NTP时间同步解决方案

1.   引言

1.1.  目的

解决多个服务器时间不同步的问题。

1.2.  目标范围

 

1.3.  读者对象

1) 开发工程师 2)运维工程师

1.4.  参考文献

 

2.   解决方案

本次NTP服务器地址为:172.16.5.250

2.1.  把Windows(2003)下配置NTP时间服务器

2.1.1.   服务端设置

因为默认情况下,WINDOWS SERVER 2003 是作为NTP客户端工作的 ,所以必须通过修改注册表,以使系统作为NTP服务器运行。注意,工作之前请先备份注册表文件。

 

1、通过开始菜单,输入regedit命令后打开注册表设定画面,此时请一定备份注册表文件。

 

2、修改以下选项的键值

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\

NtpServer内的「Enabled」设定为1,打开NTP服务器功能

 

3、修改以下键值

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\

AnnounceFlags设定为5,该设定强制主机将它自身宣布为可靠的时间源,从而使用内置的互补金属氧化物半导体(CMOS) 时钟。

 

4、在dos命令行执行以下命令,确保以上修改起作用

net stop w32time

net start w32time

 

推荐计划;如果该服务器和internet连接,那么为了避免服务器和internet上的ntp同步,最好追加以下配置:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\

NtpClient的「enable」设定为0 以防止作为客户端自动同步外界的时间服务

2.1.2.   客户端设置

1、指定主时间服务器。在DOS方式输入“net time /setsntp:ntp.sjtu.edu.cn”,这里我们指定ntp.sjtu.edu.cn是主时间服务器,也可以是其它地址(210.72.145.44)。

 

2、自由设定时间同步间隔:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\

NtpClient的「SpecialPollInterval」默认设定为604800(或86400)

 

PS:

对话框中的“基数栏”选择到“十进制”上,显示的数字正是自动对时的间隔(以秒为单位),比如默认的604800就是由7(天)×24(时)×60(分)×60(秒)计算来的如果您想让WINODWS以多长时间自动对时,只要按这个公式算出具体的秒数。

 

2.2.  把Linux下配置NTP时间服务器

2.1.3.   服务端设置

修改/etc/ntp.conf文件(加红部分)

# For more information about this file, see the man pages

# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).

 

driftfile /var/lib/ntp/drift

 

# Permit time synchronization with our time source, but do not

# permit the source to query or modify the service on this system.

restrict default kod nomodify notrap nopeer noquery

restrict -6 default kod nomodify notrap nopeer noquery

 

# Permit all access over the loopback interface.  This could

# be tightened as well, but to do so would effect some of

# the administrative functions.

restrict 127.127.1.0

restrict 127.0.0.1

restrict -6 ::1

 

restrict 172.16.7.0 mask 255.255.255.0 nomodify notrap

 

# Hosts on local network are less restricted.

#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

 

# Use public servers from the pool.ntp.org project.

# Please consider joining the pool (http://www.pool.ntp.org/join.html).

#server 0.centos.pool.ntp.org

#server 1.centos.pool.ntp.org

#server 2.centos.pool.ntp.org

 

#broadcast 192.168.1.255 autokey         # broadcast server

#broadcastclient                         # broadcast client

#broadcast 224.0.1.1 autokey             # multicast server

#multicastclient 224.0.1.1               # multicast client

#manycastserver 239.255.254.254                    # manycast server

#manycastclient 239.255.254.254 autokey # manycast client

 

# Undisciplined Local Clock. This is a fake driver intended for backup

# and when no outside source of synchronized time is available.

server    127.127.1.0         # local clock

fudge     127.127.1.0 stratum 10        

 

# Enable public key cryptography.

#crypto

 

includefile /etc/ntp/crypto/pw

 

# Key file containing the keys and key identifiers used when operating

# with symmetric key cryptography.

keys /etc/ntp/keys

 

# Specify the key identifiers which are trusted.

#trustedkey 4 8 42

 

# Specify the key identifier to use with the ntpdc utility.

#requestkey 8

 

# Specify the key identifier to use with the ntpq utility.

#controlkey 8

 

# Enable writing of statistics records.

#statistics clockstats cryptostats loopstats peerstats

输入命令# service ntpd start

2.1.4.   客户端设置

1、手动执行同步

Ntpdate 172.16.5.250

2、定时NTP方式同步

# vi /etc/ntp.conf

修改红色部分

 

# For more information about this file, see the man pages

# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).

 

driftfile /var/lib/ntp/drift

 

# Permit time synchronization with our time source, but do not

# permit the source to query or modify the service on this system.

restrict default kod nomodify notrap nopeer noquery

restrict -6 default kod nomodify notrap nopeer noquery

 

# Permit all access over the loopback interface.  This could

# be tightened as well, but to do so would effect some of

# the administrative functions.

restrict 127.0.0.1

restrict -6 ::1

 

# Hosts on local network are less restricted.

restrict 172.16.5.0 mask 255.255.255.0 nomodify notrap  #172.16.5.0NTP服务器网段

 

# Use public servers from the pool.ntp.org project.

# Please consider joining the pool (http://www.pool.ntp.org/join.html).

server 172.16.5.250 prefer #NTP Server IP

 

#broadcast 192.168.1.255 autokey        # broadcast server

#broadcastclient                        # broadcast client

#broadcast 224.0.1.1 autokey            # multicast server

#multicastclient 224.0.1.1              # multicast client

#manycastserver 239.255.254.254         # manycast server

#manycastclient 239.255.254.254 autokey # manycast client

 

# Undisciplined Local Clock. This is a fake driver intended for backup

# and when no outside source of synchronized time is available.

#server 127.127.1.0     # local clock

#fudge  127.127.1.0 stratum 10

 

# Enable public key cryptography.

#crypto

 

includefile /etc/ntp/crypto/pw

 

# Key file containing the keys and key identifiers used when operating

# with symmetric key cryptography.

keys /etc/ntp/keys

 

# Specify the key identifiers which are trusted.

#trustedkey 4 8 42

加入到自动启动列表

# chkconfig --level 2345 ntpd on

# service ntpd start

# ntpstat    #查看运行状态

3、定时器任务同步

每天的23:00执行

vi /etc/crontab

0 23 * * * /usr/sbin/ntpdate 172.16.5.250> /dev/null 2>&1

编辑完保存一下,然后重启crond即可

/etc/init.d/crond restart

转载于:https://my.oschina.net/ahanflw/blog/286210

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值