linux下NTP服务

linnux NTP

  • 1. NTP安装

    • 搭建环境两台redhat6.5主机,通过网络10.83.250.0/23连接互通, server 10.83.250.5
      client 10.83.250.4
    • 查询NTP安装版本状态
    [root@localhost ~]# rpm -qa | grep ntp
    fontpackages-filesystem-1.41-1.1.el6.noarch
    ntpdate-4.2.6p5-1.el6.x86_64
    ntp-4.2.6p5-1.el6.x86_64
    如果没安装信息先下载cp到本机进入安装目录安装
    rpm -i ntpdate-4.2.6p5-1.el6.x86_64.rpm
    rpm -i ntp-4.2.6p5-1.el6.x86_64.rpm
    

    2. 配置文件

    • 备份配置文件,先拷贝一份做备份
    cp /etc/ntp.conf /etc/ntp.conf.bak 
    
    • sever配置文件
    [root@NTP-server ~]# vi /etc/ntp.conf 
    ###server config### 
    server 202.108.6.95
    server 202.112.29.82
    server cn.ntp.org.cn
    server 127.127.1.0 #同步本机clock 时钟;
    driftfile /etc/ntp/drift   #记录clock 与 bios 事件偏差;
    broadcastdelay 0.008   #
    #权限控制 
    restrict 0.0.0.0 nomodify notrap noquery  #不允许该网络client 修改、登陆、及时间查询,但可以较时;
    restrict 0.0.0.0 mask 0.0.0.0 nomodify notrap  #允许向该网络的client提供NTP服务; 
    #restrict default ignore#默认允许任何主机进行时间同步;
    #确保localhost权限足够;
    restrict 127.0.0.1
    restrict  -6 ::1
    
    #level number 
    fudge 127.127.1.1 stratum 2  #如果远程server地址不可用,ntp客户端会同步自身clock时间;
    
    #ntp log path  
    statsdir /var/log/ntp/   #状态日志路径
    
    #ntp log file  
    logfile /var/log/ntp/ntp.log   #日志文件
    
    includefile /etc/ntp/crypto/pw  #开机启动
    
    keys /etc/ntp/keys #签名验证` 
    
    • client配置文件
    [root@NTP-client ~]# vi /etc/ntp.conf
    ###client config
    #fast ntp server
    server 10.83.250.5
    server 127.127.1.0
    
    #store last time
    driftfile /etc/ntp/drift
    
    #allow upper modify localhost
    restrict 0.0.0.0 nomodify notrap noquery
    
    #allow any host
    restrict 0.0.0.0 mask 0.0.0.0 nomodify notrap
    
    restrict 127.0.0.1
    restrict -6 ::1
    #restrict 10.83.250.4 #client ip
    #level number
    fudge 127.127.1.1 stratum 2
    
    #ntp log path   
    statsdir /var/log/ntp/
    
    #ntp log file   
    logfile /var/log/ntp/ntp.log
    

    3. 服务管理

    • 启用NTP服务
    [root@localhost ~]# service ntpd start
    正在启动 ntpd:[确定]
    
    • 重启NTP服务
    [root@localhost ~]# service ntpd restart
    关闭 ntpd:[确定]
    正在启动 ntpd:[确定]
    
    也可用重读init.d下的ntpd重启
    [root@localhost ~]# /etc/init.d/ntpd restart
    关闭 ntpd:[确定]
    正在启动 ntpd:[确定]
    
    • 查询服务运行状态
    [root@localhost ~]# service dhcpd status
    dhcpd (pid  18489) 正在运行...
    
    • 查看NTP运行状态
    [root@qy-dhcp ~]# ntpstat
    synchronised to local net at stratum 6 
       time correct to within 11 ms
       polling server every 64 s
    
    • 查询监听端口
    [root@localhost ~]# lsof -i:123
    COMMAND   PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
    ntpd21812  ntp   16u  IPv4 159463  0t0  UDP *:ntp 
    ntpd21812  ntp   17u  IPv6 159464  0t0  UDP *:ntp 
    ntpd21812  ntp   18u  IPv4 159470  0t0  UDP localhost:ntp 
    ntpd21812  ntp   19u  IPv4 159471  0t0  UDP 10.83.250.5:ntp 
    ntpd21812  ntp   20u  IPv4 159472  0t0  UDP 10.29.207.244:ntp 
    ntpd21812  ntp   21u  IPv6 159473  0t0  UDP localhost:ntp 
    ntpd21812  ntp   22u  IPv6 159474  0t0  UDP [fe80::20c:29ff:fed4:3e72]:ntp 
    ntpd21812  ntp   23u  IPv6 159475  0t0  UDP [fe80::20c:29ff:fed4:3e7c]:ntp 
    

