Linux系统搭建NTP服务器-以centos7为例
首先ssh登录到服务器,获取root权限。
1.检查服务器版本信息
cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
2.检查服务器是否安装NTP服务
rpm -qa | grep ntp
fontpackages-filesystem-1.44-8.el7.noarch
ntp-4.2.6p5-29.el7.centos.2.x86_64
ntpdate-4.2.6p5-29.el7.centos.2.x86_64
3.安装NTP服务
yum install ntp -y
已加载插件:fastestmirror, langpacks
Determining fastest mirrors
Could not get metalink https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=x86_64 error was
14: curl#6 - “Could not resolve host: mirrors.fedoraproject.org; 未知的错误”
- base: mirrors.aliyun.com
- epel: epel.mirror.angkasa.id
- extras: mirrors.aliyun.com
- updates: mirrors.aliyun.com
http://mirrors.aliyun.com/centos/7/os/x86_64/repodata/repomd.xml: [Errno 14] curl#6 - “Could not resolve host: mirrors.aliyun.com; 未知的错误”
正在尝试其它镜像。
http://mirrors.cloud.aliyuncs.com/centos/7/os/x86_64/repodata/repomd.xml: [Errno 14] curl#6 - “Could not resolve host: mirrors.cloud.aliyuncs.com; 未知的错误”
正在尝试其它镜像。
http://mirrors.aliyuncs.com/centos/7/os/x86_64/repodata/repomd.xml: [Errno 14] curl#6 - “Could not resolve host: mirrors.aliyuncs.com; 未知的错误”
正在尝试其它镜像。
http://mirrors.aliyun.com/centos/7/extras/x86_64/repodata/repomd.xml: [Errno 14] curl#6 - “Could not resolve host: mirrors.aliyun.com; 未知的错误”
正在尝试其它镜像。
http://mirrors.cloud.aliyuncs.com/centos/7/extras/x86_64/repodata/repomd.xml: [Errno 14] curl#6 - “Could not resolve host: mirrors.cloud.aliyuncs.com; 未知的错误”
正在尝试其它镜像。
http://mirrors.aliyuncs.com/centos/7/extras/x86_64/repodata/repomd.xml: [Errno 14] curl#6 - “Could not resolve host: mirrors.aliyuncs.com; 未知的错误”
正在尝试其它镜像。
http://mirrors.aliyun.com/centos/7/updates/x86_64/repodata/repomd.xml: [Errno 14] curl#6 - “Could not resolve host: mirrors.aliyun.com; 未知的错误”
正在尝试其它镜像。
http://mirrors.cloud.aliyuncs.com/centos/7/updates/x86_64/repodata/repomd.xml: [Errno 14] curl#6 - “Could not resolve host: mirrors.cloud.aliyuncs.com; 未知的错误”
正在尝试其它镜像。
http://mirrors.aliyuncs.com/centos/7/updates/x86_64/repodata/repomd.xml: [Errno 14] curl#6 - “Could not resolve host: mirrors.aliyuncs.com; 未知的错误”
正在尝试其它镜像。
软件包 ntp-4.2.6p5-29.el7.centos.2.x86_64 已安装并且是最新版本
软件包 ntpdate-4.2.6p5-29.el7.centos.2.x86_64 已安装并且是最新版本
无须任何处理
可能会出现以上情况,这个是dns解析问题,需要设置DNS 服务器 按实际情况填写
vim /etc/resolv.conf
#Generated by NetworkManager
nameserver 192.168.2.1
nameserver 218.2.135.1
~
~
~
~
添加dns即可
设置好正确的dns就可以了
再次执行
yum install ntp -y
base | 3.6 kB 00:00:00
epel | 4.7 kB 00:00:00
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
(1/5): epel/x86_64/group_gz | 96 kB 00:00:00
(2/5): epel/x86_64/updateinfo | 1.1 MB 00:00:00
(3/5): epel/x86_64/primary_db | 7.0 MB 00:00:00
(4/5): extras/7/x86_64/primary_db | 246 kB 00:00:00
(5/5): updates/7/x86_64/primary_db | 14 MB 00:00:42
软件包 ntp-4.2.6p5-29.el7.centos.2.x86_64 已安装并且是最新版本
软件包 ntpdate-4.2.6p5-29.el7.centos.2.x86_64 已安装并且是最新版本
等待安装完成。
重复执行
4.配置NTP服务端
首先备份一下ntp服务器配置文件
cp /etc/ntp.conf /etc/ntp.conf.bak
执行完成后,执行
vim /etc/ntp.conf
进入编辑界面
