(a) Confirm NTP installation 1) Confirm that NTP is installed
"Command" RPM–QA | grep NTP
If you have only ntpdate and you do not see NTP, you need to delete the original ntpdate. Such as:
Ntpdate-4.2.6p5-22.el7_0.x86_64
Fontpackages-filesystem-1.44-8.el7.noarch
Python-ntplib-0.3.2-1.el7.noarch
2) Remove installed NTP
"Command" Yum–y remove ntpdate-4.2.6p5-22.el7.x86_64
3) Reinstall NTP
"Command" Yum–y install NTP
(ii) Configuring the NTP service 1) Modify the/etc/ntp.conf of all nodes
"Command" vi/etc/ntp.conf
Content
Restrict 192.168.6.3 nomodify notrap nopeer noquery //Current node IP address
Restrict 192.168.6.2 mask 255.255.255.0 nomodify notrap //Gateway for the network segment of the cluster (gateway), subnet mask (genmask)
2) Select a master node and modify its/etc/ntp.conf
"Command" vi/etc/ntp.conf
"Content" is added in the server section:
Server 127.127.1.0
Fudge 127.127.1.0 Stratum 10
3) outside the master node, continue to modify/etc/ntp.conf
"Command" vi/etc/ntp.conf
Content adds the following statement in the server section to point the server to the master node.
Server 192.168.6.3
= = = Modified before = =
= = = Modified after = = =
Node 1 (192.168.6.3):
Node 2 (192.168.6.4):
Node 3 (192.168.6.5):
(iii) Start the NTP service, view status 1) Start the NTP service
"Command" service ntpd start
2) Check
See if the NTP server has any and upper NTP connectivity
"Command" Ntpstat
3) View the status of NTP server with upper NTP
"Command" Ntpq-p
Remote: IP or hostname of native and upper NTP, "+" is preferred, "*" indicates secondary priority
refID: Refer to the previous level of NTP host address
St:stratum stratum
When: How many seconds ago the time has been synchronized
Poll: How many seconds after the next update
Reach: Number of updates that have been requested for the upper NTP server
Delay: Network Latency
Offset: Time compensation
Jitter: System time vs. BIOS difference
4) View the status of the NTPD process
"Command" Watch "Ntpq-p"
"Terminate" Press CTRL + C to stop viewing the process.
The characters in the first column indicate the quality of the source. An asterisk (*) indicates that the source is the current reference.
Remote: Lists the IP address or host name of the source.
When: Indicates the time (in seconds) that from Samsara the source has started to be consulted.
Poll: Indicates the polling interval time. This value is incremented according to the accuracy of the local clock.
Reach: is an octal number that indicates the accessibility of the source. A value of 377 indicates that the source has answered the first eight consecutive polls.
Offset: Is the time difference (in milliseconds) between the source clock and the local clock.
(d) Set boot start
"Command" Chkconfig ntpd on
(v) Some reference excerpts from other blogs
===/etc/ntp.conf configuration Content = = =
#1. Handle permissions issues first, including release of Upper server and open LAN user source: Restrict default Kod nomodify notrap nopeer noquery<==deny IPV4 user restrict-6Default Kod nomodify notrap nopeer noquery <==deny IPV6 user restrict220.130.158.71<==release tock.stdtime.gov.tw access to this NTP server restrict59.124.196.83<==release tick.stdtime.gov.tw access to this NTP server restrict59.124.196.84<==release time.stdtime.gov.tw access to this NTP server restrict127.0.0.1<==The bottom two is the default value, releasing the native source restrict-6::1Restrict192.168.100.0Mask255.255.255.0Nomodify <==release local Area network user sources, or list individual ip#2. Set the host source, please first the original [0|1|2].centos.pool.ntp.org Settings commented out: Server220.130.158.71Prefer <==take this host as the top priority Serverserver59.124.196.83Server59.124.196.84# 3The default internal clock data is used to serve LAN users when there is no external NTP server: # server127.127.1.0# local clock# Fudge127.127.1.0StratumTen# 4Pre-set time difference analysis files and the keys, etc., do not need to change it: Driftfile/var/lib/ntp/Driftkeys/etc/ntp/Keys
===RESTRICT option format = = =
restrict [Client IP] Mask [IP mask] [parameter ]
Client IP and IP mask specify which ranges of computers in the network are controlled, and if the default keyword is used, all computers are controlled, parameters specify specific restrictions, and the common parameters are as follows:
Ignore: Deny connection to NTP server
Nomodiy: The client cannot change the time parameters on the server side, but the client can perform the network calibration via the server.
Noquery: Do not provide a time query for the client
Notrap: Trap remote login is not provided, and trap service is a long-range time log service.
Notrust: The client source will be treated as untrusted subnet unless authenticated.
Nopeer: Provides a time service, but not as a peer.
Kod: Send a Kiss-of-death message to an insecure visitor.
===server option format = = =
Server host [key n] [version n] [prefer] [mode n] [minpoll n] [maxpoll n] [Iburst]
Where host is the IP address or domain name of the upper NTP server, the parameters followed are interpreted as follows:
Key: Indicates that all messages destined to the server contain authentication information with secret key encryption, N is a 32-bit integer that represents the secret key number.
Version: Indicates the release number of the message destined for the upper-level server, and N defaults to 3, which can be 1 or 2.
Prefer: If there are multiple server options, the server with this parameter has limited use.
Mode: Specifies the value of the data message mode field.
Minpoll: Specifies the minimum time interval of 2 for the server to query, n defaults to 6, and the range is 4-14.
Maxpoll: Specifies that the maximum time interval for querying the server is 2 n seconds, and N defaults to 10 and the range is 4-14.
