]# ntpdate -u 192.168.1.10 18 Feb 12:45:50 ntpdate[2835]: adjust time server 192.168.1.10 offset -0.000051 sec [root@localhost ~]# date Thu Feb 18 12:45:54 CST 2016
四,配置Linux客户机自动同步时间的两种方法
1,使用crontab从NTP服务器同步时间
[root@localhost ~]# crontab -e 30 3 * * * /usr/sbin/ntpdate -u 192.168.10.10; /usr/sbin/clock -w //每天3:30从NTP服务器同步时间,并把系统时间同步给硬件时间。
2,使用NTP服务同步时间
安装NTP服务
[root@localhost ~]# yum install ntp Loaded plugins: product-id, subscription-manager This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register. Resolving Dependencies --> Running transaction check ---> Package ntp.x86_64 0:4.2.6p5-18.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved =========================================================================================================================================================================== Package Arch Version Repository Size =========================================================================================================================================================================== Installing: ntp x86_64 4.2.6p5-18.el7 cdrom 539 k Transaction Summary =========================================================================================================================================================================== Install 1 Package Total download size: 539 k Installed size: 1.4 M Is this ok [y/d/N]: y Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : ntp-4.2.6p5-18.el7.x86_64 1/1 Verifying : ntp-4.2.6p5-18.el7.x86_64 1/1 Installed: ntp.x86_64 0:4.2.6p5-18.el7
更改"/etc/ntp.conf",注释掉原有NTP服务器地址,加入"server 192.168.10.10"
# Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.rhel.pool.ntp.org iburst #server 1.rhel.pool.ntp.org iburst #server 2.rhel.pool.ntp.org iburst #server 3.rhel.pool.ntp.org iburst server 192.168.10.10
将当前时间修改成“错误时间”,通过NTP服务来验证是否能够同步时间。
[root@localhost ~]# date Sat Feb 20 00:29:18 CST 2016 [root@localhost ~]# date -s 20130123 Wed Jan 23 00:00:00 CST 2013
[root@localhost ~]# watch ntpq -p Every 2.0s: ntpq -p Wed Jan 23 00:02:09 2013 remote refid st t when poll reach delay offset jitter ============================================================================== 192.168.10.10 211.233.84.186 3 u 49 64 3 0.707 9702897 9702897
Every 2.0s: ntpq -p Sat Feb 20 00:49:06 2016 remote refid st t when poll reach delay offset jitter ============================================================================== *192.168.10.10 194.225.150.25 3 u 13 64 17 0.746 98.114 70.556