三分薄地,认真耕耘

导航

 

1、配置NTP服务端

环境:redhat 6.5

服务器主机名 ip地址 说明
server 192.168.57.20 NTP服务端
client 192.168.57.21 NTP客户端

搭建说明:

本地server使用外网ntp源同步时间,再作为NTP服务端同步时间给本地client服务器NTP客户端

1.1 安装NTP服务

在ntp服务器查看系统是否安装NTP服务


[root@server~]# rpm -qa|grep ntp
ntpdate-4.2.6p5-1.el6.x86_64
fontpackages-filesystem-1.41-1.1.el6.noarch
ntp-4.2.6p5-1.el6.x86_64

如果没有安装,安装ntp

yum -y install ntp

备份原有ntp配置文件

mv /etc/ntp.conf /etc/npt.conf.bak

1.2 配置NTP服务端

编辑ntp.conf配置文件


# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.

restrict default ignore
restrict 127.0.0.1

restrict 192.168.112.0 mask 255.255.255.0 nomodify 
# 设置容许访问该ntp服务器的网络地址段
restrict 192.168.57.0 mask 255.255.255.0 nomodify


# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
# 设定NTP主机来源(其中prefer表示优先主机)

#server 1.cn.pool.ntp.org prefer 
# 默认优先使用1.cn.pool.ntp.org
#server 1.rhel.pool.ntp.org
server pool.ntp.org

#broadcast 172.30.8.255 key 42         # broadcast server
#broadcastclient                        # broadcast client
#broadcast 224.0.1.1 key 42             # multicast server
#multicastclient 224.0.1.1              # multicast client
#manycastserver 239.255.254.254         # manycast server
#manycastclient 239.255.254.254 key 42  # manycast client

# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available.

server  127.127.1.0    
fudge   127.127.1.0 stratum 10
# local clock设置本地ntp服务器地址,当外网ntp服务器连接异常时,使用本地NTP服务器进行同步


# Drift file.  Put this in a directory which the daemon can write to.
# No symbolic links allowed, either, since the daemon updates the file
# by creating a temporary in the same directory and then rename()'ing
# it to the file.
driftfile /var/lib/ntp/drift

# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography. 
broadcastdelay 0.008
logfile /var/log/ntp.log
keys /etc/ntp/keys

# Specify the key identifiers which are trusted.
#trustedkey 4 8 42

# Specify the key identifier to use with the ntpdc utility.
#requestkey 8

# Specify the key identifier to use with the ntpq utility.
#controlkey 8

启动ntp服务

service ntpd start

设置开机启动

chkconfig ntpd on

查看NTP状态


-bash-4.1$ ntpstat
synchronised to local net at stratum 11 
   time correct to within 12 ms
   polling server every 64 s
   
-bash-4.1$ ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*LOCAL(0)        .LOCL.          10 l   11   64  377    0.000    0.000   0.000
 120.25.115.20   .INIT.          16 u    - 1024    0    0.000    0.000   0.000

2 配置NTP客户端

2.1 安装NTP服务

在ntp服务器查看系统是否安装NTP服务


[root@client~]# rpm -qa|grep ntp
ntpdate-4.2.6p5-1.el6.x86_64
fontpackages-filesystem-1.41-1.1.el6.noarch
ntp-4.2.6p5-1.el6.x86_64

如果没有安装,安装ntp

yum -y install ntp

备份原有ntp配置文件

mv /etc/ntp.conf /etc/npt.conf.bak

2.2 配置NTP服务端

修改/etc/ntp.conf文件


# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).

driftfile /var/lib/ntp/drift

# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1 
restrict -6 ::1

# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
# server 0.rhel.pool.ntp.org iburst
# server 1.rhel.pool.ntp.org iburst
# server 2.rhel.pool.ntp.org iburst

server 192.68.57.20 perfer 
# 设置192.168.57.20为优先的ntp服务器
restrict 192.68.57.20 nomodify notrap noquery
server 127.127.1.0 # local clock
fudge 127.127.1.0 stratum 10


