Linux NTP time server configuration

Source: Internet
Author: User
Tags time zones local time posix set time

Network time Protocol (NTP) is also a new exam requirement for RHCE. Study time also by the way to review how to set up Linux time, now take out and share with you

Setting up an NTP server is not difficult, but NTP itself is a very complex protocol. Here's just a brief introduction to the practical approach
Like last time, the following experiments were run on RHEL5.

1. Time and TimeZone

If someone asks you what time it is, You looked at the watch and replied that he said it was 8 o'clock in the evening. It doesn't seem to be a problem, but if you ask this person in Europe then your answer will make him wonder, because he's still in the sun.

There is a question of how to define time. Because in the 24 hours that the Earth revolves around the sun, the time of sunrise and sunset is different around the world. So we have to divide the time zone (timezone) the need to divide the world into 24 different time zones. So we can interpret the definition of time as a time value plus the local time zone (note that this location can be accurate to the city)

We've all learned about Greenwich Mean Time (GMT) in geography class, which is 0 timezone. But what we often see in computers is UTC. It is shorthand for coordinated Universal time. Although the values of UTC and GMT can be considered equal (the error is quite small), UTC has been identified as an international standard, so we should all abide by the standards using only UTC

So if the local time in China now is 8 o'clock in the evening, we can have the following two ways to express
20:00 CST
12:00pm UTC

The CST here is Chinese standard time, which is what we usually call Beijing. Because China is in the utc+8 time zone, and so on, so is UTC.

Why do you say this (hehe, this is not a geographical forum ...)

First, regardless of the time that we want to synchronize the system through any channel, usually the provider gives only the utc+0 time value and does not provide the time zone (because it does not know where you are). So when we set the system time, setting the timezone is the first thing to do.
Second, many countries have daylight saving time (which I remember when I was a child), that is, one day of the year when the clock dials for an hour (for example, from Utc+8 to utc+9), then the same time will have to slow back again. If we set the correct timezone, The system automatically adjusts for us when we need to change the time.

Now let's take a look at how to set the TimeZone under Linux, which is time zone

2. How to set the Linux time Zone

Under Linux glibc provides many of our pre-compiled timezone files, they are placed in the/usr/share/zoneinfo directory, which basically covers most of the countries and cities
# ls-f/usr/share/zoneinfo/
Africa/chile/factory Iceland Mexico/posix/universal
AMERICA/CST6CDT GB indian/mideast/posixrules us/
Arctic/eet GMT mst7mdt PST8PDT WET
Asia/egypt GMT0 Israel Navajo right/w-su
Atlantic/eire GMT-0 Jamaica NZ ROC
Australia/est gmt+0 Japan nz-chat ROK Zulu
Brazil/est5edt Greenwich Kwajalein Pacific/singapore
Canada/etc/hongkong Libya Poland Turkey
CET europe/hst MET Portugal uct In this area we can find the time zone file for our city. So, if we want to see the current time for each of these times, we can use the Zdump command.
# Zdump Hongkong
Hongkong Fri Jul 6 06:13:57 HKT So how do we tell the system which of our time zone is? There are many ways to do this, and here are two

The first one is to modify the/etc/localtime file, which defines the local time zone where I am located.
We can find our time zone file under/usr/share/zoneinfo and copy it to/etc/localtimezone (or a symbolic link).

Suppose we now have a time zone of BST (that is, the UK daylight Savings, utc+1)
# date
Thu Jul 5 23:33:40 BST 2007 We want to change the time zone to Shanghai's timezone.
# Ln-sf/usr/share/zoneinfo/posix/asia/shanghai/etc/localtime
# date
Fri Jul 6 06:35:52 CST 2007
So the time zone is changed (notice that time has been adjusted accordingly)

The second method also sets the value of the TZ environment variable. Many programs and commands will use the value of this variable. The value of TZ can be in many formats, and the simplest way to set it is to use the Tzselect command
# Tzselect
tz= ' america/los_angeles '; export tztzselect
Will let you choose the country and city (I omitted these steps) and finally output the value of the corresponding TZ variable. Then if you set the TZ value, the time zone will change.

# date
Thu Jul 5 15:48:11 PDT 2007
With these two examples we can also find that the value of the TZ variable is override/etc/localtime. This means that when the TZ variable is not defined, the system uses/etc/localtime to determine the time zone. So if you want to change the time zone permanently, then you can write the TZ variable's settings to/etc/profile.

