Author: Liang shangfeng net name: Hao MR/longfei Source: www.chinaunix.net Reference: http://www.chinalinuxpub.com/read.htm? Id = 1337 Http://www.fengnet.com/showart.asp? Art_id = 395 & cat_id = 10 Http://chinaunix.net/jh/6/16555.html Thank you for your reprinting. Please keep the above information. ========================================================== ======================================It has been a year since the beginning of spring. Over the past year, I have learned a lot in Cu. Thanks to Cu for your support and support. I am a technical engineer. I want to write a technical document to commemorate this special day. Let's talk about things and get down to the truth. 1. Build the time server (Here we use NTP: Network Time Protocol) Time Server is the time server. We often find that the time on the server is incorrect, which will affect our applications and sometimes even cause some adverse consequences. For example, our backups and database updates are affected. The common solution is to synchronize with the time server on the public network (only use crontab to execute 00 02 ***/usr/sbin/ntpdate 195.13.1.153, later, 195.13.1.153 is one of the time servers that can be used on the public network. However, in this case, the computer must be able to connect to the public network, which may cause some security problems. And if your computer cannot directly connect to the time server of the public network on the Intranet, then ...... Today we will talk about how to build our own time server. Method 1: The time server synchronizes with the time server on the public network, and other machines synchronize with their own time server. Disadvantage: The time server must be exposed on the Internet. Steps: 1. Check whether the corresponding package exists.
Code: |
# Rpm-Qa | grep NTP Ntp-4.1.1a-9 Chkfontpath-1.9.6-3 |
If the NTP package does not exist, it is mounted from the CD. Run the following command to install the ntp rpm package: # Rpm-IVH ntp-4.1.1a-9.i386.rpm (I am using redhat8.0, please install the corresponding package according to your actual situation)
2. modify the configuration file /Etc/NTP. conf is the main configuration file of NTP, which sets the domain name or IP address of the server for the time you used to synchronize the time. The following is the most basic configuration for synchronizing time to the Internet: First, let's define your favorite time server: (for available time servers, see http://chinaunix.net/jh/5/100591.html. For more information, see http://www.eecis.udel.edu /~ Mills/NTP/servers.html)
Code: |
Server 195.13.1.153 Server 194.137.39.67 |
Next, we set the access permissions for the above two servers. In this example, we do not allow them to modify or query the NTP server we configured on Linux.
Code: |
Restrict 195.13.1.153 mask limit 255 nomodify notrap noquery Restrict 194.137.39.67 mask limit 255 nomodify notrap noquery |
Note: mask 255.255.255.255 is used to restrict the mask address of the remote NTP server. Then set the Intranet machine that is allowed to access. Note that noquery has been removed from the Configuration:
Code: |
Restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap |
In this example, the mask address is extended to 255. Therefore, all computers from 192.168.1.1-192.168.1.254 can use our NTP server to synchronize time. If you want to limit more strictly, you can modify your mask.
Finally, the most important thing is that the default restricted configuration should be deleted from your configuration file. Otherwise, it will overwrite all your configuration options and you will find that if you do not delete the configuration, your time server can only communicate with itself. Comment out the following line in NTP. conf:
Code: |
# Restrict default ignore |
3. Check Availability A. Save your configuration file and run the query command on each time server you configured in NTP. conf to ensure that these upstream time servers are available.
Code: |
# Ntpdate 195.13.1.153 27 Jun 10:12:01 ntpdate [25475]: adjust time server 133.100.11.8 offset-0.127154 Sec # Ntpdate 194.137.39.67 27 Jun 10:12:06 ntpdate [25478]: adjust time server 133.100.9.2 offset 0.010008 Sec |
B. Execute the following commands # Ntpq-P ...... ...... Output omitted
One evidence proves that the jitter value of all remote servers is 4000 and the value of delay and reach is 0.
