linux 内网时间同步配置

在工作中,内网环境机器的时间会有所差异,在某些测试环境下需要一毫秒都不允许出现误差,但又不想同步外网时间,那我们可以选择一台机器作为时间服务器来供其他机器进行时间同步,例如每隔1分钟同步一次时间。

一、环境

系统:Centos 6.5

ntp_client IP:192.168.0.117

ntp_server IP:192.168.0.124

二、安装ntp服务

root@fenfa ~]# yum install ntp -y
[root@fenfa ~]# chkconfig --add ntpd
[root@fenfa ~]# chkconfig ntpd on

三、配置/etc/ntp.conf文件:

server:

[root@fenfa ~]# vim /etc/ntp.conf 

  1 # For more information about this file, see the man pages
  2 # ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
  3 
  4 driftfile /var/lib/ntp/drift
  5 
  6 # Permit time synchronization with our time source, but do not
  7 # permit the source to query or modify the service on this system.
  8 restrict default kod nomodify notrap nopeer noquery #默认的client拒绝所有的操作
  9 restrict -6 default kod nomodify notrap nopeer noquery
 10 
 11 # Permit all access over the loopback interface.  This could
 12 # be tightened as well, but to do so would effect some of
 13 # the administrative functions.
 14 restrict 127.0.0.1 #允许本机地址一切的操作
 15 restrict -6 ::1
 16 
 17 # Hosts on local network are less restricted.
 18 restrict 192.168.0.0 mask 255.255.255.0 nomodify notrap  #允许集群192.1680.0网段连接同步时间,拒绝client修改服务器时间19 
 20 # Use public servers from the pool.ntp.org project.
 21 # Please consider joining the pool (http://www.pool.ntp.org/join.html).
 22 #server 0.centos.pool.ntp.org iburst #默认配置,同步网络时间
 23 #server 1.centos.pool.ntp.org iburst
 24 #server 2.centos.pool.ntp.org iburst
 25 #server 3.centos.pool.ntp.org iburst
 26 
 27 server 127.127.1.0  #本地时间
 28 fudge 127.127.1.0 stratum 1 #时间服务器的层次。设为0则为顶级
 29 
 30 #broadcast 192.168.1.255 autokey        # broadcast server
 31 #broadcastclient                        # broadcast client
 32 #broadcast 224.0.1.1 autokey            # multicast server
 33 #multicastclient 224.0.1.1              # multicast client
 34 #manycastserver 239.255.254.254         # manycast server
 35 #manycastclient 239.255.254.254 autokey # manycast client
 36 
 37 # Enable public key cryptography.
 38 #crypto
 39 
 40 includefile /etc/ntp/crypto/pw
 41 
 42 # Key file containing the keys and key identifiers used when operating
 43 # with symmetric key cryptography. 
 44 keys /etc/ntp/keys
 45 
 46 # Specify the key identifiers which are trusted.
 47 #trustedkey 4 8 42
 48 
 49 # Specify the key identifier to use with the ntpdc utility.
 50 #requestkey 8
 51 
 52 # Specify the key identifier to use with the ntpq utility.
 53 #controlkey 8
 54 
 55 # Enable writing of statistics records.
 56 #statistics clockstats cryptostats loopstats peerstats

注:红色字体的地方为新增或修改的部分

client:

[root@nfs ~]# vim /etc/ntp.conf 

# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
  3 
  4 driftfile /var/lib/ntp/drift
  5 
  6 # Permit time synchronization with our time source, but do not
  7 # permit the source to query or modify the service on this system.
  8 restrict default kod nomodify notrap nopeer noquery
  9 restrict -6 default kod nomodify notrap nopeer noquery
 10 
 11 # Permit all access over the loopback interface.  This could
 12 # be tightened as well, but to do so would effect some of
 13 # the administrative functions.
 14 restrict 127.0.0.1
 15 restrict -6 ::1
 16 
 17 # Hosts on local network are less restricted.
 18 restrict 192.168.0.0 mask 255.255.255.0 nomodify notrap
 19 
 20 # Use public servers from the pool.ntp.org project.
 21 # Please consider joining the pool (http://www.pool.ntp.org/join.html).
 22 #server 0.centos.pool.ntp.org iburst
 23 #server 1.centos.pool.ntp.org iburst
 24 #server 2.centos.pool.ntp.org iburst
 25 #server 3.centos.pool.ntp.org iburst
 26 
 27 server 192.168.0.124 profer #时间服务器地址28 
 29 #broadcast 192.168.1.255 autokey        # broadcast server
 30 #broadcastclient                        # broadcast client
 31 #broadcast 224.0.1.1 autokey            # multicast server
 32 #multicastclient 224.0.1.1              # multicast client
 33 #manycastserver 239.255.254.254         # manycast server
 34 #manycastclient 239.255.254.254 autokey # manycast client
 35 
 36 # Enable public key cryptography.
 37 #crypto
 38 
 39 includefile /etc/ntp/crypto/pw
 40 
 41 # Key file containing the keys and key identifiers used when operating
 42 # with symmetric key cryptography. 
 43 keys /etc/ntp/keys
 44 
 45 # Specify the key identifiers which are trusted.
 46 #trustedkey 4 8 42
 47 
 48 # Specify the key identifier to use with the ntpdc utility.
 49 #requestkey 8
 50 
 51 # Specify the key identifier to use with the ntpq utility.
 52 #controlkey 8
 53 
 54 # Enable writing of statistics records.
 55 #statistics clockstats cryptostats loopstats peerstat

四、设置client主机与时间服务器时间的同步

  • serverd端从启ntp服务
  • client端更改系统时间
  • 执行同步命令:ntpdate -u 192.168.0.124
[root@fenfa x86_64]# service ntpd restart
关闭 ntpd:                                                [确定]
正在启动 ntpd:                                            [确定]
[root@nfs ~]# date
2019年 08月 19日 星期一 21:52:25 CST
[root@nfs ~]# date -s 2018-08-19
2018年 08月 19日 星期日 00:00:00 CST
[root@nfs ~]# date
2018年 08月 19日 星期日 00:00:05 CST
[root@nfs ~]# ntpdate -u 192.168.0.124
19 Aug 21:54:22 ntpdate[1861]: step time server 192.168.0.124 offset 31614767.907398 sec
[root@nfs ~]# date
2019年 08月 19日 星期一 21:54:28 CST

可以在client机器上编写一个定时脚本:

[root@nfs ~]# crontab -l
####ntpd  Synchronize every 1 minute
00-59/60 * * * * /usr/sbin/ntpdate -u 192.168.0.124 >/dev/null 2>&1

修改/etc/ntp/stpe-tickers文件,内容如下(当ntpd服务启动时,会自动与该文件中记录的上层NTP服务进行时间校对

[root@nfs ~]# cat /etc/ntp/step-tickers 
# List of servers used for initial synchronization.
server 192.168.0.124 prefer 

ntp服务,默认只会同步系统时间。如果想要让ntp同时同步硬件时间,可以设置/etc/sysconfig/ntpd文件,在/etc/sysconfig/ntpd文件中,添加 SYNC_HWCLOCK=yes 这样,就可以让硬件时间与系统时间一起同步。

posted @ 2019-08-19 22:29  南清风  阅读(4447)  评论(1编辑  收藏  举报