Linux time server

Zhou haihan
/Text

2010.3.30

 

For multiple Linux servers, it is necessary to maintain time consistency. According to the precision requirements, there should be a corresponding time interval for time synchronization. If you do not perform time synchronization, it will be very different after a long time and difficult to locate the problem. Due to the cooperation of multiple devices, logs may have causes and consequences, and time is an important basis for synchronization events.

 

Generally, a time server can be set for a device in a data center to regularly obtain the time from a standard time server. Other servers can synchronize data from this server through an intranet connection. In this way, not only the time will be consistent, but also take care of some devices without a public network.

 

Test System:

[Root @ test ~] # Cat/etc/* release
Centos release 5.2 (final)

 

[Root @ test ~] # Rpm-qf/usr/sbin/ntpd
Ntp-4.2.2p1-8.el5.centos.1

During installation, make sure that the NTP package has been installed.

 

Start the server

If ntpd has been installed, you can start it directly:

[Root @ test ~] # Service ntpd start
Starting ntpd: [OK]

 

At the same time, check the configuration file. centos is configured by default.

[Root @ test ~] # Vi/etc/NTP. conf

Server 0.centos.pool.ntp.org

Driftfile/var/lib/NTP/drift

Keys/etc/NTP/keys

 

Check whether the time server is available:

[Root @ test ~] # Ping 0.centos.pool.ntp.org
Ping 0.centos.pool.ntp.org (74.88.39.htm) 56 (84) bytes of data.
64 bytes from ool-4a5827e8.dyn.optonline.net (74.88.39.htm): icmp_seq = 1 TTL = 54 time = 251 MS
If not, determine whether the network can be connected to the Internet. Check whether domain name resolution is configured.

[Root @ test ~] # Cat/etc/resolv. conf
Nameserver 8.8.8.8

 

Set ntpd auto-start

[Root @ test ~] # Find/etc/rc. d/-name "* ntpd"
/Etc/rc. d/rc6.d/k74ntpd
/Etc/rc. d/init. d/ntpd
/Etc/rc. d/rc3.d/k74ntpd
/Etc/rc. d/rc4.d/k74ntpd
/Etc/rc. d/rc5.d/k74ntpd
/Etc/rc. d/rc2.d/k74ntpd
/Etc/rc. d/rc1.d/k74ntpd
/Etc/rc. d/rc0.d/k74ntpd
[Root @ test ~] #/Sbin/chkconfig -- level 345 ntpd on
[Root @ test ~] #! Find
Find/etc/rc. d/-name "* ntpd"
/Etc/rc. d/rc6.d/k74ntpd
/Etc/rc. d/init. d/ntpd
/Etc/rc. d/rc3.d/s58ntpd
/Etc/rc. d/rc4.d/s58ntpd
/Etc/rc. d/rc5.d/s58ntpd
/Etc/rc. d/rc2.d/k74ntpd
/Etc/rc. d/rc1.d/k74ntpd
/Etc/rc. d/rc0.d/k74ntpd
It indicates that three levels of 3, 4 and 5 can be automatically started.

 

Check Firewall

[Root @ test ~] # Iptables-l

Configure NTP port 123 for a strict firewall:

[Root @ test ~] # Iptables-A input-p udp -- dport 123-J accept
[Root @ test ~] # Iptables-l
Chain input (Policy accept)
Target prot opt source destination
Accept UDP -- anywhere Anywhere udp dpt: NTP

 

Client Configuration

The client uses ntpdate for update and is configured in crontab. Determine the frequency as needed. Set crontab on each device that requires synchronization time

[Root @ test1 ~] # Crontab-e

 

00 00 ***/usr/sbin/ntpdate 192.168.12.31

 

192.168.12.31 is the Intranet address of the test server.

Crontab sets the synchronization time at every day.

To ensure that the time server is available, run the command in the command line first.

[Root @ test1 ~] # Ntpdate 192.168.12.31
30 mar 17:45:24 ntpdate [16495]: Step time server 192.168.12.31 offset 0.694312 Sec
[Root @ test1 ~] # Date
Tue Mar 30 17:45:37 CST 2010

The synchronization time is successful.