LINUXT system NTP time server environment configuration

Environment:

NTP Server:centos 6.6 x86_64 192.168.8.250
NTP Client:centos 6.6 x86_64 192.168.8.90

First, NTP introduction

1.NTP Service Introduction

NTP (the network time Protocol) is a network time protocol for synchronizing computers in a network.
It is negotiated with a specific algorithm through UDP packet switching, which keeps the time on the computer consistent with the time on the server. Through the Internet it supports the error is 10ms, LAN can reach 200 microseconds.
NTP time server is divided into layers, from 0 to 4, each layer in turn with the previous server synchronization, the highest level of the server directly connected to a high-precision time equipment, such as atomic clocks, GPS or radio waves.
Build your own time server needs to specify an upper-level time server, and then it can provide synchronization services to other machines within the LAN.

2.NTP Time Synchronization Mode selection

NTP synchronization is generally two types of Linux: Use the ntpdate command to synchronize directly and use the NTPD service to smooth synchronization. The difference between the two is as follows:
An existing device, the system time is 13:00, the real current time (ready to sync the Superior time server) is 12:30. If we use Ntpdate synchronization (ntpdate-u target NTP server IP), the operating system time is immediately updated to 12:30, if our system has a scheduled time to update the task, is running at 12:140 every day, then actually today this task has been run ( The current time is 12:00, and is now modified to 12:30 by ntpdate, which means that after 10 minutes, another task will be performed. This is risky in a production environment, such as a database record write time. The way to solve this problem is to change the time smoothly, not to let the one-hour point in a day to experience two times, this is the NTPD service way to smooth synchronization time, it each synchronization time offset is not too steep, is slowly.

Second, the installation

Official website: http://www.ntp.org/
You can use a compile installation or you can install it directly using Yum
#. Compile Installation

Version number: NTP-4.2.8P2
Cd/usr/local/src
wget http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.8p2.tar.gz
TAR-ZXVF ntp-4.2.8p2.tar.gz
CD NTP-4.2.8P2
./configure--PREFIX=/USR/LOCAL/NTP--enable-all-clocks--enable-parse-clocks
Make-j3 && make Install

#yum安装
Yum-y Install NTP
Chkconfig ntpd on

Third, the configuration file

1, NTP default configuration file/etc/ntp.conf
# For more information about this file, to the man pages
# ntp.conf (5), NTP_ACC (5), Ntp_auth (5), Ntp_clock (5), Ntp_misc (5), Ntp_mon (5).
Driftfile/var/lib/ntp/drift
# Permit time synchronization with my time source, but does not
# permit the source to query or modify the service on this system.
Restrict default Kod nomodify notrap nopeer noquery
restrict-6 default Kod nomodify notrap nopeer noquery
# Permit All access over the loopback interface. This could
# be tightened as but, would effect some of
# the administrative functions.
Restrict 127.0.0.1
Restrict-6:: 1
# Hosts on the local network are less restricted.
#restrict 192.168.1.0 Mask 255.255.255.0 nomodify notrap
# Use public servers from the Pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
Server 0.centos.pool.ntp.org Iburst
Server 1.centos.pool.ntp.org Iburst
Server 2.centos.pool.ntp.org Iburst
Server 3.centos.pool.ntp.org Iburst
#broadcast 192.168.1.255 AutoKey # Broadcast Server
#broadcastclient # Broadcast Client
#broadcast 224.0.1.1 AutoKey # Multicast Server
#multicastclient 224.0.1.1 # Multicast Client
#manycastserver 239.255.254.254 # Manycast Server
#manycastclient 239.255.254.254 AutoKey # manycast Client
# Enable Public Key cryptography.
#crypto
Includefile/etc/ntp/crypto/pw
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
Keys/etc/ntp/keys
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
# Specify the key identifier to use with the NTPDC utility.
#requestkey 8
# Specify the key identifier to use with the NTPQ utility.
#controlkey 8
# Enable writing of Statistics records.
#statistics clockstats cryptostats loopstats peerstats

