Linux ntp time server configuration tutorial, ntp server configuration
Network Time Protocol (NTP) is also a new test requirement for RHCE. During study, I also reviewed how to set the Linux Time. Now I will share it with you.
It is not difficult to set up the NTP server, but the NTP itself is a very complex protocol. Here is a brief introduction to the practical methods.
Like the previous one, the following experiments run on RHEL5
1. Time and time zone
If someone asks you what time is it? You looked at the table and replied that it was 8 o'clock. there seems to be no answer, but if you ask this person in Europe, then your answer will make him confused, because he is still blank.
Here there is a question about how to define the time. because the 24 hours of the Earth's rotation around the Sun, the time of sunrise and sunset around the world is different. therefore, we need to divide the time zone, that is, to divide the world into 24 different time zones. therefore, we can define time as a time value plus the local time zone (note that this location can be accurate to the city)
In geography, we have learned Greenwich Mean Time (GMT), which is the zero time zone. however, we often see UTC in the computer. it is short for Coordinated Universal Time. although the values of UTC and GMT are considered equal (the error is quite small), UTC has been recognized as an international standard, so we should abide by the standard and only use UTC
If the local time in China is, we can use the following two Representation Methods:
20: 00 CST
12: 00 UTC
The CST here is the Chinese Standard Time, which we usually call Beijing Time. Because China is in the UTC + 8 Time zone, and so on, it is UTC.
Why do you want to talk about this? (it's not a GEO Forum here ...)
First, no matter what channel we want to synchronize the system time, usually the provider will only give the UTC + 0 time value rather than the time zone (because it does not know where you are ). so when we set the system time, the first task is to set the time zone.
Second, when there is a crash in many countries (I remember when I was a child, China also implemented it once ), that is, if the clock is set to one hour (for example, from UTC + 8 to UTC + 9) in one day of the year, then the clock will be set to slow back. if we set the correct time zone, the system will automatically adjust it for us when we need to change the time.
Now let's take a look at how to set the time zone in Linux, that is, the time zone.
2. How to Set Linux Time Zone
In Linux, glibc provides many timezone files compiled in advance, which are stored in the/usr/share/zoneinfo Directory, which covers most countries and cities.
Code:
# Ls-F/usr/share/zoneinfo/
Africa/Chile/Factory Iceland Mico/posix/Universal
America/CST6CDT GB Indian/Mideast/posixrules US/
Arctic/eet gmt iso00006.tab MST7MDT PST8PDT WET
Asia/Egypt GMT0 Israel Navajo right/W-SU
Atlanta/Eire GMT-0 Jamaica nz roc zone. tab
Australia/est gmt + 0 Japan NZ-CHAT ROK Zulu
Brazil/EST5EDT Greenwich Kwajalein Pacific/Singapore
Canada/Etc/Hongkong Libya Poland Turkey
CET Europe/hst met Portugal UCT here we can find the time zone file of our city. If we want to view the current time of each time zone, we can use the zdump command
Code:
# Zdump Hongkong
Hongkong Fri Jul 6 06:13:57 2007 HKT so how can we tell the system which time zone we are in? There are many methods. Here are two examples:
The first one is to modify the/etc/localtime file, which defines the local time zone where I am located.
We can find our time zone file in/usr/share/zoneinfo and copy it to/etc/localtimezone (or make a symbolic link)
Assume that our current time zone is BST (that is, the British summer time, UTC + 1)
Code:
# Date
Thu Jul 5 23:33:40 BST 2007 we want to change the time zone to the time zone in which Shanghai is located.
Code:
# Ln-sf/usr/share/zoneinfo/posix/Asia/Shanghai/etc/localtime
# Date
Fri Jul 6 06:35:52 CST 2007
In this way, the time zone has been changed (note that the time has been adjusted accordingly)
The second method sets the value of the TZ environment variable. Many programs and commands will use the value of this variable. The value of TZ can be in multiple formats. The simplest setting method is to use the tzselect command.
Code:
# Tzselect
...
TZ = 'America/Los_Angeles '; export TZtzselect
It will let you select the country and city (I omitted these steps), and finally output the value of the corresponding TZ variable. Then, if you set the TZ value, the time zone will change again.
Code:
# Date
Thu Jul 5 15:48:11 PDT 2007
Through these two examples, we can also find that the TZ variable value will override/etc/localtime. that is to say, when the TZ variable is not defined, the system uses/etc/localtime to determine the time zone. so if you want to permanently modify the time zone, you can write the TZ variable settings to/etc/profile.
Now we know how to set the time zone. Let's take a look at how to set the Linux time.
