linux下NTP服务

linnux NTP

  • 1. NTP安装

    • 搭建环境两台redhat6.5主机,通过网络10.83.250.0/23连接互通, server 10.83.250.5
      client 10.83.250.4
    • 查询NTP安装版本状态
    [root@localhost ~]# rpm -qa | grep ntp
    fontpackages-filesystem-1.41-1.1.el6.noarch
    ntpdate-4.2.6p5-1.el6.x86_64
    ntp-4.2.6p5-1.el6.x86_64
    如果没安装信息先下载cp到本机进入安装目录安装
    rpm -i ntpdate-4.2.6p5-1.el6.x86_64.rpm
    rpm -i ntp-4.2.6p5-1.el6.x86_64.rpm
    

    2. 配置文件

    • 备份配置文件,先拷贝一份做备份
    cp /etc/ntp.conf /etc/ntp.conf.bak 
    
    • sever配置文件
    [root@NTP-server ~]# vi /etc/ntp.conf 
    ###server config### 
    server 202.108.6.95
    server 202.112.29.82
    server cn.ntp.org.cn
    server 127.127.1.0 #同步本机clock 时钟;
    driftfile /etc/ntp/drift   #记录clock 与 bios 事件偏差;
    broadcastdelay 0.008   #
    #权限控制 
    restrict 0.0.0.0 nomodify notrap noquery  #不允许该网络client 修改、登陆、及时间查询,但可以较时;
    restrict 0.0.0.0 mask 0.0.0.0 nomodify notrap  #允许向该网络的client提供NTP服务; 
    #restrict default ignore#默认允许任何主机进行时间同步;
    #确保localhost权限足够;
    restrict 127.0.0.1
    restrict  -6 ::1
    
    #level number 
    fudge 127.127.1.1 stratum 2  #如果远程server地址不可用,ntp客户端会同步自身clock时间;
    
    #ntp log path  
    statsdir /var/log/ntp/   #状态日志路径
    
    #ntp log file  
    logfile /var/log/ntp/ntp.log   #日志文件
    
    includefile /etc/ntp/crypto/pw  #开机启动
    
    keys /etc/ntp/keys #签名验证` 
    
    • client配置文件
    [root@NTP-client ~]# vi /etc/ntp.conf
    ###client config
    #fast ntp server
    server 10.83.250.5
    server 127.127.1.0
    
    #store last time
    driftfile /etc/ntp/drift
    
    #allow upper modify localhost
    restrict 0.0.0.0 nomodify notrap noquery
    
    #allow any host
    restrict 0.0.0.0 mask 0.0.0.0 nomodify notrap
    
    restrict 127.0.0.1
    restrict -6 ::1
    #restrict 10.83.250.4 #client ip
    #level number
    fudge 127.127.1.1 stratum 2
    
    #ntp log path   
    statsdir /var/log/ntp/
    
    #ntp log file   
    logfile /var/log/ntp/ntp.log
    

    3. 服务管理

    • 启用NTP服务
    [root@localhost ~]# service ntpd start
    正在启动 ntpd:[确定]
    
    • 重启NTP服务
    [root@localhost ~]# service ntpd restart
    关闭 ntpd:[确定]
    正在启动 ntpd:[确定]
    
    也可用重读init.d下的ntpd重启
    [root@localhost ~]# /etc/init.d/ntpd restart
    关闭 ntpd:[确定]
    正在启动 ntpd:[确定]
    
    • 查询服务运行状态
    [root@localhost ~]# service dhcpd status
    dhcpd (pid  18489) 正在运行...
    
    • 查看NTP运行状态
    [root@qy-dhcp ~]# ntpstat
    synchronised to local net at stratum 6 
       time correct to within 11 ms
       polling server every 64 s
    
    • 查询监听端口
    [root@localhost ~]# lsof -i:123
    COMMAND   PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
    ntpd21812  ntp   16u  IPv4 159463  0t0  UDP *:ntp 
    ntpd21812  ntp   17u  IPv6 159464  0t0  UDP *:ntp 
    ntpd21812  ntp   18u  IPv4 159470  0t0  UDP localhost:ntp 
    ntpd21812  ntp   19u  IPv4 159471  0t0  UDP 10.83.250.5:ntp 
    ntpd21812  ntp   20u  IPv4 159472  0t0  UDP 10.29.207.244:ntp 
    ntpd21812  ntp   21u  IPv6 159473  0t0  UDP localhost:ntp 
    ntpd21812  ntp   22u  IPv6 159474  0t0  UDP [fe80::20c:29ff:fed4:3e72]:ntp 
    ntpd21812  ntp   23u  IPv6 159475  0t0  UDP [fe80::20c:29ff:fed4:3e7c]:ntp 
    

