NTP部署

组网

IP	角色	系统
10.47.88.215	Master	Centos7
10.47.88.213	Slave1	Ubuntu 16.04
10.47.88.214	Slave2	Ubuntu 16.04

Master（服务端）

配置

[root]# vim /etc/ntp.conf
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).

driftfile /var/lib/ntp/drift

# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify notrap nopeer noquery

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict ::1

# 允许请求的下游主机列表
# Hosts on local network are less restricted. 
# 方式一：配置网段
# restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# 方式二：主机列表
restrict 10.47.88.213
restrict 10.47.88.214

# 上层时间服务器
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
# 方式一：公网时间服务器，有外网的情况下可以使用
# server 10.30.1.105 prefer 
# 方式二： 把local作为服务端供客户端同步（硬件时间同步）
server 127.127.1.0 prefer 
fudge 127.127.1.0 stratum 10

#broadcast 192.168.1.255 autokey        # broadcast server
#broadcastclient                        # broadcast client
#broadcast 224.0.1.1 autokey            # multicast server
#multicastclient 224.0.1.1              # multicast client
#manycastserver 239.255.254.254         # manycast server
#manycastclient 239.255.254.254 autokey # manycast client

# Enable public key cryptography.
#crypto

includefile /etc/ntp/crypto/pw

# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys

# Specify the key identifiers which are trusted.
#trustedkey 4 8 42

# Specify the key identifier to use with the ntpdc utility.
#requestkey 8

# Specify the key identifier to use with the ntpq utility.
#controlkey 8

# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats

# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor

Slave1（客户端）

服务端：

# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help

driftfile /var/lib/ntp/ntp.drift

# Enable this if you want statistics to be logged.
#statsdir /var/log/ntpstats/

statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable

# Specify one or more NTP servers.

# 配置时间服务器
# Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board
# on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for
# more information.
#pool 0.ubuntu.pool.ntp.org iburst
#pool 1.ubuntu.pool.ntp.org iburst
#pool 2.ubuntu.pool.ntp.org iburst
#pool 3.ubuntu.pool.ntp.org iburst
server 10.47.88.215 prefer
# Use Ubuntu's ntp server as a fallback.
#pool ntp.ubuntu.com

# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
# details.  The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
# might also be helpful.
#
# Note that "restrict" applies to both servers and clients, so a configuration
# that might be intended to block requests from certain clients could also end
# up blocking replies from your own upstream servers.

# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery limited
restrict -6 default kod notrap nomodify nopeer noquery limited

# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1

# Needed for adding pool entries
restrict source notrap nomodify noquery

# Clients from this (example!) subnet have unlimited access, but only if
# cryptographically authenticated.
#restrict 192.168.123.0 mask 255.255.255.0 notrust

# If you want to provide time to your local subnet, change the next line.
# (Again, the address is an example only.)
#broadcast 192.168.123.255

# If you want to listen to time broadcasts on your local subnet, de-comment the
# next lines.  Please do this only if you trust everybody on the network!
#disable auth
#broadcastclient

#Changes recquired to use pps synchonisation as explained in documentation:
#http://www.ntp.org/ntpfaq/NTP-s-config-adv.htm#AEN3918

#server 127.127.8.1 mode 135 prefer    # Meinberg GPS167 with PPS
#fudge 127.127.8.1 time1 0.0042        # relative to PPS for my hardware

#server 127.127.22.1                   # ATOM(PPS)
#fudge 127.127.22.1 flag3 1            # enable PPS API

启动

@ 启动 （启动服务后等待几分钟，再检查时间同步是否成功）
[root]# service ntpd start   # Centos7
[root]# service ntp start     # Ubuntu16.04

@ 查看服务连接与监听端口
netstat -tlunp | grep ntp 

@ 自启
方式一：
[root]# chkconfig --level 2345 ntpd on
方式二：
[root]# vim /etc/rc.local
#增加配置
service ntpd start

手动同步（需停止ntp）

[root]# ntpdate -u 10.47.88.215  

@ 当ntp自动同步有问题时，可关闭ntp服务，并在crontab中加入如下命令(每5分钟同步一次时间)： 
[root]# crontab -e
*/5 * * * * /usr/sbin/ntpdate -u 10.47.88.215  

检查

@ 查询同步主机：
[root]# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*   215         LOCAL(0)        11 u   53   64  377    0.199    2.611   0.346

@ 查询同步状态：
[root]# ntpstat
synchronised to NTP server (10.47.88.215) at stratum 12
   time correct to within 22 ms
   polling server every 64 s