1、配置NTP服务端
环境:redhat 6.5
服务器主机名 | ip地址 | 说明 |
---|---|---|
server | 192.168.57.20 | NTP服务端 |
client | 192.168.57.21 | NTP客户端 |
搭建说明:
本地server使用外网ntp源同步时间,再作为NTP服务端同步时间给本地client服务器NTP客户端
1.1 安装NTP服务
在ntp服务器查看系统是否安装NTP服务
[root@server~]# rpm -qa|grep ntp ntpdate-4.2.6p5-1.el6.x86_64 fontpackages-filesystem-1.41-1.1.el6.noarch ntp-4.2.6p5-1.el6.x86_64
如果没有安装,安装ntp
yum -y install ntp
备份原有ntp配置文件
mv /etc/ntp.conf /etc/npt.conf.bak
1.2 配置NTP服务端
编辑ntp.conf配置文件
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default ignore
restrict 127.0.0.1
restrict 192.168.112.0 mask 255.255.255.0 nomodify
# 设置容许访问该ntp服务器的网络地址段
restrict 192.168.57.0 mask 255.255.255.0 nomodify
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
# 设定NTP主机来源(其中prefer表示优先主机)
#server 1.cn.pool.ntp.org prefer
# 默认优先使用1.cn.pool.ntp.org
#server 1.rhel.pool.ntp.org
server pool.ntp.org
#broadcast 172.30.8.255 key 42 # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 key 42 # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 key 42 # manycast client
# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available.
server 127.127.1.0
fudge 127.127.1.0 stratum 10
# local clock设置本地ntp服务器地址,当外网ntp服务器连接异常时,使用本地NTP服务器进行同步
# Drift file. Put this in a directory which the daemon can write to.
# No symbolic links allowed, either, since the daemon updates the file
# by creating a temporary in the same directory and then rename()'ing
# it to the file.
driftfile /var/lib/ntp/drift
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
broadcastdelay 0.008
logfile /var/log/ntp.log
keys /etc/ntp/keys
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
启动ntp服务
service ntpd start
设置开机启动
chkconfig ntpd on
查看NTP状态
-bash-4.1$ ntpstat
synchronised to local net at stratum 11
time correct to within 12 ms
polling server every 64 s
-bash-4.1$ ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
*LOCAL(0) .LOCL. 10 l 11 64 377 0.000 0.000 0.000
120.25.115.20 .INIT. 16 u - 1024 0 0.000 0.000 0.000
2 配置NTP客户端
2.1 安装NTP服务
在ntp服务器查看系统是否安装NTP服务
[root@client~]# rpm -qa|grep ntp ntpdate-4.2.6p5-1.el6.x86_64 fontpackages-filesystem-1.41-1.1.el6.noarch ntp-4.2.6p5-1.el6.x86_64
如果没有安装,安装ntp
yum -y install ntp
备份原有ntp配置文件
mv /etc/ntp.conf /etc/npt.conf.bak
2.2 配置NTP服务端
修改/etc/ntp.conf文件
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile /var/lib/ntp/drift
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict -6 ::1
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
# server 0.rhel.pool.ntp.org iburst
# server 1.rhel.pool.ntp.org iburst
# server 2.rhel.pool.ntp.org iburst
server 192.68.57.20 perfer
# 设置192.168.57.20为优先的ntp服务器
restrict 192.68.57.20 nomodify notrap noquery
server 127.127.1.0 # local clock
fudge 127.127.1.0 stratum 10
#broadcast 192.168.1.255 autokey # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 autokey # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 autokey # manycast client
# Enable public key cryptography.
#crypto
includefile /etc/ntp/crypto/pw
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats
启动NTP服务
service ntpd start
设置NTP服务自启动
chkconfig ntpd on
查看ntp服务状态:
-bash-4.1$ ntpstat
synchronised to NTP server (192.168.57.20) at stratum 12
time correct to within 21 ms
polling server every 256 s
-bash-4.1$ ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
*192.168.57.20 LOCAL(0) 11 u 242 256 377 0.302 0.012 0.187
LOCAL(0) .LOCL. 10 l 46m 64 0 0.000 0.000 0.000
</code></pre>
<h1>3、常见错误</h1>
<h2>3.1 ntpq -p查看时间同步情况时报localhost: timed out, nothing received错误</h2>
<p>在使用ntpq -p时报:</p>
<pre><code data-language="bash" class="lang-bash">localhost: timed out, nothing received
***Request timed out
解决办法:
1、查看/etc/hosts文件,确认有以下信息,可以正确解析本地ntp服务
127.0.0.1 localhost localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
2、如果/etc/hosts文件配置正确,使用ntpq -4p(即指定通过ipv4 地址获取返回值),如果正常显示,但是使用ntpq -6p(即指定通过ipv4 地址获取返回值)异常,则说明时因为开启了Ipv6 ,默认ntpq 先走Ipv6的通道,而ECS linux 默认无法直接访问ipv6地址,因此会访问超时
可以禁用接口的IPv6,然后就会正确,方法如下:
/etc/sysctl.conf 文件尾添加如下参数
# 禁用整个系统所有接口的IPv6 net.ipv6.conf.all.disable_ipv6 = 1 # 禁用某一个指定接口的IPv6(例如:eth0, eth1) net.ipv6.conf.eth1.disable_ipv6 = 1 net.ipv6.conf.eth0.disable_ipv6 = 1
然后重启网络服务
service restart network
然后使用ntpq -p,返回值就正常
3.2 ntpq -p查看时间同步情况时报no association ID's returned错误信息
解决方法:
1、关闭selinux
-bash-4.1$ vi /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
#SELINUX=enforcing
SELINUX=disabled # 设置为disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
2、执行restorecon -R -v /etc/ntp.conf
3、重启ntp服务
service ntpd restart
3.3 添加ntp服务开机自启动,报:service nptd does not support chkconfig
解决方法:
1、查看ntpd服务脚本,是不是在/etc/init.d/目录下
-bash-4.1$ ll /etc/init.d/ntpd -rwxr-xr-x 1 root root 1974 10月 30 20:28 /etc/init.d/ntpd
注:一般成功安装ntp以后都会有
2、在chkconfig工具服务列表中增加ntpd服务,此时服务会被在/etc/rc.d/rcN.d中赋予K/S入口了
chkconfig --add ntpd
3、修改/etc/init.d/ntpd
vi打开/etc/init.d/ntpd文件
在
#!/bin/bash
后加入
# chkconfig: 2345 10 90
# description: myservice
4、设置ntp服务自启动,发现正常
chkconfig ntpd on