Code: |
Remote refID st t when poll reach delay offset Jitter ========================================================== ============================================== Local (0) Local (0) 10 L-64 7 0.000 0.000 * 0.0.0.0 16 U-64 0 0.000 0.000 4000.00 |
4. Set auto-start To enable the NTP service to automatically start during system boot, run:
Code: |
# Chkconfig ntpd on |
The command to start/disable/restart NTP is:
Code: |
#/Etc/init. d/ntpd start #/Etc/init. d/ntpd stop |
#/Etc/init. d/ntpd restart 5. Client settings A. Linux Client Log On As root and run crontab-e to enter 00 02 ***/usr/sbin/ntpdate 192.168.1.1 (Replace with the IP address of your time server) This will automatically synchronize time with the time server at two o'clock every morning. B. Windows XP Client Double-click the time in the lower-right corner. In the displayed "Date and time properties" window, select Internet time, enter the IP address of your time server in the server column, and click "Update Now ", the Update Success prompt will be displayed in a few seconds. Then, select "automatically synchronize with the Internet time server ". Click OK. Method 2: The time server synchronizes with its own hardware clock, and other machines synchronize with the time server. Disadvantage: If the hardware clock of the time server is inaccurate, all the time will be inaccurate. Advantage: It is safer and has not been exposed on the Internet. There are two clock types for Unix systems: hardware clock and system clock. This is not detailed here. The procedure is as follows: 1. Calibrate the hardware clock of the time server (which can be set directly in the BIOS), or use the hwclock command to proofread, for example, hwclock -- set -- date = "6/16/04 11:14:05" 2. Set the system time and hardware clock synchronization: Input: hwclock -- hctosys. 3. modify the configuration file VI/etc/NTP. conf. My NTP. conf is as follows:
Code: |
# Prohibit general access to this service. # Restrict default ignore# Permit all access over the loopback interface. This cocould # Be tightened as well, but to do so wocould effect some # The administrative functions. Restrict 127.0.0.1 # -- Client Network ------- # Permit systems on this network to synchronize with this # Time Service. do not permit those systems to modify # Configuration of this Service. Also, do not use those # Systems as peers for synchronization. # Restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap # --- Our timeservers ----- # Or remove the default restrict line # Permit time synchronization with our time source, but do not # Permit the source to query or modify the service on this system. # Restrict mytrustedtimeserverip mask limit 255 nomodify notrap noquery # --- NTP multicastclient --- # Multicastclient # Listen on default 224.0.1.1 # Restrict 224.0.1.1 mask quota limit 255 notrust nomodify notrap # Restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap Restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap # --- General configuration --- # # Undisciplined local clock. This is a fake driver intended for backup # And when no outside source of synchronized time is available. # Default stratum is usually 3, but in this case we elect to use Stratum #0. Since the server line does not have the prefer keyword, this driver # Is never used for synchronization, unless no other # Synchronization source is available. In case the local host is # Controlled by some external source, such as an external oscillator or # Another protocol, the prefer keyword wocould cause the local host # Disregard all other synchronization sources, unless the kernel # Modifications are in use and declare an unsynchronized Condition # # Server 127.127.1.0 # local clock Server 127.127.1.0 prefer Fudge 127.127.1.0 stratum 10 # # Drift file. Put this in a directory which the daemon can write. # No symbolic links allowed, either, since the daemon updates the file # By creating a temporary in the same directory and then rename () 'ING # It to the file. # Driftfile/etc/NTP/drift Broadcastdelay 0.008 # # Authentication delay. If you use, or plan to use someday, # Authentication facility you shoshould make the programs in the auth_stuff # Directory and figure out what this number shocould be on your machine. # Authenticate Yes # # Keys file. If you want to diddle your server at run time, make # Keys file (mode 600 for sure) and define the key number to be # Used for making requests. # # Please do not use the default values here. Pick your own, or remote # Systems might be able to reset your clock at will. Note also that # Ntpd is started with a-a flag, disabling authentication, that # Will have to be removed as well. # Keys/etc/NTP/keys |
The other settings and methods are the same. Start the NTP service and configure the client. |