linux搭建ntp時間同步服務
阿新 • • 發佈:2022-04-22
1、NTP簡介
NTP(Network Time Protocol,網路時間協議)用來使計算機時間同步的一種協議。它可以使計算機對其伺服器或時鐘源做同步化,它可以提供高精準度的時間校正(LAN上與標準間差小於1毫秒,WAN上幾十毫秒)。對於伺服器群集來說,這個是一個很重要的服務,因為群集需要保證每個伺服器的時間是保持一致的,這樣它們在執行同一個任務時才不會出現有的伺服器有滯後的現象,這樣群集的狀態才是健康的。
我們在平時工作中可能會遇到內網環境中伺服器因為不能聯網而出現與正常時間不一致的情況,這時候可以採用搭建ntp時間同步伺服器,讓內網伺服器以客戶端的方式連線時間同步伺服器,當然時間同步伺服器要能連線外網,進行時間同步。
2、NTP原理
NTP的授時方式是Client—Server方式,客戶端首先向服務端傳送一個NTP 包,其中包含了該包離開客戶端的時間戳T1,當服務端接收到該包時,依次填入包到達的時間戳T2、包離開的時間戳T3,然後立即把包返回給客戶端。客戶端在接收到響應包時,記錄包返回的時間戳T4。從而計算出時間進行同步。
3、NTP服務端搭建
伺服器規劃:
| 192.168.149.20(能連線外網) | 服務端 |
| 192.168.149.21 (不能連線外網) | 客戶端 |
(一)、NTP伺服器端(192.168.149.20)安裝
可以看到已經安裝了ntp,大部分伺服器都自帶ntp服務
如果沒有可以直接 yum -y install ntp進行安裝
[root@node1 ~]# rpm -qa | grep ntp fontpackages-filesystem-1.44-8.el7.noarch ntp-4.2.6p5-29.el7.centos.2.x86_64 ntpdate-4.2.6p5-29.el7.centos.2.x86_64
(二)、配置NTP伺服器端配置檔案
下方是已經配好的,可以對照著修改
[root@node1 ~] vim /etc/ntp.conf # For more information about this file, see the man pages # ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5). driftfile /var/lib/ntp/drift # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. restrict default nomodify # nomodify允許區域網客戶端同步 # Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1 restrict ::1 # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst #server 1.centos.pool.ntp.org iburst #server 2.centos.pool.ntp.org iburst #server 3.centos.pool.ntp.org iburst #將以上預設時間源都註釋 #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys # Specify the key identifiers which are trusted. #trustedkey 4 8 42 # Specify the key identifier to use with the ntpdc utility. #requestkey 8 # Specify the key identifier to use with the ntpq utility. #controlkey 8 # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor server ntp1.aliyun.com server time.nist.gov #在最後加入以上兩行時間源
(三)、啟動NTP服務
檢視計劃任務有無時間同步,有的話註釋掉,否則啟動ntp會報錯
[root@node1 ~]# crontab -e
啟動並檢視啟動狀態
[root@node1 ~]# systemctl start ntpd
[root@node1 ~]# systemctl status ntpd
如下圖所示代表啟動成功
通過ntpq -p和ntpstat命令檢視是否有同步狀態
[root@node1 ~]# ntpq -p remote refid st t when poll reach delay offset jitter ============================================================================== +120.25.115.20 10.137.53.7 2 u 74 64 176 44.800 11.154 4.838 *time-a-b.nist.g .NIST. 1 u 8 64 377 199.241 -5.427 3.776 [root@node1 ~]# ntpstat synchronised to NTP server (132.163.96.1) at stratum 2 time correct to within 176 ms polling server every 64 s
4、ntp客戶端同步
連線服務端進行時間同步(192.168.149.21)
檢視是否有ntpdate
[root@node2 ~]# rpm -qa | grep ntpdate ntpdate-4.2.6p5-29.el7.centos.2.x86_64
要等10分鐘再與ntp伺服器進行時間同步,否則會報以上錯誤,如果仍然報錯請檢查防火牆配置
[root@node2 ~]# ntpdate 192.168.149.20 22 Apr 11:06:29 ntpdate[1806]: no server suitable for synchronization found
客戶端連線成功
[root@node2 ~]# ntpdate 192.168.149.20 22 Apr 11:09:22 ntpdate[1854]: adjust time server 192.168.149.20 offset -0.017823 sec