1、配置NTP服務端
環境:redhat 6.5
| 服務器主機名 | ip地址 | 說明 |
|---|---|---|
| server | 192.168.57.20 | NTP服務端 |
| client | 192.168.57.21 | NTP客戶端 |
搭建說明:
本地server使用外網ntp源同步時間,再作為NTP服務端同步時間給本地client服務器NTP客戶端
1.1 安裝NTP服務
在ntp服務器查看系統是否安裝NTP服務
[root@server~]# rpm -qa|grep ntp ntpdate-4.2.6p5-1.el6.x86_64 fontpackages-filesystem-1.41-1.1.el6.noarch ntp-4.2.6p5-1.el6.x86_64
如果沒有安裝,安裝ntp
yum -y install ntp
備份原有ntp配置文件
mv /etc/ntp.conf /etc/npt.conf.bak
1.2 配置NTP服務端
編輯ntp.conf配置文件
# Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system.restrict default ignore
restrict 127.0.0.1restrict 192.168.112.0 mask 255.255.255.0 nomodify
設置容許訪問該ntp服務器的網絡地址段
restrict 192.168.57.0 mask 255.255.255.0 nomodify
Permit all access over the loopback interface. This could
be tightened as well, but to do so would effect some of
the administrative functions.
Use public servers from the pool.ntp.org project.
Please consider joining the pool (http://www.pool.ntp.org/join.html).
設定NTP主機來源(其中prefer表示優先主機)
server 1.cn.pool.ntp.org prefer
默認優先使用1.cn.pool.ntp.org
server 1.rhel.pool.ntp.org
server pool.ntp.org
broadcast 172.30.8.255 key 42 # broadcast server
broadcastclient # broadcast client
broadcast 224.0.1.1 key 42 # multicast server
multicastclient 224.0.1.1 # multicast client
manycastserver 239.255.254.254 # manycast server
manycastclient 239.255.254.254 key 42 # manycast client
Undisciplined Local Clock. This is a fake driver intended for backup
and when no outside source of synchronized time is available.
server 127.127.1.0
fudge 127.127.1.0 stratum 10local clock設置本地ntp服務器地址,當外網ntp服務器連接異常時,使用本地NTP服務器進行同步
Drift file. Put this in a directory which the daemon can write to.
No symbolic links allowed, either, since the daemon updates the file
by creating a temporary in the same directory and then rename()'ing
it to the file.
driftfile /var/lib/ntp/drift
Key file containing the keys and key identifiers used when operating
with symmetric key cryptography.
broadcastdelay 0.008
logfile /var/log/ntp.log
keys /etc/ntp/keysSpecify the key identifiers which are trusted.
trustedkey 4 8 42
Specify the key identifier to use with the ntpdc utility.
requestkey 8
Specify the key identifier to use with the ntpq utility.
controlkey 8
啟動ntp服務
service ntpd start
設置開機啟動
chkconfig ntpd on
查看NTP狀態
-bash-4.1$ ntpstat synchronised to local net at stratum 11 time correct to within 12 ms polling server every 64 s-bash-4.1$ ntpq -p
remote refid st t when poll reach delay offset jitter*LOCAL(0) .LOCL. 10 l 11 64 377 0.000 0.000 0.000
120.25.115.20 .INIT. 16 u - 1024 0 0.000 0.000 0.000
2 配置NTP客戶端
2.1 安裝NTP服務
在ntp服務器查看系統是否安裝NTP服務
[root@client~]# rpm -qa|grep ntp ntpdate-4.2.6p5-1.el6.x86_64 fontpackages-filesystem-1.41-1.1.el6.noarch ntp-4.2.6p5-1.el6.x86_64
如果沒有安裝,安裝ntp
yum -y install ntp
備份原有ntp配置文件
mv /etc/ntp.conf /etc/npt.conf.bak
2.2 配置NTP服務端
修改/etc/ntp.conf文件
# For more information about this file, see the man pages # ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).driftfile /var/lib/ntp/drift
Permit time synchronization with our time source, but do not
permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noqueryPermit all access over the loopback interface. This could
be tightened as well, but to do so would effect some of
the administrative functions.
restrict 127.0.0.1
restrict -6 ::1Hosts on local network are less restricted.
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
Use public servers from the pool.ntp.org project.
Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.rhel.pool.ntp.org iburst
server 1.rhel.pool.ntp.org iburst
server 2.rhel.pool.ntp.org iburst
server 192.68.57.20 perfer
設置192.168.57.20為優先的ntp服務器
restrict 192.68.57.20 nomodify notrap noquery
server 127.127.1.0 # local clock
fudge 127.127.1.0 stratum 10broadcast 192.168.1.255 autokey # broadcast server
broadcastclient # broadcast client
broadcast 224.0.1.1 autokey # multicast server
multicastclient 224.0.1.1 # multicast client
manycastserver 239.255.254.254 # manycast server
manycastclient 239.255.254.254 autokey # manycast client
Enable public key cryptography.
crypto
includefile /etc/ntp/crypto/pw
Key file containing the keys and key identifiers used when operating
with symmetric key cryptography.
keys /etc/ntp/keys
Specify the key identifiers which are trusted.
trustedkey 4 8 42
Specify the key identifier to use with the ntpdc utility.
requestkey 8
Specify the key identifier to use with the ntpq utility.
controlkey 8
Enable writing of statistics records.
statistics clockstats cryptostats loopstats peerstats
啟動NTP服務
service ntpd start
設置NTP服務自啟動
chkconfig ntpd on
查看ntp服務狀態:
-bash-4.1$ ntpstat synchronised to NTP server (192.168.57.20) at stratum 12 time correct to within 21 ms polling server every 256 s-bash-4.1$ ntpq -p
remote refid st t when poll reach delay offset jitter*192.168.57.20 LOCAL(0) 11 u 242 256 377 0.302 0.012 0.187
LOCAL(0) .LOCL. 10 l 46m 64 0 0.000 0.000 0.000
3、常見錯誤
3.1 ntpq -p查看時間同步情況時報localhost: timed out, nothing received錯誤
在使用ntpq -p時報:
localhost: timed out, nothing received***Request timed out
解決辦法:
1、查看/etc/hosts文件,確認有以下信息,可以正確解析本地ntp服務
127.0.0.1 localhost localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
2、如果/etc/hosts文件配置正確,使用ntpq -4p(即指定通過ipv4 地址獲取返回值),如果正常顯示,但是使用ntpq -6p(即指定通過ipv4 地址獲取返回值)異常,則說明時因為開啟了Ipv6 ,默認ntpq 先走Ipv6的通道,而ECS linux 默認無法直接訪問ipv6地址,因此會訪問超時
可以禁用接口的IPv6,然后就會正確,方法如下:
/etc/sysctl.conf 文件尾添加如下參數
# 禁用整個系統所有接口的IPv6 net.ipv6.conf.all.disable_ipv6 = 1 # 禁用某一個指定接口的IPv6(例如:eth0, eth1) net.ipv6.conf.eth1.disable_ipv6 = 1 net.ipv6.conf.eth0.disable_ipv6 = 1
然后重啟網絡服務
service restart network
然后使用ntpq -p,返回值就正常
3.2 ntpq -p查看時間同步情況時報no association ID's returned錯誤信息
解決方法:
1、關閉selinux
-bash-4.1$ vi /etc/selinux/configThis file controls the state of SELinux on the system.
SELINUX= can take one of these three values:
enforcing - SELinux security policy is enforced.
permissive - SELinux prints warnings instead of enforcing.
disabled - No SELinux policy is loaded.
SELINUX=enforcing
SELINUX=disabled # 設置為disabled
SELINUXTYPE= can take one of these two values:
targeted - Targeted processes are protected,
mls - Multi Level Security protection.
SELINUXTYPE=targeted
2、執行restorecon -R -v /etc/ntp.conf
3、重啟ntp服務
service ntpd restart
3.3 添加ntp服務開機自啟動,報:service nptd does not support chkconfig
解決方法:
1、查看ntpd服務腳本,是不是在/etc/init.d/目錄下
-bash-4.1$ ll /etc/init.d/ntpd -rwxr-xr-x 1 root root 1974 10月 30 20:28 /etc/init.d/ntpd
注:一般成功安裝ntp以后都會有
2、在chkconfig工具服務列表中增加ntpd服務,此時服務會被在/etc/rc.d/rcN.d中賦予K/S入口了
chkconfig --add ntpd
3、修改/etc/init.d/ntpd
vi打開/etc/init.d/ntpd文件
在
#!/bin/bash
后加入
# chkconfig: 2345 10 90
# description: myservice
4、設置ntp服務自啟動,發現正常
chkconfig ntpd on