一、目的
为搭建GlusterFS集群,保障节点间时钟同步。
二、环境
5台虚拟机,CentOS Linux release 7.5.1804 (Core),内存3G,硬盘45G。
192.168.10.145(NTP Server)
192.168.10.148(NTP Client)
192.168.10.149(NTP Client)
192.168.10.158(NTP Client)
192.168.10.159(NTP Client)
三、时钟同步
3.1 在NTP Server安装 ntp 时钟同步工具
在NTP Server节点执行如下命令:
yum install -y ntp // 安装ntp
在NTP Server节点开启ntp服务:
systemctl start ntpd // 启动ntp服务
在NTP Server节点设置开机启动服务
systemctl enable ntpd.service // 开机启动ntp服务
3.2 防火墙设置
由于NTP服务需要使用到UDP端口号123,所以当系统的防火墙(Iptables)启动的情况下,必须开放UDP端口号123。
本集群所有节点关闭了防火墙。
3.3 配置NTP Server
3.3.1 执行以下命令,同步NTP Server时钟:
ntpdate -u ntp.api.bz // NTP服务器(上海) :ntp.api.bz
3.3.2 修改NTP Server配置文件/etc/ntp.conf(红色部分为修改处):
/etc/ntp.conf |
# For more information about this file, see the man pages # ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5). driftfile /var/lib/ntp/drift # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. restrict default nomodify notrap nopeer noquery # Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1 restrict ::1 # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap # 允许内网其他机器同步时间,如果不添加该约束默认允许所有IP访问本机同步服务 restrict 192.168.10.0 mask 255.255.255.0 nomodify notrap # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). # by me # server 0.centos.pool.ntp.org iburst # server 1.centos.pool.ntp.org iburst # server 2.centos.pool.ntp.org iburst # server 3.centos.pool.ntp.org iburst # 配置和上游标准时间同步 server ntp.api.bz // NTP服务器(上海) ,by me server 0.cn.pool.ntp.org server 1.cn.pool.ntp.org server 2 cn.pool.ntp.org server 3.cn.pool.ntp.org # 配置允许上游时间服务器主动修改本机(内网ntp Server)的时间 restrict ntp.api.bz nomodify notrap noquery restrict 0.cn.pool.ntp.org nomodify notrap noquery restrict 1.cn.pool.ntp.org nomodify notrap noquery restrict 2.cn.pool.ntp.org nomodify notrap noquery restrict 3.cn.pool.ntp.org nomodify notrap noquery # 确保localhost有足够权限,使用没有任何限制关键词的语法。 # # 外部时间服务器不可用时,以本地时间作为时间服务。 # # 注意:这里不能改,必须使用127.127.1.0,否则会导致无法 # #在ntp客户端运行ntpdate serverIP,出现no server suitable for synchronization found的错误。 # #在ntp客户端用ntpdate –d serverIP查看,发现有“Server dropped: strata too high”的错误,并且显示“stratum 16”。而正常情况下stratum这个值得范围是“0~15”。 # #这是因为NTP server还没有和其自身或者它的server同步上。 # #以下的定义是让NTP Server和其自身保持同步,如果在ntp.conf中定义的server都不可用时,将使用local时间作为ntp服务提供给ntp客户端。 # #下面这个配置,建议NTP Client关闭,建议NTP Server打开。因为Client如果打开,可能导致NTP自动选择合适的最近>的NTP Server、也就有可能选择了LOCAL作为Server进行同步,而不与远程Server进行同步。 # server 127.127.1.0 # local clock fudge 127.127.1.0 stratum 10 #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys # Specify the key identifiers which are trusted. #trustedkey 4 8 42 # Specify the key identifier to use with the ntpdc utility. #requestkey 8 # Specify the key identifier to use with the ntpq utility. #controlkey 8 # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor |
3.3.3 重启NTP Server的ntpd服务:
systemctl restart ntpd
3.3.4 查看NTP Server的NTP服务器:
ntpq -p
3.3.5 查看时间同步状态:
ntpstat
显示如下:
![](https://i-blog.csdnimg.cn/blog_migrate/eb8202247f4cf0f9fc79d83295a20816.png)
一般需要5-10分钟后才能成功连接和同步。同步成功以后,显示如下:
![](https://i-blog.csdnimg.cn/blog_migrate/132c8ac00749348bc6c1e34c132b11bd.png)
3.4 配置NTP Client
3.4.1 在每个NTP Client安装 ntp 时钟同步工具
在每个NTP Client节点执行如下命令:
yum install -y ntp // 安装ntp
3.4.2 在每个NTP Client节点设置开机启动服务
systemctl enable ntpd.service // 开机启动ntp服务
3.4.3 修改每个NTP Client配置文件/etc/ntp.conf(红色部分为修改处):
/etc/ntp.conf |
# For more information about this file, see the man pages # ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5). driftfile /var/lib/ntp/drift # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. restrict default nomodify notrap nopeer noquery # Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1 restrict ::1 # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst #server 1.centos.pool.ntp.org iburst #server 2.centos.pool.ntp.org iburst #server 3.centos.pool.ntp.org iburst #配置上游时间服务器为本地的ntpd Server服务器 server 192.168.10.145 # 配置允许上游时间服务器主动修改本机的时间 restrict 192.168.10.145 nomodify notrap noquery #下面这个配置,建议NTP Client关闭,建议NTP Server打开。因为Client如果打开,可能导致NTP自动选择合适的最近的NTP Server、也就有可能选择了LOCAL作为Server进行同步,而不与远程Server进行同步。 #server 127.127.1.0 # local clock #fudge 127.127.1.0 stratum 10 #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys # Specify the key identifiers which are trusted. #trustedkey 4 8 42 # Specify the key identifier to use with the ntpdc utility. #requestkey 8 # Specify the key identifier to use with the ntpq utility. #controlkey 8 # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor |
3.4.4 重启每个NTP Client节点的ntpd服务
systemctl restart ntpd
3.4.5 查看每个NTP Client状态
ntpq -p