Now that we know how to set the time zone, let's take a look at how to set Linux time.

3. Real Time Clock (RTC) and System Clock

and said set time. Another concept is that we have two clocks on a single computer: A hardware time clock (RTC) and a system clock

Hardware clock refers to the special circuit embedded in the motherboard, it is usually the reason why we can calculate the time after we shut down the machine
The system clock is the clock that the kernel of the operating system uses to calculate the time. It is from January 1, 1970 00:00:00 UTC time So far the value of the sum of seconds in Linux under the system time at boot time and hardware time synchronization (synchronization), and then each independently run

So since two clocks run alone, then the time will inevitably produce errors, let's look at an example
# date
Fri Jul 6 00:27:13 BST 2007
# Hwclock--show
Fri Jul 12:27:17 AM BST-0.968931 seconds
With the Hwclock--show command we can see the hardware time on the machine (always in local time zone) and we can see that it has some error with the system, then we need to synchronize them

If we want to set the hardware time to system time we can run the following command
# Hwclock--hctosys Conversely, we can also set the system time to hardware time
# Hwclock--SYSTOHC So if you want to set the hardware time, we can set it in the BIOS when we boot. You can also use the Hwclock command
# Hwclock--set--date= "Mm/dd/yy hh:mm:ss" It's easiest to use the date command if you want to modify the system time.
# date-s "Dd/mm/yyyy Hh:mm:ss" Now we know how to set the system and hardware time. But the question is, what if these two times are inaccurate? Then we need to find a server on the Internet that can provide us with accurate time and then synchronize our system time with a protocol, then this Protocol is NTP. Note that all we have to say about synchronization is the synchronization between the system time and the network server.

4. Preparation before setting up NTP server

In fact this title should be changed to set "NTP Relay Server" before the preparation more appropriate. Because no matter how well our computer is configured to run for a long time, there will be errors, so it is not enough to make NTP server for other servers on the Internet. The true ability to accurately measure time is still an atomic clock. But because atomic clocks are so expensive that only a small number of organizations have them, they connect to the computer and become a real NTP Server. All we have to do is connect to these servers to synchronize our system time, and then make our own servers into NTP Relay server and then provide synchronization services to the Internet or to users in the LAN.

Well, there's a whole bunch of theories ahead, so let's do it. Setting up an NTP Relay server is actually very simple, we'll pack the rpm we need.
If you have already installed an NTP package, you can use this command to determine:

[Email protected] ~]# Rpm-qa | grep NTP
The above code indicates that an NTP package has been installed, otherwise it is installed in the following way:

# RPM-IVH ntp-4.2.2p1-5.el5.rpm
So the first step is to find the NTP Server that provides synchronization services to us on the Internet.

Http:// is the official NTP website, where we can find the nearest NTP Server from our city. NTP recommends that we find at least two NTP servers in order to guarantee the accuracy of the time
So for example, in the UK, you can choose the following two servers

Its general format is

The second step is to do a synchronization with these servers before opening the NTP server, so that our machine's time is as close as possible to standard time.
Here we can manually update the time with the Ntpdate command
# ntpdate
6 Jul 01:21:49 ntpdate[4528]: Step time Server offset-38908.575181 sec
# ntpdate
6 Jul 01:21:56 ntpdate[4530]: Adjust time server offset-0.000065 sec
If you have an outrageous time difference, you will see a larger adjustment at the first, so it is safe to run two times. So why run synchronization manually before you open the NTP service?
1. Because according to NTP settings, if your system time is faster than the correct time, then NTP will not help you adjust, so either you set the time back, or do a manual synchronization
2. When your time setting differs greatly from the NTP server, NTP takes a long time to adjust. So manual synchronization can reduce this time

5. Configure and run NTP Server

Now we're going to create the NTP configuration file, which is /etc/ntp.conf. All we need to do is join the NTP server above and a driftfile.
# vi/etc/ntp.conf

Server #这是中国国家授时中心的IP

Fudge Stratum 0 Stratum This line is the level of the time server. Set to 0 is the top level, if you want to update the time to another NTP server, please do not set it to 0

The driftfile/var/lib/ntp/ntp.drift is very simple. Next we start the NTP Server and set it to run automatically after powering on
# chkconfig--level ntpd on

