NTP Service and Time synchronization (centos6.x)

Source: Internet
Author: User
Tags bbcode

Today there is a small project, completely self-made, originally thought very simple NTP service, I give toss for 2 hours only to support the head (formerly are operations, not too much attention, so this technology, in simple all need to kiss taste AH), here records for the future do not waste time.

Target environment, 5 Linux CentOS 6.3, one as NTPD service and external public NTP service synchronization time, while as an intranet NTPD server, other machines and this service to do time synchronization.

Server IP Role Description Synchronization mode
192.168.1.135 NTPD Service

1, responsible for the external public NTPD service synchronization Standard Time

2, as the internal and external network NTPD service

NTPD Service Smooth Synchronization

192.168.1.xxx Internal and external NTP client Synchronization time between intranet device and 192.168.1.135 NTPD Service Smooth Synchronization
...... Internal and external NTP client Synchronization time between intranet device and 192.168.1.135 NTPD Service Smooth Synchronization

1, NTP time synchronization mode selection

NTP synchronization is generally two types under Linux: Use the ntpdate command to synchronize directly and use the NTPD service to smooth synchronization. What is the difference, simply say, lest the time be long, the concept is blurred.

The existing one device, the system time is 13:00, the real current time (in the air, perhaps on the satellite, here is assumed to be in preparation for synchronization of the superior target NTP server) is: 12:30. If we use Ntpdate synchronization (ntpdate-u target NTP server IP), the operating system time is immediately updated to 12:30, if, our system has a timing application, is running at 12:40 every day, so the actual task today is already running (the current time is 13:0 0), is now modified by Ntpdate to 12:30, then means that after 10 minutes, and will perform a task, this is bad, this task can only be executed once!! I think you (in fact, I) already understand the ntpdate time synchronization of the hidden dangers, of course, this example is some extreme, but there is a risk, production environment I do not intend to do so, or safe point good. So the solution to this problem is time smoothing changes, will not let a point in time in a day to go through two times, this is the NTPD service mode of smooth synchronization time, it is the offset of the synchronization time will not be too steep, is slow to (Q: How come, no scrutiny, only know a bit of synchronization, complete synchronization good need a long time, So the general turn on the NTPD service before synchronization with the Ntpdate first manually synchronized once).

2. Installation Configuration

CentOS 6.3 System has come with the NTPD service, the general default is to follow, if not installed, first check, and then configure the Yum Warehouse, yum mode installation is OK, as follows:

# rpm-q NTP

ntp-4.2.4p8-2.el6.x86_64//This means that it is installed and if it is not installed, this is blank.

If not installed, we follow the

# yum Install NTP

......

Install the NTP package on each server in the intranet as per the above installation method.

When you are finished, you need to configure the NTP service to be self-booting

# Chkconfig NTPD on

# chkconfig--list ntpd

NTPD 0: Off 1: Off 2: Enable 3: Enable 4: Enable 5: Enable 6: Off

Before the configuration, the use of ntpdate manually synchronize the next time, so that the local and external time server time gap is too large, so that ntpd can not sync properly.

# Ntpdate-u 202.112.10.36

Dec 16:52:38 ntpdate[6400]: Adjust time server 202.112.10.36 offset 0.012135 sec

Configure intranet Ntp-server (192.168.1.135)

The following is mainly the configuration of the Intranet Nptd server (192.168.1.135), NTPD service configuration core is in the/etc/ntp.conf file, the configuration is OK. In particular, the article on the Internet is very simple, I fooled, mom yo, the basic environment is not the same, we have to Chinese characteristics. First on the configuration file again, the red part is my modification, the other is the default.

