CentOS7中多台服务器配置时钟同步

场景

CentOS7中怎样设置静态IP：

https://blog.csdn.net/BADAO_LIUMANG_QIZHI/article/details/119242495

在上面给三台CentOS7的服务器配置了静态IP的基础上，怎样配置时钟同步。

集群中时间不同步有可能会让大数据的应用程序运行混乱，造成不可预知的问题，比如Hbase、mongodb副本集等，Hbase当时间差别过大时就会挂掉，mongodb如果副本时间过快，会出现时间栈帧溢出提前出发选举等，所以在大数据集群中，ntp服务，应该作为一种基础的服务。

NTP是网络时间协议(Network Time Protocol)，它是用来同步网络中各个计算机的时间的协议。

首先检查系统中是否已经安装ntp包

rpm -q ntp

 

如果没有安装的话自行进行安装。

注：

博客：
https://blog.csdn.net/badao_liumang_qizhi
关注公众号
霸道的程序猿
获取编程相关电子书、教程推送与免费下载。

实现

在master主服务器上搭建ntp服务器

修改/etc/ntp.conf文件

vi /ntp.conf

修改为如下

 

修改内容

# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).

driftfile /var/lib/ntp/drift

# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
#restrict default nomodify notrap nopeer noquery

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
#restrict 127.0.0.1
#restrict ::1

restrict 192.168.148.2 mask 255.255.255.0 nomodify notrap

# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst

#server 0.cn.pool.ntp.org
#server 1.asia.pool.ntp.org
#server 2.192.168.148.128

server ntp1.aliyun.com
server time1.aliyun.com

restrict time1.aliyun.com nomodify notrap noquery
restrict ntp1.aliyun.com nomodify notrap noquery

server 127.0.0.1
fudge 127.0.0.1 stratum 10
#broadcast 192.168.1.255 autokey # broadcast server
#broadcastclient   # broadcast client
#broadcast 224.0.1.1 autokey  # multicast server
#multicastclient 224.0.1.1  # multicast client
#manycastserver 239.255.254.254  # manycast server
#manycastclient 239.255.254.254 autokey # manycast client

# Enable public key cryptography.
#crypto

includefile /etc/ntp/crypto/pw

# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys

# Specify the key identifiers which are trusted.
#trustedkey 4 8 42

# Specify the key identifier to use with the ntpdc utility.
#requestkey 8

# Specify the key identifier to use with the ntpq utility.
#controlkey 8

# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats

# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor

修改说明

IP地址从192.168.148.2  到192.168.254.254，默认网关为255.255.255.0的机器都可以从NTP服务器进行同步时间

restrict 192.168.148.2 mask 255.255.255.0 nomodify notrap

定义使用的上游ntp服务器，将原来的注释掉

server ntp1.aliyun.com
server time1.aliyun.com

允许上层时间服务器主动修改本机时间

restrict time1.aliyun.com nomodify notrap noquery
restrict ntp1.aliyun.com nomodify notrap noquery

外部时间不可用时，使用本地时间作为时间服务。

server 127.0.0.1
fudge 127.0.0.1 stratum 10

配置文件修改完成之后，重启服务

service ntpd restart

ntp同步状态查看

ntpstat 命令查看时间同步状态，这个一般需要5-10分钟后才能成功连接和同步。所以，服务器启动后需要稍等下。

ntpstat

还可通过

ntpq -p

查询ntp是否同步

 

ntp客户端配置

两个子节点服务器slave1和slave2服务器分别修改配置

vi /etc/ntp.conf

将内容修改为

# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).

driftfile /var/lib/ntp/drift

# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
#restrict default nomodify notrap nopeer noquery

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
#restrict 127.0.0.1
#restrict ::1

server 192.168.148.128
restrict 192.168.148.128 nomodify notrap noquery

server 127.0.0.1
fudge 127.0.0.1 stratum 10
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst

#broadcast 192.168.1.255 autokey # broadcast server
#broadcastclient   # broadcast client
#broadcast 224.0.1.1 autokey  # multicast server
#multicastclient 224.0.1.1  # multicast client
#manycastserver 239.255.254.254  # manycast server
#manycastclient 239.255.254.254 autokey # manycast client

# Enable public key cryptography.
#crypto

includefile /etc/ntp/crypto/pw

# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys

# Specify the key identifiers which are trusted.
#trustedkey 4 8 42

# Specify the key identifier to use with the ntpdc utility.
#requestkey 8

# Specify the key identifier to use with the ntpq utility.
#controlkey 8

# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats

# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor

修改说明

配置时间服务器为上面搭建的ntp服务器

server 192.168.148.128

配置允许ntp服务器主动修改本机的时间

restrict 192.168.148.128 nomodify notrap noquery

同样配置本地服务器

server 127.0.0.1

fudge 127.0.0.1 stratum 10

然后配置完成后同样重启服务

service ntpd restart

同样通过

ntpstat

ntpq -p

查看同步的状态

也可以单次进行手动同步测试效果

在客户端slave1上，首先停止ntpd的服务 ,不然会提示: the NTP socket is in use, exiting

service ntpd stop

然后同步一次时间

ntpdate 192.168.148.128

同步成功之后记得开启服务

service ntpd start