ntp伺服器搭建及客戶端配置-使用阿里雲
1. NTP伺服器搭建
安裝ntp yum install -y ntp
2. 外網使用阿里雲ntp伺服器作為基準
阿里雲ntp伺服器列表:
time1.aliyun.com
time2.aliyun.com
time3.aliyun.com
time4.aliyun.com
time5.aliyun.com
time6.aliyun.com
time7.aliyun.com
先ntpdate檢查能否和以上ntp伺服器通訊。
ntpdate -q time1.aliyun.com
有以下輸出表示正常
server 115.28.122.198, stratum 2, offset 53.490757, delay 0.06709
13 Sep 15:27:48 ntpdate[16092]: step time server 115.28.122.198 offset 53.490757 sec
3. 修改配置檔案
vim /etc/ntp.conf
做出以下修改
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile /var/lib/ntp/drift
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict ::1
# 允許1-4網段的伺服器來校時,不允許客戶端來修改,登入ntp伺服器
restrict 192.168 .1.0 mask 255.255.255.0 nomodify notrap
restrict 192.168.2.0 mask 255.255.255.0 nomodify notrap
restrict 192.168.3.0 mask 255.255.255.0 nomodify notrap
restrict 192.168.4.0 mask 255.255.255.0 nomodify notrap
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server time1.aliyun.com
server time2.aliyun.com
server time3.aliyun.com
server time4.aliyun.com
server time5.aliyun.com
server time6.aliyun.com
server time7.aliyun.com
#broadcast 192.168.1.255 autokey # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 autokey # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 autokey # manycast client
# Enable public key cryptography.
#crypto
includefile /etc/ntp/crypto/pw
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats
# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor
# Enable Logfile
logfile /var/log/ntp.log
4. 使硬體時間和系統時間一致
修改配置檔案 vim /etc/sysconfig/ntpd
新增
SYNC_HWCLOCK=yes
5. 啟動ntpd服務並檢視狀態
systemctl start ntpd
設定自動啟動
chkconfig ntpd on
等待10-15分鐘後執行 ntpstat
檢視同步狀態
synchronised to NTP server (182.92.12.11) at stratum 3
time correct to within 470 ms
polling server every 64 s
發現已經同步。
執行ntpq -p
檢視與阿里雲ntp伺服器連線狀態
remote refid st t when poll reach delay offset jitter
==============================================================================
+time6.aliyun.co 10.137.38.86 2 u 10 64 77 41.139 8.490 1.523
-time4.aliyun.co 10.137.38.86 2 u 5 64 77 3.479 15.026 1.354
*time5.aliyun.co 10.137.38.86 2 u 10 64 77 37.243 10.643 1.554
+120.25.115.19 10.137.38.86 2 u 5 64 77 3.574 5.228 2.803
*表示目前正在使用的上層NTP,+表示已連線,可提供時間更新的候補伺服器
執行一下 hwclock --systohc
使系統時間和硬體時間一致。
6. 開啟防火牆
由於ntp服務使用 123埠udp協議 所以需要開啟防火牆。
執行firewall-cmd --zone=public --add-port=123/udp --permanent
之後,再執行firewall-cmd --reload
。
7. Linux 客戶端使用ntpd服務同步時間
先安裝ntp服務執行yum install -y ntp
修改配置檔案 vim /etc/ntp.conf
修改server,新增日誌
# 允許ntpserver主動修改客戶端時間
restrict 192.168.1.85 nomodify notrap noquery
restrict 192.168.1.50 nomodify notrap noquery
server 192.168.1.85
server 182.168.1.50
logfile /var/log/ntp.log
其他保持預設。
啟動 ntpd服務systemctl start ntpd
開啟本地放火牆 123 UDP埠
執行 ntpq -p
檢視與伺服器連線狀態。
remote refid st t when poll reach delay offset jitter
==============================================================================
+192.168.1.50 182.92.12.11 3 u 31 64 77 0.189 -30.963 42.392
*192.168.1.85 182.92.12.11 3 u 43 64 77 0.190 -1.903 18.890
LOCAL(0) .LOCL. 10 l 60 64 77 0.000 0.000 0.000
執行 ntpstat 檢視同步狀態
synchronised to NTP server (192.168.1.85) at stratum 4
time correct to within 131 ms
polling server every 64 s
8 Windows 使用客戶端同步
8.1 組策略配置
win+r
執行gpedit.msc
啟用全域性配置
20170914-031152.png
啟用ntp客戶端
20170914-031233.png
win+r
執行 gpupdate /force
8.2. 使用自動配置工具
執行自動配置工具,做以下配置,多個伺服器用空格隔開。
20170914-031246.png
之後在系統時間日期內執行同步檢視結果。
20170914-031302.png