1 前言
集群状态下或者利用ambari安装hdp时要求节点上开启ntpd服务,搭了几次步骤有那么一点点繁琐,这里总结一下。
系统信息:
[root@node1 pgsql]# uname -a Linux node1.dcom 3.10.0-327.el7.x86_64 #1 SMP Thu Nov 19 22:10:57 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux [root@node1 pgsql]# cat /proc/version Linux version 3.10.0-327.el7.x86_64 (builder@kbuilder.dev.centos.org) (gcc version 4.8.3 20140911 (Red Hat 4.8.3-9) (GCC) ) #1 SMP Thu Nov 19 22:10:57 UTC 2015 [root@node1 pgsql]# cat /etc/issue \S Kernel \r on an \m [root@node1 pgsql]# cat /etc/redhat-release CentOS Linux release 7.2.1511 (Core) |
2 关闭防火墙
systemctl stopfirewalld.service 关闭防火墙
systemctldisable firewalld.service 禁止开机启动防火墙
3 服务器配置
这里以node1.dcom为ntp服务器节点
编辑修改/etc/ntp.conf
# For more information about this file, see the man pages # ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile /var/lib/ntp/drift
# Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system.
#restrict default nomodify notrap nopeer noquery restrict default nomodify
# Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1 restrict ::1
# Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap 显示的指出时间服务器所涉及的ip范围 restrict 20.2.37.0 mask 255.255.255.0 nomodify
# Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst #server 1.centos.pool.ntp.org iburst #server 2.centos.pool.ntp.org iburst #server 3.centos.pool.ntp.org iburst 注释掉上面的网络服务器地址,采用下面本地时间作为源 server 127.127.1.0 fudge 127.127.1.0 stratum 10
#broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client
# Enable public key cryptography. #crypto
includefile /etc/ntp/crypto/pw
# Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys
# Specify the key identifiers which are trusted. #trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility. #requestkey 8
# Specify the key identifier to use with the ntpq utility. #controlkey 8
# Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats
# Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor |
4 ntp client配置
客户端配置相对来说比较简单
# For more information about this file, see the man pages # ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile /var/lib/ntp/drift
# Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. restrict default nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1 restrict ::1
# Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst #server 1.centos.pool.ntp.org iburst #server 2.centos.pool.ntp.org iburst #server 3.centos.pool.ntp.org iburst
server node1.dcom 指明本地ntp服务器地址
#broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client
# Enable public key cryptography. #crypto
includefile /etc/ntp/crypto/pw
# Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys
# Specify the key identifiers which are trusted. #trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility. #requestkey 8
# Specify the key identifier to use with the ntpq utility. #controlkey 8
# Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats
# Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor |
5 开启ntpd服务
服务器和客户端配置完成后
systemctl enable ntpd 开机启动
systemctl start ntpd 开启服务
systemctl status ntpd 查看状态
client端具体实例:
[root@node4 ~]# systemctl enable ntpd Created symlink from /etc/systemd/system/multi-user.target.wants/ntpd.service to /usr/lib/systemd/system/ntpd.service.
[root@node4 ~]# systemctl start ntpd
[root@node4 ~]# systemctl status ntpd ?.ntpd.service - Network Time Service Loaded: loaded (/usr/lib/systemd/system/ntpd.service; enabled; vendor preset: disabled) Active: active (running) since Wed 2016-07-06 10:20:28 CST; 1min 5s left Process: 3561 ExecStart=/usr/sbin/ntpd -u ntp:ntp $OPTIONS (code=exited, status=0/SUCCESS) Main PID: 3562 (ntpd) CGroup: /system.slice/ntpd.service ?..3562 /usr/sbin/ntpd -u ntp:ntp -g
Jul 06 10:20:28 node4.dcom ntpd[3562]: Listen normally on 4 virbr0 192.168.122.1 UDP 123 Jul 06 10:20:28 node4.dcom ntpd[3562]: Listen normally on 5 lo ::1 UDP 123 Jul 06 10:20:28 node4.dcom ntpd[3562]: Listen normally on 6 eno1 fe80::ec4:7aff:fec1:540e UDP 123 Jul 06 10:20:28 node4.dcom ntpd[3562]: Listening on routing socket on fd #23 for interface updates Jul 06 10:20:28 node4.dcom ntpd[3562]: 0.0.0.0 c016 06 restart Jul 06 10:20:28 node4.dcom ntpd[3562]: 0.0.0.0 c012 02 freq_set kernel 0.000 PPM Jul 06 10:20:28 node4.dcom ntpd[3562]: 0.0.0.0 c011 01 freq_not_set Jul 06 10:20:29 node4.dcom ntpd[3562]: 0.0.0.0 c61c 0c clock_step -68.572092 s Jul 06 10:19:21 node4.dcom ntpd[3562]: 0.0.0.0 c614 04 freq_mode Jul 06 10:19:22 node4.dcom ntpd[3562]: 0.0.0.0 c618 08 no_sys_peer |
[root@node4 ~]# ntpdate-u node1.dcom 手动与ntp本地服务器同步
6 Jul 10:19:52 ntpdate[3572]: adjust timeserver 20.2.37.200 offset -0.000324 sec
[root@node4 ~]# ntpq–p 查看ntpd服务状态
remote refid st t when poll reach delay offset jitter
==============================================================================
*node1.dcom LOCAL(0) 11 u 51 64 1 0.139 0.000 0.000
上面的ntpdate-u node1.dcom只是手动同步了一次,要想长期同步需要在各个客户端主机上做一些配置,具体如下:
[root@node2 yum.repos.d]# vi /etc/crontab
SHELL=/bin/bash PATH=/sbin:/bin:/usr/sbin:/usr/bin MAILTO=root
# For details see man 4 crontabs
# Example of job definition: # .---------------- minute (0 - 59) # | .------------- hour (0 - 23) # | | .---------- day of month (1 - 31) # | | | .------- month (1 - 12) OR jan,feb,mar,apr ... # | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat # | | | | | # * * * * * user-name command to be executed 0 1 * * * /usr/sbin/ntpdate -u node1.dcom #每天的1点与本地ntp服务器同步一次 |
Tips:
ntpdate –u 可以去掉-u 加上-u是以防防火墙的干扰。
装机时可能没注意选择时区导致无法同步成功。
[root@node5 ~]# date -R
Wed, 06 Jul 201620:16:45 +0800 东八区北京时间
修改时区的话可采用:
cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime 将上海时区拷贝至系统时区
hwclock –w 保存配置,写入硬件时钟
时区更改生效。
6 参考资料
最后可能同步过程中会遇到一些问题,最主要的还是防火墙是否正常关闭其他的可参考以下网络资料:
7 修订说明
日期 | 版本 | 修订 | 审批 | 修订说明 |
2016.9.29 | 1.0 | 章鑫8 |
|
|
|
|
|
|
|