Linux time synchronization, ntpdate command, NTPD service detailed

Statement: The following content from the user finishing (http://blog.sina.com.cn/s/blog_636a55070101u1mg.html), for the sake of later study temporarily included, please do not arbitrarily reproduced

Linux by default, system time and hardware time are not synchronized automatically. During Linux operation, the system time and hardware time run asynchronously and do not interfere with each other. Hardware time is maintained by the BIOS battery, while the system time is maintained with CPU tick. When the system is powered on, the hardware time is automatically obtained from the BIOS and is set to the system time.

2. Linux system time settings, set the system time in Linux, you can use the date command, modify the time can be used date-s "2016-12-16-8:30:00"
4. Linux hardware time settings, hardware time settings, can be used hwclock or clock command. Among them, clock and hwclock usage similar, only one on the line, but clock command in addition to support x86 hardware system, but also support the Alpha hardware system; View hardware time you can use the Hwclock--show or hwclock-r command to modify
   Hardware time Hwclock--set--date= "1/25/09 00:00", Hwclock-w is the hardware time set according to the system time.
6. System time and hardware time synchronization, based on the system time to modify hardware time: Hwclock--systohc,hwclock-w; Modify the system time based on hardware time: Hwclock--hctosys, hwclock-s;
8. Time synchronization between different servers, in order to avoid the host time due to long-term operation caused by the time skew, time synchronization (synchronize) work is very necessary. Linux systems generally use NTP servers to synchronize the time of different machines. A single machine that can be both an NTP server and an NTP client. In the network, it is recommended to synchronize time with a time server that is layered like a DNS server. Synchronization time, you can use the Ntpdate command, you can also use the NTPD service, using ntpdate command synchronization time is relatively simple, ntpdate IP, ntpdate server, but such synchronization, it is only mandatory to set the system time to NTP server time, if the CPU Tick has a problem, just a temporary cure. Therefore, the cron command is generally used to synchronize the settings regularly. For example, add in crontab: 0 * * * */usr/sbin/ntpdate 192.168.0.1 This, will be in the daily 12 o'clock, synchronization time, The NTP server is 192.168.0.1, and using the NTPD service is better than the combination of ntpdate plus cron. Because, ntpdate synchronization time, will cause time to jump, to some time-dependent programs and services will affect. such as Sleep,timer and so on. Moreover, the NTPD service can fix the CPU tick while correcting the time. Ideally, when booting, use ntpdate to force synchronization time, and at other times use the NTPD service to synchronize time. It is important to note that NTPD has a self-protection setting: NTPD does not run if the time difference between the native and the source is too large. So the new set of time server must first ntpdate from the source to obtain the time initial value, and then start the NTPD service. NTPD service runs, first synchronization every 64 seconds with the source server, based on the error value measured at each synchronization to gradually adjust their time by complex calculation, with the error decreases, gradually increase the synchronization interval. The process of adjustment is repeated every time the beating occurs.
9. NTPD service settings, the relevant settings file for the NTPD service are as follows:
   /etc/ntp.conf: This is the main setup file for NTP daemon and the only one for NTP.
   /usr/share/zoneinfo/: The file in this directory is actually a set of time settings for each of the major time zones, such as the Beijing region's time zone settings file at/usr/share/zoneinfo/asia/beijing. The files in this directory are related to the two files under discussion (Clock and localtime);
   /etc/sysconfig/clock: This file is not actually included in NTP's daemon, because this is the main time zone setting file for Linux. After each boot, Linux will automatically read this file to set its own system to display the default time;
   /etc/localtime: This file is "time profile on local side". Just that clock file in the specified time setting file (ZONE) for/usr/share/zoneinfo/asia/beijing, so that is the local side of the time, at this time, the Linux system will Beijing that file saved as a copy/ Etc/localtime file, so the future of our time display will be Beijing that time set the file as the subject.
   /etc/timezone: System time zone file
   Here are the highlights:
   The following highlights the settings of the/etc/ntp.conf file. In the case of NTP Server settings, it is best not to open the Internet without restrictions, as far as possible only to provide your own internal client-side Online network school. In addition, NTP server always needs more accurate hosts on the network from the line to update their own time Ah, so on our NTP server also find a closest to their own times server to self-correct. In fact, the NTP service is also a model of server/client.
   

