Linux NTP time synchronization

First, build time synchronization server

1. Compile and install NTP server
Rpm-qa | grep NTP
If not found, the NTP package is not installed, the NTP packet is found on the CD, and the
RPM-UVH ntp***.rpm
To install
2. Modify the ntp.conf configuration file
Vi/etc/ntp.conf
①, first configuration: Allows clients of any IP to have time synchronization
Modify the line "restrict default nomodify notrap noquery" to:
Restrict default nomodify Notrap
Configuration file Example:/etc/ntp.conf
②, second configuration: Only allow time synchronization for 192.168.211.*** network segment clients
Add a line after restrict default nomodify notrap noquery (which indicates that all IP is denied by the time synchronization):
Restrict 192.168.211.0 mask 255.255.255.0 nomodify notrap

individual option information:

#系统时间与BIOS事件的偏差记录

Driftfile/etc/ntp/drift

restrict control the relevant permissions.

syntax: Restrict IP address mask Subnet mask parameter

where the IP address can also be default, default refers to all IP

the parameters are as follows:

Ignore: Turn off all NTP Online Services

Nomodify: The client cannot change the time parameters on the server side, but the client can perform the network calibration via the server.

Notrust: The client source will be treated as untrusted subnet unless authenticated

noquery: No time query for clients: Client cannot query NTP server using commands such as Ntpq,ntpc

Notrap: Do not provide trap remote login: Deny the matching host to provide mode 6 control message Trap Service. The Trap service is a subsystem of the NTPDQ Control Message Protocol, which is used for remote event logger applications.

Nopeer: Used to prevent the host from attempting to peer to the server and allow the fraudulent server to control the clock

kod: The Kod package is sent when an access violation occurs.

RESTRICT-6 represents the permission settings for the IPV6 address.

Set the NTP host source (where prefer represents the priority host), 192.168.7.49 is the local NTP server, so the time to synchronize from this host is prioritized.

Server 192.168.7.49 prefer

Server 0.rhel.pool.ntp.org Iburst

Server 1.rhel.pool.ntp.org Iburst

Server 2.rhel.pool.ntp.org Iburst

Server 3.rhel.pool.ntp.org Iburst

3. Start the NTP service
Service NTPD Start
Start Service on Boot
Chkconfig ntpd on
4, NTPD start, the client will wait a few minutes to synchronize with their time, otherwise it will prompt "No server suitable for synchronization found" error.

Second, configure the time synchronization client
Manually perform ntpdate <ntp server> to synchronize
Or use crontab to perform
Crontab-e
0 * * * ntpdate 192.168.211.22 >>/root/ntpdate.log 2>&1
Sync every night 9 o'clock
Report:
When querying with ntpdate-d, you will find the following 2 messages that cause no server suitable for synchronization found error:
Error 1. Server Dropped:strata too high
The NTP client runs Ntpdate ServerIP, and no server suitable for synchronization found error occurs.
The NTP client was viewed with ntpdate–d ServerIP and found "Server Dropped:strata too High" error, and "Stratum 16" is displayed. And under normal circumstances stratum this worthwhile range is "0~15".
This is because NTP server is not synchronized with itself or its server.
The following definition is to keep the NTP server in sync with itself, and if the server defined in/ntp.conf is not available, the local time will be used as the NTP service for the NTP client.
Server 127.127.1.0
Fudge 127.127.1.0 Stratum 8

After the NTP service is restarted on the NTP server, the NTP server itself or the synchronization with its server needs a period of time, which may be 5 minutes, which will result in no server suitable when the client runs the ntpdate command at that time. For synchronization found error.
So how do you know when NTP server has completed the process of synchronizing itself?
To use the command on an NTP server:
# Watch Ntpq-p
The screen appears:
Every 2.0s:ntpq-p Thu Jul 10 02:28:32 2008
Remote refID St T when poll reach delay offset jitter
==============================================================================
192.168.30.22 LOCAL (0) 8 u 22 64 1 2.113 179133. 0.001
Local (0) local (0) ten L 21 64 1 0.000 0.000 0.001
Note that this is the NTP server that synchronizes itself with the local.
Note that the REACH value, after starting the NTP Server service, this value is increasing from 0, when increased to 17, from 0 to 17 is 5 times the change, each time is the value of poll seconds, is 64 seconds *5=320 seconds.
If you later synchronize NTP server from NTP Client also fails, use Ntpdate–d to query detailed error information, then make a judgment.
Error 2. Server Dropped:no Data
The error message when executing netdate–d from the client is as follows:
Transmit (192.168.30.22) transmit (192.168.30.22)
Transmit (192.168.30.22)
Transmit (192.168.30.22)
Transmit (192.168.30.22)
192.168.30.22:server Dropped:no Data
Server 192.168.30.22, Port 123
.....
Jul 17:42:24 ntpdate[14148]: No server suitable for synchronization found there may be 2 reasons for this problem:
1. Check the version of NTP, if you are using ntp4.2 (including 4.2) after the version, in the definition of restrict used notrust, will lead to the above error.
Use the following command to check the version of NTP:
# NTPQ-C Version
The following is a description from the NTP official website:
The behavior of Notrust changed between versions 4.1 and 4.2.
In 4.1 (and earlier) notrust meant "Don T trust this host/subnet for time".
In 4.2 (and later) Notrust means "Ignore all NTP packets that is not cryptographically authenticated." This forces remotes servers to authenticate themselves to your (client) ntpd
Solve:
Remove the notrust.
2. Check the firewall for NTP server. The server's firewall may be blocking the UPD 123 port.
You can use the command
#service iptables Stop

To switch off the iptables service and then try to synchronize from the NTP client, if successful, prove to be a firewall problem and need to change the iptables settings.

View NTP server with or without upper NTP connectivity

[[email protected] ~]# ntpstatsynchronised to NTP Server (192.168.7.49) @ Stratum 6 time correct to within * Ms PO Lling server every S

View NTP server status with Upper NTP

[[email protected] ~]# ntpq -p     remote            refid      st t when  poll reach   delay   offset  jitter============================== ================================================ 192.168.7.49    192.168.7.50      5 u   13   64    3     5.853  1137178   2.696[[email protected] ~]# ntpq -p      remote           refid       st t when poll reach   delay    offset  jitter========================================================================== ==== 192.168.7.49    192.168.7.50     5 u   17    64    3    5.853  1137178   2.696[[email  protected] ~]# ntpq -p     remote            refid      st t when poll  reach   delay   offset  jitter================================== ============================================ 192.168.7.49    192.168.7.50      5 u    1   64    1     0.937   -9.570   0.000

remote-The IP or hostname of the native and upper NTP, "+" is preferred, "*" indicates a secondary priority

refID-Refer to the previous level of NTP host address

st-stratum Stratum

when-how many seconds ago the time has been synchronized

poll-How many seconds after the next update

reach-Number of times an update has been requested to the upper NTP server

Delay -Network latency

Offset-time compensation

jitter-system time vs. BIOS difference

to view the status of the NTPD process, run the following command, and press CTRL + C to stop viewing the process.

the characters in the first column indicate the quality of the source. An asterisk (*) indicates that the source is the current reference.

remote Lists the IP address or host name of the source.

when indicates the time (in seconds) that from Samsara the source has started to be consulted.

Poll indicates the polling interval time. This value is incremented according to the accuracy of the local clock.

Reach is an octal number that indicates the accessibility of the source. A value of 377 indicates that the source has answered the first eight consecutive polls.

offset is the time difference (in milliseconds) between the source clock and the local clock.

Linux NTP time synchronization