1. 引言
1.1. 目的
解决多个服务器时间不同步的问题。
1.2. 目标范围
1.3. 读者对象
1) 开发工程师 2)运维工程师
1.4. 参考文献
2. 解决方案
本次NTP服务器地址为:172.16.5.250。
2.1. 把Windows(2003)下配置NTP时间服务器
2.1.1. 服务端设置
因为默认情况下,WINDOWS SERVER 2003 是作为NTP客户端工作的 ,所以必须通过修改注册表,以使系统作为NTP服务器运行。注意,工作之前请先备份注册表文件。
1、通过开始菜单,输入regedit命令后打开注册表设定画面,此时请一定备份注册表文件。
2、修改以下选项的键值
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\
NtpServer内的「Enabled」设定为1,打开NTP服务器功能
3、修改以下键值
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\
AnnounceFlags设定为5,该设定强制主机将它自身宣布为可靠的时间源,从而使用内置的互补金属氧化物半导体(CMOS) 时钟。
4、在dos命令行执行以下命令,确保以上修改起作用
net stop w32time
net start w32time
推荐计划;如果该服务器和internet连接,那么为了避免服务器和internet上的ntp同步,最好追加以下配置:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\
NtpClient的「enable」设定为0 以防止作为客户端自动同步外界的时间服务
2.1.2. 客户端设置
1、指定主时间服务器。在DOS方式输入“net time /setsntp:ntp.sjtu.edu.cn”,这里我们指定ntp.sjtu.edu.cn是主时间服务器,也可以是其它地址(210.72.145.44)。
2、自由设定时间同步间隔:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\
NtpClient的「SpecialPollInterval」默认设定为604800(或86400)
PS:
对话框中的“基数栏”选择到“十进制”上,显示的数字正是自动对时的间隔(以秒为单位),比如默认的604800就是由7(天)×24(时)×60(分)×60(秒)计算来的如果您想让WINODWS以多长时间自动对时,只要按这个公式算出具体的秒数。
2.2. 把Linux下配置NTP时间服务器
2.1.3. 服务端设置
修改/etc/ntp.conf文件(加红部分)
# For more information about this file, see the man pages # ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile /var/lib/ntp/drift
# Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. restrict default kod nomodify notrap nopeer noquery restrict -6 default kod nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.127.1.0 restrict 127.0.0.1 restrict -6 ::1
restrict 172.16.7.0 mask 255.255.255.0 nomodify notrap
# Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org #server 1.centos.pool.ntp.org #server 2.centos.pool.ntp.org
#broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client
# Undisciplined Local Clock. This is a fake driver intended for backup # and when no outside source of synchronized time is available. server 127.127.1.0 # local clock fudge 127.127.1.0 stratum 10
# Enable public key cryptography. #crypto
includefile /etc/ntp/crypto/pw
# Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys
# Specify the key identifiers which are trusted. #trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility. #requestkey 8
# Specify the key identifier to use with the ntpq utility. #controlkey 8
# Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats |
输入命令# service ntpd start
2.1.4. 客户端设置
1、手动执行同步
Ntpdate 172.16.5.250
2、定时NTP方式同步
# vi /etc/ntp.conf
修改红色部分
# For more information about this file, see the man pages # ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile /var/lib/ntp/drift
# Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. restrict default kod nomodify notrap nopeer noquery restrict -6 default kod nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1 restrict -6 ::1
# Hosts on local network are less restricted. restrict 172.16.5.0 mask 255.255.255.0 nomodify notrap #172.16.5.0为NTP服务器网段
# Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). server 172.16.5.250 prefer #NTP Server IP
#broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client
# Undisciplined Local Clock. This is a fake driver intended for backup # and when no outside source of synchronized time is available. #server 127.127.1.0 # local clock #fudge 127.127.1.0 stratum 10
# Enable public key cryptography. #crypto
includefile /etc/ntp/crypto/pw
# Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys
# Specify the key identifiers which are trusted. #trustedkey 4 8 42 |
加入到自动启动列表
# chkconfig --level 2345 ntpd on
# service ntpd start
# ntpstat #查看运行状态
3、定时器任务同步
每天的23:00执行
vi /etc/crontab
0 23 * * * /usr/sbin/ntpdate 172.16.5.250> /dev/null 2>&1
编辑完保存一下,然后重启crond即可
/etc/init.d/crond restart