1 时间同步
1.1 安装ntp服务
服务端和客户端均安装。
#yum install -y ntp
安装完成以后就会有配置文件/etc/ntp.conf出现。
安装完后自带ntpdate。
#systemctl status ntpd查看状态,默认是未启动的
#systemctl enable ntpd配置开机自启
1.2 配置/etc/ntp.conf文件
1.2.1 原始文件
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
#(1)系统时间和BIOS时间的偏差记录
driftfile /var/lib/ntp/drift
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
#(2)控制相关权限
restrict 127.0.0.1
restrict ::1
#(3)权限配置
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#(4)修改,注释掉上级时间服务器地址
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
#broadcast 192.168.1.255 autokey # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 autokey # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 autokey # manycast client
# Enable public key cryptography.
#crypto
includefile /etc/ntp/crypto/pw
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats
# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor
1.2.2 服务端
(1)添加公网NTP Server
(1-1)方式一
server 120.24.166.46 #(公网阿里云NTP Server)
server 127.127.1.0 # 如果公网NTP不可用时,将使用Local时间作为NTP服务提供给NTP Client。
(1-2)方式二
server 127.127.1.0 # 不可少,否则会报ntpdate 同步时间错误no server suitable for synchronization found。
server 10.23.241.179 #使用本机的IP作为NTP Server。
server 10.23.241.179 prefer #其中prefer表示优先主机,10.23.241.179是本地的NTP服务器,所以优先指定从该主机同步时间。
(2)允许的NTP Client网段
(2-1)方式一
restrict 10.23.241.0 mask 255.255.255.0 nomodify
# 允许的NTP Client网段
# 在上例中,掩码地址扩展为255,
# 因此从10.23.241.1-10.23.241.254的服务器
# 都可以使用我们的NTP服务器来同步时间。
(2-2)方式二
# 直接用ip地址
restrict 10.23.241.224
restrict 10.23.241.225
最终的服务端配置文件如下:
driftfile /var/lib/ntp/drift
restrict default nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict ::1
restrict 10.23.241.224
server 127.127.1.0
server 10.23.241.179
includefile /etc/ntp/crypto/pw
keys /etc/ntp/keys
disable monitor
#systemctl start ntpd启动ntp服务
1.2.3 客户端
(1)添加要同步的服务端server
server 10.23.241.179
(2)注释掉上级时间服务器地址
最终的客户端配置文件如下:
driftfile /var/lib/ntp/drift
restrict default nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict ::1
server 10.23.241.179
includefile /etc/ntp/crypto/pw
keys /etc/ntp/keys
disable monitor
1.3 同步操作
(1)服务端操作
systemctl start ntpd # 保证ntp服务开启
(2)客户端操作
systemctl start ntpd # 启动客户端的ntp服务
ntpdate 10.23.241.179
# 3 Dec 02:57:06 ntpdate[3076]: the NTP socket is in use, exiting
# 需要systemctl stop ntpd否则会报错The NTP socket is in use ,exiting。
# 先保证客户端的ntp服务是关闭的。然后首次使用命令同步。
systemctl stop ntpd
ntpdate 10.23.241.179 # 手动同步
# 首次同步完之后,就可以在客户端启动ntp服务了。
systemctl start ntpd
systemctl enable ntpd同样设置开机自启动
ntpq -p查看同步状态
以后就会自动时间同步了。
2 修改系统时区
(1)查看系统时间
#date
Sat Feb 4 08:47:58 EST 2023
#date -R
Sat, 04 Feb 2023 08:48:00 -0500
(2)查看系统当前时区
# timedatectl
(3)查看系统所有时区
# timedatectl list-timezones
可以找到
Asia/Shanghai
(4)设置系统时区
#timedatectl set-timezone Asia/Shanghai
验证一下
# date
Sat Feb 4 21:55:47 CST 2023
# date -R
Sat, 04 Feb 2023 21:56:26 +0800