-
1. NTP安装
- 搭建环境两台redhat6.5主机,通过网络10.83.250.0/23连接互通, server 10.83.250.5
client 10.83.250.4 - 查询NTP安装版本状态
[root@localhost ~]# rpm -qa | grep ntp fontpackages-filesystem-1.41-1.1.el6.noarch ntpdate-4.2.6p5-1.el6.x86_64 ntp-4.2.6p5-1.el6.x86_64 如果没安装信息先下载cp到本机进入安装目录安装 rpm -i ntpdate-4.2.6p5-1.el6.x86_64.rpm rpm -i ntp-4.2.6p5-1.el6.x86_64.rpm
2. 配置文件
- 备份配置文件,先拷贝一份做备份
cp /etc/ntp.conf /etc/ntp.conf.bak
- sever配置文件
[root@NTP-server ~]# vi /etc/ntp.conf ###server config### server 202.108.6.95 server 202.112.29.82 server cn.ntp.org.cn server 127.127.1.0 #同步本机clock 时钟; driftfile /etc/ntp/drift #记录clock 与 bios 事件偏差; broadcastdelay 0.008 # #权限控制 restrict 0.0.0.0 nomodify notrap noquery #不允许该网络client 修改、登陆、及时间查询,但可以较时; restrict 0.0.0.0 mask 0.0.0.0 nomodify notrap #允许向该网络的client提供NTP服务; #restrict default ignore#默认允许任何主机进行时间同步; #确保localhost权限足够; restrict 127.0.0.1 restrict -6 ::1 #level number fudge 127.127.1.1 stratum 2 #如果远程server地址不可用,ntp客户端会同步自身clock时间; #ntp log path statsdir /var/log/ntp/ #状态日志路径 #ntp log file logfile /var/log/ntp/ntp.log #日志文件 includefile /etc/ntp/crypto/pw #开机启动 keys /etc/ntp/keys #签名验证`
- client配置文件
[root@NTP-client ~]# vi /etc/ntp.conf ###client config #fast ntp server server 10.83.250.5 server 127.127.1.0 #store last time driftfile /etc/ntp/drift #allow upper modify localhost restrict 0.0.0.0 nomodify notrap noquery #allow any host restrict 0.0.0.0 mask 0.0.0.0 nomodify notrap restrict 127.0.0.1 restrict -6 ::1 #restrict 10.83.250.4 #client ip #level number fudge 127.127.1.1 stratum 2 #ntp log path statsdir /var/log/ntp/ #ntp log file logfile /var/log/ntp/ntp.log
3. 服务管理
- 启用NTP服务
[root@localhost ~]# service ntpd start 正在启动 ntpd:[确定]
- 重启NTP服务
[root@localhost ~]# service ntpd restart 关闭 ntpd:[确定] 正在启动 ntpd:[确定] 也可用重读init.d下的ntpd重启 [root@localhost ~]# /etc/init.d/ntpd restart 关闭 ntpd:[确定] 正在启动 ntpd:[确定]
- 查询服务运行状态
[root@localhost ~]# service dhcpd status dhcpd (pid 18489) 正在运行...
- 查看NTP运行状态
[root@qy-dhcp ~]# ntpstat synchronised to local net at stratum 6 time correct to within 11 ms polling server every 64 s
- 查询监听端口
[root@localhost ~]# lsof -i:123 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME ntpd21812 ntp 16u IPv4 159463 0t0 UDP *:ntp ntpd21812 ntp 17u IPv6 159464 0t0 UDP *:ntp ntpd21812 ntp 18u IPv4 159470 0t0 UDP localhost:ntp ntpd21812 ntp 19u IPv4 159471 0t0 UDP 10.83.250.5:ntp ntpd21812 ntp 20u IPv4 159472 0t0 UDP 10.29.207.244:ntp ntpd21812 ntp 21u IPv6 159473 0t0 UDP localhost:ntp ntpd21812 ntp 22u IPv6 159474 0t0 UDP [fe80::20c:29ff:fed4:3e72]:ntp ntpd21812 ntp 23u IPv6 159475 0t0 UDP [fe80::20c:29ff:fed4:3e7c]:ntp
4. iptable 防火墙配置
- NTP服务使用的是UDP 123端口 防火墙开启状态下需开放123端口
[root@localhost ~]# /sbin/iptables -I INPUT -p udp --dport 123 -j ACCEPT
- 查看iptable 端口状态
[root@localhost ~]# /etc/init.d/iptables status 表格:filter Chain INPUT (policy ACCEPT) num target prot opt source destination 1ACCEPT udp -- 0.0.0.0/00.0.0.0/0 udp dpt:123 2ACCEPT all -- 0.0.0.0/00.0.0.0/0 state RELATED,ESTABLISHED 3ACCEPT icmp -- 0.0.0.0/00.0.0.0/0 4ACCEPT all -- 0.0.0.0/00.0.0.0/0 5ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:22 6ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:647 7ACCEPT udp -- 0.0.0.0/00.0.0.0/0 state NEW udp dpt:67 8ACCEPT udp -- 0.0.0.0/00.0.0.0/0 state NEW udp dpt:68 9REJECT all -- 0.0.0.0/00.0.0.0/0 reject-with icmp-host-prohibited 10 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:123 Chain FORWARD (policy ACCEPT) num target prot opt source destination 1REJECT all -- 0.0.0.0/00.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) num target prot opt source destination
- 查看NTP服务iptale状态
