Linux time synchronization

Summary:

GMT/UTC/CST;

/etc/localtime,/usr/share/zoneinfo/* time zone file,/etc/profile plus TZ variable;

Hardware time RTC, system time; date,hwclock,tzselect;

NTP relay SERVER;RPM–IVH ntp-*;ntpdate 0.uk.pool.ntp.org; Ntpq–p,watch ntpq–p;

/ETC/NTP.CONF;/ETC/INIT.D/NTPD start;chkconfig--level ntpd on;service ntpd status;

Setting up an NTP server is not difficult, but NTP itself is a very complex protocol.

1.time and time zone
If someone asks you what time it is, You looked at the watch and replied that he said it was 8 o'clock in the evening. It doesn't seem to be a problem, but if you ask this person in Europe then your answer will make him wonder, because he's still in the sun.
Here there is the creation of aHow to define the question of timeThe time of sunrise and sunset around the world is not the same in the 24 hours that the Earth revolves around the sun. So we have to divide the time zone (timezone) is necessary, that is,the world is divided into 24 different time zones. So we can interpret the definition of time as a time value plus the local time zone (note that this location can be accurate to the city)
We've all learned about geography class.Greenwich mean GMT (GMT),It is also0Time Zone. But what we often see in computers isUTC.It is coordinated Universal timeThe shorthand. Although the values of UTC and GMT can be considered equal (the error is quite small), UTC has been identified as an international standard, so we should all abide by the standards using only UTC
So if the local time in China now is 8 o'clock in the evening, we can have the following two ways to express
20:00 CST 
12:00pm UTC
Here'sCSTIt's Chinese standard time, which is what we usually call Beijing. Because China is in the utc+8 time zone, and so on and so on is UTC.
Why do you say this?
First, regardless of the time that we want to synchronize the system through any channel, usually the provider gives only the utc+0 time value and does not provide the time zone (because it does not know where you are). So when we set the system time, setting the timezone is the first thing to do.
Second, many countries have daylight saving time (which I remember when I was a child), that is, one day of the year when the clock dials for an hour (for example, from Utc+8 to utc+9), then the same time will have to slow back again. If we set the correct timezone, The system automatically adjusts for us when we need to change the time.
Now let's take a look at how to set the TimeZone under Linux, which is time zone

2. How to set the Linux time Zone
Under Linux glibc provides a number of pre-compiled timezone files , they are placed in the/usr/share/zoneinfo directory, which basically covers most of the countries and cities

# ls-f/usr/share/zoneinfo/
Africa/chile/factory Iceland Mexico/posix/universal
AMERICA/CST6CDT GB indian/mideast/posixrules us/
Antarctica/cuba gb-eire Iran MST PRC UTC
Arctic/eet GMT iso3166.tab mst7mdt PST8PDT WET
Asia/egypt GMT0 Israel Navajo right/w-su
Atlantic/eire GMT-0 Jamaica NZ ROC Zone.tab
Australia/est gmt+0 Japan nz-chat ROK Zulu
Brazil/est5edt Greenwich Kwajalein Pacific/singapore
Canada/etc/hongkong Libya Poland Turkey
CET europe/hst MET Portugal UCT

Here we can find the time zone file for our city. So, if we want to see the current time for each of these times, we can use the Zdump command.

# Zdump Hongkong
Hongkong Fri Jul 6 06:13:57 HKT

So how do we tell the system where we are in time zone? There are many ways to do this, and here are two
The first one is to modify the/etc/localtime file, which defines the local time zone where I am located.
We can find our time zone file under/usr/share/zoneinfo and copy it to/etc/localtimezone (or a symbolic link).
Suppose we now have a time zone of BST (that is, the UK daylight Savings, utc+1)

# date
Thu Jul 5 23:33:40 BST 2007 We want to change the time zone to Shanghai's timezone.

# Cp/usr/share/zoneinfo/asia/shanghai/etc/localtime
# date
Fri Jul 6 06:35:52 CST 2007 the time zone is changed (note that the time has been adjusted accordingly)
the second method also sets the value of the TZ environment variable . Many programs and commands will use the value of this variable. The value of TZ can be in many formats, and the simplest way to set it is to use the Tzselect command

# Tzselect
...

You can make the permanent to yourself by appending the line
tz= ' Asia/hong_kong '; (Permission denied?) Export TZ
To the file '. Profiles ' in your home directory; Then logs out and logs in again.

TZ the value of the variable is override/etc/localtime. This means that when the TZ variable is not defined, the system uses/etc/localtime to determine time zone. so if you want to change the time zone permanently, then you can write the TZ variable's settings to/etc/profile.

3. Real Time Clock (RTC) and System Clock
and said set time. Another concept is that we have two clocks on a single computer: A hardware time clock (RTC) and a system clock
hardware clock refers to the special circuit embedded in the motherboard, it is usually the reason why we can calculate the time after we shut down the machine
The system clock is the clock that the kernel of the operating system uses to calculate the time. It is from 1970 January 1 00:00:00 UTC time to the value of the sum of seconds so far under Linux system time at boot time and hardware time synchronization (synchronization), And then they run their own.
So since two clocks run alone, then the time will inevitably produce errors, let's look at an example

# date
Fri Jul 6 00:27:13 BST 2007

[Email protected]/]# Hwclock--help
Hwclock-query and set the hardware clock (RTC)

Usage:hwclock [function] [options ...]