#broadcast 192.168.1.255 autokey	# broadcast server
#broadcastclient			# broadcast client
#broadcast 224.0.1.1 autokey		# multicast server
#multicastclient 224.0.1.1		# multicast client
#manycastserver 239.255.254.254		# manycast server
#manycastclient 239.255.254.254 autokey # manycast client

# Enable public key cryptography.
#crypto

includefile /etc/ntp/crypto/pw

# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography. 
keys /etc/ntp/keys

# Specify the key identifiers which are trusted.
#trustedkey 4 8 42

# Specify the key identifier to use with the ntpdc utility.
#requestkey 8

# Specify the key identifier to use with the ntpq utility.
#controlkey 8

# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats

启动NTP服务

service ntpd start

设置NTP服务自启动

chkconfig ntpd on

查看ntp服务状态:


-bash-4.1$ ntpstat
synchronised to NTP server (192.168.57.20) at stratum 12 
   time correct to within 21 ms
   polling server every 256 s
   
-bash-4.1$ ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*192.168.57.20     LOCAL(0)        11 u  242  256  377    0.302    0.012   0.187
 LOCAL(0)        .LOCL.          10 l  46m   64    0    0.000    0.000   0.000

</code></pre>
<h1>3、常见错误</h1>
<h2>3.1 ntpq -p查看时间同步情况时报localhost: timed out, nothing received错误</h2>
<p>在使用ntpq -p时报:</p>
<pre><code data-language="bash" class="lang-bash">localhost: timed out, nothing received

***Request timed out

解决办法:

1、查看/etc/hosts文件,确认有以下信息,可以正确解析本地ntp服务


127.0.0.1   localhost localhost4 localhost4.localdomain4
::1       localhost localhost.localdomain localhost6 localhost6.localdomain6

2、如果/etc/hosts文件配置正确,使用ntpq -4p(即指定通过ipv4 地址获取返回值),如果正常显示,但是使用ntpq -6p(即指定通过ipv4 地址获取返回值)异常,则说明时因为开启了Ipv6 ,默认ntpq 先走Ipv6的通道,而ECS linux 默认无法直接访问ipv6地址,因此会访问超时

可以禁用接口的IPv6,然后就会正确,方法如下:

/etc/sysctl.conf 文件尾添加如下参数


# 禁用整个系统所有接口的IPv6
net.ipv6.conf.all.disable_ipv6 = 1
# 禁用某一个指定接口的IPv6(例如:eth0, eth1)
net.ipv6.conf.eth1.disable_ipv6 = 1
net.ipv6.conf.eth0.disable_ipv6 = 1

然后重启网络服务

service restart network

然后使用ntpq -p,返回值就正常

3.2 ntpq -p查看时间同步情况时报no association ID's returned错误信息

解决方法:

1、关闭selinux


-bash-4.1$ vi /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
#SELINUX=enforcing
SELINUX=disabled # 设置为disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted 

2、执行restorecon -R -v /etc/ntp.conf

3、重启ntp服务

service ntpd restart

3.3 添加ntp服务开机自启动,报:service nptd does not support chkconfig

解决方法:

1、查看ntpd服务脚本,是不是在/etc/init.d/目录下


-bash-4.1$ ll /etc/init.d/ntpd
-rwxr-xr-x 1 root root 1974 10月 30 20:28 /etc/init.d/ntpd

注:一般成功安装ntp以后都会有

2、在chkconfig工具服务列表中增加ntpd服务,此时服务会被在/etc/rc.d/rcN.d中赋予K/S入口了

chkconfig --add ntpd

3、修改/etc/init.d/ntpd

vi打开/etc/init.d/ntpd文件

#!/bin/bash
后加入

# chkconfig: 2345 10 90
# description: myservice

4、设置ntp服务自启动,发现正常

chkconfig ntpd on

posted on 2019-10-31 15:43  平复心态  阅读(11513)  评论(1编辑  收藏  举报