    4. iptable 防火墙配置

    • NTP服务使用的是UDP 123端口 防火墙开启状态下需开放123端口
    [root@localhost ~]# /sbin/iptables -I INPUT -p udp --dport 123 -j ACCEPT
    
    • 查看iptable 端口状态
    [root@localhost ~]# /etc/init.d/iptables status
    表格:filter
    Chain INPUT (policy ACCEPT)
    num  target prot opt source   destination 
    1ACCEPT udp  --  0.0.0.0/00.0.0.0/0   udp dpt:123 
    2ACCEPT all  --  0.0.0.0/00.0.0.0/0   state RELATED,ESTABLISHED 
    3ACCEPT icmp --  0.0.0.0/00.0.0.0/0   
    4ACCEPT all  --  0.0.0.0/00.0.0.0/0   
    5ACCEPT tcp  --  0.0.0.0/00.0.0.0/0   state NEW tcp dpt:22 
    6ACCEPT tcp  --  0.0.0.0/00.0.0.0/0   state NEW tcp dpt:647 
    7ACCEPT udp  --  0.0.0.0/00.0.0.0/0   state NEW udp dpt:67 
    8ACCEPT udp  --  0.0.0.0/00.0.0.0/0   state NEW udp dpt:68 
    9REJECT all  --  0.0.0.0/00.0.0.0/0   reject-with icmp-host-prohibited 
    10   ACCEPT tcp  --  0.0.0.0/00.0.0.0/0   state NEW tcp dpt:123 
    
    Chain FORWARD (policy ACCEPT)
    num  target prot opt source   destination 
    1REJECT all  --  0.0.0.0/00.0.0.0/0   reject-with icmp-host-prohibited 
    
    Chain OUTPUT (policy ACCEPT)
    num  target prot opt source   destination     
    
    • 查看NTP服务iptale状态
    [root@localhost ~]# chkconfig | grep ntp
    ntpd0:关闭  1:关闭  2:启用  3:启用  4:启用  5:启用  6:关闭
    ntpdate 0:关闭  1:关闭  2:关闭  3:关闭  4:关闭  5:关闭  6:关闭
    
    [root@localhost ~]# chkconfig --list ntpd
    ntpd0:关闭  1:关闭  2:启用  3:启用  4:启用  5:启用  6:关闭
    
    • 对应运行级别开启NTP服务IPtable开机自启动;
    [root@localhost ~]# chkconfig --level 345 ntpd on
    

    5. NTP状态同步查询及手动同步

    • 查看系统日志
    [root@localhost ~]# tail -f /var/log/messages 
    Oct 16 10:13:57 localhost dhcpd: 
    Oct 16 10:13:57 localhost dhcpd: Listening on LPF/eth0/00:0c:29:d4:3e:72/10.83.250.0/23
    Oct 16 10:13:57 localhost dhcpd: Sending on   LPF/eth0/00:0c:29:d4:3e:72/10.83.250.0/23
    Oct 16 10:13:57 localhost dhcpd: Sending on   Socket/fallback/fallback-net
    Oct 16 10:13:57 localhost dhcpd: failover peer dhcp-failover: I move from normal to startup
    Oct 16 10:13:57 localhost dhcpd: failover peer dhcp-failover: peer moves from normal to communications-interrupted
    Oct 16 10:13:57 localhost dhcpd: failover peer dhcp-failover: I move from startup to normal
    Oct 16 10:13:57 localhost dhcpd: balancing pool 7fbd4507b400 10.83.250.0/23  total 250  free 125  backup 124  lts 0  max-own (+/-)25
    Oct 16 10:13:57 localhost dhcpd: balanced pool 7fbd4507b400 10.83.250.0/23  total 250  free 125  backup 124  lts 0  max-misbal 37
    Oct 16 10:13:57 localhost dhcpd: failover peer dhcp-failover: peer moves from communications-interrupted to normal
    
    • 查询当前状态
    [root@server ~] #ntpq -p
     remote   refid  st t when poll reach   delay   offset  jitter
    ==============================================================================
     xk-6-95-a8.bta. 10.69.2.34   2 u   20   64   17   37.950   -0.106   1.141
     dns1.synet.edu. 202.118.1.47 2 u   19   64   17   42.5402.329   0.618
     58.220.207.237  10.137.38.86 3 u   17   64   17   42.5360.833   0.911
    *LOCAL(0).LOCL.   5 l   21   64   170.0000.000   0.000
    
    • 查询实时状态
    [root@client ~]# watch ntpq -p
    
    Every 2.0s: ntpq -pMon Oct 16 13:58:45 2017
    
     remote   refid  st t when poll reach   delay   offset  jitter
    ==============================================================================
     10.83.250.5 LOCAL(0) 6 u   29   64   170.131  -273355 172904.
    *LOCAL(0).LOCL.   5 l   11   64  3770.0000.000   0.000
    