3. Real Time Clock (RTC) and System Clock
To set the time, we need to clarify another concept: we have two clocks on one computer: one is the hardware time Clock (RTC), and the other is the System Clock (System Clock)
The hardware clock is a special circuit embedded on the motherboard. It exists because we can calculate the time after shutdown.
The system clock is the clock used by the kernel of the operating system to calculate the time. the total number of seconds since 00:00:00 UTC on January 1, January 1, 1970. in Linux, the system time will be synced with the hardware time (synchronization) when it is started, and then it will run independently.
Since the two clocks run independently, an error will inevitably occur after a long time. Let's look at an example.
Code:
# Date
Fri Jul 6 00:27:13 (BST 2007)
# Hwclock -- show
Fri 06 Jul 2007 12:27:17 am bst-0.968931 seconds
Through the hwclock -- show command, we can view the hardware time (always in local time zone) on the machine. We can see that there is a certain error between it and the system time, then we need to synchronize them.
If you want to set the hardware time to system time, run the following command:
Code:
# Hwclock -- hctosys otherwise, we can set the system time to the hardware time.
Code:
# Hwclock -- systohc: If you want to set the hardware time, you can set it in the BIOS when starting the system. You can also use the hwclock command.
Code:
# Hwclock -- set -- date = "mm/dd/yy hh: mm: ss" to modify the system time, use the date command.
Code:
# Date-s "dd/mm/yyyy hh: mm: ss" now we know how to set the system and hardware time. but the question is, what should I do if neither of these two times is accurate? Then we need to find a server on the Internet that can provide our accurate time and then synchronize our system time through a protocol. Then this protocol is NTP. note that next we will talk about synchronization between the system time and the network server.
4. Prepare for NTP Server setup
In fact, this title should be set to "NTP Relay Server" before the preparation is more appropriate. no matter how well our computer is configured and running for a long time, there will be errors, so it is not enough to make NTP servers for other servers on the Internet. it is still an atomic clock that can accurately estimate the time. however, because atomic clocks are very expensive and only a small number of organizations have them, they connect to a computer and become a real NTP Server. what we need to do is to connect to these servers to synchronize the time of our system, and then make our own Server into an NTP Relay Server to provide synchronization services to users on the Internet or in the LAN.
Okay, I 've talked about a lot of theories. Now let's practice it. It's actually very simple to set up an NTP Relay Server. Let's first package the required RPM
You can use this command to determine whether the NTP package has been installed:
[Root @ NTPser ~] # Rpm-qa | grep ntp
Ntp-4.2.2p1-9.el5_4.1
Chkfontpath-1.10.1-1.1
The above Code indicates that the NTP package has been installed; otherwise, install it using the following method:
Code:
# Rpm-ivh ntp-4.2.2p1-5.el5.rpm
The first step is to find the NTP Server that provides synchronization services on the Internet.
Http://www.pool.ntp.org is the official site of NTP, where we can find the closest NTP Server to our city. NTP suggests we have at least two NTP servers to ensure time accuracy
For example, in the UK, you can select the following two servers.
0.uk.pool.ntp.org
1.uk.pool.ntp.org
The general format is number.country.pool.ntp.org.
The second step is to synchronize with the NTP servers before enabling them so that the time of our servers is as close as possible to the standard time.
Here we can use the ntpdate command to manually update the time
Code:
# Ntpdate 0.uk.pool.ntp.org
6 Jul 01:21:49 ntpdate [4528]: step time server 213.222.193.35 offset-38908.575181 sec
# Ntpdate 0.pool.ntp.org
6 Jul 01:21:56 ntpdate [4530]: adjust time server 213.222.193.35 offset-0.000065 sec
If your time difference is too long, you will see a large adjustment for the first time, so you can run it twice for the sake of insurance. Why do you need to manually run the synchronization before enabling the NTP service?
1. According to the NTP settings, if your system time is faster than the correct time, NTP will not be adjusted for you, so either you set the time back or do a manual synchronization first.
2. When the time difference between your time setting and the NTP server is very large, NTP will take a long time to adjust. Therefore, manual synchronization can reduce this time period.
5. Configure and run the NTP Server
Now let's create the NTP configuration file, which is/etc/ntp. conf. We just need to add the above NTP Server and a driftfile.
Code:
# Vi/etc/ntp. conf
Server 210.72.145.44 # This is the IP address of China National Time Service Center
Server 0.uk.pool.ntp.org
Server 1.uk.pool.ntp.org
Fudge127.127.1.0 stratum 0 stratum this line is the layer of the time server. If it is set to 0, it is the top level. If you want to update the time to another NTP server, do not set it to 0.
Driftfile/var/lib/ntp. drift is very simple. Next we will start the NTP Server and set it to run automatically after it is started.
