Linux time synchronization, NTPD, Ntpdate

Original link: http://luijnijei.blog.163.com/blog/static/350245942010913912192/

Other references: http://blog.csdn.net/suer0101/article/details/7868813

In the Windwos, the system time setting is very simple, the interface operation, easy to understand. And after setting, reboot, Shutdown is OK. The system time is automatically saved in the BIOS clock, when you start the computer, the system will automatically take the hardware time in the BIOS to ensure uninterrupted time.

However, under Linux, the system time and hardware time are not automatically synchronized by default. During Linux operation, the system time and hardware time run asynchronously and do not interfere with each other. Hardware time is maintained by the BIOS battery, while the system time is maintained with CPU tick.

When the system is powered on, the hardware time is automatically obtained from the BIOS and is set to the system time.

I. Setup of Linux system time

To set the system time in Linux, you can use the date command:

View Time

[[Email protected] ~]# Date
Friday, December 12, 2008 14:44:12 CST

Modification time
[[Email protected] ~]# date--set "1/1/09 00:01" <== (Month/day/year: minutes: seconds)
Thursday, January 01, 2009 00:01:00 CST

Date has several time formats to accept, so you can also set the time:

[Email protected] ~]# date 012501012009.30 <== month day year. seconds
Sunday, January 25, 2009 01:01:30 CST

two. Setup of Linux hardware time

Hardware time settings, can be used hwclock or clock command. Among them, clock and hwclock usage similar, only one on the line, but clock command in addition to support x86 hardware system, but also support the Alpha hardware system.

Viewing hardware time can be with Hwclock, Hwclock--show or Hwclock-r

[Email protected] ~]# Hwclock--show
December 12, 2008 Friday 06:52 07 sec -0.376932 seconds

Set Hardware time

[Email protected] ~]# hwclock--set--date= "1/25/09 00:00" <== month/day/year: minutes: Seconds
[Email protected] ~]# Hwclock
January 25, 2009 Sunday 00:00 06 sec -0.870868 seconds

Three. Synchronization of system time and hardware time

Synchronize system time and hardware time, you can use the Hwclock command.

Modify hardware time on a system-time basis

[[email protected] ~]# hwclock--SYSTOHC <== sys (System time) to (write) HC (hard Clock)
[Email protected] ~]# hwclock-w

Modify the system time based on the hardware time

[Email protected] ~]# Hwclock--hctosys
[Email protected] ~]# hwclock-s

Four. Time synchronization between different machines

In order to avoid the time skew caused by the long-term operation of the host time, it is necessary to do time synchronization (synchronize) work. Linux systems generally use NTP servers to synchronize the time of different machines. A single machine that can be both an NTP server and an NTP client. In the network, it is recommended to synchronize time with a time server that is layered like a DNS server.

Synchronization time, you can use the Ntpdate command, or you can use the NTPD service.

The use of ntpdate is relatively straightforward. The format is as follows:

[Email protected] ~]# ntpdate [-NV] [NTP Ip/hostname]
[Email protected] ~]# ntpdate 192.168.0.2
[Email protected] ~]# ntpdate time.ntp.org

However, this synchronization is only mandatory to set the system time to NTP server time. If there is a problem with CPU tick, it is only a palliative. Therefore, the cron command is generally used to synchronize the settings regularly. For example, add in crontab:

0 * * * * */usr/sbin/ntpdate 192.168.0.1

In this way, the time is synchronized at 12 o'clock every day. The NTP server is 192.168.0.1.

Using the NTPD service is better than the combination of ntpdate plus cron. Because, ntpdate synchronization time, will cause time to jump, to some time-dependent programs and services will affect. such as Sleep,timer and so on. Moreover, the NTPD service can fix the CPU tick while correcting the time. Ideally, when booting, use ntpdate to force synchronization time, and at other times use the NTPD service to synchronize time.

It is important to note that NTPD has a self-protection setting: NTPD does not run if the time difference between the native and the source is too large. So the new set of time server must first ntpdate from the source to obtain the time initial value, and then start the NTPD service. NTPD service runs, first synchronization every 64 seconds with the source server, based on the error value measured at each synchronization to gradually adjust their time by complex calculation, with the error decreases, gradually increase the synchronization interval. The process of adjustment is repeated every time the beating occurs.

Five. Settings for the NTPD service

The relevant settings file for the NTPD service is as follows:

1./etc/ntp.conf: This is the main setup file for NTP daemon and the only one for NTP.

2./usr/share/zoneinfo/: The file in this directory is actually a set of time settings for each of the major time zones, such as the Beijing region's time zone settings file at/usr/share/zoneinfo/asia/beijing. The files in this directory are related to the two files under discussion (Clock and localtime).

3./etc/sysconfig/clock: This file is not actually included in NTP's daemon, because this is the main time zone setting file for Linux. After each boot, Linux automatically reads the file to set the default time that it will be displayed.