# For more information about this file, see the man pages # ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5). driftfile /var/lib/ntp/drift # Permit time synchronization with our time source, but do not # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. restrict default nomodify notrap nopeer noquery # Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1 restrict ::1 #允许内网内192.168.2.0 网段的机器同步时间,多网段需要复制多行 restrict 192.168.2.0 mask 255.255.255.0 nomodify notrap # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst #server 1.centos.pool.ntp.org iburst #server 2.centos.pool.ntp.org iburst #server 3.centos.pool.ntp.org iburst #定义上层的时间服务器地址,也就是GPS的地址 #这里我用的是一个公网的 server 203.107.6.88 iburst Fudge 203.107.6.88 stratum 10 #允许203.107.6.88这个地址更改本机时间 restrict 203.107.6.88 notrap noquery restrict 203.107.6.88 nomodify notrap noquery #当时间服务器无效时,使用本机的时间作为时间服务器 server 127.127.1.0 Fudge 127.127.1.0 stratum 10 #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys # Specify the key identifiers which are trusted. #trustedkey 4 8 42 # Specify the key identifier to use with the ntpdc utility. #requestkey 8 # Specify the key identifier to use with the ntpq utility. #controlkey 8 # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor server 127.127.1.0 iburst
设置完成后,重启NTP服务
systemctl restart ntpd
5.测试服务器是否正常
服务器测试与上层服务器
ps -ef |grep ntpd
[root@localhost etc]# ps -ef |grep ntpd ntp 3290 1 0 11:25 ? 00:00:00 /usr/sbin/ntpd -u ntp:ntp -g root 4022 31887 0 11:37 pts/0 00:00:00 grep --color=auto ntpd
ntpq -p
remote refid st t when poll reach delay offset jitter ============================================================================== *203.107.6.88 100.107.25.114 2 u 2 64 1 23.471 6.077 0.126 LOCAL(0) .LOCL. 10 l 11 64 1 0.000 0.000 0.000
Windows客户端测试
建议使用ntpclock测试 ,管理员运行,Windows测试过程中不稳定
6.设置开机自动启动ntpd服务
systemctl enable ntp
重启验证
systemctl status ntpd
如果成功 如下加粗字体"active(running)"
● ntpd.service - Network Time Service
Loaded: loaded (/usr/lib/systemd/system/ntpd.service; enabled; vendor preset: disabled)
Active: active (running) since 三 2022-03-16 13:58:59 CST; 2min 31s ago
Process: 949 ExecStart=/usr/sbin/ntpd -u ntp:ntp $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 966 (ntpd)
Tasks: 1
CGroup: /system.slice/ntpd.service
└─966 /usr/sbin/ntpd -u ntp:ntp -g3月 16 13:58:57 localhost.localdomain ntpd[966]: 0.0.0.0 c016 06 restart
3月 16 13:58:57 localhost.localdomain ntpd[966]: 0.0.0.0 c012 02 freq_set kernel 1.633 PPM
3月 16 13:58:59 localhost.localdomain ntpd[966]: 0.0.0.0 c515 05 clock_sync
3月 16 13:58:59 localhost.localdomain systemd[1]: Started Network Time Service.
3月 16 13:59:03 localhost.localdomain ntpd[966]: Listen normally on 4 ens192 192.168.2.100 UDP 123
3月 16 13:59:03 localhost.localdomain ntpd[966]: Listen normally on 5 ens192 fe80::3a3a:3d77:52d4:d937 UDP 123
3月 16 13:59:03 localhost.localdomain ntpd[966]: new interface(s) found: waking up resolver
3月 16 13:59:09 localhost.localdomain ntpd[966]: Listen normally on 6 virbr0 192.168.122.1 UDP 123
3月 16 13:59:09 localhost.localdomain ntpd[966]: new interface(s) found: waking up resolver
3月 16 14:00:03 localhost.localdomain ntpd[966]: 0.0.0.0 0613 03 spike_detect -22.010853 s
如果失败 如下所示
● ntpd.service - Network Time Service
Loaded: loaded (/usr/lib/systemd/system/ntpd.service; enabled; vendor preset: disabled)
Active: inactive (dead)
需要关闭chronyd服务
systemctl is-enabled chronyd
enabled
systemctl disable chronyd
Removed symlink /etc/systemd/system/multi-user.target.wants/chronyd.service.
disabled
最后重复步骤6,成功即可。