Preparation before setting up NTP server
In fact this title should be changed to set "NTP Relay Server" before the preparation more appropriate. Because no matter how well our computer is configured to run for a long time, there will be errors, so it is not enough to make NTP server for other servers on the Internet. The true ability to accurately measure time is still an atomic clock. But because atomic clocks are so expensive that only a small number of organizations have them, they connect to the computer and become a real NTP Server. All we have to do is connect to these servers to synchronize the time of our system and then make our own servers into NTP Relay server and then provide synchronization services to the Internet or to users in the LAN.
1). To set up an NTP Relay server is actually very simple, we first put the required RPM packaging
[[email protected] ~]# Yum install NTP
Installing:
NTP x86_64 4.2.6p5-2.el6.centos Updat Es 593 k
Installing for dependencies:
Ntpdate x86_64 4.2.6p5-2.el6.centos Updat Es k
[[email protected] ~]# RPM-QL NTP
/etc/dhcp/dhclient.d
/etc/dhcp/dhclient.d/ntp.sh
/etc/ntp.conf
/etc/ntp/crypto
/etc/ntp/crypto/pw
/etc/rc.d/init.d/ntpd
/etc/sysconfig/ntpd
/usr/bin/ntpstat
/usr/sbin/ntp-keygen
/usr/sbin/ntpd
/usr/sbin/ntpdc
/usr/sbin/ntpq
/usr/sbin/ntptime
/usr/sbin/tickadj
/var/lib/ntp
/var/lib/ntp/drift
/var/log/ntpstats
[Email protected] ~]# RPM-QL ntpdate
/etc/ntp
/etc/ntp/keys
/etc/ntp/step-tickers
/etc/rc.d/init.d/ntpdate
/etc/sysconfig/ntpdate
/usr/sbin/ntpdate
2). Find the NTP server that provides synchronization services to us on the internet, http://www.pool.ntp.org is the official NTP website, where we can find the nearest NTP server from our city. NTP recommends that we find at least two NTP servers in order to guarantee the accuracy of the time.
The following is a Chinese, two Asian
Server 2.cn.pool.ntp.org
Server 1.asia.pool.ntp.org
Server 3.asia.pool.ntp.org
Here are some other optional
Server 133.100.11.8 prefer
Server 210.72.145.44
Server 203.117.180.36
Server 131.107.1.10
Server time.asia.apple.com
Server 64.236.96.53
Server 130.149.17.21
Server 66.92.68.246
Server www.freebsd.org
Server 18.145.0.30
Server Clock.via.net
Server 137.92.140.80
Server 133.100.9.2
Server 128.118.46.3
Server ntp.nasa.gov
Server 129.7.1.66
Server ntp-sop.inria.fr
Server (National Service Center IP address)
3). Make a synchronization with these servers before opening the NTP server, so that our machine's time is as close as possible to standard time. We can use the Ntpdate command here.
# # # #假如你的时间差的很离谱的话第一次会看到调整的幅度比较大, so it's safe to run two times. So why run synchronization manually before you open the NTP service?
1. Because according to NTP settings, if your system time is faster than the correct time, then NTP will not help you adjust, so either you set the time back, or do a manual synchronization
2. When your time setting differs greatly from the NTP server, NTP takes a long time to adjust. So manual synchronization can reduce this time
[[Email protected] ~]# Date
Mon Feb 03:28:27 EST 2015
[Email protected] ~]# ntpdate 2.cn.pool.ntp.org
01:50:10 ntpdate[6018]: Step time server 202.112.31.197 offset 858068.183303 sec
[[Email protected] ~]# Date
Thu Feb 01:51:01 EST 2015
[Email protected] ~]# ntpdate 2.cn.pool.ntp.org
01:53:12 ntpdate[6021]: Adjust time server 202.112.29.82 offset 0.010526 sec
[[Email protected] ~]# Date
Thu Feb 01:53:16 EST 2015
Configuring and Running NTP Server
Now we're going to create the NTP configuration file, which is/etc/ntp.conf. All we need to do is join the NTP server above and a driftfile.
# vi/etc/ntp.conf
Server 0.uk.pool.ntp.org
Server 1.uk.pool.ntp.org
Driftfile/var/lib/ntp/ntp.drift
# # # #非常的简单. Next we start the NTP Server and set it to run automatically after powering on
# # #两种启动方式都可以
[[email protected] ~]#/etc/init.d/ntpd start
[Email protected] ~]# chkconfig--level ntpd on
[[Email protected] ~]# service NTPD start
Starting ntpd: [OK]
[email protected] ~]# Watch Ntpq-p
[Email protected] ~]# ntpq-p
Remote refID St T when poll reach delay offset jitter
==============================================================================
gus.buptnet.edu 202.112.10.60 3 u 15 64 3 88.266 8.172 0.832
Ns1.verd.co.id 202.162.32.12 3 u 14 64 3 210.501-13.741 2.086
Ktdns.cdnetwork 131.107.13.100 2 U 12 64 3 76.944 7.119 2.529
[[Email protected] ~]# Date
Thu Feb 01:58:51 EST 2015
Now I'm going to explain what it means.
