Ntp service and time synchronization
I had a small project that was completely self-developed. I thought it was a very simple NTP service. I had to spend more than two hours on it (I used to work on O & M and didn't pay too much attention to it, therefore, this technology is easy to use.) record here to avoid wasting time in the future.
In the target environment, five linux centos 6.3 servers are used as the synchronization time between the NTPD service and the external public NTP service, and the NTPD server on the Intranet. Other servers are synchronized with this service.
Server IP Address |
Role |
Description |
Synchronization mode |
192.168.1.135 |
NTPD service |
1. synchronizes the standard time with the external public NTPD service 2. Serve as an NTPD service for internal and external networks |
Smooth synchronization of NTPD services |
192.168.1.xxx |
Internal and external NTP clients |
Synchronization time between Intranet devices and 192.168.1.135 |
Smooth synchronization of NTPD services |
...... |
Internal and external NTP clients |
Synchronization time between Intranet devices and 192.168.1.135 |
Smooth synchronization of NTPD services |
1. NTP time synchronization mode selection
There are two NTP Synchronization Methods in linux: Use the ntpdate command to synchronize directly and use the NTPD service for smooth synchronization. What is the difference? To put it simply, the concept will not be blurred after a long time.
The current system time of an existing device is. The actual current time (in the air, maybe on a satellite, here is assumed to be at the upper-level target NTP server for synchronization) is. If we use ntpdate synchronization (ntpdate-u destination NTP server IP address), the operating system time will be updated to immediately. If our system has a scheduled application that runs at every day, now that the task has run (the current time is) and is changed to 12: 30 by ntpdate, the task will be executed again after 10 minutes, this is terrible. This task can only be executed once !! I think you (actually me) have understood the hidden risks of ntpdate time synchronization. Of course, this example is extreme, but it is indeed risky. I don't plan to do this in the production environment, so it is better to be secure. Therefore, the solution to this problem is to smoothly change the time without having a time point experienced twice in a day. This is the smooth synchronization time of the NTPD service, the offset of each synchronization time will not be too steep, but it will take a long time (Q: How can this problem be solved? I only know one synchronization at a time, but it takes a long time to complete synchronization, therefore, you must manually synchronize ntpdate before enabling NTPD service synchronization ).
2. install and configure
The CentOS 6.3 system already comes with the NTPD service, which is usually followed by default. If it is not installed, check it first, configure the yum repository, and install it in the yum mode. The details are as follows:
# Rpm-q ntp
Ntp-4.2.4p8-2.el6.x86_64 // This indicates that it is installed, and if it is not installed, it is blank.
If not, follow the steps below
# Yum install ntp
......
Install the NTP software package on each server on the Intranet according to the above installation method.
After that, you must configure the NTP service to start automatically.
# Chkconfig ntpd on
# Chkconfig -- list ntpd
Ntpd 0: off 1: off 2: Enable 3: Enable 4: Enable 5: Enable 6: Disable
Before configuration, use ntpdate to manually synchronize the time, so that the time difference between the local machine and the external time server is too large, so that ntpd cannot be synchronized normally.
# Ntpdate-u 202.112.10.36
22 Dec 16:52:38 ntpdate [6400]: adjust time server 202.112.10.36 offset 0.012135 sec
Configure Intranet NTP-Server (192.168.1.135)
The following describes how to configure the Intranet NPTD server (192.168.1.135). The core of the NTPD service configuration is in the/etc/ntp. conf file. The articles on the Internet, especially for foreigners, are very simple. I am fooled. Mom, the basic environment is different. We have to have Chinese characteristics. First, go to the configuration file. Later, the red part is my modification, and the others are the default ones.