Functions:
--help Show this Help
--show read hardware clock and print result
--set set the RTC to the time given with--date
--hctosys set the system time from the hardware clock
--SYSTOHC set the hardware clock to the current system time
--adjust Adjust the RTC to account for systematic drift since
The clock is last set or adjusted
--getepoch print out the kernel ' s hardware clock epoch value
--setepoch set the kernel ' s hardware clock epoch value to the
Value given with--epoch
--version print out the version of Hwclock to stdout

Options:
 --utc         The hardware clock is kept in coordinated Universal Time
 --localtime   the hardware clock is kept in local time
 --DIRECTISA &NBS P Access the ISA bus directly instead OF/DEV/RTC
 --badyear     ignore RTC ' s year because the BIOS is broken
 --date        specifies the time to which to set the hardware Clock
 --epoch=year  Specifies the year which is the beginning of the
     & nbsp;          hardware clock ' s epoch value
 --noadjfile    do not access/etc/adjtime. Requires the use of
                Either--UTC or--localtime

# Hwclock--show
Fri 12:27:17 AM BST-0.968931 seconds by hwclock--show command we can see the hardware time on the machine (always in local time zone) and we can see it and the system There is still some error, then we need to synchronize them
# Hwclock–hctosys Set hardware time to system time

# HWCLOCK–SYSTOHC Set the system time to hardware time

# Hwclock--set--date= "Mm/dd/yy hh:mm:ss" Set hardware time we can set it up in the BIOS when booting. You can also use the Hwclock command

# date-s "Dd/mm/yyyy hh:mm:ss" It's easiest to modify the system time with the date command.

Now we know how to set the system and hardware time. But the question is, what if these two times are inaccurate? Then we need to find a server on the Internet that can provide us with accurate time and then synchronize our system time with a protocol, then this Protocol is NTP . The next thing we need to talk about is the synchronization between the system time and the network server.

4. Preparation before setting up NTP server
In fact this title should be changed to set "NTP Relay Server" before the preparation more appropriate. Because no matter how well our computer is configured to run for a long time, there will be errors, so it is not enough to make NTP server for other servers on the Internet. The true ability to accurately measure time is still an atomic clock . But because atomic clocks are so expensive that only a small number of organizations have them, they connect to the computer and become a real NTP Server. All we have to do is connect to these servers to synchronize the time of our system and then make our own servers into NTP Relay server and then provide synchronization services to the Internet or to users in the LAN.

1). to set up an NTP Relay server is actually very simple, we first put the required RPM packaging

# RPM-IVH ntp-4.2.2p1-5.el5.rpm

2). Find the NTP server that provides synchronization services to us on the internet, http://www.pool.ntp.org is the official NTP website, where we can find the nearest NTP server from our city. NTP recommends that we find at least two NTP servers in order to guarantee the accuracy of the time
So for example, in the UK, you can choose the following two servers
0.uk.pool.ntp.org
1.uk.pool.ntp.org
Its general format is number.country.pool.ntp.org.

China's NTP server address:

Server 133.100.11.8 prefer
Server 210.72.145.44
Server 203.117.180.36
Server 131.107.1.10
Server time.asia.apple.com
Server 64.236.96.53
Server 130.149.17.21
Server 66.92.68.246
Server www.freebsd.org
Server 18.145.0.30
Server Clock.via.net
Server 137.92.140.80
Server 133.100.9.2
Server 128.118.46.3
Server ntp.nasa.gov
Server 129.7.1.66
Server ntp-sop.inria.fr

Server (National Service Center IP address)

3). Synchronize with these servers before opening the NTP server, so that our machine's time is as close as possible to standard time. We can use the Ntpdate command here.

# ntpdate 0.uk.pool.ntp.org
6 Jul 01:21:49 ntpdate[4528]: Step time Server 213.222.193.35 offset-38908.575181 sec
# ntpdate 0.pool.ntp.org
6 Jul 01:21:56 ntpdate[4530]: Adjust time server 213.222.193.35 offset-0.000065 sec

If you have an outrageous time difference, you will see a larger adjustment at the first, so it is safe to run two times. So why run synchronization manually before you open the NTP service?
1. Because according to NTP settings, if your system time is faster than the correct time, then NTP will not help you adjust, so either you set the time back, or do a manual synchronization
2. When your time setting differs greatly from the NTP server, NTP takes a long time to adjust. So manual synchronization can reduce this time

5. Configure and run NTP Server
Now we're going to create the NTP configuration file, which is/etc/ntp.conf. All we need to do is join the NTP server above and a driftfile.

