linux下NTP服务

linnux NTP

  • 1. NTP安装

    • 搭建环境两台redhat6.5主机,通过网络10.83.250.0/23连接互通, server 10.83.250.5
      client 10.83.250.4
    • 查询NTP安装版本状态
    [root@localhost ~]# rpm -qa | grep ntp
    fontpackages-filesystem-1.41-1.1.el6.noarch
    ntpdate-4.2.6p5-1.el6.x86_64
    ntp-4.2.6p5-1.el6.x86_64
    如果没安装信息先下载cp到本机进入安装目录安装
    rpm -i ntpdate-4.2.6p5-1.el6.x86_64.rpm
    rpm -i ntp-4.2.6p5-1.el6.x86_64.rpm
    

    2. 配置文件

    • 备份配置文件,先拷贝一份做备份
    cp /etc/ntp.conf /etc/ntp.conf.bak 
    
    • sever配置文件
    [root@NTP-server ~]# vi /etc/ntp.conf 
    ###server config### 
    server 202.108.6.95
    server 202.112.29.82
    server cn.ntp.org.cn
    server 127.127.1.0 #同步本机clock 时钟;
    driftfile /etc/ntp/drift   #记录clock 与 bios 事件偏差;
    broadcastdelay 0.008   #
    #权限控制 
    restrict 0.0.0.0 nomodify notrap noquery  #不允许该网络client 修改、登陆、及时间查询,但可以较时;
    restrict 0.0.0.0 mask 0.0.0.0 nomodify notrap  #允许向该网络的client提供NTP服务; 
    #restrict default ignore#默认允许任何主机进行时间同步;
    #确保localhost权限足够;
    restrict 127.0.0.1
    restrict  -6 ::1
    
    #level number 
    fudge 127.127.1.1 stratum 2  #如果远程server地址不可用,ntp客户端会同步自身clock时间;
    
    #ntp log path  
    statsdir /var/log/ntp/   #状态日志路径
    
    #ntp log file  
    logfile /var/log/ntp/ntp.log   #日志文件
    
    includefile /etc/ntp/crypto/pw  #开机启动
    
    keys /etc/ntp/keys #签名验证` 
    
    • client配置文件
    [root@NTP-client ~]# vi /etc/ntp.conf
    ###client config
    #fast ntp server
    server 10.83.250.5
    server 127.127.1.0
    
    #store last time
    driftfile /etc/ntp/drift
    
    #allow upper modify localhost
    restrict 0.0.0.0 nomodify notrap noquery
    
    #allow any host
    restrict 0.0.0.0 mask 0.0.0.0 nomodify notrap
    
    restrict 127.0.0.1
    restrict -6 ::1
    #restrict 10.83.250.4 #client ip
    #level number
    fudge 127.127.1.1 stratum 2
    
    #ntp log path   
    statsdir /var/log/ntp/
    
    #ntp log file   
    logfile /var/log/ntp/ntp.log
    

    3. 服务管理

    • 启用NTP服务
    [root@localhost ~]# service ntpd start
    正在启动 ntpd:[确定]
    
    • 重启NTP服务
    [root@localhost ~]# service ntpd restart
    关闭 ntpd:[确定]
    正在启动 ntpd:[确定]
    
    也可用重读init.d下的ntpd重启
    [root@localhost ~]# /etc/init.d/ntpd restart
    关闭 ntpd:[确定]
    正在启动 ntpd:[确定]
    
    • 查询服务运行状态
    [root@localhost ~]# service dhcpd status
    dhcpd (pid  18489) 正在运行...
    
    • 查看NTP运行状态
    [root@qy-dhcp ~]# ntpstat
    synchronised to local net at stratum 6 
       time correct to within 11 ms
       polling server every 64 s
    
    • 查询监听端口
    [root@localhost ~]# lsof -i:123
    COMMAND   PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
    ntpd21812  ntp   16u  IPv4 159463  0t0  UDP *:ntp 
    ntpd21812  ntp   17u  IPv6 159464  0t0  UDP *:ntp 
    ntpd21812  ntp   18u  IPv4 159470  0t0  UDP localhost:ntp 
    ntpd21812  ntp   19u  IPv4 159471  0t0  UDP 10.83.250.5:ntp 
    ntpd21812  ntp   20u  IPv4 159472  0t0  UDP 10.29.207.244:ntp 
    ntpd21812  ntp   21u  IPv6 159473  0t0  UDP localhost:ntp 
    ntpd21812  ntp   22u  IPv6 159474  0t0  UDP [fe80::20c:29ff:fed4:3e72]:ntp 
    ntpd21812  ntp   23u  IPv6 159475  0t0  UDP [fe80::20c:29ff:fed4:3e7c]:ntp 
    

