NTP server configuration for Linux service management

Target Environment,3DeskCentOS 6.6, a set asNTPDServices and external publicNTPService synchronization time, as well as the intranetNTPDservers, and other machines do time synchronization with this service.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/57/FC/wKioL1Sl4kbg5vAhAADo9wtkxQY205.jpg "title=" 1.jpg " alt= "Wkiol1sl4kbg5vahaado9wtkxqy205.jpg" style= "padding:0px;margin:0px;vertical-align:top;border:none;"/>

1, NTP time synchronization mode selection

NTP synchronization is generally two types under Linux: Use the ntpdate command to synchronize directly and use the NTPD service to smooth synchronization. What is the difference, simply say, lest the time be long, the concept is blurred.

The existing one device, the system time is 13:00, the real current time (in the air, perhaps on the satellite, here is assumed to be in preparation for synchronization of the superior target NTP server) is: 12:30. If we use Ntpdate synchronization (ntpdate-u target NTP server IP), the operating system time is immediately updated to 12:30, if, our system has a timing application, is running at 12:40 every day, so the actual task today is already running (the current time is 13:0 0), is now modified by Ntpdate to 12:30, then means that after 10 minutes, and will perform a task, this is bad, this task can only be executed once!! I think you (in fact, I) already understand the ntpdate time synchronization of the hidden dangers, of course, this example is some extreme, but there is a risk, production environment I do not intend to do so, or safe point good. So the solution to this problem is time smoothing changes, will not let a point in time in a day to go through two times, this is the NTPD service mode of smooth synchronization time, it is the offset of the synchronization time will not be too steep, is slow to (Q: How come, no scrutiny, only know a bit of synchronization, complete synchronization good need a long time, So the general turn on the NTPD service before synchronization with the Ntpdate first manually synchronized once).

2. Installation Configuration

CentOS 6.6 has its own NTPD service, the general default has been installed, if not installed, first check, and then configure the Yum Warehouse, yum mode installation is OK, as follows:

[[email protected] ~]# Rpm-qa NTP

ntp-4.2.6p5-1.el6.centos.x86_64 //This means that it is installed and if it is not installed, this is blank.

If it is not installed, we will install it:

# yum Install NTP

Install the NTP package on each server in the intranet as per the above installation method.

When you are finished, you need to configure the NTP service to be self-booting

# Chkconfig NTPD on

# chkconfig--list ntpd

NTPD 0: Off 1: Off 2: Enable 3: Enable 4: Enable 5: Enable 6: Off

Before the configuration, the use of ntpdate manually synchronize the next time, so that the local and external time server time gap is too large, so that ntpd can not sync properly.

[Email protected] ~]# ntpdate-u 172.16.0.1

1Jan 19:50:32 ntpdate[2088]: Step time server 172.16.0.1 offset 29061.965240sec

Configure intranet Ntp-server (172.16.31.10)

The following is mainly the configuration of the Intranet Nptd server (172.16.31.10), in the/etc/ntp.conf file, the configuration is OK. First on the configuration file again, the red part is my modification, the other is the default.

[Email protected] ~]# cat/etc/ntp.conf

# For more information on this file, see the "the Man pages"

# ntp.conf (5), NTP_ACC (5), Ntp_auth (5), Ntp_clock (5), Ntp_misc (5), Ntp_mon (5).

Driftfile/var/lib/ntp/drift

# Permit time synchronization with We time source, but does not

# permit the source to a query or modify the service on this system.

#默认拒绝所有来源的任何访问

#restrict default Kod nomodify notrap nopeer noquery

#restrict-6 default kod nomodify notrap nopeer noquery

# Permit All access over the loopback interface. This could

# is tightened as well, but to does so would effect some of

# the administrative functions.

#ntpd need to have loopback participation, and the default is to reject all, will loopback release.

Restrict 127.0.0.1 #开放本机的任何访问

Restrict-6:: 1

# Allow other machines in the intranet to synchronize time

# Hosts on local network is less restricted.

Restrict 172.16.31.0 mask 255.255.0.0 nomodify notrap

# Use public servers from the Pool.ntp.org project.

# Please consider joining the pool (http://www.pool.ntp.org/join.html).

# The most active time on the Chinese side server: HTTP://WWW.POOL.NTP.ORG/ZONE/CN

#server 210.72.145.44 Perfer # China National Time Center

#server 202.112.10.36 # 1.cn.pool.ntp.org

#server 59.124.196.83 # 0.asia.pool.ntp.org

But I have the upper layer of time server, I will use the above bar!!!

Server 172.16.0.1

#broadcast 192.168.1.255 AutoKey # Broadcast Server

#broadcastclient # Broadcast Client

#broadcast 224.0.1.1 AutoKey # Multicast Server

#multicastclient 224.0.1.1 # Multicast Client

#manycastserver 239.255.254.254 # Manycast Server

#manycastclient 239.255.254.254 AutoKey # manycast Client

# allow the upper-level time server to proactively modify the native time

#allow update time by the upper server

Restrict 172.16.0.1 nomodify notrap noquery

# when the external time server is unavailable, local time is used as the time service

# undisciplined Local Clock. This was a fake driver intended for backup

# # and when no outside source of synchronized time is available.

Server 127.127.1.0 #local Clock

Fudge 127.127.1.0 Stratum 10

# Enable Public Key cryptography.

#crypto

Includefile/etc/ntp/crypto/pw

# key file containing the keys and Key identifiers used when operating

# with symmetric key cryptography.

Keys/etc/ntp/keys

# Specify the key identifiers which is trusted.

#trustedkey 4 8 42

# Specify the key identifier to use with the NTPDC utility.

#requestkey 8

# Specify the key identifier to use with the NTPQ utility.

#controlkey 8

# Enable writing of Statistics records.

#statistics clockstats cryptostats loopstats peerstats

Configuration file modification Complete, save exit, start service.

