Turn: Build an NTP Time Server

Last time I talked about how to adjust the Linux system time. In the project, we often need to view system logs when analyzing system problems. In this case, if a cluster or ha application is used, the time is very important for locating the sequence and cause of the problem. Therefore, we hope to have a way to ensure that the time of the two servers is the same, and it is best to achieve the standard time. This is what it means to build an NTP server!
I. Principles
NTP is a protocol used to synchronize time between the system and a precise time source. We recommend that you create at least one time server in your managed network to synchronize local time, which makes it easier to process and collect logs and manage logs on different systems without making any mistakes.
Official website is: http://www.ntp.org/
We can obtain the source code in Linux and the Public NTP server on the Internet. The address list is as follows:
Http://ntp.isc.org/bin/view/Servers/NTPPoolServers
Http://ntp.isc.org/bin/view/Servers/WebHome
The NTP protocol is implemented through the server and client. The communication process is as follows:
1. First, the host needs to start the NTP service.
2. The client sends a message to the NTP server to adjust the time.
3. The NTP server then sends the current standard time to the client
4. After the client receives the time from the server, it will adjust its time to implement network calibration.
Although there are many public NTP servers on the network, you must pay attention to them when using them. Due to network transmission latency, when the client sends a request to a server with a high latency until the client obtains the time, a time difference may occur due to network latency. Therefore, we recommend that you use the NTP server closest to you as the verification standard.
☆System environment: Hongqi DC Server 5.0 for x86
Ii. Configuration
I will not talk about installation. When the Hongqi DC Server is installed to the maximum extent, it has installed the NTP server and client suite. Next we will only explain how to configure the NTP server and how to synchronize time on the client.
◎ Planning
In many cases, servers that provide data applications cannot connect directly to the Internet. In this case, we need to deploy a machine dedicated to time synchronization in the LAN (usually a network administrator). In this way, the server can synchronize the time through the LAN. Of course, if you only need to ensure that the time between multiple servers is the same, it can be simpler, as long as one of the servers is the benchmark, and other servers synchronize it, that is the simplest.
1. Configure the server
The configuration of the NTP server is relatively simple. There is only one configuration file:/etc/NTP. conf. In addition, there are many examples in the file for reference. The description is as follows:
→ Syntax 1:Reference restrict IP mask parameter
An IP address is an address that is allowed or not allowed to be accessed. It can be used with a mask for a segment;
Parameters include:
Ignore: Disable all NTP Network Services
Nomodify: the client cannot modify the Time of the server, but can be used as the correction server of the client.
Notrust: Except for passing authentication, the specified CIDR block is untrusted CIDR block.
Noquery: No Time query is provided.

(If NO parameter is set, there is no restriction on the IP address or CIDR block)
Some of the configuration files are set by default, including reference to restrict default nomodify notrap noquery.
# Default is 0.0.0.0, that is, disable all
Restrict 127.0.0.1
# This allows query at the current level

→ Syntax 2:Reference server [IP | FQDN] [prefer]
IP | FQDN is the benchmark NTP server for your server synchronization.
Prefer is used to specify the Primary and Secondary servers. The primary server is identified.

The default configuration file includes: Reference server 0.pool.ntp.org
Server 1.pool.ntp.org
Server 2.pool.ntp.org

These are relatively public and commonly used NTP servers. You can also change them to the server you specified, for example, reference server cn.pool.ntp.org prefer.

→ Others:Reference server 127.127.1.0 # local clock
Fudge 127.127.1.0 stratum 10
Driftfile/var/lib/NTP/drift
Broadcastdelay 0.008

It should be noted that driftfile is defined. driftfile specifies the time that our host spends communicating with the time server. The time is recorded in the file next to driftfile.
→ Add:
Add the IP addresses or CIDR blocks that are allowed to access this server. Add the following in the configuration file: reference restrict 192.168.228.0 mask 255.255.255.0 nomodify

In this way, the server in the 192.168.228.0/24 segment can synchronize time through this NTP server!
※Note:
For ease of configuration, here is the configured file, which can be downloaded and used: Click
2. Start the NTP server
Before starting the NTP service, manually correct the Time of the host that provides the service. (Because the server is started, the port will be occupied by the server and the time cannot be manually synchronized) # ntpdate cn.pool.ntp.org
25 APR 14:33:51 ntpdate [8310]: Step time server 80.85.129.2 offset 6.655976 Sec

Then, start the ntpd service: # service ntpd start

View port: # netstat-ln | grep 123
UDP 0 0 192.168.228.153: 123 0.0.0.0 :*
UDP 0 0 127.0.0.1: 123 0.0.0.0 :*
UDP 0 0 0.0.0.0: 123 0.0.0.0 :*
UDP 0 0 ::: 123 :::*

3. Set the client
The NTP client can be Linux or windows through software.
Linux Client
The synchronization method is very simple. Just run a command:
# Ntpdate 192.168.228.153
Of course, this is only to modify the system time. You need to use hwclock-W to write the system time to the hardware time. You can also use scheduled tasks for scheduled updates:
# Crontab-e
0 0 ***/usr/sbin/ntpdate 192.168.228.153;/sbin/hwclock-W;
Windows XP Professional Client
Run the following command: Net time/setsntp: 192.168.228.153
NET Time/querysntp
Net start w32time

The first line is to configure the synchronization server, the second line is to check the setting result, and the third line is to start the "Windows Time" service. The Windows Time Service is automatically started by default and timed
Synchronize the specified server.
If the system is Home Edition, you can use the internet synchronization server in the date/time attribute to specify the server address as 192.168.228.153.
Iii. Possible Problems
Although the configuration of the NTP service is very simple, problems may always occur. You can start from the following aspects:
1. Related commands # ntptrace Server IP Address
The communication path of the NTP server
# Ntpq-P
Check the synchronization status of the Time Server

2. Check the configuration file
Make sure that the ignore parameter is not used in the configuration file, such as restrict default ignore.
3. check firewall configurations
Because the NTP service uses UDP port 123, You need to enable this port if you have a firewall.
4. common error reference 25 APR 15:30:17 ntpdate [11520]: No server suitable for synchronization found

In fact, this is not an error. It takes about 3-5 minutes for the client to establish a normal communication connection with the server after the NTP server is restarted. This information is reported when you connect to the server using a client. Wait a few minutes! If there are any problems later, the fault will actually occur!