CentOS7多台电脑使用NTP进行时间同步

浏览次数:3195 关键词 ( 时间  多台电脑  NTP  )

1. NTP时钟同步方式说明

NTP在linux下有两种时钟同步方式,分别为直接同步和平滑同步: 
直接同步 
使用ntpdate命令进行同步,直接进行时间变更。如果服务器上存在一个12点运行的任务,当前服务器时间是13点,但标准时间时11点,使用此命令可能会造成任务重复执行。因此使用ntpdate同步可能会引发风险,因此该命令也多用于配置时钟同步服务时第一次同步时间时使用。 
平滑同步 
使用ntpd进行时钟同步,可以保证一个时间不经历两次,它每次同步时间的偏移量不会太陡,是慢慢来的,这正因为这样,ntpd平滑同步可能耗费的时间比较长。

标准时钟同步服务 
http://www.pool.ntp.org/zone/cn网站包含全球的标准时间同步服务,也包括对中国时间的同步,对应的URL为cn.pool.ntp.org,在其中也描述了ntp配置文件中的建议写法: 
server 1.cn.pool.ntp.org 
server 3.asia.pool.ntp.org 
server 2.asia.pool.ntp.org

2. 环境情况

准备四台电脑,分别为:

IP 用途 192.168.11.212 ntpd服务器,用于与外部公共ntpd同步标准时间 172.16.248.129 ntpd客户端,用于与ntpd同步时间 172.16.248.130 ntpd客户端,用于与ntpd同步时间 172,16,248.131 ntpd客户端,用于与ntpd同步时间
3. 检查服务是否安装
  • 使用rpm检查ntp包是否安装
[root@localhost kevin]# rpm -q ntp
ntp-4.2.6p5-19.el7.centos.3.x86_64
  • 1
  • 2
  • 1
  • 2

-如果已经安装则略过此步,否则使用yum进行安装,并设置系统开机自动启动并启动服务

[root@localhost kevin]# yum -y install ntp
[root@localhost kevin]# systemctl enable ntpd
[root@localhost kevin]# systemctl start ntpd
  • 1
  • 2
  • 3
  • 1
  • 2
  • 3
4. 设置ntp服务器: 192.168.11.212

配置前先使用命令:ntpdate -u cn.pool.ntp.org,同步服务器  -修改/etc/ntp.conf文件,红色字体是修改的内容  # For more information about this file, see the man pages  # ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).  driftfile /var/lib/ntp/drift  # Permit time synchronization with our time source, but do not  # permit the source to query or modify the service on this system.  restrict default nomodify notrap nopeer noquery

# Permit all access over the loopback interface. This could  # be tightened as well, but to do so would effect some of  # the administrative functions.  restrict 127.0.0.1  restrict ::1

# Hosts on local network are less restricted.  #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap  restrict 172.16.248.0 mask 255.255.255.0 nomodify notrap

# Use public servers from the pool.ntp.org project.  # Please consider joining the pool (http://www.pool.ntp.org/join.html).  #server 0.centos.pool.ntp.org iburst  server 2.cn.pool.ntp.org  server 1.asia.pool.ntp.org  server 2.asia.pool.ntp.org

#broadcast 192.168.1.255 autokey # broadcast server  #broadcastclient # broadcast client  #broadcast 224.0.1.1 autokey # multicast server  #multicastclient 224.0.1.1 # multicast client  #manycastserver 239.255.254.254 # manycast server  #manycastclient 239.255.254.254 autokey # manycast client  # 允许上层时间服务器主动修改本机时间  restrict 2.cn.pool.ntp.org nomodify notrap noquery  restrict 1.asia.pool.ntp.org nomodify notrap noquery  restrict 2.asia.pool.ntp.org nomodify notrap noquery

server 127.0.0.1 # local clock  fudge 127.0.0.1 stratum 10

# Enable public key cryptography.  #crypto

includefile /etc/ntp/crypto/pw

# Key file containing the keys and key identifiers used when operating  # with symmetric key cryptography.  keys /etc/ntp/keys

# Specify the key identifiers which are trusted.  #trustedkey 4 8 42

# Specify the key identifier to use with the ntpdc utility.  #requestkey 8

# Specify the key identifier to use with the ntpq utility.  #controlkey 8

# Enable writing of statistics records.  #statistics clockstats cryptostats loopstats peerstats

# Disable the monitoring facility to prevent amplification attacks using ntpdc  # monlist command when default restrict does not include the noquery flag. See  # CVE-2013-5211 for more details.  # Note: Monitoring will not be disabled with the limited restriction flag.  disable monitor

修改完成后重启ntpd服务systemctl restart ntpd

使用ntpq -p 查看网络中的NTP服务器,同时显示客户端和每个服务器的关系

使用ntpstat 命令查看时间同步状态,这个一般需要5-10分钟后才能成功连接和同步。所以,服务器启动后需要稍等下:  刚启动的时候,一般是:

# ntpstat 
unsynchronised
  time server re-starting
   polling server every 64 s
  • 1
  • 2
  • 3
  • 4
  • 1
  • 2
  • 3
  • 4

连接并同步后:

# ntpstat 
synchronised to NTP server (202.112.10.36) at stratum 3
   time correct to within 275 ms
   polling server every 256 s
  • 1
  • 2
  • 3
  • 4
  • 1
  • 2
  • 3
  • 4
5. 设置ntp客户端: 172.16.248.129|130|131

安装ntp服务并设置为自动启动,和前面的设置方式相同。然后编辑/etc/ntp.conf文件,红色字体为变化的内容。

# For more information about this file, see the man pages  # ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).

driftfile /var/lib/ntp/drift

# Permit time synchronization with our time source, but do not  # permit the source to query or modify the service on this system.  restrict default nomodify notrap nopeer noquery

# Permit all access over the loopback interface. This could  # be tightened as well, but to do so would effect some of  # the administrative functions.  restrict 127.0.0.1  restrict ::1

# Hosts on local network are less restricted.  #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

# Use public servers from the pool.ntp.org project.  # Please consider joining the pool (http://www.pool.ntp.org/join.html).  #server 0.centos.pool.ntp.org iburst  server 172.16.248.1  restrict 172.16.248.1 nomodify notrap noquery  server 127.0.0.1  fudge 127.0.0.1 stratum 10

#broadcast 192.168.1.255 autokey # broadcast server  #broadcastclient # broadcast client  #broadcast 224.0.1.1 autokey # multicast server  #multicastclient 224.0.1.1 # multicast client  #manycastserver 239.255.254.254 # manycast server  #manycastclient 239.255.254.254 autokey # manycast client

# Enable public key cryptography.  #crypto  includefile /etc/ntp/crypto/pw

# Key file containing the keys and key identifiers used when operating  # with symmetric key cryptography.  keys /etc/ntp/keys

# Specify the key identifiers which are trusted.  #trustedkey 4 8 42

# Specify the key identifier to use with the ntpdc utility.  #requestkey 8

# Specify the key identifier to use with the ntpq utility.  #controlkey 8

# Enable writing of statistics records.  #statistics clockstats cryptostats loopstats peerstats

# Disable the monitoring facility to prevent amplification attacks using ntpdc  # monlist command when default restrict does not include the noquery flag. See  # CVE-2013-5211 for more details.  # Note: Monitoring will not be disabled with the limited restriction flag.  disable monitor

重启ntpd服务  #systemctl restart ntpd

启动后,查看同步情况  # ntpq -p  # ntpstat

因为是内网,一般ntpstat很快就可以同步上。