   [Email protected] ~]# vi/etc/ntp.conf
   # 1. About the Permission Settings section
   # The setting of the permission is mainly set by the Restrict parameter, the main syntax is:
   # Restrict IP Mask netmask_ip parameter
   # where IP can be a software address or default, default is similar to 0.0.0.0
   # As for the paramter, there are:
   # Ignore: Turn off all NTP Online Services
   # Nomodify: Indicates that the client side cannot change the Server-side time parameter, however,

   # Client side can still be on the Server side to network school.
   # Notrust: The client source will be treated as untrusted domain unless authenticated
   # Noquery: Does not provide client-side time query

   # Notrap: Do not provide trap this remote event log in

   # If paramter is not set at all, it means that the IP (or domain) "has no restrictions"

   Restrict default Nomodifynotrapnoquery # Close all NTP Request packets
   Restrict 127.0.0.1 #这是允许本级查询
   Restrict 192.168.0.1 mask 255.255.255.0 nomodify
   #在192. The server in the 168.0.1/24 network segment can be synchronized with this NTP server for time.
   # 2. Settings for upper-level hosts
   # to set the upper host to the main server this parameter to set, the syntax is:
   # Server [ip| HOST Name] [prefer]
   # The server is followed by our upper time server! And if the Server parameter
   # After adding perfer, it means that our NTP host is mainly used as the host of the
   # The correspondence of the time correction. In addition, in order to resolve the delivery delay action of the update Time packet,
   # so you can use Driftfile to specify our host
   # The amount of time spent communicating with the Times Server can be recorded in Driftfile
   # later in the file, for example, in the sample below, our NTP server is connected to the
   # time spent cn.pool.ntp.org online is recorded in the/etc/ntp/drift file
   Server 0.pool.ntp.org

   Server 1.pool.ntp.org

   Server 2.pool.ntp.org

   Server cn.pool.ntp.org prefer

   #其他设置值, you can use the system default value

   Server 127.127.1.0 # Local clock

   Fudge 127.127.1.0 Stratum 10

   Driftfile/var/lib/ntp/drift
   Broadcastdelay 0.008
   Keys/etc/ntp/keys

   To summarize, restrict is used to set the access rights, the server is used to set up the upper-level time server, Driftfile to set the Save drift time file.

10. Start-up and observation of NTP service
    Before starting the NTP service, manually adjust the time for the host that provided the service. (because the server is started, the port will be consumed by the service side, you cannot manually synchronize the time)
    Ntpdate cn.pool.ntp.org
    Then start the service ntpd start or/etc/init.d/ntpd start
    To view ports:
    Netstat-ln|grep 123
    how to confirm that our NTP server has updated its own time?
    

    [[Email protected] ~] # Ntpstat

    Synchronized to NTP server (127.127.1.0) at Stratum 11

    Time correct to within 950ms

    Polling server every S

    #该指令可列出NTP服务器是否与上层联机. The above output shows that the time correction is approximately

    #为950 *10 (-6) seconds. And the time is actively updated every 64 seconds.

    Common errors:

    APR 15:30:17 ntpdate[11520]: No server suitable for synchronization found

    In fact, this is not a mistake. Instead, it takes approximately 3-5 minutes after each restart of the NTP server for the client to establish a normal communication connection with the server. This information is reported when the client connects to the server at this time. It usually takes a few minutes to wait.

    [[Email protected] ~] # ntptrace–n 127.0.0.1

    127.0.0.1:stratum, offset 0.000000,synch distance 0.950951

    222.73.214.125:stratum 2,offset–0.000787,synch Distance 0.108575

    209.81.9.7:stratum 1,offset 0.000028,synch distance 0.00436,refid ' GPS '

    #这个指令可以列出目前NTP服务器 (the first layer) and the upper NTP server (second tier)

    #关系

    [[Email protected] ~] # ntpq–p

    The instruction "Ntpq-p" can list the current state of our NTP with the associated upper NTP, the meanings of several fields above are as follows:

    Remote: The IP or host name of the NTP host. Note that the leftmost symbol, if by "+" represents the upper level NTP that is currently acting on the clock, if "*" indicates that there is also a connection, but as a secondary online NTP host.

    refID: Reference to the address of the previous layer of NTP host

    ST: the stratum stratum

    When: A few seconds ago there was a time synchronization update operation

    Poll: Next update after a few seconds

    Reach: Number of updates that have been requested for the upper NTP server

    Delay: The time the network transmission process clock is delayed

    Offset: The result of time compensation

    Jitter:linux time difference between system time and BIOS hardware time

    Finally, the NTP service will only synchronize the system time by default. If you want NTP to synchronize hardware time simultaneously, you can set the/etc/sysconfig/ntpd file.