    4. iptable 防火墙配置

    • NTP服务使用的是UDP 123端口 防火墙开启状态下需开放123端口
    [root@localhost ~]# /sbin/iptables -I INPUT -p udp --dport 123 -j ACCEPT
    
    • 查看iptable 端口状态
    [root@localhost ~]# /etc/init.d/iptables status
    表格:filter
    Chain INPUT (policy ACCEPT)
    num  target prot opt source   destination 
    1ACCEPT udp  --  0.0.0.0/00.0.0.0/0   udp dpt:123 
    2ACCEPT all  --  0.0.0.0/00.0.0.0/0   state RELATED,ESTABLISHED 
    3ACCEPT icmp --  0.0.0.0/00.0.0.0/0   
    4ACCEPT all  --  0.0.0.0/00.0.0.0/0   
    5ACCEPT tcp  --  0.0.0.0/00.0.0.0/0   state NEW tcp dpt:22 
    6ACCEPT tcp  --  0.0.0.0/00.0.0.0/0   state NEW tcp dpt:647 
    7ACCEPT udp  --  0.0.0.0/00.0.0.0/0   state NEW udp dpt:67 
    8ACCEPT udp  --  0.0.0.0/00.0.0.0/0   state NEW udp dpt:68 
    9REJECT all  --  0.0.0.0/00.0.0.0/0   reject-with icmp-host-prohibited 
    10   ACCEPT tcp  --  0.0.0.0/00.0.0.0/0   state NEW tcp dpt:123 
    
    Chain FORWARD (policy ACCEPT)
    num  target prot opt source   destination 
    1REJECT all  --  0.0.0.0/00.0.0.0/0   reject-with icmp-host-prohibited 
    
    Chain OUTPUT (policy ACCEPT)
    num  target prot opt source   destination     
    
    • 查看NTP服务iptale状态
    [root@localhost ~]# chkconfig | grep ntp
    ntpd0:关闭  1:关闭  2:启用  3:启用  4:启用  5:启用  6:关闭
    ntpdate 0:关闭  1:关闭  2:关闭  3:关闭  4:关闭  5:关闭  6:关闭
    
    [root@localhost ~]# chkconfig --list ntpd
    ntpd0:关闭  1:关闭  2:启用  3:启用  4:启用  5:启用  6:关闭
    
    • 对应运行级别开启NTP服务IPtable开机自启动;
    [root@localhost ~]# chkconfig --level 345 ntpd on
    

    5. NTP状态同步查询及手动同步

    • 查看系统日志
    [root@localhost ~]# tail -f /var/log/messages 
    Oct 16 10:13:57 localhost dhcpd: 
    Oct 16 10:13:57 localhost dhcpd: Listening on LPF/eth0/00:0c:29:d4:3e:72/10.83.250.0/23
    Oct 16 10:13:57 localhost dhcpd: Sending on   LPF/eth0/00:0c:29:d4:3e:72/10.83.250.0/23
    Oct 16 10:13:57 localhost dhcpd: Sending on   Socket/fallback/fallback-net
    Oct 16 10:13:57 localhost dhcpd: failover peer dhcp-failover: I move from normal to startup
    Oct 16 10:13:57 localhost dhcpd: failover peer dhcp-failover: peer moves from normal to communications-interrupted
    Oct 16 10:13:57 localhost dhcpd: failover peer dhcp-failover: I move from startup to normal
    Oct 16 10:13:57 localhost dhcpd: balancing pool 7fbd4507b400 10.83.250.0/23  total 250  free 125  backup 124  lts 0  max-own (+/-)25
    Oct 16 10:13:57 localhost dhcpd: balanced pool 7fbd4507b400 10.83.250.0/23  total 250  free 125  backup 124  lts 0  max-misbal 37
    Oct 16 10:13:57 localhost dhcpd: failover peer dhcp-failover: peer moves from communications-interrupted to normal
    
    • 查询当前状态
    [root@server ~] #ntpq -p
     remote   refid  st t when poll reach   delay   offset  jitter
    ==============================================================================
     xk-6-95-a8.bta. 10.69.2.34   2 u   20   64   17   37.950   -0.106   1.141
     dns1.synet.edu. 202.118.1.47 2 u   19   64   17   42.5402.329   0.618
     58.220.207.237  10.137.38.86 3 u   17   64   17   42.5360.833   0.911
    *LOCAL(0).LOCL.   5 l   21   64   170.0000.000   0.000
    
    • 查询实时状态
    [root@client ~]# watch ntpq -p
    
    Every 2.0s: ntpq -pMon Oct 16 13:58:45 2017
    
     remote   refid  st t when poll reach   delay   offset  jitter
    ==============================================================================
     10.83.250.5 LOCAL(0) 6 u   29   64   170.131  -273355 172904.
    *LOCAL(0).LOCL.   5 l   11   64  3770.0000.000   0.000
    