Code:
#/Etc/init. d/ntpd start
# Chkconfig -- level 35 ntpd on
6. view the NTP service running status
Now we have started the NTP service, but is our system time synchronized with the server? For this reason, NTP provides a good viewing tool: ntpq (NTP query)
I suggest you run the ntpq command to monitor the running of the NTP server. here we can use the watch command to view the changes in the server values within a period of time.
Code:
# Watch ntpq-p
Every 2.0 s: ntpq-p Sat Jul 7 00:41:45 2007
Remote refid st t when poll reach delay offset jitter
========================================================== ==============================
+ 193.60.199.75 193.62.22.98 2 u 52 64 377 8.578 10.203
* Effecart. musicbox 192.5.41.41 2 u 54 64 377 19.301-60.218 292.411
Now let me explain the meaning.
Remote: it refers to the remote NTP server connected to the local machine.
Refid: it refers to a server that provides time synchronization for remote servers (e.g. 193.60.199.75 ).
St: The layer level (stratum) of the remote server ). because NTP is a hierarchical structure, there is a top Server, and the multi-layer Relay Server goes to the client. therefore, the server level from high to low can be set to 1-16. in order to reduce load and network congestion, in principle, you should avoid directly connecting to a server with a level of 1.
T: This... I don't know what it means. ^_^
When: I personally think of it as a timer to tell us how long it will take for a local machine to synchronize time with a remote server.
Poll: the number of times the local and remote servers are synchronized (in seconds ). the poll value will be relatively small when NTP is run at the beginning, so the synchronization frequency with the server will increase, and you can adjust it to the correct time range as soon as possible. then the poll value will increase gradually, and the synchronization frequency will decrease accordingly.
Reach: This is an octal value used to test whether a connection can be established with the server. The value of reach increases every successful connection.
Delay: Send the synchronous request to the server's round trip time from the Local Machine
Offset: This is the most critical value. It tells us the time difference between the local machine and the server. The closer the offset is to 0, the closer the time we get to the server.
Jitter: This is a statistical value. it counts the distribution of offset in a specific continuous number of connections. simply put, the smaller the absolute value of this value, the more accurate the time between us and the server.
If you are careful, you will find two problems: first, we connect 0.uk.pool.ntp.org. Why is it different from remote server? What do the frontend "+" and "*" mean?
The first problem is not hard to understand, because NTP provides us with a cluster server, so the servers connected each time may be different. this also tells us that hostname should be used instead of IP address when specifying the NTP Server.
The second issue is related to the first one. Since there are so many servers that other servers can normally provide services when a problem occurs. how can we know the status of these servers? This is what the first mark will tell us.
* It tells us that the remote Server has been confirmed as our master NTP Server, and our system time will be provided by this machine
+ It will serve as a secondary NTP Server and a Server with the * sign to provide synchronization services for us. When the * Server is unavailable, it can take over
-The remote Server is considered as an unqualified NTP Server by clustering algorithm.
X Remote Server unavailable
After understanding this, we can monitor the time synchronization status of our system in real time.
7. NTP Security Settings
Running an NTP Server does not require a lot of system resources. Therefore, you do not need to configure an independent Server to provide time synchronization services for many clients. However, some basic security settings are necessary.
The first is to allow only some users in the LAN to connect to our server. The second is that these clients cannot modify the time on our server.
About permission settings
The permission setting is mainly based on the restrict parameter. The main syntax is:
Restrict IP Address mask subnet mask parameter
The IP address can be an IP address or a default IP address.
The following parameters are provided:
Ignore: Disable all NTP online services.
Nomodify: the client cannot change the time parameter of the server, but the client can perform network calibration on the server.
Notrust: the client source is considered as a untrusted subnet unless it passes authentication.
Noquery: no client Time query is provided.
Note: If the parameter is not set, it indicates that the IP address (or subnet) has no restrictions!
In the/etc/ntp. conf file, we can use the restrict keyword to configure the above requirements.
First, we reject all operations on the default client.
Code:
Restrict default kod nomodify notrap nopeer noquery
Then allow all operations on the local address
Code:
Restrict 127.0.0.1
Finally, we allow all clients in the LAN to connect to the server for synchronization, but refuse to allow them to modify the time on the server.
Code:
Restrict 192.168.1.0 mask 255.255.255.0 nomodify
Add these three to/etc/ntp. conf to complete our simple configuration. NTP can also use key for authentication, which will not be detailed here
8. NTP client settings
Here we have a Relay Server. if we want other clients in the LAN to synchronize time, we should build another Relay Server, then point all clients to the two servers (do not point all clients to servers on the Internet ). as long as the/etc/ntp. add your own server to conf.