    4. iptable 防火墙配置

    • NTP服务使用的是UDP 123端口 防火墙开启状态下需开放123端口
    [root@localhost ~]# /sbin/iptables -I INPUT -p udp --dport 123 -j ACCEPT
    
    • 查看iptable 端口状态
    [root@localhost ~]# /etc/init.d/iptables status
    表格:filter
    Chain INPUT (policy ACCEPT)
    num  target prot opt source   destination 
    1ACCEPT udp  --  0.0.0.0/00.0.0.0/0   udp dpt:123 
    2ACCEPT all  --  0.0.0.0/00.0.0.0/0   state RELATED,ESTABLISHED 
    3ACCEPT icmp --  0.0.0.0/00.0.0.0/0   
    4ACCEPT all  --  0.0.0.0/00.0.0.0/0   
    5ACCEPT tcp  --  0.0.0.0/00.0.0.0/0   state NEW tcp dpt:22 
    6ACCEPT tcp  --  0.0.0.0/00.0.0.0/0   state NEW tcp dpt:647 
    7ACCEPT udp  --  0.0.0.0/00.0.0.0/0   state NEW udp dpt:67 
    8ACCEPT udp  --  0.0.0.0/00.0.0.0/0   state NEW udp dpt:68 
    9REJECT all  --  0.0.0.0/00.0.0.0/0   reject-with icmp-host-prohibited 
    10   ACCEPT tcp  --  0.0.0.0/00.0.0.0/0   state NEW tcp dpt:123 
    
    Chain FORWARD (policy ACCEPT)
    num  target prot opt source   destination 
    1REJECT all  --  0.0.0.0/00.0.0.0/0   reject-with icmp-host-prohibited 
    
    Chain OUTPUT (policy ACCEPT)
    num  target prot opt source   destination     
    
    • 查看NTP服务iptale状态
    [root@localhost ~]# chkconfig | grep ntp
    ntpd0:关闭  1:关闭  2:启用  3:启用  4:启用  5:启用  6:关闭
    ntpdate 0:关闭  1:关闭  2:关闭  3:关闭  4:关闭  5:关闭  6:关闭
    
    [root@localhost ~]# chkconfig --list ntpd
    ntpd0:关闭  1:关闭  2:启用  3:启用  4:启用  5:启用  6:关闭
    
    • 对应运行级别开启NTP服务IPtable开机自启动;
    [root@localhost ~]# chkconfig --level 345 ntpd on
    

    5. NTP状态同步查询及手动同步

    • 查看系统日志
    [root@localhost ~]# tail -f /var/log/messages 
    Oct 16 10:13:57 localhost dhcpd: 
    Oct 16 10:13:57 localhost dhcpd: Listening on LPF/eth0/00:0c:29:d4:3e:72/10.83.250.0/23
    Oct 16 10:13:57 localhost dhcpd: Sending on   LPF/eth0/00:0c:29:d4:3e:72/10.83.250.0/23
    Oct 16 10:13:57 localhost dhcpd: Sending on   Socket/fallback/fallback-net
    Oct 16 10:13:57 localhost dhcpd: failover peer dhcp-failover: I move from normal to startup
    Oct 16 10:13:57 localhost dhcpd: failover peer dhcp-failover: peer moves from normal to communications-interrupted
    Oct 16 10:13:57 localhost dhcpd: failover peer dhcp-failover: I move from startup to normal
    Oct 16 10:13:57 localhost dhcpd: balancing pool 7fbd4507b400 10.83.250.0/23  total 250  free 125  backup 124  lts 0  max-own (+/-)25
    Oct 16 10:13:57 localhost dhcpd: balanced pool 7fbd4507b400 10.83.250.0/23  total 250  free 125  backup 124  lts 0  max-misbal 37
    Oct 16 10:13:57 localhost dhcpd: failover peer dhcp-failover: peer moves from communications-interrupted to normal
    
    • 查询当前状态
    [root@server ~] #ntpq -p
     remote   refid  st t when poll reach   delay   offset  jitter
    ==============================================================================
     xk-6-95-a8.bta. 10.69.2.34   2 u   20   64   17   37.950   -0.106   1.141
     dns1.synet.edu. 202.118.1.47 2 u   19   64   17   42.5402.329   0.618
     58.220.207.237  10.137.38.86 3 u   17   64   17   42.5360.833   0.911
    *LOCAL(0).LOCL.   5 l   21   64   170.0000.000   0.000
    
    • 查询实时状态
    [root@client ~]# watch ntpq -p
    
    Every 2.0s: ntpq -pMon Oct 16 13:58:45 2017
    
     remote   refid  st t when poll reach   delay   offset  jitter
    ==============================================================================
     10.83.250.5 LOCAL(0) 6 u   29   64   170.131  -273355 172904.
    *LOCAL(0).LOCL.   5 l   11   64  3770.0000.000   0.000
    