4./etc/localtime: This file is "time profile on local side". Just that clock file in the specified time setting file (ZONE) for/usr/share/zoneinfo/asia/beijing, so that is the local side of the time, at this time, the Linux system will Beijing that file saved as a copy/ Etc/localtime file, so the future of our time display will be Beijing that time set the file as the subject.

5./etc/timezone: System time zone file

The following highlights the settings of the/etc/ntp.conf file. In the case of NTP Server settings, it is best not to open the Internet without restrictions, as far as possible only to provide your own internal client-side Online network school. In addition, NTP server always needs more accurate hosts on the network from the line to update their own time Ah, so on our NTP server also find a closest to their own times server to self-correct. In fact, the NTP service is also a model of server/client.

[Email protected] ~]# vi/etc/ntp.conf
# 1. About the Permission Settings section
# The setting of the permission is mainly set by the Restrict parameter, the main syntax is:
# Restrict IP Mask netmask_ip parameter
# where IP can be a software address or default, default is similar to 0.0.0.0
# As for the paramter, there are:
# Ignore: Turn off all NTP Online Services
# Nomodify: Indicates that the client side cannot change the Server-side time parameter, however,

# Client side can still be on the Server side to network school.
# Notrust: The client source will be treated as untrusted domain unless authenticated
# Noquery: Does not provide client-side time query

# Notrap: Do not provide trap this remote event log in

# If paramter is not set at all, it means that the IP (or domain) "has no restrictions"

Restrict default nomodify notrap noquery # Close all NTP Request packets
Restrict 127.0.0.1 #这是允许本级查询
Restrict 192.168.0.1 mask 255.255.255.0 nomodify
#在192. The server in the 168.0.1/24 network segment can be synchronized with this NTP server for time.
# 2. Settings for upper-level hosts
# to set the upper host to the main server this parameter to set, the syntax is:
# Server [ip| HOST Name] [prefer]
# The server is followed by our upper time server! And if the Server parameter
# After adding perfer, it means that our NTP host is mainly used as the host of the
# The correspondence of the time correction. In addition, in order to resolve the delivery delay action of the update Time packet,
# so you can use Driftfile to specify our host
# The amount of time spent communicating with the Times Server can be recorded in Driftfile
# later in the file, for example, in the sample below, our NTP server is connected to the
# time spent cn.pool.ntp.org online is recorded in the/etc/ntp/drift file
Server 0.pool.ntp.org

Server 1.pool.ntp.org

Server 2.pool.ntp.org

Server cn.pool.ntp.org prefer

#其他设置值, you can use the system default value

Server 127.127.1.0 # Local clock

Fudge 127.127.1.0 Stratum 10

Driftfile/var/lib/ntp/drift
Broadcastdelay 0.008
Keys/etc/ntp/keys

To summarize, restrict is used to set the access rights, the server is used to set up the upper-level time server, Driftfile to set the Save drift time file.

Six. Starting and observing the NTP service

Before starting the NTP service, manually adjust the time for the host that provided the service. (because the server is started, the port will be consumed by the service side, you cannot manually synchronize the time)

[[Email protected] ~] # ntpdate cn.pool.ntp.org

APR 14:33:51 ntpdate[8310]: Step time server 80.85.129.2 offset 6.655976 sec

Then, start the NTPD service:

[[Email protected] ~] # service NTPD start

or [[email protected] ~] #/ETC/INIT.D/NTPD Start

To view ports:

[[Email protected] ~] # Netstat-ln|grep 123

UDP 0 0 192.168.228.153:123 0.0.0.0:*

UDP 0 0 127.0.0.1:123 0.0.0.0:*

UDP 0 0 0.0.0.0:123 0.0.0.0:*

UDP 0 0::: 123:::*

How to confirm that our NTP server has updated its own time?

[[Email protected] ~] # Ntpstat

Synchronized to NTP server (127.127.1.0) at Stratum 11

Time correct to within 950ms

Polling server every S

#改指令可列出NTP服务器是否与上层联机. The above output shows that the time correction is approximately

#为950 *10 (-6) seconds. And the time is actively updated every 64 seconds.

Common errors:

APR 15:30:17 ntpdate[11520]: No server suitable for synchronization found

In fact, this is not a mistake. Instead, it takes approximately 3-5 minutes after each restart of the NTP server for the client to establish a normal communication connection with the server. This information is reported when the client connects to the server at this time. It usually takes a few minutes to wait.