    如果出现ntpq: read: Connection refused,说明NTP服务未开启
    
    • 客户端手动初始同步ntp时间,需要先关自身NTP
    [root@localhost ~]# service ntpd stop
    关闭 ntpd:[确定]
    [root@localhost ~]# ntpdate 10.83.250.4
    16 Oct 13:08:31 ntpdate[19862]: adjust time server 10.83.250.4 offset 0.000588 sec
    

    6. 配置NTP开机自启动及自动同步

    • 配置开机启动
    [root@localhost ~]# more /etc/rc.local
    #!/bin/sh
    #
    # This script will be executed *after* all the other init scripts.
    # You can put your own initialization stuff in here if you don't
    # want to do the full Sys V style init stuff.
    
    touch /var/lock/subsys/local
    mount tmpfs /var/lib/dhcpd -t tmpfs -o size=200m
    cd /var/lib/dhcpd
    touch dhcpd.leases
    service dhcpd restart
    server ntpd restart
    
    • client配置定时和NTP-server同步,并保存;
    [root@localhost ~]# vi /etc/crontab 
    SHELL=/bin/bash
    PATH=/sbin:/bin:/usr/sbin:/usr/bin
    MAILTO=root
    HOME=/
    
    # For details see man 4 crontabs
    
    # Example of job definition:
    # .---------------- minute (0 - 59)
    # |  .------------- hour (0 - 23)
    # |  |  .---------- day of month (1 - 31)
    # |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
    # |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
    # |  |  |  |  |
    # *  *  *  *  * user-name command to be executed
    0 1 * * * root ntpdate 10.83.250.5;/sbin/hwclock -w  >/root/ntpdate.log 2>&1
    #上一条表示每天凌晨1点从NTP-server 10.83.250.5同步时间,并写入hwclock 硬件时钟,在日志中显现同步结果;
    
    • 也可用sed命令修改
    sed -i '$a0 1 * * * root ntpdate 10.83.250.5;/sbin/hwclock -w' /etc/crontab >/root/ntpdate.log 2>&1
    
    • 重启定时任务服务生效
    [root@localhost ~]# /etc/init.d/crond restart
    停止 crond:[确定]
    正在启动 crond:[确定]
    也可用
    [root@localhost ~]# service crond restart
    停止 crond:[确定]
    正在启动 crond:[确定]

本文来自投稿,不代表Linux运维部落立场,如若转载,请注明出处:http://www.178linux.com/87948

(0)
N24-zhoubN24-zhoub
上一篇 2017-10-17 20:33
下一篇 2017-10-20

相关推荐

  • 2016-11-4作业

    1、创建一个2G的文件系统,块大小为2048byte,预留1%可用空间,文件系统ext4,卷标为TEST,要求此分区开机后自动挂载至/test目录,且默认有acl挂载选项  mkfs.ext4 -b 2048  -L "TEST" -m 1 /dev/sdb6 2、写一个脚本,完成如下功能: (1) 列出当前系统识别到…

    Linux干货 2016-11-06
  • 上下文管理练习(为加法函数计时)

    上下文管理(为加法函数计时) 为加法函数计时 使用装饰器显示该函数的执行时长 使用上下文管理显示该函数的执行时长 装饰器实现 import time import datetime from functools import wraps def logger(fn): @wraps(fn) # wraps(fn)(wrapper) def wrapper(*…

    2017-11-18
  • 网络管理,程序管理

    lsmod |grep bond0 ifconfig bond0 down 关闭bonding服务 rmmod bonding  删除 bonding 服务 lsmod |grep eth1000 查看  lsmod指令,会列出所有已载入系统的模块 rmmod  删除内核中的一模块  查找网卡驱动e1000 rmmod…

    Linux干货 2016-09-11
  • SELinux——有趣的标签

    SELinux ·SELinux: Secure Enhanced linux,工作与Linux内核中 ·DAC:Discretionary Access Control 自由访问控制 ·MAC:Mandatory Access Control  强制访问控制        &n…

    Linux干货 2016-09-18
  • grep、egrep、fgrep 正则表达式详解

    大纲一、grep分类       –1.1基本定义       –1.2常用选项       –1.3不常用选项二、正则表达式       –2.1基本…

    Linux干货 2015-07-01
  • nginx相关配置及解释

    全局配置: user  nginx nginx; #运行程序的用户和用户组pid      /var/run/nginx.pid; #主控进程load_module /usr/lib64/nginx/modules/ngx_http_geoip_module.so;#加载模块 work进程的数量:通常为当前主…

    Linux干货 2017-05-07