# For more information on this file, see the "the Man pages"

# ntp.conf (5), NTP_ACC (5), Ntp_auth (5), Ntp_clock (5), Ntp_misc (5), Ntp_mon (5).

Driftfile/var/lib/ntp/drift

# Permit time synchronization with We time source, but does not

# permit the source to a query or modify the service on this system.

Restrict default Kod nomodify notrap nopeer noquery

restrict-6 default Kod nomodify notrap nopeer noquery

# Permit All access over the loopback interface. This could

# is tightened as well, but to does so would effect some of

# the administrative functions.

Restrict 127.0.0.1

Restrict-6:: 1

# Hosts on local network is less restricted.

# Allow other machines in the intranet to synchronize time

Restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

# Use public servers from the Pool.ntp.org project.

# Please consider joining the pool (http://www.pool.ntp.org/join.html).

# The most active time on the Chinese side server: http://www.pool.ntp.org/zone/cn

Server 210.72.145.44 Perfer # China National Time Center

Server 202.112.10.36 # 1.cn.pool.ntp.org

Server 59.124.196.83 # 0.asia.pool.ntp.org

#broadcast 192.168.1.255 AutoKey # Broadcast Server

#broadcastclient # Broadcast Client

#broadcast 224.0.1.1 AutoKey # Multicast Server

#multicastclient 224.0.1.1 # Multicast Client

#manycastserver 239.255.254.254 # Manycast Server

#manycastclient 239.255.254.254 AutoKey # manycast Client

# Allow update time by the upper server

# allow the upper-level time server to proactively modify the native time

Restrict 210.72.145.44 nomodify notrap noquery

Restrict 202.112.10.36 nomodify notrap noquery

Restrict 59.124.196.83 nomodify notrap noquery

# undisciplined Local Clock. This was a fake driver intended for backup

# and when no outside source of synchronized time is available.

# when the external time server is unavailable, local time is used as the time service

Server 127.127.1.0 # Local clock

Fudge 127.127.1.0 Stratum 10

# Enable Public Key cryptography.

#crypto

Includefile/etc/ntp/crypto/pw

# key file containing the keys and Key identifiers used when operating

# with symmetric key cryptography.

Keys/etc/ntp/keys

# Specify the key identifiers which is trusted.

#trustedkey 4 8 42

# Specify the key identifier to use with the NTPDC utility.

#requestkey 8

# Specify the key identifier to use with the NTPQ utility.

#controlkey 8

# Enable writing of Statistics records.

#statistics clockstats cryptostats loopstats peerstats

For a brief description of the configuration parameters and commands, please refer to: http://linux.vbird.org/linux_server/0440ntp.php#server_ntp.conf

Configuration file modification Complete, save exit, start service.

# service NTPD Start

......

After startup, it usually takes about 5-10 minutes for the time to start synchronizing with the external time server. You can query ntpd service conditions by command.

View Service connections and monitoring

# NETSTAT-TLUNP | grep NTP

UDP 0 0 192.168.1.135:123 0.0.0.0:* 23103/ntpd

UDP 0 0 127.0.0.1:123 0.0.0.0:* 23103/ntpd

UDP 0 0 0.0.0.0:123 0.0.0.0:* 23103/ntpd

UDP 0 0 fe80::6cae:8bff:fe3d:f65:123:::* 23103/ntpd

UDP 0 0 fe80::6eae:8bff:fe3d:f65:123:::* 23103/ntpd

UDP 0 0:: 1:123:::* 23103/ntpd

UDP 0 0::: 123:::* 23103/ntpd

Look at the red bold place, indicating that the connection and monitoring are correct, using UDP mode

Ntpq-p View the NTP server in the network while showing the relationship between the client and each server