[[Email protected] ~] # ntptrace–n 127.0.0.1

127.0.0.1:stratum, offset 0.000000,synch distance 0.950951

222.73.214.125:stratum 2,offset–0.000787,synch Distance 0.108575

209.81.9.7:stratum 1,offset 0.000028,synch distance 0.00436,refid ' GPS '

#这个指令可以列出目前NTP服务器 (the first layer) and the upper NTP server (second tier)

#关系

[[Email protected] ~] # ntpq–p

The instruction "Ntpq-p" can list the current state of our NTP with the associated upper NTP, the meanings of several fields above are as follows:

Remote: The IP or host name of the NTP host. Note that the leftmost symbol, if by "+" represents the upper level NTP that is currently acting on the clock, if "*" indicates that there is also a connection, but as a secondary online NTP host.

refID: Reference to the address of the previous layer of NTP host

ST: the stratum stratum

When: A few seconds ago there was a time synchronization update operation

Poll: Next update after a few seconds

Reach: Number of updates that have been requested for the upper NTP server

Delay: The time the network transmission process clock is delayed

Offset: The result of time compensation

Jitter:linux time difference between system time and BIOS hardware time

Finally, the NTP service will only synchronize the system time by default. If you want NTP to synchronize hardware time simultaneously, you can set the/etc/sysconfig/ntpd file.

In the/etc/sysconfig/ntpd file, add Sync_hwclock=yes This allows the hardware time to synchronize with the system time.

--------------------------------------------------------------------------------------------------------------- ------------------------------------------------------

Linux Configuration Time Server (NTP) 2007-10-27 16:34

Under Linux, we can use our own NTP (Network time Protocol) protocol to keep our systems accurate over the Internet. The list of available public time servers can be obtained from the following address:

Http://ntp.isc.org/bin/view/Servers/NTPPoolServers

NTP is a protocol used to keep the system synchronized with an exact time source. It is recommended that you establish at least one time server in your own network to synchronize local time, which makes it easier to process and collect logs and management on different systems.

Describe the environment: 179 for local time servers, for other servers and 179 for synchronization. 179 and online time server synchronization.

First, configure 179 time server

1. First query the NTP software version

Rpm-qa|grep NTP

ntp-4.1.2-4.el3.1

If you are not able to find it from the Linux installation disk, install this NTP package

2. Edit the configuration file

Vi/etc/ntp.conf

First define the server

Server pool.ntp.org

Restrict default nomodify notrap noquery

Restrict 192.168.0.0 mask 255.255.255.0 notrust nomodify notrap #从192.168.0.1-192.168.0.254 servers can use our NTP server to synchronize time.

Comment out the following line

#restrict Default Ignore

3. Start the NTP server

#chkconfig ntpd on

#/etc/init.d/ntpd start

#/etc/init.d/ntpd stop

#/etc/init.d/ntpd restart

By default, the NTP server we configure does not go to the time source for synchronization time, so we must modify the/etc/ntp/step-tickers file to join our time source so that the time is automatically updated every time the service is started by/ETC/INIT.D/NTPD.

Check server synchronization Status:

Ntpq-p

Ntptrace 192.168.0.179

If the output is correct, it indicates that the time server was successful. The time is automatically synchronized each time the server is started.

Configuring the Linux Client

Execute Ntpdate ntp_server_ip on the Linux client can be based on time server unified LAN time, put the above command in Cron every morning 3 regular execution, crontab–e and then enter

0 3 * * */usr/sbin/ntpdate 192.168.0.179

Why does the computer have to be right? Because the computer's own clock is not allowed. It's not surprising that the computer is five minutes slow every day.

What precision do you need to be right? The average home computer clock error is acceptable for one minute. A clustered server typically requires all clocks to be synchronized within one second.

In sync with who? is typically synchronized with NTP (Network time Protocol) servers around the world. America Standard Time was released by NIST, and NIST provided some servers . Modern Windows operating systems are automatically and time.windows.com pairs. Linux typically uses ntppool to automatically select servers. China National Time Service Center NTP 210.72.145.44 is China's authority. The Chinese education Network has its own NTP server network . In the case of a clustered server, several local NTP servers are typically configured on the intranet.

Are there any advantages or disadvantages of so many NTP servers above? Yes, but for general applications, there is no difference. In theory, NTP servers are hierarchical (stratum), and NTP servers with stratum = 1 are synchronized directly with the world standard clocks, including GPS time, cesium atomic clocks, some cellular networks, and so on. The first-level time servers at NIST, China National Timing Center and China Education Network are at this level. Stratum = 2 of the NTP server is synchronized with the stratum = 1 server, the performance is slightly worse, but the accuracy is also in the order of milliseconds, so there is no difference. Next to each synchronization level, Stratum adds one.

Windows 2000 starts with a service that automatically synchronizes time. On Windows XP, the open time setting has a network pair setting. The default is once per week and time.windows.com. This one week synchronization is too long, can be adjusted through the registry, or modified with Wits .