[[Email protected] ~]# service NTPD start

Starting ntpd: [OK]

[[Email protected] ~]# Date

Thu Jan 1 20:00:25 CST 2015

After startup, it usually takes about 5-10 minutes for the time to start synchronizing with the external time server. You can query ntpd service conditions by command.

View Service connections and monitoring

[[email protected] ~]# NETSTAT-TUNLP |grep NTP

UDP 0 0 172.16.31.10:123 0.0.0.0:* 2128/ntpd

UDP 0 0 127.0.0.1:123 0.0.0.0:* 2128/ntpd

UDP 0 0 0.0.0.0:123 0.0.0.0:* 2128/ntpd

UDP 0 0 fe80::a00:27ff:fedb:35e6:123:::* 2128/ntpd

UDP 0 0:: 1:123:::* 2128/ntpd

UDP 0 0::: 123:::* 2128/ntpd

Connection and monitoring are correct, using UDP mode

Ntpq-p View the NTP server in the network while showing the relationship between the client and each server

[Email protected] ~]# ntpq-p

Remote refID St T when poll reach delay offset jitter

===================================================================

Server.magelinu LOCAL (0) each U 5 64 3 0.696 30.409 0.325

*local (0).          Locl. Ten L 5 64 3 0.000 0.000 0.000

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/57/FA/wKioL1SlPKSgw9-TAALHS1qrD3M172.jpg "title=" Ntp.jpg "alt=" wkiol1slpksgw9-taalhs1qrd3m172.jpg "width=" 650 "style=" padding:0px;margin:0px;vertical-align:top; Border:none; "/>

The Ntpstat command looks at the time synchronization state, which typically takes 5-10 minutes to connect and synchronize successfully. Therefore, the server needs to wait a little while booting.

When it starts, it's usually:

[Email protected] ~]# Ntpstat

Unsynchronised

Time Server re-starting

Polling server every

S

After connecting and synchronizing:

[Email protected] ~]# Ntpstat

Synchronised to NTP server

(202.112.10.36) at Stratum 3

Time correct to within

275 ms

Polling server every

S

OK, the Intranet NTPD service has been configured to complete, if all normal, start to configure other devices in the intranet with this server as a time synchronization service.

Configure intranet Ntp-clients

Other devices on the intranet, as the client configuration of NTP, are relatively simple, and all devices are configured identically.

You first need to install the NTPD service and then configure it as self-booting (exactly the same as Ntp-server). Then find one of the configuration/etc/ntp.conf files, configure the completion of verification through, copy to other client machine, directly use.

# yum Install NTP

# Chkconfig NTP on

[Email protected] ~]# cat/etc/ntp.conf |grep-v ^#

Driftfile/var/lib/ntp/drift

Restrict default Kod nomodify notrap nopeer noquery

restrict-6 default Kod nomodify notrap nopeer noquer

Restrict 127.0.0.1

Restrict-6:: 1

# Configure the time server as a local time server

Server 172.16.31.10

# allow the upper-level time server to proactively modify the native time

Restrict 172.16.31.10 nomodify notrap noquery

# when the external time server is unavailable, local time is used as the time service

Server 127.127.1.0 # Local clock

Fudge 127.127.1.0 Stratum 10

Includefile/etc/ntp/crypto/pw

Keys/etc/ntp/keys

For simplicity, only the configuration items are listed here, and the comments are all cleaned up.

OK, save the exit, before requesting the server, please use Ntpdate to manually synchronize the next time

[Email protected] ~]# ntpdate-u 172.16.31.10

1Jan 20:09:18 ntpdate[1855]: Step time server 172.16.31.10 offset 29062.354752sec

There may be synchronization failures, usually because the local NTPD server is not up and running normally, it takes a few minutes to start syncing.

Please refer to the following error handling for error determination.

[[Email protected] ~]# service NTPD start

Starting ntpd: [OK]

When you start, review the synchronization situation

[Email protected] ~]# ntpq-p

Remote refID St T when poll reach delay offset jitter

===================================================================

172.16.31.10 172.16.0.1 u 5 64 1 0.380-0.124 0.000

*local (0).          Locl. Ten L 4 64 1 0.000 0.000 0.000

[Email protected] ~]# Ntpstat

Synchronised to local net at Stratum 11

Time correct to within 7948 MS

Polling server every S

Because it is the intranet, the general Ntpstat can be synchronized quickly.

OK, after the native Client configuration is complete, use the SCP copy/etc/ntp.conf to other client machines that need to be synchronized, and start the NTPD service.

The operation configuration on other client machines is as follows:

The third machine is also configured.

[Email protected] ~]# scp/etc/ntp.conf [email protected]:/etc/ntp.conf

[Email protected] ~]# chkconfig ntpd on

[[Email protected] ~]# service NTPD start

Starting ntpd: [OK]

[Email protected] ~]# ntpq-p

Remote refID St T when poll reach delay offset jitter

==============================================================================

172.16.31.10 172.16.0.1 u 5 64 1 1.561 2906213 0.000

*local (0).          Locl. Ten L 4 64 1 0.000 0.000 0.000

[[Email protected] ~]# Date

Thu Jan 1 12:09:13 CST 2015

[Email protected] ~]# ntpdate-u 172.16.31.10

1 Jan 20:13:49 ntpdate[1815]: Step time server 172.16.31.10 offset 29062.129201 sec

[[Email protected] ~]# Date

Thu Jan 1 20:13:53 CST 2015

At this point, the NTP server is configured to complete!!!

This article is from the "eyes engraved with your Smile" blog, please be sure to keep this source http://dengaosky.blog.51cto.com/9215128/1964901

NTP server configuration for Linux service management