# ntpq-p

# ntpq-p

Remote refID St T when poll reach delay offset jitter

==============================================================================

*202.112.10.36 202.112.10.60 2 U 277 128 314 201.553 9.193 17.068

+59.124.196.83 129.6.15.28 2 U 88 128 377 71.153-25.111 14.004

LOCAL (0).          Locl. Ten L 15 64 377 0.000 0.000 0.000

Position Sign Meaning
Symbol * Responding to the NTP server and the most accurate server
+ The NTP server that responds to this query request
Blank (space) No response to the NTP server
Title Remote The name of the NTP server in response to this request
refID The name of a higher-level server used by the NTP server
St The level of the NTP server that is responding to the request
When The number of seconds since the last successful request
Poll Local and remote server how much time to synchronize, in seconds, at the beginning of the NTP run time this poll value will be relatively small, server synchronization frequency, can be adjusted to the correct time range as soon as possible, after the poll value will gradually increase, the frequency of synchronization will be correspondingly reduced
Reach Used to test the ability to connect to a server, which is an octal value, and the value of each successful connection increases
Delay Roundtrip time to send synchronization requests from the local machine to the NTP server
Offset The time offset of the host through the NTP clock synchronization with the synchronized time source, in milliseconds, the closer the offset is to 0, the closer the host and the NTP server time
Jitter The distribution of offset in a particular contiguous number of connections is counted. Simply put, the smaller the absolute value, the more accurate the host time

The Ntpstat command looks at the time synchronization state, which typically takes 5-10 minutes to connect and synchronize successfully. Therefore, the server needs to wait a little while booting.

When it starts, it's usually:

# Ntpstat

Unsynchronised

Time Server re-starting

Polling server every S

After connecting and synchronizing:

Synchronised to NTP server (202.112.10.36) at Stratum 3

Time correct to within 275 ms

Polling server every S

OK, the Intranet NTPD service has been configured to complete, if all normal, start to configure other devices in the intranet with this server as a time synchronization service.

Configure intranet Ntp-clients

Other devices on the intranet, as the client configuration of NTP, are relatively simple, and all devices are configured identically.

You first need to install the NTPD service and then configure it as self-booting (exactly the same as Ntp-server). Then find one of the configuration/etc/ntp.conf files, configure the completion of verification through, copy to other client machine, directly use.

# yum Install NTP

...

# Chkconfig NTP on

# vim/etc/ntp.conf

Driftfile/var/lib/ntp/drift

Restrict 127.0.0.1

Restrict-6:: 1

# Configure the time server as a local time server

Server 192.168.1.135

Restrict 192.168.1.135 nomodify notrap noquery

Server 127.127.1.0 # Local clock

Fudge 127.127.1.0 Stratum 10

Includefile/etc/ntp/crypto/pw

Keys/etc/ntp/keys

For simplicity, only the configuration items are listed here, and the comments are all cleaned up.

OK, save the exit, before requesting the server, please use Ntpdate to manually synchronize the next time

# Ntpdate-u 192.168.0.135

Dec 17:09:57 ntpdate[6439]: Adjust time server 192.168.1.135 offset 0.004882 sec

There may be synchronization failures, usually because the local NTPD server is not up and running normally, it takes a few minutes to start syncing.

Please refer to the following error handling for error determination.

# service NTPD Start

....

When you start, review the synchronization situation

# ntpq-p

# Ntpstat

.....

Because it is the intranet, the general Ntpstat can be synchronized quickly, a few minutes need to wait.

OK, after the native Client configuration is complete, use the SCP copy/etc/ntp.conf to other client machines that need to be synchronized, and start the NTPD service.

The operation configuration on other client machines is as follows:

# Ntpdate-u 192.168.0.135

Dec 17:09:57 ntpdate[6439]: Adjust time server 192.168.1.135 offset 0.004882 sec

# SCP 192.168.1.xxx:/etc/ntp.conf/etc/ntp.conf

# service NTPD Start

3. Error handling

Used to collect problems in installation, configuration, and application

Error 1:ntpdate-u IP no server suitable for synchronization found

Judgment: The NTP client was viewed with ntpdate–d ServerIP and found "Server Dropped:strata too High" error, and "Stratum 16" is displayed. And under normal circumstances stratum this worthwhile range is "0~15".

Cause: NTP server is not yet synchronized with itself or its server. After the NTP service is restarted on the NTP server, the NTP server itself or the synchronization with its server needs a period of time, which may be 5 minutes, which will result in no server suitable when the client runs the ntpdate command at that time. For synchronization found error.

Processing: Wait a few minutes and retry the general resolution.

You can also use the command ntpq-p to view the situation

NTP Service and Time synchronization (centos6.x)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.