The NTPD under Linux will be much more flexible. The default configuration is generally good enough. Below is an example under Fedora. Configuration:

# grep "^server"/etc/ntp.conf
Server 0.pool.ntp.org
Server 1.pool.ntp.org
Server 2.pool.ntp.org
Server pool.ntp.org
Server 127.127.1.0 # Local clock

View status after starting NTPD

# NTPQ-PN
Remote refID St T when poll reach delay offset jitter
==============================================================================
64.25.87.54 128.118.25.5 2 U 10 64 17 79.194-542.89 1.942
64.72.116.51 129.7.1.66 2 U 9 64 17 51.569-532.23 1.803
64.72.116.50 129.7.1.66 2 u 11 64 17 51.417-516.70 1.417
64.72.116.45 129.7.1.66 2 U 7 64 17 51.586-532.36 1.135
*127.127.1.0 LOCAL (0) L 3 64 17 0.000 0.000 0.001

St This column shows that the automatically selected four NTP servers are stratum = 2. The last one is the local clock. The offset of the first four rows shows a gap of about 500 milliseconds for both the local clock and four NTP servers. The Ntpstat display is currently only synchronized with the local clock:

# Ntpstat
Synchronised to local net at Stratum 11
Time correct to within 949 MS
Polling server every S

See you later:

# NTPQ-PN
Remote refID St T when poll reach delay offset jitter
==============================================================================
+64.25.87.54 128.118.25.5 2 U 56 64 377 78.548 250.871 37.180
+64.72.116.51 129.7.1.66 2 U 58 64 377 51.551 268.538 36.817
*64.72.116.50 129.7.1.66 2 U 58 64 377 51.539 274.497 36.629
+64.72.116.45 129.7.1.66 2 U 49 64 377 51.485 271.750 37.841
127.127.1.0 LOCAL (0) L 44 64 377 0.000 0.000 0.001
# Ntpstat
Synchronised to NTP server (64.72.116.50) at Stratum 3
Time correct to within 263 MS
Polling server every S

The local clock has been successfully synchronized with the external NTP server. The first column in the NTPQ report * indicates the current selection of the primary synchronization server, and the standard + representation of secondary servers that may be used to further improve synchronization accuracy. Because the server is synchronized with stratum = 2, the local ntpd stratum is 3. One detail is that the NTPQ is slowly adjusting to the clock, rather than just jumping for many seconds, so that smooth adjustment times can ensure a smooth flow of many programs. However, if the clock error is too large, ntpd may refuse to adjust the time, or someone may want to immediately adjust the time, so that the command can be executed directly: Ntpdate-b pool.ntp.org (need to stop ntpd service execution).

On my other server, there are a lot of NTP servers configured:

# grep "^server"/etc/ntp.conf
Server time-a.nist.gov
Server time-b.nist.gov
Server time.nist.gov
Server time.windows.com
Server 0.pool.ntp.org
Server 1.pool.ntp.org
Server 2.pool.ntp.org
Server pool.ntp.org
Server 127.127.1.0 # Local clock
# ntpq-p
Remote refID St T when poll reach delay offset jitter
==============================================================================
+time-a.nist.gov.            ACTS. 1 u 61 128 377 76.113-1.046 3.424
*time-b.nist.gov.            ACTS. 1 u 65 128 377 81.063 0.398 1.892
-time.nist.gov.            ACTS. 1 u 251 128 356 38.911 1.353 30.226
-time.windows.co 18.26.4.105 2 U 45 128 267 31.218 13.180 6.039
-194.109.64.200 192.87.106.2 2 U 122 128 377 155.132 0.596 38.674
-a.mirror.fizzel 43.75.42.44 3 u 56 128 377 163.391-11.756 13.006
-enfield.ikk.szt 195.111.99.186 2 U 118 128 377 188.326-2.520 32.359
+ntp1.esat.net.             Gps. 1 u 59 128 377 161.103-1.321 0.460
LOCAL (0).           Locl. Ten L 48 64 377 0.000 0.000 0.001

Labels-the relatively irregular clocks (offset or jitter) are automatically removed. From the delay here can be seen, I here and NIST a few clocks network latency is relatively small (within 100 milliseconds), generally such a small clock error. The second-to-last pool.ntp.org chooses a clock that synchronizes with the GPS, stratum = 1, is a relatively quasi-clock, just slightly larger network latency. At the same time can see time.windows.com's stratum = 2, a year ago, it used to be 6. Big International Company Microsoft also does not spend hundreds of yuan to buy a GPS receiver to build a stratrum = 1 clock server for the benefit of millions of Windows users, is really incomprehensible.

Finally, if the firewall rules under Linux are extremely restrictive, you can turn on sport 123 (assuming the OUTPUT chain is all ACCEPT) when the ntpd pair is affected:

Iptables-i input-p udp-m UDP--sport 123-j ACCEPT

Linux time synchronization, NTPD, Ntpdate