    如果出现ntpq: read: Connection refused,说明NTP服务未开启
    
    • 客户端手动初始同步ntp时间,需要先关自身NTP
    [root@localhost ~]# service ntpd stop
    关闭 ntpd:[确定]
    [root@localhost ~]# ntpdate 10.83.250.4
    16 Oct 13:08:31 ntpdate[19862]: adjust time server 10.83.250.4 offset 0.000588 sec
    

    6. 配置NTP开机自启动及自动同步

    • 配置开机启动
    [root@localhost ~]# more /etc/rc.local
    #!/bin/sh
    #
    # This script will be executed *after* all the other init scripts.
    # You can put your own initialization stuff in here if you don't
    # want to do the full Sys V style init stuff.
    
    touch /var/lock/subsys/local
    mount tmpfs /var/lib/dhcpd -t tmpfs -o size=200m
    cd /var/lib/dhcpd
    touch dhcpd.leases
    service dhcpd restart
    server ntpd restart
    
    • client配置定时和NTP-server同步,并保存;
    [root@localhost ~]# vi /etc/crontab 
    SHELL=/bin/bash
    PATH=/sbin:/bin:/usr/sbin:/usr/bin
    MAILTO=root
    HOME=/
    
    # For details see man 4 crontabs
    
    # Example of job definition:
    # .---------------- minute (0 - 59)
    # |  .------------- hour (0 - 23)
    # |  |  .---------- day of month (1 - 31)
    # |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
    # |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
    # |  |  |  |  |
    # *  *  *  *  * user-name command to be executed
    0 1 * * * root ntpdate 10.83.250.5;/sbin/hwclock -w  >/root/ntpdate.log 2>&1
    #上一条表示每天凌晨1点从NTP-server 10.83.250.5同步时间,并写入hwclock 硬件时钟,在日志中显现同步结果;
    
    • 也可用sed命令修改
    sed -i '$a0 1 * * * root ntpdate 10.83.250.5;/sbin/hwclock -w' /etc/crontab >/root/ntpdate.log 2>&1
    
    • 重启定时任务服务生效
    [root@localhost ~]# /etc/init.d/crond restart
    停止 crond:[确定]
    正在启动 crond:[确定]
    也可用
    [root@localhost ~]# service crond restart
    停止 crond:[确定]
    正在启动 crond:[确定]

本文来自投稿,不代表Linux运维部落立场,如若转载,请注明出处:http://www.178linux.com/87948

(0)
上一篇 2017-10-17 20:33
下一篇 2017-10-20 12:21

相关推荐

  • sed命令及vim编辑器

    sed[option]… 'script' inputfile…选项:-n:不输出模式空间内容的自动打印-e: 多点编辑-f /PATH/TO/SCRIPT_FILE: 从指定文件中读取编辑脚本-r: 支持使用扩展正则表达式-i: 原处编辑script:'地址命令' 1.地址定界:(1) 不给地…

    Linux干货 2016-08-11
  • 马哥教育网络班22期第三周课程练习1

    1、who | awk {'print $1'} | sort | uniq  2、last | head -n1 3、awk -F":" {'print $7'} /etc/passwd |  awk '{for(i=1;i<=NF;i++)a[$i]++}EN…

    Linux干货 2016-08-29
  • 初识selinux

    一、selinux介绍     1.selinux历史     SELinux: Secure Enhanced Linux,是美国国家安全局「NSA=The National Security Agency」和SCC(Secure Computing Corporation)开…

    Linux干货 2016-09-21
  • N22-第十周作业

    1、请详细描述CentOS系统的启动流程(详细到每个过程系统做了哪些事情) (1)POST:加电自检,利用COMS里记录的配置信息检测硬件是否都工作正常 (2)Boot Sequence: 按次序查找各引导设备,第一个有引导程序的设备即为本次启动要用到的设备 Grub引导程序:提供一个菜单,允许用户选择要启动的系统或不同的内核版本, 把用户选定的内…

    Linux干货 2016-10-25
  • http加速器varnish

    一、web缓存概述       缓存,又称加速器,用于加速运行速度较快的设备与较慢设备之间的通信。基于程序的运行具有局部性特征其能实现加速的功能:       时间局部性:一个数据被访问之后,在随后较短的时间内有可能被访问。   &nbsp…

    2016-11-18
  • haproxy 监控配置

    方法一:在defaults段增加如下配置: stats refresh 30s #统计页面自动刷新时间stats uri /stats #统计页面urlstats realm baison-test-Haproxy #统计页面密码框上提示文本stats auth admin:admin123 #统计页面用户名和密码设置stats hide-version #…

    Linux干货 2018-03-19