Iburst: When the initial synchronization request, a burst mode to send 8 messages, the time interval of 2 seconds.
= = = View Gateway Method = = =
"Command 1" route-n
"Command 2" IP route Show
"Command 3" netstat-r
= = = Level (stratum) = = =
The stratum is set according to the hierarchy of the upper server (+1).
For hosts that provide network time service provider, the stratum settings are as accurate as possible.
As the time service provider for the LAN, the stratum is typically set to 10
0-tier server uses atomic clocks, GPS clocks and other physical equipment, stratum 1 and stratum 0 are directly connected,
The next stratum is connected to the previous layer of stratum through the network, and the server on the same layer can interact.
NTPD is a service server for the lower-level client, which is a client for the upper-level server.
NTPD depends on the parameters of the configuration file to provide a clock service to other servers or to synchronize clocks from other servers. All configurations are in the/etc/ntp.conf file.
= = = Note Firewall Shield NTP port = = =
The NTP server default port is 123, and if the firewall is turned on, there may be errors in some operations, so remember to turn off the firewall.
= = = Synchronous Hardware Clock = = =
NTP service, the system time is only synchronized by default.
If you want NTP to synchronize hardware time simultaneously, you can set the/etc/sysconfig/ntpd file,
In the/etc/sysconfig/ntpd file, add "Sync_hwclock=yes" so that hardware time can be synchronized with the system time.
Allows the BIOS to be synchronized with the system time or through the hwclock-w command.
===NTPD, ntpdate the difference = = =
Here is the online information about the difference between ntpd and ntpdate. This is shown in the following example:
Before you use it, you need to figure out what the difference is between NTPD and ntpdate when updating time.
NTPD is not just a time synchronization server, it can also be a client with a standard Time server synchronization time, and is smooth synchronization,
Not Ntpdate is immediately synchronized, Ntpdate is used with caution in production environments, and so both cannot be run simultaneously.
Clock transitions, which can cause serious problems for some programs.
Many applications rely on continuous clocks-after all, it is a common assumption that the time to obtain is linear,
Some operations, such as database transactions, often rely on the fact that time does not jump back.
Unfortunately, the way ntpdate adjusts time is what we call "leap": After acquiring a time, Ntpdate uses Settimeofday (2) to set the system time,
Here are a few very obvious questions:
"One" is not safe to do so.
Ntpdate's settings depend on the security of the NTP server, where an attacker can exploit some software design flaws, take down the NTP server, and perform some expendable tasks on the server that it synchronizes with.
Since Ntpdate is in the same way as skipping, the server that follows it cannot know if an exception occurred (the only way to do this is by server).
"Two" is not accurate.
Once the NTP server goes down, the server that follows it will not be able to synchronize time.
Unlike this, the NTPD is not only able to calibrate the computer's time, but also to calibrate the computer's clock.
"Three" is not elegant enough.
Because it is a jump, instead of making time faster or slower, the timing-dependent program can make an error
(for example, if Ntpdate finds that your time is fast, it could go through two identical moments, which is fatal for some applications).
Thus, the only point that can make time jump is when the computer has just started, but not many services have started.
The rest of the time, it is desirable to use NTPD to calibrate the clock instead of adjusting the time on the computer clock.
NTPD during synchronization with the time server, the frequency deviation of the BIOS timer-or the natural Drift (drift) of the local clock-is recorded.
This way, even if there is a problem with the network, the machine can still maintain a fairly accurate walk.
= = = Domestic commonly used NTP server address and ip===
210.72.145.44(National Timing Center Server IP address)133.100.11.8Fukuoka University of Japan Time-a.nist.gov129.6.15.28NIST, Gaithersburg, Maryland time-b.nist.gov129.6.15.29NIST, Gaithersburg, Maryland time-a.timefreq.bldrdoc.gov132.163.4.101NIST, Boulder, Colorado time-b.timefreq.bldrdoc.gov132.163.4.102NIST, Boulder, Colorado time-c.timefreq.bldrdoc.gov132.163.4.103NIST, Boulder, Colorado utcnist.colorado.edu128.138.140.44University of Colorado, Boulder time.nist.gov192.43.244.18NCAR, Boulder, Colorado time-nw.nist.gov131.107.1.10Microsoft, Redmond, Washington nist1.symmetricom.com69.25.96.13symmetricom, San Jose, California nist1-dc.glassey.com216.200.93.8abovenet, Virginia nist1-ny.glassey.com208.184.49.9abovenet, New York City Nist1-sj.glassey.com207.126.98.204abovenet, San Jose, California nist1.aol-ca.truetime.com207.200.81.113TrueTime, AOL facility, Sunnyvale, California Nist1.aol-va.truetime.com64.236.96.53TrueTime, AOL facility, Virginia ———————————————————————————————————— ntp.sjtu.edu.cn202.120.2.101(Shanghai Jiaotong University Network Center NTP server address) S1a.time.edu.cn University of Posts and Telecommunications s1b.time.edu.cn Tsinghua University s1c.time.edu.cn Beijing University s1d.time.edu.cn Southeast College S1E.T ime.edu.cn Tsinghua University s2a.time.edu.cn Tsinghua University s2b.time.edu.cn Tsinghua University s2c.time.edu.cn Beijing posts and Telecommunications s2d.time.edu.cn Southwest Network Center S2e.time.ed u.cn Northwest Network Center s2f.time.edu.cn Northeast Area Network Center s2g.time.edu.cn East China South Area Network Center s2h.time.edu.cn Sichuan University Network Management Center s2j.time.edu.cn Dalian University of Network Center s2k.time.edu.cn cernet Guilin Main node s2m.time.edu.cn Peking University
--end--
Linux Configuration NTP time server (full)