6. View the health of the NTP service

Now that we have started the NTP service, is our system time synchronized with the server? This NTP provides a good viewing tool: NTPQ (NTP query)

I recommend that you run the NTPQ command after you open the NTP server to monitor the operation of the server. Here we can use the Watch command to see the changes in server values over time
# Watch Ntpq-p
Every 2.0s:ntpq-p Sat 7 00:41:45 2007

Remote refID St T when poll reach delay offset jitter
+ 2 U 52 64 377 8.578 10.203 289.032
*mozart.musicbox 2 U 54 64 377 19.301-60.218 292.411

Now I'm going to explain what it means.

Remote: It refers to an NTP server that is connected to the local machine
refID: It refers to a server that provides time synchronization to a remote server (e.g.
ST: the layer Level (stratum) of the remote server. Because NTP is a layered structure, there is a top-level server, multi-tier relay server, and then to the client. So the server can be set to 1-16 from the high to the low level. To slow down the load and network congestion, you should avoid connecting directly to a Level 1 server in principle.
T: this ..... I don't know what it means, ^_^.
When: I personally think of it as a timer to tell us how long the local machine needs to synchronize with the remote server once
Poll: How much time the local and remote servers synchronize (in seconds). The poll value will be smaller at the beginning of the NTP run, and the frequency of synchronization with the server will increase, as soon as possible to the correct time range. Then the poll value will gradually increase and the frequency of synchronization will decrease correspondingly.
Reach: This is an octal value that is used to test whether a connection to the server can be made. Each successful connection will increase its value
Delay: Round trip time to send synchronization requests from the local machine to the server
Offset: This is the most critical value, which tells us the time difference between the local machine and the server. The closer the offset is to 0, the closer we get to the server.
Jitter: This is a value used to do statistics. It counts the distribution of offset in a particular contiguous number of connections. To put it simply, the smaller the absolute value, the more accurate the time we have and the server.

Then the careful words will find two questions: The first we connect is why and remote server is not the same? What does the second and last + and * mean?

The first question is not difficult to understand, because NTP provides us with a cluster server so every connection to the resulting server may be different. This also tells us that you should use hostname instead of IP when specifying NTP server

The second question is related to the first one, since there are so many servers that are designed to serve us properly in the event of a problem. So how do you know the state of these servers? This is the message that the first sign will tell us.

* It tells us that the remote server has been identified as our primary NTP server and that the time of our system will be provided by this machine
+ It will provide synchronization services for us as a secondary NTP server along with the server with the * number. When the * server is unavailable, it can take over
-The remote server was clustering algorithm considered to be a non-conforming NTP server
x remote server not available

Knowing this, we can monitor the time synchronization of our system in real time.

7. NTP Security settings

Running an NTP server does not require a lot of system resources, so you can provide time synchronization services to many clients without having to specifically configure a separate server, but some basic security settings are necessary.
So here's a very simple idea is the first we allow only a subset of the local area network users to connect to our server. The second one is that these clients can't modify the time on our servers.

About the Permission Settings section
The setting of the permission is mainly set by the Restrict parameter, the main syntax is:
Restrict IP address mask Subnet mask parameter
Where IP can be an IP address or default, default means all IP
The parameters are as follows:
Ignore: Turn off all NTP Online Services
Nomodify: The client cannot change the time parameters on the server side, but the client can perform the network calibration via the server.
Notrust: The client source will be treated as untrusted subnet unless authenticated
Noquery: Do not provide a time query for the client
Note: If the parameter is not set, it means that there is no limit to the IP (or subnet)!

In the/etc/ntp.conf file we can use the Restrict keyword to configure the above requirements

First, we reject all actions for the default client
Restrict default Kod nomodify notrap nopeer noquery

Then allow the native address to all the operations

Finally, we allow all clients in the LAN to connect to this server for synchronization time. But refused to let them modify the time on the server
Restrict mask nomodify

By adding these three strips to/etc/ntp.conf, we have completed our simple configuration. NTP can also use key to do authentication, here is not detailed introduction

8. Settings for NTP Client

To do this we already have a relay server of our own. If we want to make time synchronization for other clients in the LAN, then we should build another relay server, and then point all the client to both servers ( Be careful not to point all the clients to servers on the Internet. Just add your own server to the client's /etc/ntp.conf .