# vi/etc/ntp.conf
Server 0.uk.pool.ntp.org
Server 1.uk.pool.ntp.org
Driftfile/var/lib/ntp/ntp.drift

It's very simple. Next we start the NTP Server and set it to run automatically after powering on

#/ETC/INIT.D/NTPD Start
# chkconfig--level ntpd on

6. View the health of the NTP service
Now that we have started the NTP service, is our system time synchronized with the server? This NTP provides a good viewing tool: NTPQ (NTP query)
I recommend that you run the NTPQ command after you open the NTP server to monitor the operation of the server. Here we can use the Watch command to see the changes in server values over time

# Watch Ntpq-p
Every 2.0s:ntpq-p Sat 7 00:41:45 2007
Remote refID St T when poll reach delay offset jitter
==============================================================================
+193.60.199.75 193.62.22.98 2 U 52 64 377 8.578 10.203 289.032
*mozart.musicbox 192.5.41.41 2 U 54 64 377 19.301-60.218 292.411

Now I'm going to explain what it means.
Remote: It refers to an NTP server that is connected to the local machine
refID: It refers to a server that provides time synchronization to a remote server (e.g. 193.60.199.75)
ST: the level of the remote server. Because NTP is a layered structure, there is a top-level server, multi-tier relay server, and then to the client. So the server can be set to 1-16 from the high to the low level. To slow down the load and network congestion, you should avoid connecting directly to a Level 1 server in principle.
T: this ..... I don't know what it means, ^_^.
When: I personally think of it as a timer to tell us how long the local machine needs to synchronize with the remote server once
Poll: How much time the local and remote servers synchronize (in seconds). The poll value will be smaller at the beginning of the NTP run, and the frequency of synchronization with the server will increase, as soon as possible to the correct time range. Then the poll value will gradually increase and the frequency of synchronization will decrease correspondingly.
Reach: This is an octal value that is used to test whether a connection to the server can be made. Each successful connection will increase its value
Delay: Round trip time to send synchronization requests from the local machine to the server
Offset: This is the most critical value, which tells us the time difference between the local machine and the server. The closer the offset is to 0, the closer we get to the server.
Jitter: This is a value used to do statistics. It counts the distribution of offset in a particular contiguous number of connections. To put it simply, the smaller the absolute value, the more accurate the time we have and the server.
Then the careful words will find two questions: The first we connect is 0.uk.pool.ntp.org why and remote server is not the same? What does the second and last + and * mean?
The first question is not difficult to understand, because NTP provides us with a cluster server so every connection to the resulting server may be different. This also tells us that you should use hostname instead of IP when specifying NTP server
The second question is related to the first one, since there are so many servers that are designed to serve us properly in the event of a problem. So how do you know the state of these servers? This is the message that the first sign will tell us.
*
It tells us that the remote server has been identified as our primary NTP server and that the time of our system will be provided by this machine
+
It will provide synchronization services for us as a secondary NTP server along with the server with the * number. When the * server is unavailable, it can take over
-
The remote server was clustering algorithm considered to be a non-conforming NTP server
X
Remote server not available
Knowing this, we can monitor the time synchronization of our system in real time.

7. NTP Security Settings
Running an NTP server does not require a lot of system resources, so you can provide time synchronization services to many clients without having to specifically configure a separate server, but some basic security settings are necessary.
So here's a very simple idea is the first we allow only a subset of the local area network users to connect to our server. The second one is that these clients can't modify the time on our servers.
In the/etc/ntp.conf file we can use the Restrict keyword to configure the above requirements
First, we reject all actions for the default client

Restrict default Kod nomodify notrap nopeer noquery
Then allow the native address to all the operations

Restrict 127.0.0.1
Finally, we allow all clients in the LAN to connect to this server for synchronization time. But refused to let them modify the time on the server

Restrict 192.168.1.0 mask 255.255.255.0 nomodify
By adding these three strips to/etc/ntp.conf, we have completed our simple configuration. NTP can also use key to do Authenticaiton, here is not detailed introduction

8. settings for NTP client
To do this we already have a relay server of our own. If we want to make time synchronization for other clients in the LAN, then we should build another relay server, and then point all the client to both servers ( Be careful not to point all the clients to servers on the Internet. Just add your own server to the client's ntp.conf.

Code:
Server ntp1.leonard.com
Server ntp2.leonard.com
9. Some additions and supplements
1. What is driftfile in the configuration file?
Each of our system clock frequency has a small error, this is why the machine is running for a period of time is not accurate. NTP automatically monitors the error values of our clocks and adjusts them. But the problem is that this is a lengthy process, so it writes the recorded error first to Driftfile. So that the results of the calculations will not be lost even after you reboot.
2. How do I synchronize my hardware clock?
NTP typically synchronizes only the system clock. But if we're going to synchronize the RTC, then we just need to open the options below.

You can check whether your NTP service is started by Ps–ef |grep NTP or by using PGREP–LF NTP. The NTP can then be detected by the Snoop command.
Snoop |grep–i NTP for detection.
After the NTP service is established, the NTP service can be managed with 2 tool commands.
One is NTPQ is an interactive application command, under which there are many subcommands available for everyone to use. Use peers to view the synchronization process. If you need additional commands, you can enter help to view them. There is also a tool command that is ntpdate This command is commonly used by clients of NTP. You can see the synchronization information for NTP in/var/adm/messages. If you need more detailed information about NTPQ and ntpdate, you can use man to help with queries.

Linux time synchronization