    如果出现ntpq: read: Connection refused,说明NTP服务未开启
    
    • 客户端手动初始同步ntp时间,需要先关自身NTP
    [root@localhost ~]# service ntpd stop
    关闭 ntpd:[确定]
    [root@localhost ~]# ntpdate 10.83.250.4
    16 Oct 13:08:31 ntpdate[19862]: adjust time server 10.83.250.4 offset 0.000588 sec
    

    6. 配置NTP开机自启动及自动同步

    • 配置开机启动
    [root@localhost ~]# more /etc/rc.local
    #!/bin/sh
    #
    # This script will be executed *after* all the other init scripts.
    # You can put your own initialization stuff in here if you don't
    # want to do the full Sys V style init stuff.
    
    touch /var/lock/subsys/local
    mount tmpfs /var/lib/dhcpd -t tmpfs -o size=200m
    cd /var/lib/dhcpd
    touch dhcpd.leases
    service dhcpd restart
    server ntpd restart
    
    • client配置定时和NTP-server同步,并保存;
    [root@localhost ~]# vi /etc/crontab 
    SHELL=/bin/bash
    PATH=/sbin:/bin:/usr/sbin:/usr/bin
    MAILTO=root
    HOME=/
    
    # For details see man 4 crontabs
    
    # Example of job definition:
    # .---------------- minute (0 - 59)
    # |  .------------- hour (0 - 23)
    # |  |  .---------- day of month (1 - 31)
    # |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
    # |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
    # |  |  |  |  |
    # *  *  *  *  * user-name command to be executed
    0 1 * * * root ntpdate 10.83.250.5;/sbin/hwclock -w  >/root/ntpdate.log 2>&1
    #上一条表示每天凌晨1点从NTP-server 10.83.250.5同步时间,并写入hwclock 硬件时钟,在日志中显现同步结果;
    
    • 也可用sed命令修改
    sed -i '$a0 1 * * * root ntpdate 10.83.250.5;/sbin/hwclock -w' /etc/crontab >/root/ntpdate.log 2>&1
    
    • 重启定时任务服务生效
    [root@localhost ~]# /etc/init.d/crond restart
    停止 crond:[确定]
    正在启动 crond:[确定]
    也可用
    [root@localhost ~]# service crond restart
    停止 crond:[确定]
    正在启动 crond:[确定]

本文来自投稿,不代表Linux运维部落立场,如若转载,请注明出处:http://www.178linux.com/87948

(0)
N24-zhoubN24-zhoub
上一篇 2017-10-17 20:33
下一篇 2017-10-20

相关推荐

  • net25-第12周作业

    1、请描述一次完整的http请求处理过程; – (1)客户端发送http请求– (2)服务端建立或处理连接,接受请求或拒绝请求– (3)接受请求:接受客户端对服务器某一资源的请求– (4)处理请求:对请求报文进行解析,获取客户端请求的资源及请求方法等相关信息– (5)访问资源:获取请求报文中请求的资…

    Linux干货 2017-05-15
  • C语言的谜题

    这几天,本站推出了几篇关于C语言的很多文章如下所示: 语言的歧义 [酷壳链接] [CSDN链接] 谁说C语言很简单? [酷壳链接] [CSDN链接] 6个变态的C语言Hello World程序 [酷壳链接] [CSDN链接] 如何加密/弄乱C源代码 [酷壳链接] [CSDN链接] C语言的谜题 [酷壳链接] …

    Linux干货 2016-05-08
  • 磁盘分区和文件系统管理

    磁盘分区 两种分区方式:MBR,GPT  MBR: Master Boot Record,1982年,使用32位表示扇区 数,分区不超过2T  如何分区:按柱面      0磁道0扇区:512bytes      446bytes: boo…

    Linux干货 2016-08-29
  • redis主从复制(1)— 慢查询导致复制中断

    redis的异常行为是一件令人头疼的问题。redis提供的错误日志只提供了一些server的运行状态信息,而没有server在故障现场的操作日志,比如执行了什么命令,命令操作对象的数据结构信息。如果redis也有mysql的slow-log,那么很多性能和故障问题也很容易处理。1、redis rdb在redis2.8版本以前,redis主从数据复制在生产上存…

    Linux干货 2016-04-12
  • N26-第五周

    1、显示当前系统上root、fedora或user1用户的默认shell; [root@localhost test]# cat /etc/passwd | grep -E “^(root|fedora|user1)\>” |cut -d: -f  1,7 root:/bin/bash user1:/bin/bash …

    Linux干货 2017-02-26