1、配置NTP服务端
环境:redhat 6.5
| 服务器主机名 | ip地址 | 说明 |
|---|---|---|
| server | 192.168.57.20 | NTP服务端 |
| client | 192.168.57.21 | NTP客户端 |
搭建说明:
本地server使用外网ntp源同步时间,再作为NTP服务端同步时间给本地client服务器NTP客户端
1.1 安装NTP服务
在ntp服务器查看系统是否安装NTP服务
[root@server~]# rpm -qa|grep ntp ntpdate-4.2.6p5-1.el6.x86_64 fontpackages-filesystem-1.41-1.1.el6.noarch ntp-4.2.6p5-1.el6.x86_64
如果没有安装,安装ntp
yum -y install ntp
备份原有ntp配置文件
mv /etc/ntp.conf /etc/npt.conf.bak
1.2 配置NTP服务端
编辑ntp.conf配置文件
# Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system.restrict default ignore
restrict 127.0.0.1restrict 192.168.112.0 mask 255.255.255.0 nomodify
设置容许访问该ntp服务器的网络地址段
restrict 192.168.57.0 mask 255.255.255.0 nomodify
Permit all access over the loopback interface. This could
be tightened as well, but to do so would effect some of
the administrative functions.
Use public servers from the pool.ntp.org project.
Please consider joining the pool (http://www.pool.ntp.org/join.html).
设定NTP主机来源(其中prefer表示优先主机)
server 1.cn.pool.ntp.org prefer
默认优先使用1.cn.pool.ntp.org
server 1.rhel.pool.ntp.org
server pool.ntp.org
broadcast 172.30.8.255 key 42 # broadcast server
broadcastclient # broadcast client
broadcast 224.0.1.1 key 42 # multicast server
multicastclient 224.0.1.1 # multicast client
manycastserver 239.255.254.254 # manycast server
manycastclient 239.255.254.254 key 42 # manycast client
Undisciplined Local Clock. This is a fake driver intended for backup
and when no outside source of synchronized time is available.
server 127.127.1.0
fudge 127.127.1.0 stratum 10local clock设置本地ntp服务器地址,当外网ntp服务器连接异常时,使用本地NTP服务器进行同步
Drift file. Put this in a directory which the daemon can write to.
No symbolic links allowed, either, since the daemon updates the file
by creating a temporary in the same directory and then rename()'ing
it to the file.
driftfile /var/lib/ntp/drift
Key file containing the keys and key identifiers used when operating
with symmetric key cryptography.
broadcastdelay 0.008
logfile /var/log/ntp.log
keys /etc/ntp/keysSpecify the key identifiers which are trusted.
trustedkey 4 8 42
Specify the key identifier to use with the ntpdc utility.
requestkey 8
Specify the key identifier to use with the ntpq utility.
controlkey 8
启动ntp服务
service ntpd start
设置开机启动
chkconfig ntpd on
查看NTP状态
-bash-4.1$ ntpstat synchronised to local net at stratum 11 time correct to within 12 ms polling server every 64 s-bash-4.1$ ntpq -p
remote refid st t when poll reach delay offset jitter*LOCAL(0) .LOCL. 10 l 11 64 377 0.000 0.000 0.000
120.25.115.20 .INIT. 16 u - 1024 0 0.000 0.000 0.000
2 配置NTP客户端
2.1 安装NTP服务
在ntp服务器查看系统是否安装NTP服务
[root@client~]# rpm -qa|grep ntp ntpdate-4.2.6p5-1.el6.x86_64 fontpackages-filesystem-1.41-1.1.el6.noarch ntp-4.2.6p5-1.el6.x86_64
如果没有安装,安装ntp
yum -y install ntp
备份原有ntp配置文件
mv /etc/ntp.conf /etc/npt.conf.bak
2.2 配置NTP服务端
修改/etc/ntp.conf文件
# For more information about this file, see the man pages # ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).driftfile /var/lib/ntp/drift
Permit time synchronization with our time source, but do not
permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noqueryPermit all access over the loopback interface. This could
be tightened as well, but to do so would effect some of
the administrative functions.
restrict 127.0.0.1
restrict -6 ::1Hosts on local network are less restricted.
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
Use public servers from the pool.ntp.org project.
Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.rhel.pool.ntp.org iburst
server 1.rhel.pool.ntp.org iburst
server 2.rhel.pool.ntp.org iburst
server 192.68.57.20 perfer
设置192.168.57.20为优先的ntp服务器
restrict 192.68.57.20 nomodify notrap noquery
server 127.127.1.0 # local clock
fudge 127.127.1.0 stratum 10broadcast 192.168.1.255 autokey # broadcast server
broadcastclient # broadcast client
broadcast 224.0.1.1 autokey # multicast server
multicastclient 224.0.1.1 # multicast client
manycastserver 239.255.254.254 # manycast server
manycastclient 239.255.254.254 autokey # manycast client
Enable public key cryptography.
crypto
includefile /etc/ntp/crypto/pw
Key file containing the keys and key identifiers used when operating
with symmetric key cryptography.
keys /etc/ntp/keys
Specify the key identifiers which are trusted.
trustedkey 4 8 42
Specify the key identifier to use with the ntpdc utility.
requestkey 8
Specify the key identifier to use with the ntpq utility.
controlkey 8
Enable writing of statistics records.
statistics clockstats cryptostats loopstats peerstats
启动NTP服务
service ntpd start
设置NTP服务自启动
chkconfig ntpd on
查看ntp服务状态:
-bash-4.1$ ntpstat synchronised to NTP server (192.168.57.20) at stratum 12 time correct to within 21 ms polling server every 256 s-bash-4.1$ ntpq -p
remote refid st t when poll reach delay offset jitter*192.168.57.20 LOCAL(0) 11 u 242 256 377 0.302 0.012 0.187
LOCAL(0) .LOCL. 10 l 46m 64 0 0.000 0.000 0.000
3、常见错误
3.1 ntpq -p查看时间同步情况时报localhost: timed out, nothing received错误
在使用ntpq -p时报:
localhost: timed out, nothing received***Request timed out
解决办法:
1、查看/etc/hosts文件,确认有以下信息,可以正确解析本地ntp服务
127.0.0.1 localhost localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
2、如果/etc/hosts文件配置正确,使用ntpq -4p(即指定通过ipv4 地址获取返回值),如果正常显示,但是使用ntpq -6p(即指定通过ipv4 地址获取返回值)异常,则说明时因为开启了Ipv6 ,默认ntpq 先走Ipv6的通道,而ECS linux 默认无法直接访问ipv6地址,因此会访问超时
可以禁用接口的IPv6,然后就会正确,方法如下:
/etc/sysctl.conf 文件尾添加如下参数
# 禁用整个系统所有接口的IPv6 net.ipv6.conf.all.disable_ipv6 = 1 # 禁用某一个指定接口的IPv6(例如:eth0, eth1) net.ipv6.conf.eth1.disable_ipv6 = 1 net.ipv6.conf.eth0.disable_ipv6 = 1
然后重启网络服务
service restart network
然后使用ntpq -p,返回值就正常
3.2 ntpq -p查看时间同步情况时报no association ID's returned错误信息
解决方法:
1、关闭selinux
-bash-4.1$ vi /etc/selinux/configThis file controls the state of SELinux on the system.
SELINUX= can take one of these three values:
enforcing - SELinux security policy is enforced.
permissive - SELinux prints warnings instead of enforcing.
disabled - No SELinux policy is loaded.
SELINUX=enforcing
SELINUX=disabled # 设置为disabled
SELINUXTYPE= can take one of these two values:
targeted - Targeted processes are protected,
mls - Multi Level Security protection.
SELINUXTYPE=targeted
2、执行restorecon -R -v /etc/ntp.conf
3、重启ntp服务
service ntpd restart
3.3 添加ntp服务开机自启动,报:service nptd does not support chkconfig
解决方法:
1、查看ntpd服务脚本,是不是在/etc/init.d/目录下
-bash-4.1$ ll /etc/init.d/ntpd -rwxr-xr-x 1 root root 1974 10月 30 20:28 /etc/init.d/ntpd
注:一般成功安装ntp以后都会有
2、在chkconfig工具服务列表中增加ntpd服务,此时服务会被在/etc/rc.d/rcN.d中赋予K/S入口了
chkconfig --add ntpd
3、修改/etc/init.d/ntpd
vi打开/etc/init.d/ntpd文件
在
#!/bin/bash
后加入
# chkconfig: 2345 10 90
# description: myservice
4、设置ntp服务自启动,发现正常
chkconfig ntpd on