Remote: It refers to an NTP server that is connected to the local machine
refID: It refers to a server that provides time synchronization to a remote server (e.g. gus.buptnet.edu)
ST: the level of the remote server. Because NTP is a layered structure, there is a top-level server, multi-tier relay server, and then to the client. So the server can be set to 1-16 from the high to the low level. To slow down the load and network congestion, you should avoid connecting directly to a Level 1 server in principle.
T: this ..... I don't know what it means, ^_^.
When: I personally think of it as a timer to tell us how long the local machine needs to synchronize with the remote server once
Poll: How much time the local and remote servers synchronize (in seconds). The poll value will be smaller at the beginning of the NTP run, and the frequency of synchronization with the server will increase, as soon as possible to the correct time range. Then the poll value will gradually increase and the frequency of synchronization will decrease correspondingly.
Reach: This is an octal value that is used to test whether a connection to the server can be made. Each successful connection will increase its value
Delay: Round trip time to send synchronization requests from the local machine to the server
Offset: This is the most critical value, which tells us the time difference between the local machine and the server. The closer the offset is to 0, the closer we get to the server.
Jitter: This is a value used to do statistics. It counts the distribution of offset in a particular contiguous number of connections. To put it simply, the smaller the absolute value, the more accurate the time we have and the server.
Then the careful words will find two questions: The first we connect is 0.uk.pool.ntp.org why and remote server is not the same? What does the second and last + and * mean?
The first question is not difficult to understand, because NTP provides us with a cluster server so every connection to the resulting server may be different. This also tells us that you should use hostname instead of IP when specifying NTP server
The second question is related to the first one, since there are so many servers that are designed to serve us properly in the event of a problem. So how do you know the state of these servers? This is the message that the first sign will tell us.
*
It tells us that the remote server has been identified as our primary NTP server and that the time of our system will be provided by this machine
+
It will provide synchronization services for us as a secondary NTP server along with the server with the * number. When the * server is unavailable, it can take over
-
The remote server was clustering algorithm considered to be a non-conforming NTP server
X
Remote server not available
Knowing this, we can monitor the time synchronization of our system in real time.
NTP security settings
Running an NTP server does not require a lot of system resources, so you can provide time synchronization services to many clients without having to specifically configure a separate server, but some basic security settings are necessary.
So here's a very simple idea is the first we allow only a subset of the local area network users to connect to our server. The second one is that these clients can't modify the time on our servers.
In the/etc/ntp.conf file we can use the Restrict keyword to configure the above requirements
First, we reject all actions for the default client
Restrict default Kod nomodify notrap nopeer noquery
Then allow the native address to all the operations
Restrict 127.0.0.1
Finally, we allow all clients in the LAN to connect to this server for synchronization time. But refused to let them modify the time on the server
Restrict 192.168.1.0 mask 255.255.255.0 nomodify
By adding these three strips to/etc/ntp.conf, we have completed our simple configuration. NTP can also use key to do Authenticaiton, here is not detailed introduction
Just add the NTP server address to the client's ntp.conf.
Server 192.168.2.249
1. What is driftfile in the configuration file?
Each of our system clock frequency has a small error, this is why the machine is running for a period of time is not accurate. NTP automatically monitors the error values of our clocks and adjusts them. But the problem is that this is a lengthy process, so it writes the recorded error first to Driftfile. So that the results of the calculations will not be lost even after you reboot.
2. How do I synchronize my hardware clock?
NTP typically synchronizes only the system clock. But if we're going to synchronize the RTC, then we just need to open the options below.
After the NTP service is established, the NTP service can be managed with 2 tool commands.
One is NTPQ is an interactive application command, under which there are many subcommands available for everyone to use. Use peers to view the synchronization process. If you need additional commands, you can enter help to view them. There is also a tool command that is ntpdate This command is commonly used by clients of NTP. You can see the synchronization information for NTP in/var/adm/messages. If you need more detailed information about NTPQ and ntpdate, you can use man to help with queries.
The relationship between Ntpdate and NTPD is similar to the relationship between Snmpwalk and SNMPD, a client and a server.
NTPD of Linux Services