# For more information about this file, see the man pages # Ntp. conf (5), ntp_acc (5), ntp_auth (5), ntp_clock (5), ntp_misc (5), ntp_mon (5 ). Driftfile/var/lib/ntp/drift # Permit time synchronization with our time source, but do not # Permit the source to query or modify the service on this system. Restrict default kod nomodify notrap nopeer noquery Restrict-6 default kod nomodify notrap nopeer noquery # Permit all access over the loopback interface. This cocould # Be tightened as well, but to do so wocould effect some # The administrative functions. Restrict 127.0.0.1 Restrict-6: 1 # Hosts on local network are less restricted. # Allow synchronization time of other machines on the Intranet Restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html ). # China's most active time server: http://www.pool.ntp.org/zone/cn Server 210.72.145.44 perfer # China National Time Center Server 202.112.10.36 # 1.cn.pool.ntp.org Server 59.124.196.83 # 0.asia.pool.ntp.org # Broadcast 192.168.1.255 autokey # broadcast server # Broadcastclient # broadcast client # Broadcast 224.0.1.1 autokey # multicast server # Multicastclient 224.0.1.1 # multicast client # Manycastserver 239.415254.254 # manycast server # Manycastclient 239.415254.254 autokey # manycast client # Allow update time by the upper server # Allow the upper-layer time server to actively modify the local time Restrict 210.72.145.44 nomodify notrap noquery Restrict 202.112.10.36 nomodify notrap noquery Restrict 59.124.196.83 nomodify notrap noquery # Undisciplined Local Clock. This is a fake driver intended for backup # And when no outside source of synchronized time is available. # When the external time server is unavailable, use the local time as the time service Server 127.127.1.0 # local clock Fudge 127.127.1.0 stratum 10 # Enable public key cryptography. # Crypto Includefile/etc/ntp/crypto/pw # Key file containing the keys and key identifiers used when operating # With encryption Ric key cryptography. Keys/etc/ntp/keys # Specify the key identifiers which are trusted. # Trustedkey 4 8 42 # Specify the key identifier to use with the ntpdc utility. # Requestkey 8 # Specify the key identifier to use with the ntpq utility. # Controlkey 8 # Enable writing of statistics records. # Statistics clockstats cryptostats loopstats peerstats |
For a simple description of configuration parameters and commands, see: http://linux.vbird.org/linux_server/0440ntp.php#server_ntp.conf
The configuration file is modified, saved and exited, and the service is started.
# Service ntpd start
......
After startup, it usually takes about 5-10 minutes to start synchronization with the external time server. You can run a command to query the NTPD service status.
View service connections and listeners
# Netstat-tlunp | grep ntp
Udp 0 0192.168.1.135: 1230.0.0.0: * 23103/ntpd
Udp 0 0 127.0.0.1: 123 0.0.0.0: * 23103/ntpd
Udp 0 0 0.0.0.0: 123 0.0.0.0: * 23103/ntpd
Udp 0 0 fe80: 6cae: 8bff: fe3d: f65: 123: * 23103/ntpd
Udp 0 0 fe80: 6family: 8bff: fe3d: f65: 123: * 23103/ntpd
Udp 0 0: 1: 123 ::: * 23103/ntpd
Udp 0 0: 123: * 23103/ntpd
When you look at the bold red area, it indicates that the connection and listening are correct and UDP is used.
Ntpq-p: view the NTP server in the network and display the relationship between the client and each server.
