CentOS7設置內網時間同步
1、yum 安裝 NTP服務器
[root@master ~]# yum -y install ntp
2、啟動ntpd服務
[root@master ~]# systemctl start ntpd
3、設置開機自啟
[root@master ~]# systemctl enable ntpd
4、設置server端
[root@master ~]# vi /etc/ntp.conf
# For more information about this file, see the man pages # ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5). #記錄system clock的誤差值開機時不會丟失 driftfile /var/lib/ntp/drift # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. #默認拒絕所有來源的任何訪問 restrict default nomodify notrap nopeer noquery # Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. #允許本機地址一切操作 restrict 127.0.0.1 restrict ::1 # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
#restrict 對ntp做權限控制 ignore:忽略所有類型的NTP連接請求 nomodify:限制客戶端不能使用命令ntpc和ntpq來修改服務器端的時間
#noquery:不提供NTP網絡校時服務 notrap:不接受遠程登錄請求 notrust:不接受沒有經過認證的客戶端的請求
#允許局域網66網段內所有client連接到這台服務器同步時間.但是拒絕讓他們修改服務器上的時間和遠程登錄 restrict 192.168.66.0 mask 255.255.255.0 nomodify notrap # Use public servers from the pool.ntp.org project. # Please consider joining the pool (//www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst #server 1.centos.pool.ntp.org iburst #server 2.centos.pool.ntp.org iburst #server 3.centos.pool.ntp.org iburst #指定ntp服務器的地址 #將當前主機作為時間服務器 server 127.127.1.0 #時間服務器層級0-15 0表示頂級 10通常用於給局域網主機提供時間服務 fudge 127.127.1.0 stratum 10 #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys # Specify the key identifiers which are trusted. #trustedkey 4 8 42 # Specify the key identifier to use with the ntpdc utility. #requestkey 8 # Specify the key identifier to use with the ntpq utility. #controlkey 8 # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor
5、重啟server端
[root@master ~]# systemctl restart ntpd
6、查看狀態
[root@master ~]# ntpstat synchronised to local net (127.127.1.0) at stratum 11 time correct to within 7948 ms polling server every 64 s [root@master ~]#
7、設置client端
[root@node1 ~]# vi /etc/ntp.conf
# Use public servers from the pool.ntp.org project. # Please consider joining the pool (//www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst #server 1.centos.pool.ntp.org iburst #server 2.centos.pool.ntp.org iburst #server 3.centos.pool.ntp.org iburst
#client端僅僅加入server端IP
server master
7、重啟client端
[root@node1 ~]# systemctl restart ntpd
8、檢查網絡中的NTP服務器
[root@node1 ~]# ntpq -p remote refid st t when poll reach delay offset jitter ============================================================================== *master LOCAL(0) 11 u 43 64 37 0.223 -134.33 92.058 [root@node1 ~]#
*表示目前使用的NTP Server,這裡選擇的本機;
st:即stratum階層,值越小表示ntp serve的精準度越高;
when:單位秒,幾秒前曾做過時間同步更新的操作;
poll表示,每隔多少毫秒與ntp server同步一次;
reach:已經向上層NTP服務器要求更新的次數;
delay:網絡傳輸過程鍾延遲的時間;
offset:時間補償的結果;
jitter:Linux系統時間與BIOS硬件時間的差異時間
9、問題
NTP Server端重啟後,Client端需要等5分鐘再與其進行時間同步,否則會提示「no server suitable for synchronization found」錯誤。等待的時間可以通過命令 watch ntpq -p來監控