Linux clients use
To synchronize their time to an NTP server
Other Linux If you are only a client, you cannot start the NTPD service! Otherwise, you cannot run the Ntpdata server address to synchronize time
You can then use cron or modify the crontab file to periodically update the NTP server time and
# Hwclock--SYSTOHC
Set the system time to hardware time

9. Some additions and supplements (quite important)

1. What is driftfile in the configuration file?
Each of our system clock frequency has a small error, this is why the machine is running for a period of time is not accurate. NTP automatically monitors the error values of our clocks and adjusts them. But the problem is that this is a lengthy process, so it writes the recorded error first to Driftfile. So that the results of the calculations will not be lost even after you reboot.

2. How do I synchronize my hardware clock?
NTP typically synchronizes only the system clock. But if we also want to synchronize RTC (Hwclock) then we just need to open the following option.

3. Use crontab to have Linux NTP update time regularly
Note: When Linux runs ntpdate update time, Linux cannot turn on the NTP service, otherwise it will prompt the port to be occupied:
[[email protected ] ~]# ntpdate                                    
09:34:14 ntpdate[6747]: The NTP socket is in use, exiting

crontab file configuration brief description
The first part of the command format is the setting of the time, followed by the command to be executed. Time setting we have a certain agreement, the first five * number represents five numbers, the value range and meaning of the numbers are as follows:
minutes (0-59)
hours (0-23)
Date (1-31)
Month (1-12)
Week (0-6)//0 for Sunday
There are several special symbols in addition to the numbers are "*", "/" and "-", ",", "*" to represent all the values within the range of numbers, "/" for each meaning, "*/5" for every 5 units, "-" represents from a number to a number, "," separate several discrete numbers. Here are a few examples to illustrate the problem:
every morning at 6:
0 6 * * *  command
Every two hours:
0 */2 * * *  command
11 o'clock to 8 hours per two hour, eight hrs in the morning:
0 23-7/2,8 * * Command
Number 4th per month and Monday to Friday, three a.m. 11:
0, 4 * 1-3 command 
January 1 morning 4:
0 4 1 1 * Command

3.3. Set the start-up service automatically
Run Setup or other Service Setup tool to tick the Crond service
Chkconfig--level 2345 Crond on defines how to enable Crond on these system runlevel (this is the default setting when the system is installed)

Settings for 10.NTP clients

First, Linux as the client automatic synchronization time
If you want to schedule time calibration, you can use the Crond service to do it regularly.
Edit/etc/crontab File
Add the following line:

8 * * * root/usr/sbin/ntpdate; /sbin/hwclock-w # is the IP address of the NTP server
Then restart the Crond service
Service Crond Restart
In this way, every day the Linux system will automatically perform network time calibration.

Second, Windows needs to open two services for Windows Time service and RPC
If you open the Windows Time service, times error 1058, do the following
1. Run cmd into the command line and type
W32tm/register to register
The correct response is: W32Time successfully registered.

2. If the previous step is correct, start the service with net start "Windows Time" or net start W32Time.

11. Other causes that could not be successfully updated:
1, the date of the client must be set correctly, can not exceed the normal time of 24 hours, otherwise it will be rejected for security reasons to update. Second, the client's time zone must be set to ensure that it does not update to other time zones.
2, Fudge stratum 10 If it is Linux as the NTP server, the value of stratum (level) cannot be too large, if you want to update to the upper NTP can be set to 2
3, Linux NTP server must remember to update from the upper NTP time from the system time to write to the hardware to Hwclock--SYSTOHC
NTP typically synchronizes only the system clock. But if we also want to synchronize RTC (Hwclock) then we just need to open the following option.
4, Linux If the NTP service is turned on, you cannot manually run the Ntpdate update time (the newspapers port is occupied), it can only automatically update the time to the upper NTP server according to the server address of the/etc/ntp.conf in a certain interval. You can run the command Ntpstat to see each update interval such as:
[Email protected] ~]# Ntpstat
Synchronised to NTP server ( at Stratum 2 #本NTP服务器层次为2, synchronized to NTP
Time correct to within Ms #时间校正到相差93ms之内
Polling server every 1024x768 s #每1024秒会向上级NTP轮询更新一次时间

Linux NTP time server configuration

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.