[root@localhost ~]# chkconfig | grep ntp ntpd0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭 ntpdate 0:关闭 1:关闭 2:关闭 3:关闭 4:关闭 5:关闭 6:关闭 [root@localhost ~]# chkconfig --list ntpd ntpd0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭
- 对应运行级别开启NTP服务IPtable开机自启动;
[root@localhost ~]# chkconfig --level 345 ntpd on
5. NTP状态同步查询及手动同步
- 查看系统日志
[root@localhost ~]# tail -f /var/log/messages Oct 16 10:13:57 localhost dhcpd: Oct 16 10:13:57 localhost dhcpd: Listening on LPF/eth0/00:0c:29:d4:3e:72/10.83.250.0/23 Oct 16 10:13:57 localhost dhcpd: Sending on LPF/eth0/00:0c:29:d4:3e:72/10.83.250.0/23 Oct 16 10:13:57 localhost dhcpd: Sending on Socket/fallback/fallback-net Oct 16 10:13:57 localhost dhcpd: failover peer dhcp-failover: I move from normal to startup Oct 16 10:13:57 localhost dhcpd: failover peer dhcp-failover: peer moves from normal to communications-interrupted Oct 16 10:13:57 localhost dhcpd: failover peer dhcp-failover: I move from startup to normal Oct 16 10:13:57 localhost dhcpd: balancing pool 7fbd4507b400 10.83.250.0/23 total 250 free 125 backup 124 lts 0 max-own (+/-)25 Oct 16 10:13:57 localhost dhcpd: balanced pool 7fbd4507b400 10.83.250.0/23 total 250 free 125 backup 124 lts 0 max-misbal 37 Oct 16 10:13:57 localhost dhcpd: failover peer dhcp-failover: peer moves from communications-interrupted to normal
- 查询当前状态
[root@server ~] #ntpq -p remote refid st t when poll reach delay offset jitter ============================================================================== xk-6-95-a8.bta. 10.69.2.34 2 u 20 64 17 37.950 -0.106 1.141 dns1.synet.edu. 202.118.1.47 2 u 19 64 17 42.5402.329 0.618 58.220.207.237 10.137.38.86 3 u 17 64 17 42.5360.833 0.911 *LOCAL(0).LOCL. 5 l 21 64 170.0000.000 0.000
- 查询实时状态
[root@client ~]# watch ntpq -p Every 2.0s: ntpq -pMon Oct 16 13:58:45 2017 remote refid st t when poll reach delay offset jitter ============================================================================== 10.83.250.5 LOCAL(0) 6 u 29 64 170.131 -273355 172904. *LOCAL(0).LOCL. 5 l 11 64 3770.0000.000 0.000 如果出现ntpq: read: Connection refused,说明NTP服务未开启
- 客户端手动初始同步ntp时间,需要先关自身NTP
[root@localhost ~]# service ntpd stop 关闭 ntpd:[确定] [root@localhost ~]# ntpdate 10.83.250.4 16 Oct 13:08:31 ntpdate[19862]: adjust time server 10.83.250.4 offset 0.000588 sec
6. 配置NTP开机自启动及自动同步
- 配置开机启动
[root@localhost ~]# more /etc/rc.local #!/bin/sh # # This script will be executed *after* all the other init scripts. # You can put your own initialization stuff in here if you don't # want to do the full Sys V style init stuff. touch /var/lock/subsys/local mount tmpfs /var/lib/dhcpd -t tmpfs -o size=200m cd /var/lib/dhcpd touch dhcpd.leases service dhcpd restart server ntpd restart
- client配置定时和NTP-server同步,并保存;
[root@localhost ~]# vi /etc/crontab SHELL=/bin/bash PATH=/sbin:/bin:/usr/sbin:/usr/bin MAILTO=root HOME=/ # For details see man 4 crontabs # Example of job definition: # .---------------- minute (0 - 59) # | .------------- hour (0 - 23) # | | .---------- day of month (1 - 31) # | | | .------- month (1 - 12) OR jan,feb,mar,apr ... # | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat # | | | | | # * * * * * user-name command to be executed 0 1 * * * root ntpdate 10.83.250.5;/sbin/hwclock -w >/root/ntpdate.log 2>&1 #上一条表示每天凌晨1点从NTP-server 10.83.250.5同步时间,并写入hwclock 硬件时钟,在日志中显现同步结果;
- 也可用sed命令修改
sed -i '$a0 1 * * * root ntpdate 10.83.250.5;/sbin/hwclock -w' /etc/crontab >/root/ntpdate.log 2>&1
- 重启定时任务服务生效
[root@localhost ~]# /etc/init.d/crond restart 停止 crond:[确定] 正在启动 crond:[确定] 也可用 [root@localhost ~]# service crond restart 停止 crond:[确定] 正在启动 crond:[确定]
- 搭建环境两台redhat6.5主机,通过网络10.83.250.0/23连接互通, server 10.83.250.5
本文来自投稿,不代表Linux运维部落立场,如若转载,请注明出处:http://www.178linux.com/87948