# Ntpq-p
# Ntpq-p
Remote refid st t when poll reach delay offset jitter
========================================================== ==============================================
* 202.112.10.36 202.112.10.60 2 u 277 128 314 201.553 9.193
+ 59.124.196.83 129.6.15.28 2 u 88 128 377 71.153-25.111 14.004
LOCAL (0). LOCL. 10 l 15 64 377 0.000 0.000
Location |
Flag |
Description |
Symbol |
* |
Response NTP server and the most accurate Server |
+ |
NTP server responding to this query request |
Blank (Space) |
NTP server with No Response |
Title |
Remote |
Name of the NTP server responding to this request |
Refid |
Name of the higher-level server used by the NTP server |
St |
Level of the NTP server that is responding to the request |
When |
Number of seconds since the last successful request |
Poll |
How often does the local server and remote server synchronize data? Unit: seconds. When NTP is started, the poll value is relatively small and the server synchronization frequency is high, you can adjust it to the correct time range as soon as possible. Then, the poll value will gradually increase and the synchronization frequency will decrease accordingly. |
Reach |
It is an octal value to test whether a connection can be established with the server. The value of each successful connection increases. |
Delay |
The round-trip time required to send synchronization requests from the local machine to the ntp server |
Offset |
The Time offset between the host and the synchronization time source through the NTP clock, in milliseconds. The closer the offset is to 0, the closer the time between the host and the ntp server is. |
Jitter |
Calculates the distribution of offset in a specific continuous number of connections. Simply put, the smaller the absolute value, the more accurate the host time. |
The ntpstat command is used to check the time synchronization status. It usually takes 5 to 10 minutes to connect to and synchronize data. Therefore, wait a moment after the server is started.
When starting, it is generally:
# Ntpstat
Unsynchronised
Time server re-starting
Polling server every 64 s
After connection and synchronization:
Synchronised to NTP server (202.112.10.36) at stratum 3
Time correct to within 275 MS
Polling server every 256 s
OK. The intranet NTPD service has been configured. If all devices are normal, configure other devices in the intranet and use this server as the time synchronization service.
Configure Intranet NTP-Clients
Other devices on the Intranet are configured as NTP clients, which are relatively simple and the configurations of all devices are the same.
Install the NTPD service and configure it to self-start (exactly the same as NTP-Server ). Find one of the configuration files/etc/ntp. conf. After the configuration is verified, copy the file to another client and use it directly.
# Yum install ntp
...
# Chkconfig ntp on
# Vim/etc/ntp. conf
Driftfile/var/lib/ntp/drift Restrict 127.0.0.1 Restrict-6: 1 # Set the time server to a local time server Server 192.168.1.135 Restrict 192.168.1.135 nomodify notrap noquery Server 127.127.1.0 # local clock Fudge 127.127.1.0 stratum 10 Includefile/etc/ntp/crypto/pw Keys/etc/ntp/keys |
For simplicity, only configuration items are listed here, and all comments are cleared.
OK. Save and exit. Use ntpdate to manually synchronize the time before requesting the server.
# Ntpdate-u 192.168.0.135
22 Dec 17:09:57 ntpdate [6439]: adjust time server 192.168.1.135 offset 0.004882 sec
Synchronization may fail. Generally, the reason is that the local NTPD server is not properly started. It usually takes several minutes to start synchronization.
For error determination, refer to the subsequent error handling.
# Service ntpd start
....
View synchronization status after startup
# Ntpq-p
# Ntpstat
.....
Because it is an intranet, ntpstat can be synchronized very soon. Wait a few minutes.
OK. After the local client configuration is complete, use SCP to copy/etc/ntp. conf to other client machines to be synchronized and start the NTPD service.
The operation configurations on other client machines are as follows:
# Ntpdate-u 192.168.0.135
22 Dec 17:09:57 ntpdate [6439]: adjust time server 192.168.1.135 offset 0.004882 sec
# Scp 192.168.1.xxx:/etc/ntp. conf/etc/ntp. conf
# Service ntpd start
3. handle errors
Used to collect installation, configuration, and Application Problems
Error 1: ntpdate-u ip-> no server suitable for synchronization found
Judgment: the ntp client uses ntpdate-d serverIP to view the error "Server dropped: strata too high" and displays "stratum 16 ". Normally, the value range of stratum is "0 ~ 15 ".
Cause: the NTP server is not synchronized with itself or its server. After you restart the ntp service on the ntp server, it may take five minutes for the ntp server to synchronize itself or with its server, during this time, when the client runs the ntpdate command, the no server suitable for synchronization found error is generated.
Processing: Wait a few minutes and try again.
You can also run the ntpq-p command to view the situation.
Reference: http://blog.csdn.net/weidan1121/article/details/3953021