    In the/etc/sysconfig/ntpd file, add Sync_hwclock=yes This allows the hardware time to synchronize with the system time.
    
    Preparing a Time server
    Under Linux, we can use our own NTP (Network time Protocol) protocol to keep our systems accurate over the Internet. The list of available public time servers can be obtained from the following address: Http://ntp.isc.org/bin/view/Servers/NTPPoolServers
    NTP is a protocol used to keep the system synchronized with an exact time source. It is recommended that you establish at least one time server in your own network to synchronize local time, which makes it easier to process and collect logs and management on different systems.
    Describe the environment: 179 for local time servers, for other servers and 179 for synchronization. 179 and online time server synchronization.
    1. First query the NTP software version
    Rpm-qa|grepntp
    ntp-4.1.2-4.el3.1
    If you are not able to find it from the Linux installation disk, install this NTP package
    2. Edit the configuration file
    Vi/etc/ntp.conf
    First define the server
    Server pool.ntp.org
    Restrict default Nomodifynotrapnoquery
    Restrict 192.168.0.0 mask 255.255.255.0 notrustnomodifynotrap #从192.168.0.1-192.168.0.254 servers can use our NTP server to synchronize time.
    Comment out the following line
    #restrict Default Ignore
    3. Start the NTP server
    #chkconfigntpd on
    #/etc/init.d/ntpd start
    #/etc/init.d/ntpd stop
    #/etc/init.d/ntpd restart
    By default, the NTP server we configure does not go to time source for synchronization time, so we must modify the/etc/ntp/step-tickers file to join our time source so that the time is automatically updated every time the service is started by/ETC/INIT.D/NTPD.
    Check server synchronization Status:
    Ntpq-p
    Ntptrace 192.168.0.179
    If the output is correct, it indicates that the time server was successful. The time is automatically synchronized each time the server is started.
    Configuring the Linux Client
    Execute NTPDATENTP_SERVER_IP on the Linux client can be based on time server unified LAN time, put the above command in cron every morning at 3 regular execution, crontab–e and then enter
    0 3 * * */usr/sbin/ntpdate 192.168.0.17

    Why is the computer right? Because the computer's own clock is not allowed. It's not surprising that the computer is five minutes slow every day. What precision do you need to be right? The average home computer clock error is acceptable for one minute. A clustered server typically requires all clocks to be synchronized within one second.
        who is syncing with? It is generally synchronized with the  NTP  (Network time Protocol) servers around the world. America Standard Time is provided by the  NIST  release,nist  some servers. Modern  Windows  operating system automatic and  time.windows.com  pair time. linux  the following general use Ntppool to automatically select the server.       China National Time Service Center  NTP 210.72.145.44  is China's authority. China Education Network has its own ntp  server network. In the case of a clustered server, several local  NTP  servers are typically configured on the intranet

    Are there any advantages or disadvantages of so many NTP servers above? Yes, but for general applications, there is no difference. In theory, NTP servers are hierarchical (stratum), and NTP servers with stratum = 1 are synchronized directly with the world standard clocks, including GPS time, cesium atomic clocks, some cellular networks, and so on. The first-level time servers at NIST, China National Timing Center and China Education Network are at this level. Stratum = 2 of the NTP server is synchronized with the stratum = 1 server, the performance is slightly worse, but the accuracy is also in the order of milliseconds, so there is no difference. Next to each synchronization level, Stratum adds one. Windows 2000 starts with a service that automatically synchronizes time. On Windows XP, the open time setting has a network pair setting. The default is once per week and time.windows.com. This one week synchronization is too long, can be adjusted through the registry, or modified with wits.

