NTP common configuration collation for Linux

NTP Introduction:

NTP is the Network Time Protocol (PROTOCOL), which is the protocol used to synchronize the time of each computer in the network ;

In NTP, time is defined to propagate at the level of the server, and all servers are classified into different stratum (layers) as far away from the external UTC source, for example by GPS (Global positioning System, Global Positioning System) the server that sent the standard time is called Stratum-1 's NTP server, while Stratum-2 gets the time from Stratum-1, Stratum-3 gets the time from Stratum-2, and so on, However, the total number of stratum layers is limited to less than 15. All these servers logically form a ladder-style architecture to connect with each other, while the Stratum-1 time server is the foundation of the whole system;

Schema, as follows:

650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M00/8E/26/wKiom1i2pK6yCac9AAH6yMIQg48292.png-wh_500x0-wm_ 3-wmp_4-s_1544788688.png "title=" Clipboard.png "alt=" Wkiom1i2pk6ycac9aah6ymiqg48292.png-wh_50 "/>

Then the next step is to get to the point.

1. Allow firewalls to pass data from NTP

Firewall-cmd--permanent--zone=public--add-port=123/udpfirewall-cmd--list-all

Public (Active)

Target:default

Icmp-block-inversion:no

Interfaces:eth0

Sources

Services:dhcpv6-client SSH

PORTS:123/UDP #我还开启了其他的端口, I'm not going to show you here.

Protocols:

Masquerade:no

Forward-ports:

Sourceports:

Icmp-blocks:

Rich rules:

2. Installing the NTP service

Yum-y Install NTP

3. Configure NTP

The primary configuration file for the NTP service is "/etc/ntp.conf", and there are no modified configuration files as shown below

Egrep-v "^#|^$"/etc/ntp.conf

Driftfile/var/lib/ntp/drift

Restrict default nomodify notrap nopeer noquery

Restrict 127.0.0.1

Restrict:: 1

Server 0.centos.pool.ntp.org Iburst

Server 1.centos.pool.ntp.org Iburst

Server 2.centos.pool.ntp.org Iburst

Server 3.centos.pool.ntp.org Iburst

Includefile/etc/ntp/crypto/pw

Keys/etc/ntp/keys

Disable Monitor

Here are some of the parameters that you can often use.

driftfile/var/lib/ntp/drift# system time vs. BIOS time deviation record

-------------------------------------------------------------------------------------------

Restrict default nomodify notrap Nopeer noquery# Control-related permissions

Restrict 127.0.0.1

Restrict:: 1

--------------------------------------------------#语法为: Restrict IP address Subnet mask parameter

There are several parameters:

Ignore rejects all types of NTP connections;

The Nomodify client cannot use the NTPC and NTPQ to modify the server's time parameters, but the client can perform network-based

Notrust rejects the client without authentication;

Noquery does not provide a time query for the client (denies all query operations to the client), and the user cannot query the NTP server with commands such as Ntpq,ntpc

Notrap does not provide the ability to trap this remote event login (remote events logging)

Note: If there is no Restrict Parameters , the "IP, network segment address is not subject to any restrictions" will be added .

-------------------------------------------------------------------------------------------

Server 0.centos.pool.ntp.org prefer#指定ntp服务器地址

Server 1.centos.pool.ntp.org Iburst

Server 2.centos.pool.ntp.org Iburst

Server 3.centos.pool.ntp.org Iburst

--------------------------------------------------#语法为: Server IP address prefer/iburst

--------------------------------------------------#prefer means: Priority NTP server address

If the NTP service is configured normally, simply modify the address after the server to the NTP address you want, no additional configuration is required;

Vim/etc/ntp.conf

Restrict 192.168.100.254 #想要为其同步时间的客户端地址 (self acting as an NTP server) server 192.168.100.254 #ntp服务器地址

4. Start NTP and view the NTP port

Systemctl Start Ntpd.service

Check if NTP is running

pgrep ntpd or

ps-ef | grep ntpd OR

systemctl status Ntpd.service or

Netstat-anptu | grep NTP

UDP 0 0 10.0.0.143:123 0.0.0.0:* 10466/ntpd

UDP 0 0 127.0.0.1:123 0.0.0.0:* 10466/ntpd

UDP 0 0 0.0.0.0:123 0.0.0.0:* 10466/ntpd

UDP6 0 0 fe80::f816:3eff:feb:123:::* 10466/ntpd

UDP6 0 0:: 1:123:::* 10466/ntpd

UDP6 0 0::: 123:::* 10466/ntpd

This means that the NTP service is up, but does it have to connect to the NTP server?

5. See if NTP is connected to the upper NTP

Ntpstat

Synchronised to NTP server (85.199.214.101) at Stratum 2

Time correct to within-MS

Polling server every S

This instruction can list whether the client is connected to an NTP server, which can be used to know that our machine is on level 3 because we are synchronizing from the second level.

So let's move on, we're on the third floor, and we'd like to know who the first floor is.

6. View NTP and upper-level status

Ntpq-p

650) this.width=650; "Src=" https://s5.51cto.com/wyfs02/M01/8E/26/wKiom1i2pMnCmruyAAAqqPJksgo705.png-wh_500x0-wm_ 3-wmp_4-s_3605006594.png "title=" clipboard (1). png "alt=" wkiom1i2pmncmruyaaaqqpjksgo705.png-wh_50 "/>

Here's an explanation:

REMOTE#NTP the IP of the host, the left ' * ' indicates the current reference ;

-------# ' + ' means preference, or next candidate; Order ' * +-'

refID refer to the previous level of NTP host address

St layer, the first layer for the GPS satellite, do not understand can see the top of the picture

When how many seconds to do between time synchronization;

Poll the next update time is after a few seconds;

The number of reach updates to the upper layer

Delay time in the delay network process

Offset time compensation

Jitterlinux system time vs. BIOS difference

View NTPD process Status Press Ctrl + C to stop

Watch ' Ntpq-p '

Every 2.0s:ntpq-p Wed Mar 1 17:50:18 2017

Remote refID St T when poll reach delay offset jitter

==============================================================================

+marla.ludost.ne 131.188.3.220 2 U 872 1024 177 214.437 24.742 6.540

*85.199.214.101.            Gps. 1 u 11 64 377 216.950 0.123 5.755

+188-39-37-91.st.            Gps. 1 u 15 64 355 231.056-0.961 19.068

-BIISONI.MIUKU.N 207.224.49.219 2 U 395 1024 367 177.958 32.780 39.127

7.ntpdate Sync Time

Usage: ntpdate NTP server address

Ntpdate 0.asia.pool.ntp.org

So update time, the time between server/client not allow more than 1000 seconds, more than, will not go to sync;

To force synchronization, you can use the-u option, and-u takes a non-privileged port to synchronize the time, as shown here:

Ntpdate-u 0.asia.pool.ntp.org

8. Write Time to Bios

Hwclock- R View bios time

Hwclock- W writes the system time to the BIOS

Make a summary below:

NTPD, Ntpdate

1.NTPD time synchronization server, synchronization is smooth synchronization

2.ntpdate synchronization time needs to rely on the NTP service, and is immediately synchronized, will not control the amount of time before, will immediately sync to the same time as the NTP server;

Reference Documentation:

http://linux.vbird.org/linux_server/0440ntp.php

Http://www.cnblogs.com/kerrycode/archive/2015/08/20/4744804.html

This article is from the "Rslinux" blog, make sure to keep this source http://readshlinux.blog.51cto.com/9322509/1902432

NTP common configuration collation for Linux