date+hwclock+ntpdate+ntpd
rpm查看包依赖
rpm -qpR rpm包名
[root@node1 ~]# rpm -qpR ntp-4.2.6p5-28.el7.centos.x86_64.rpm
warning: ntp-4.2.6p5-28.el7.centos.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
/bin/bash
/bin/sh
/bin/sh
/bin/sh
config(ntp) = 4.2.6p5-28.el7.centos
libc.so.6()(64bit)
libc.so.6(GLIBC_2.11)(64bit)
libc.so.6(GLIBC_2.12)(64bit)
libc.so.6(GLIBC_2.14)(64bit)
libc.so.6(GLIBC_2.15)(64bit)
libc.so.6(GLIBC_2.17)(64bit)
libc.so.6(GLIBC_2.2.5)(64bit)
libc.so.6(GLIBC_2.3)(64bit)
libc.so.6(GLIBC_2.3.4)(64bit)
libc.so.6(GLIBC_2.4)(64bit)
libc.so.6(GLIBC_2.7)(64bit)
libcap.so.2()(64bit)
libcrypto.so.10()(64bit)
libcrypto.so.10(OPENSSL_1.0.2)(64bit)
libcrypto.so.10(libcrypto.so.10)(64bit)
libedit.so.0()(64bit)
libm.so.6()(64bit)
libm.so.6(GLIBC_2.2.5)(64bit)
libopts.so.25()(64bit)
ntpdate = 4.2.6p5-28.el7.centos
rpmlib(CompressedFileNames) <= 3.0.4-1
rpmlib(FileDigests) <= 4.6.0-1
rpmlib(PayloadFilesHavePrefix) <= 4.0-1
rtld(GNU_HASH)
systemd-units
systemd-units
systemd-units
rpmlib(PayloadIsXz) <= 5.2-1
[root@node1 ~]#
rpm查看包文件
[root@node1 ~]# rpm -ql ntp
/etc/dhcp/dhclient.d
/etc/dhcp/dhclient.d/ntp.sh
/etc/ntp.conf
/etc/ntp/crypto
/etc/ntp/crypto/pw
/etc/sysconfig/ntpd
/usr/bin/ntpstat
/usr/lib/systemd/ntp-units.d/60-ntpd.list
/usr/lib/systemd/system/ntpd.service
/usr/sbin/ntp-keygen
/usr/sbin/ntpd
/usr/sbin/ntpdc
/usr/sbin/ntpq
/usr/sbin/ntptime
/usr/sbin/tickadj
/usr/share/doc/ntp-4.2.6p5
/usr/share/doc/ntp-4.2.6p5/COPYRIGHT
/usr/share/doc/ntp-4.2.6p5/ChangeLog
/usr/share/doc/ntp-4.2.6p5/NEWS
/usr/share/man/man5/ntp.conf.5.gz
/usr/share/man/man5/ntp_acc.5.gz
/usr/share/man/man5/ntp_auth.5.gz
/usr/share/man/man5/ntp_clock.5.gz
/usr/share/man/man5/ntp_decode.5.gz
/usr/share/man/man5/ntp_misc.5.gz
/usr/share/man/man5/ntp_mon.5.gz
/usr/share/man/man8/ntp-keygen.8.gz
/usr/share/man/man8/ntpd.8.gz
/usr/share/man/man8/ntpdc.8.gz
/usr/share/man/man8/ntpq.8.gz
/usr/share/man/man8/ntpstat.8.gz
/usr/share/man/man8/ntptime.8.gz
/usr/share/man/man8/tickadj.8.gz
/var/lib/ntp
/var/lib/ntp/drift
/var/log/ntpstats
[root@node1 ~]#
[root@node1 ~]#
[root@node1 ~]#
date
date -s “*****” 设置
date +%d
hwclock
hwclock -r 读出BIOS的时间参数
hwclock -w 将当前系统时间写入BIOS中
ntpdate+cron
ntpdate+cron同步时间
ntpdate时间同步命令很简单
[root@linux ~]# ntpdate [-nv] [NTP IP/hostname]
[root@linux ~]# ntpdate 192.168.0.2
[root@linux ~]# ntpdate time.ntp.org
但这样的同步,只是强制性的将系统时间设置为ntp服务器时间。如果cpu tick有问题,只是治标不治本。所以,一般配合cron命令,来进行定期同步设置。比如,在crontab中添加:
0 12 * * * * /usr/sbin/ntpdate 192.168.0.1
这样,会在每天的12点整,同步一次时间。ntp服务器为192.168.0.1。
ntpd server安装
yum install -y ntp
systemctl start ntp
systemctl enable ntp
修改/etc/ntp.conf
[root@node1 ~]# cat /etc/ntp.conf
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile /var/lib/ntp/drift
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict ::1
restrict 192.168.11.152 nomodify
restrict 192.168.11.153 nomodify
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
server 127.127.1.0
fudge 127.127.1.0 stratum 8
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
#broadcast 192.168.1.255 autokey # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 autokey # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 autokey # manycast client