2, NTP configuration file/etc/ntp.conf description

1) Restrict

You can use restrict control permissions in the ntp.conf file by setting the following:
Restrict [IP] mask [Netmask IP] [Parameter]
Restrict <ip address > < subnet mask > | < network segment > < subnet mask > [Ignore | noquery | notrap | nomodiy | notrust | nokod]
Parameter parameter explanation:
Ignore rejects all types of NTP connections;
Nomodiy clients cannot change the time parameters of the NTP server, which means that the client cannot modify the server using both NTPC and NTPQ processes. But the client can still make network corrections through this host.
Noquery client can not use NTPQ, NPTC and other instructions to query time server, equal to do not provide NTP network correction services;
Notrap does not provide a trap for this remote event login (Sqlremote event logging) feature
Notrust rejects no authenticated client
Restrict Configuration Example:
# Allow all local operations
Restrict 127.0.0.1
Restrict-6:: 1
#允许的局域网络段
Restict 10.0.0.0 Mask 255.0.0.0 nomodify notrap
Restrict 192.168.0.0 maks 255.255.0.0 nomodify notrap
#开放这个网段 (192.168.1.1 ~ 192.168.1.255) but cannot be modified
Restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
#开放这个 (192.168.1.1) IP but cannot be modified
Restrict 192.168.1.1 mask 255.255.255.0 nomodify notrap
2) Server
Server set up the top NTP server, set the way:
Server [IP or Hostname] [prefer]
IP or hostname can be connected at the back end of the server, Perfer for optimal use.

Server Example:

#使用上层internet NTP server
Server 220.130.158.71 prefer
Server 220.130.158.51
#如果无法与上层ntp server traffic takes local time as the standard Time
Server 127.127.1.0 #local Clock
Fudge 127.127.1.0 Stratum 10
3) Driftfile
Driftfile record time error, set the way as follows:
Driftfile [Directories and documents that can be written ntpd]
Because the default NTP server itself is calculated based on the frequency of the BIOS chip oscillation cycle, this value does not necessarily coincide with the upper-level time server, so the NTP daemon (NTPD) automatically calculates the frequency of our own host and the upper The frequency of the server, and record the error of two frequencies, the records are recorded in the complete file after Driftfile.
Attention:
The file after the driftfile need to use the full path file name;
This file cannot be a link file.
The file needs to be set to ntpd this daemon can write permissions;
The number of units recorded in this file is: One out of 10,000 seconds (ppm).

3. Operation Management

Start Service/etc/init.d/ntpd Start
View the health of the NTP service
Watch Ntpq-p

Parameter description:
*: Response to the NTP server to the exact server
Remote: It refers to the long-range NTP server that the local machine is connected to
refID: It refers to a server that provides time synchronization for a remote server (eg.210.72.145.44)
ST: the layer Level (stratum) of the remote server. Because NTP is a layered structure, there are top servers, multi-tier relay server to client. So the server can be set to 1-16 from high to low. To slow down load and network congestion, you should avoid connecting directly to servers with level 1 in principle.
When: number of seconds since last successful request to now
Poll: How much time does the local machine and the remote server synchronize (in seconds). At the start of the NTP when the poll value will be relatively small, so the frequency of synchronization with the server has increased, can be adjusted as soon as possible to the normal time range. The poll value will increase gradually, and the frequency of synchronization will decrease correspondingly.
Reach: This is a octal value that is used to test the connection to the server and increases the value of each successful connection.
Offset: This is the most critical value, which tells us the time difference between the local machine and the server. The closer the offset is to 0, the closer we are to the server.
Jitter: This is a statistical value, which counts the distribution of offset in a given number of consecutive connections, and simply the smaller the absolute value of the value, the more accurate the time between us and the server.

Four, client synchronization
Sync command:

Ntpdate 192.168.8.250 (Time server IP)
Automatic sync Time:
Crontab-e
0 1 * * */usr/sbin/ntpdate 192.168.8.250 daily 1 o'clock in the morning sync time
NTP configuration file
/etc/ntp.conf
NTP related files and directories
/usr/share/zoneinfo/
This directory is not provided by NTP, but is provided by Linux itself, and the files in this directory specify the major time setting files. For example, Taiwan's time zone settings file in/usr/share/zoneinfo/asia/taipei, this directory is the file with the following to describe the two files clock and localtime are related.
/etc/sysconfig/clock
This file is not provided by NTP, but Linux is the main time zone settings file, each time Linux will automatically read the file to set its own system preset to display the time. In mainland China, the first line should be "zone=" Asia/shanghai "", which means that our time setting file will use/usr/share/zoneinfo/asia/shanghai Setup files
/etc/localtime
This file is the local time setting file, clock file contains the use of the time set file for/usr/share/zoneinfo/asia/shanghai, the Linux system will shanghai that file to copy a/etc/ LocalTime, the system time display will be Shanghai that time set the document to be accurate.
/bin/date
This is a common date and time related instruction on Linux.
/sbin/hwclock
This is a command that can be executed by root, because the BIOS time on the Linux system is separate from the time on the Linux system, so you need to use Hwclock to write the modified time to the BIOS after adjusting the time using date.
/usr/sbin/ntpd
This is the main daemon file for NTP, which is to be launched to provide NTP service.
/usr/sbin/ntpdate
This is the primary execution file that the client uses to connect to the NTP server, and this instruction is only used if you do not want to enable NTP to use only the NTP client feature.
/usr/sbin/ntptrace
This command can be used to track a time server time correspondence