Code:
Server ntp1.leonard.com
Server ntp2.leonard.com
LINUX Client
Ntpdate 172.30.218.114
To synchronize time to the NTP server
If other LINUX systems only serve as clients, the ntpd service cannot be started! Otherwise, the ntpdata server address cannot be run to synchronize the time.
Then you can use cron or modify the crontab file to regularly update the time to the NTP server, and
# Hwclock -- systohc
Set system time to hardware time
9. Some Supplements and collections (important)
1. What is driftfile in the configuration file?
Each of our system clock frequencies has a small error, which is why the machine is inaccurate after running for a period of time. NTP will automatically monitor and adjust the error value of our clock. but the problem is that this is a lengthy process, so it will write the recorded error into driftfile first. in this way, the computing results will not be lost even after you restart the system.
2. How to synchronize the hardware clock?
NTP usually only synchronizes system clock. But if we want to synchronize RTC (hwclock), we only need to open the following options.
Code:
# Vi/etc/sysconfig/ntpd
SYNC_HWCLOCK = yes
3. Use crontab to regularly update LINUX NTP
Note: When linux runs the ntpdate Update Time, the NTP service cannot be enabled for linux; otherwise, the system will prompt that the port is occupied:
[Root @ ESXI ~] # Ntpdate 1.rhel.pool.ntp.org
20 May 09:34:14 ntpdate [6747]: the NTP socket is in use, exiting
Crontab file configuration
The first part of the command format is the time setting, and the last part is the command to be executed. We have a certain agreement on the time setting. The first five * numbers represent five numbers. The value range and meaning of the numbers are as follows:
Minutes (0-59)
Hour (0-23)
Date (1-31)
Month (1-12)
Week (0-6) // 0 represents Sunday
In addition to numbers, there are also several special symbols: "*", "/", "-", and "*", which indicate all numbers in the value range, "/" indicates the meaning of each. "*/5" indicates every five units. "-" indicates that several discrete numbers are separated from a number to a number. The following examples illustrate the problem:
Every morning:
0 6 *** command
Every two hours:
0 */2 *** command
Every two hours from PM to am, am:
0 23-7/2, 8 *** command
Am on the 4th day of each month and from Monday to Wednesday of each week:
0 11 4*1-3 command
Am, January 1, January 1:
0 4 1 1 * command
3.3 set the Automatic startup Service
Run setup or other service setting tools and select crond Service
Chkconfig -- level 2345 crond on is defined to enable crond on these system running levels (this setting is used by default after the system is installed)
__________________________________________
10. NTP client settings
I. automatic synchronization time of LINUX Client
You can use the crond service for scheduled time calibration.
Edit the/etc/crontab file
Add the following line:
30 8 * root/usr/sbin/ntpdate 192.168.0.1;/sbin/hwclock-w #192.168.0.1 is the IP address of the NTP server
Restart the crond service.
Service crond restart
In this way, the Network Time is automatically calibrated on the Linux system at every day.
2. for WINDOWS, you need to enable the windows time Service and the RPC service.
If error 1058 is reported when windows time service is enabled, perform the following operations:
1. Run cmd to enter the command line, and then type
Register w32tm/register
The correct response is: W32Time successfully registered.
2. If the previous step is correct, Use net start "windows time" or net start w32time to start the service.
11. Other reasons that cause the update failure:
1. The client date must be set correctly and cannot exceed the normal time by 24 hours. Otherwise, the update will be rejected for security reasons. Second, the time zone of the client must be set to ensure that it is not updated to other time zones.
2. If fudge127.127.1.0 stratum 10 is a linux ntp server, the value of stratum (level) cannot be too large. If you want to update the NTP server to a higher level, you can set it to 2.
3. The NTP server in LINUX must remember to write data from the NTP Update Time of the upper-level to the hardware from the system time to hwclock -- systohc
NTP usually only synchronizes system clock. But if we want to synchronize RTC (hwclock), we only need to open the following options.
Code:
# Vi/etc/sysconfig/ntpd
SYNC_HWCLOCK = yes
4. If the NTP service is enabled in Linux, you cannot manually run the ntpdate Update time (the port is reported to be occupied). It can only be run according to/etc/ntp. the server address after the server field in conf is automatically updated to the NTP server at a higher level at a certain interval. You can run the command ntpstat to view the interval of each update, as shown in:
[Root @ ESXI ~] # Ntpstat
Synchronised to NTP server (210.72.145.44) at stratum 2 # The NTP server level is 2 and has been synchronized to 210.72.145.44 NTP
Time correct to within 93 ms # time correction within 93ms
Polling server every 1024 s # The Update Time is polling to the superior NTP every 1024 seconds.