Linux NTP service configuration

First, the NTP principle of the time

The direction of NTP synchronization is to propagate from a node with a smaller stratum value to a larger node, and if an NTP client receives a stratum larger than itself, the NTP client thinks its time is more accurate than the time it received and does not update the time.

For most NTP software systems, after the service starts, the stratum value is initially 0, and once the NTP service acquires the time, the NTP hierarchy is set to the parent server stratum+1. For professional NTP devices with satellite clocks and atomic clocks, the general stratum value is initially 1.

NTPD startup, the stratum value is initially 0, at this time NTPD received an NTP request, reply to the stratum field is 0 of the NTP package, the client received, found that the stratum field is invalid, rejected the update time, resulting in a time update failure.

A few minutes later, NTPD from the superior server to obtain the update, set the correct stratum, reply stratum field n+1 NTP package, after the client receives, confirm stratum valid, the time update successfully.

In the case where the NTPD parent server is unavailable, NTPD simulates the native clock service as a superior NTP server, Address using loopback 127.127.1.0, after a few minutes of service startup, ntpd updated the clock from 127.127.1.0, set a valid stratum, and after the client receives, the time is updated successfully.

Second, install the NTP package

Check that the NTP Service pack is installed

# Rpm-qa | grep NTP

Manual installation If no installation is required

# RPM-IVH ntp-4.2.2p1-5.el5.rpm

Third, modify the configuration file vi/etc/ntp.conf

The server field is the time-of-service server-side address or host name, and NTP reads from the file sequentially, using only the subsequent servers if it fails.

Server 210.72.145.44 #这是中国国家授时中心的IP
Server 0.uk.pool.ntp.org
Server 1.uk.pool.ntp.org

You can use prefer to set a server as a priority server

Server time-nw.nist.gov prefer

The local clock can also be processed as an external clock source, with 127.127.1.0,stratum as the time level, the local clock source level is set to 1, and if the NTPD service obtains time from the local clock source, the NTPD announces a time level of 2.

Server 127.127.1.0
Fudge 127.127.1.0 Stratum 1

The restrict parameter is used for permission control in the form

Restrict IP address Subnet mask parameter

Example:

Restrict 192.168.0.0 mask 255.255.0.0 nomodify

Where IP can be an IP address, or it can be the default, referring to all IP

The parameters are as follows:

Ignore: Denies all types of NTP connections;
Nomodfiy: The client can not use the NTPC and NTPQ to modify the time parameters of the server, but the user can still use this host to network school;
Noquery: The client can not use NTPQ,NTPC and other commands to query the publishing server, equal to the network power of the NTP not provided;
Notrap: does not provide the ability to trap this remote event mailbox (event log).
Notrust: Rejects the client without authentication.
Note: If the parameter is not set, it means that the IP or subnet is not subject to any restrictions!

In the actual configuration, we first reject all actions for the default client

Restrict default Kod nomodify notrap nopeer noquery

Then allow the native address to all the operations

Restrict 127.0.0.1

Finally, we allow all clients in the LAN to connect to this server for synchronization time. But refused to let them modify the time on the server

Restrict 192.168.1.0 mask 255.255.255.0 nomodify

By adding these three strips to/etc/ntp.conf, we have completed our simple configuration. NTP can also use the key to do the authentication, here is not detailed introduction

the role of Driftfile :

Each system clock has a small error in frequency, which is why the machine is not accurate after a period of time. NTP automatically monitors the error values of our clocks and adjusts them. But the problem is that this is a lengthy process, so it writes the recorded error first to Driftfile. So that the results of the calculations will not be lost even after you reboot.

Iv. NTP service startup

Perform a ntpq-p or watch ntpq-p command to view the results with a superior NTP pair

Watch Ntpq-p
Every 2.0s:ntpq-p Sat 7 00:41:45 2007
Remote refID St T when poll reach delay offset jitter
===========================================================
+193.60.199.75 193.62.22.98 2 U 52 64 377 8.578 10.203 289.032
*mozart.musicbox 192.5.41.41 2 U 54 64 377 19.301-60.218 292.411

Parameter interpretation

Position	Sign	Meaning
Before remote	*	Responding to the NTP server and the most accurate server
	+	The NTP server that responds to this query request
	Blank (space)	No response to the NTP server
Above list	Remote	The name of the NTP server in response to this request
	refID	The name of a higher-level server used by the NTP server
	St	The level of the NTP server that is responding to the request
	When	The number of seconds since the last successful request
	Poll	Local and remote server how much time to synchronize, in seconds, at the beginning of the NTP run time this poll value will be relatively small, server synchronization frequency, can be adjusted to the correct time range as soon as possible, after the poll value will gradually increase, the frequency of synchronization will be correspondingly reduced
	Reach	Used to test the ability to connect to a server, which is an octal value, and the value of each successful connection increases
	Delay	Roundtrip time to send synchronization requests from the local machine to the NTP server
	Offset	The time offset of the host through the NTP clock synchronization with the synchronized time source, in milliseconds, the closer the offset is to 0, the closer the host and the NTP server time
	Jitter	The distribution of offset in a particular contiguous number of connections is counted. Simply put, the smaller the absolute value, the more accurate the host time

V. Client-to-time

Use the following command

Ntpdate 172.30.218.114

Write it to crontab, such as

8 * * * root/usr/sbin/ntpdate 172.30.218.114; /sbin/hwclock-w

Linux NTP service configuration