    The NTPD under Linux will be much more flexible. The default configuration is generally good enough. Below is an example under Fedora. Configuration:

    # grep "^server"/etc/ntp.conf
    Server 0.pool.ntp.org
    Server 1.pool.ntp.org
    Server 2.pool.ntp.org
    Server pool.ntp.org
    Server 127.127.1.0 # Local clock

    View status after starting NTPD

    # NTPQ-PN
    Remote refID St T when poll reach delay offset jitter
    ==============================================================================
    64.25.87.54 128.118.25.5 2 U 10 64 17 79.194-542.89 1.942
    64.72.116.51 129.7.1.66 2 U 9 64 17 51.569-532.23 1.803
    64.72.116.50 129.7.1.66 2 u 11 64 17 51.417-516.70 1.417
    64.72.116.45 129.7.1.66 2 U 7 64 17 51.586-532.36 1.135
    *127.127.1.0 LOCAL (0) L 3 64 17 0.000 0.000 0.001

    St This column shows that the automatically selected four NTP servers are stratum = 2. The last one is the local clock. The offset of the first four rows shows a gap of about 500 milliseconds for both the local clock and four NTP servers. The Ntpstat display is currently only synchronized with the local clock:

    # Ntpstat
    Synchronised to local net at Stratum 11
    Time correct to within 949 MS
    Polling server every S

    See you later:

    # NTPQ-PN
    Remote refID St T when poll reach delay offset jitter
    ==============================================================================
    +64.25.87.54 128.118.25.5 2 U 56 64 377 78.548 250.871 37.180
    +64.72.116.51 129.7.1.66 2 U 58 64 377 51.551 268.538 36.817
    *64.72.116.50 129.7.1.66 2 U 58 64 377 51.539 274.497 36.629
    +64.72.116.45 129.7.1.66 2 U 49 64 377 51.485 271.750 37.841
    127.127.1.0 LOCAL (0) L 44 64 377 0.000 0.000 0.001
    # Ntpstat
    Synchronised to NTP server (64.72.116.50) at Stratum 3
    Time correct to within 263 MS
    Polling server every S

    The local clock has been successfully synchronized with the external NTP server. The first column in the NTPQ report * indicates the current selection of the primary synchronization server, and the standard + representation of secondary servers that may be used to further improve synchronization accuracy. Because the server is synchronized with stratum = 2, the local ntpd stratum is 3. One detail is that the NTPQ is slowly adjusting to the clock, rather than just jumping for many seconds, so that smooth adjustment times can ensure a smooth flow of many programs. However, if the clock error is too large, ntpd may refuse to adjust the time, or someone may want to immediately adjust the time, so that the command can be executed directly: Ntpdate-b pool.ntp.org (need to stop ntpd service execution).

    On my other server, there are a lot of NTP servers configured:

    # grep "^server"/etc/ntp.conf
    Server time-a.nist.gov
    Server time-b.nist.gov
    Server time.nist.gov
    Server time.windows.com
    Server 0.pool.ntp.org
    Server 1.pool.ntp.org
    Server 2.pool.ntp.org
    Server pool.ntp.org
    Server 127.127.1.0 # Local clock
    # ntpq-p
    Remote refID St T when poll reach delay offset jitter
    ==============================================================================
    +time-a.nist.gov.            ACTS. 1 u 61 128 377 76.113-1.046 3.424
    *time-b.nist.gov.            ACTS. 1 u 65 128 377 81.063 0.398 1.892
    -time.nist.gov.            ACTS. 1 u 251 128 356 38.911 1.353 30.226
    -time.windows.co 18.26.4.105 2 U 45 128 267 31.218 13.180 6.039
    -194.109.64.200 192.87.106.2 2 U 122 128 377 155.132 0.596 38.674
    -a.mirror.fizzel 43.75.42.44 3 u 56 128 377 163.391-11.756 13.006
    -enfield.ikk.szt 195.111.99.186 2 U 118 128 377 188.326-2.520 32.359
    +ntp1.esat.net.             Gps. 1 u 59 128 377 161.103-1.321 0.460
    LOCAL (0).           Locl. Ten L 48 64 377 0.000 0.000 0.001

    Labels-the relatively irregular clocks (offset or jitter) are automatically removed. From the delay here can be seen, I here and NIST a few clocks network latency is relatively small (within 100 milliseconds), generally such a small clock error. The second-to-last pool.ntp.org chooses a clock that synchronizes with the GPS, stratum = 1, is a relatively quasi-clock, just slightly larger network latency. At the same time can see time.windows.com's stratum = 2, a year ago, it used to be 6. Big International Company Microsoft also does not spend hundreds of yuan to buy a GPS receiver to build a stratrum = 1 clock server for the benefit of millions of Windows users, is really incomprehensible.

    Finally, if the firewall rules under Linux are extremely restrictive, you can turn on sport 123 (assuming the OUTPUT chain is all ACCEPT) when the ntpd pair is affected:

    Iptables-i input-p udp-m UDP--sport 123-j ACCEPT

Linux time synchronization, ntpdate command, NTPD service detailed