# Enable public key cryptography.
#crypto
includefile /etc/ntp/crypto/pw
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats
# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor
[root@node1 ~]#
说明
restrict 那些主机可以使用这个ntp server
server 设置上级ntp服务器
以下的定义是让NTP Server和其自身保持同步,如果在/ntp.conf中定义的server都不可用时,将使用local时间作为ntp服务提供给ntp客户端。
server 127.127.1.0
fudge 127.127.1.0 stratum 8
总结一下,restrict用来设置访问权限,server用来设置上层时间服务器,driftfile用来设置保存漂移时间的文件。
效果
[root@node2 ~]# ntpdate -q 192.168.11.151
server 192.168.11.151, stratum 16, offset -0.047867, delay 0.02582
4 Mar 18:48:14 ntpdate[22741]: no server suitable for synchronization found
########### ntp 没有设置使用local时间作为ntp服务提供给ntp客户端。
[root@node1 ~]# ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
*LOCAL(0) .LOCL. 8 l 10 64 377 0.000 0.000 0.000
[root@node1 ~]#
[root@node2 ~]# ntpdate -q 192.168.11.151
server 192.168.11.151, stratum 9, offset -0.047847, delay 0.02585
4 Mar 18:55:56 ntpdate[23501]: adjust time server 192.168.11.151 offset -0.047847 sec
client安装
chronyd install
client install
[root@node2 ~]# rpm -q chrony
package chrony is not installed
[root@node2 ~]#
[root@node2 ~]#
[root@node2 ~]#
[root@node2 ~]# yum install chrony
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package chrony.x86_64 0:3.2-2.el7 will be installed
--> Processing Dependency: libseccomp.so.2()(64bit) for package: chrony-3.2-2.el7.x86_64
--> Running transaction check
---> Package libseccomp.x86_64 0:2.3.1-3.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=========================================================================================================================================================================================
Package Arch Version Repository Size
=========================================================================================================================================================================================
Installing:
chrony x86_64 3.2-2.el7 local 243 k
Installing for dependencies:
libseccomp x86_64 2.3.1-3.el7 local 56 k
Transaction Summary
=========================================================================================================================================================================================
Install 1 Package (+1 Dependent package)
Total download size: 299 k
Installed size: 773 k
Is this ok [y/d/N]: y
Downloading packages:
(1/2): libseccomp-2.3.1-3.el7.x86_64.rpm | 56 kB 00:00:00
(2/2): chrony-3.2-2.el7.x86_64.rpm | 243 kB 00:00:00
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 2.0 MB/s | 299 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : libseccomp-2.3.1-3.el7.x86_64 1/2
Installing : chrony-3.2-2.el7.x86_64 2/2
Verifying : libseccomp-2.3.1-3.el7.x86_64 1/2
Verifying : chrony-3.2-2.el7.x86_64 2/2
Installed:
chrony.x86_64 0:3.2-2.el7
Dependency Installed:
libseccomp.x86_64 0:2.3.1-3.el7
Complete!
[root@node2 ~]#
[root@node2 ~]#
[root@node2 ~]# rpm -q chrony
chrony-3.2-2.el7.x86_64
[root@node2 ~]#
[root@node2 ~]# cat /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server 192.168.11.151 iburst
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3
# Enable kernel synchronization of the real-time clock (RTC).
rtcsync
# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *
# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2
# Allow NTP client access from local network.
#allow 192.168.0.0/16
# Serve time even if not synchronized to a time source.
#local stratum 10
# Specify file containing keys for NTP authentication.
#keyfile /etc/chrony.keys
# Specify directory for log files.
logdir /var/log/chrony
# Select which information is logged.
#log measurements statistics tracking
[root@node2 ~]#
[root@node2 ~]# systemctl restart chronyd #重起服务
[root@node2 ~]# systemctl enable chronyd #将服务设为开机启动
同步效果
[root@node2 ~]# ntpdate -q 192.168.11.151
server 192.168.11.151, stratum 9, offset -0.047828, delay 0.02588
4 Mar 19:25:21 ntpdate[26327]: adjust time server 192.168.11.151 offset -0.047828 sec
[root@node2 ~]# date
Thu Mar 4 19:25:29 CST 2021
[root@node2 ~]#
[root@node2 ~]#
[root@node2 ~]#
[root@node2 ~]# systemctl restart chronyd
[root@node2 ~]# ntpdate -q 192.168.11.151
server 192.168.11.151, stratum 9, offset 0.002939, delay 0.02582
4 Mar 19:25:50 ntpdate[26508]: adjust time server 192.168.11.151 offset 0.002939 sec
[root@node2 ~]#
[root@node2 ~]#
[root@node2 ~]# ntpdate -q 192.168.11.151
server 192.168.11.151, stratum 9, offset -0.000088, delay 0.02580
4 Mar 19:26:18 ntpdate[26677]: adjust time server 192.168.11.151 offset -0.000088 sec
[root@node2 ~]#
[root@node2 ~]# ntpdate -q 192.168.11.151
server 192.168.11.151, stratum 9, offset -0.000084, delay 0.02585
4 Mar 19:26:51 ntpdate[26876]: adjust time server 192.168.11.151 offset -0.000084 sec
[root@node2 ~]#