1、服务器
IP | 主机名 | 角色 | 描述 | 同步方式 |
192.168.2.7 | localhost | NTPD服务器 | 1、负责与外部公共NTPD服务同步标准时间 2、作为内外网络的NTPD服务 | NTPD服务平滑同步 |
192.168.2.9 | localhost | NTP客户端 | 内网设备与192.168.11.11同步时间 | NTPD服务平滑同步 |
安装ntp
rpm -ivh ntp-4.2.6p5-1.el6.centos.x86_64.rpm --nodeps --force
rpm -ivh ntpdate-4.2.6p5-1.el6.centos.x86_64.rpm --nodeps --force
rpm -ivh ntpdate-4.2.6p5-1.el6.centos.x86_64.rpm --nodeps --force
软件包下载地址
2、设置开机自启动
centos6.5:chkconfig ntpd on
centos7.5:systemctl enable ntpd.service
chkconfig --list ntpd
以上两步,在各机器上都要执行
3、server上同步互联网时间
ntpdate -u 1.cn.pool.ntp.org
最后一行的末尾,time server 84.16.73.33 offset -0.006491 sec,这说明时间差异最小的一个外部主机为202.118.1.130
必要的信息已经获取,现在正是开始配置NTP
4、修改配置(server端的)
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile /var/lib/ntp/drift
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict -6 ::1
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
#设置对内网主机提供NTP服务。我的集群网关是192.168.11.2
restrict 192.168.2.226 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
#指定上层对时的外部服务器,这些都是上面刚刚得到的可以正常提供时间服务的外部主机
server 120.25.115.20
server 84.16.67.12
#修改上层服务器对本机的权限
restrict 120.25.115.20 nomodify notrap noquery
restrict 84.16.67.12 nomodify notrap noquery
#外部时间服务器不可用时,设置以本地时间作为时间服务
server 127.0.0.1 # local clock
fudge 127.0.0.1 stratum 10
#broadcast 192.168.1.255 autokey # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 autokey # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 autokey # manycast client
# Enable public key cryptography.
#crypto
includefile /etc/ntp/crypto/pw
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats
5、同步硬件时间
在 Linux 下系统时间在开机的时候会和硬件时间同步(synchronization),之后也就各自独立运行了,那么既然两个时钟独自运行,那么时间久了必然就会产生误差了,而 NTP 默认又只更新系统时间,因此我们需要设置硬件时钟进行同步调整
vi /etc/sysconfig/ntpd
6、启动ntp服务,查看相关状态,验证
service ntpd start
systemctl restart ntpd.service
查看服务连接和监听
netstat -tlunp | grep ntp
查看网络中的NTP服务器,同时显示客户端和每个服务器的关系
ntpq -p
查看时间同步状态
ntpstat
7、配置client,这是在192.168.2.9机器上进行
# Drop root to id 'ntp:ntp' by default.
SYNC_HWCLOCK=yes
OPTIONS="-u ntp:ntp -p /var/run/ntpd.pid -g"
[root@test-ocs conf]# cat /etc/ntp
ntp/ ntp.conf
[root@test-ocs conf]# cat /etc/ntp.conf
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile /var/lib/ntp/drift
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict -6 ::1
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
#对时服务器,配置成ntp-server的机器
server 192.168.2.7
restrict 192.168.2.7 nomodify notrap noquery
server 127.0.0.1 # local clock
fudge 127.0.0.1 stratum 10
#broadcast 192.168.1.255 autokey # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 autokey # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 autokey # manycast client
# Enable public key cryptography.
#crypto
includefile /etc/ntp/crypto/pw
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats
8、启动ntp-client,手动更新时间,查看相关状态,验证
service ntpd start
手动向192.168.2.7更新一次时间
ntpdate -u 192.168.2.7
查看服务连接和监听
netstat -tlunp | grep ntp
查看网络中的NTP服务器,同时显示客户端和每个服务器的关系
ntpq -p
查看时间同步状态
ntpstat
到此,机器的同步时间就配置完成了。
附:ntpq -p指令,显示的各项含义
位置 | 标志 | 含义 |
符号 | * | 响应的NTP服务器和最精确的服务器 |
+ | 响应这个查询请求的NTP服务器 | |
blank(空格) | 没有响应的NTP服务器 | |
标题 | remote | 响应这个请求的NTP服务器的名称 |
refid | NTP服务器使用的更高一级服务器的名称 | |
st | 正在响应请求的NTP服务器的级别 | |
when | 上一次成功请求之后到现在的秒数 | |
poll | 本地和远程服务器多少时间进行一次同步,单位秒,在一开始运行NTP的时候这个poll值会比较小,服务器同步的频率大,可以尽快调整到正确的时间范围,之后poll值会逐渐增大,同步的频率也就会相应减小 | |
reach | 用来测试能否和服务器连接,是一个八进制值,每成功连接一次它的值就会增加 | |
delay | 从本地机发送同步要求到ntp服务器的往返时间 | |
offset | 主机通过NTP时钟同步与所同步时间源的时间偏移量,单位为毫秒,offset越接近于0,主机和ntp服务器的时间越接近 | |
jitter | 统计了在特定个连续的连接数里offset的分布情况。简单地说这个数值的绝对值越小,主机的时间就越精确 |