CentOS 7 时间同步

1. NTP时钟同步方式说明

NTP在linux下有两种时钟同步方式，分别为直接同步和平滑同步：
直接同步
使用ntpdate命令进行同步，直接进行时间变更。如果服务器上存在一个12点运行的任务，当前服务器时间是13点，但标准时间时11点，使用此命令可能会造成任务重复执行。因此使用ntpdate同步可能会引发风险，因此该命令也多用于配置时钟同步服务时第一次同步时间时使用。
平滑同步
使用ntpd进行时钟同步，可以保证一个时间不经历两次，它每次同步时间的偏移量不会太陡，是慢慢来的，这正因为这样，ntpd平滑同步可能耗费的时间比较长。

标准时钟同步服务
http://www.pool.ntp.org/zone/cn网站包含全球的标准时间同步服务，也包括对中国时间的同步，对应的URL为cn.pool.ntp.org，在其中也描述了ntp配置文件中的建议写法：
server 1.cn.pool.ntp.org
server 2.asia.pool.ntp.org

2. 环境情况

准备四台电脑，分别为：

IP	用途
192.168.11.212	ntpd服务器，用于与外部公共ntpd同步标准时间
172.16.248.129	ntpd客户端，用于与ntpd同步时间
172.16.248.130	172,16,248.131	ntpd客户端，用于与ntpd同步时间

3. 检查服务是否安装

使用rpm检查ntp包是否安装

 
 
  
  1
  
  2
 
 
[root@localhost kevin]# rpm -q ntp
ntp-4.2.6p5-25.el7.centos.2.x86_64

如果已经安装则略过此步，否则使用yum进行安装，并设置系统开机自动启动并启动服务

  
  1
  
  2
  
  3
 
 [root@localhost kevin]# yum -y install ntp
[root@localhost kevin]# systemctl enable ntpd
[root@localhost kevin]# systemctl start ntpd

4. 设置ntp服务器: 192.168.11.212

配置前先使用命令：ntpdate -u cn.pool.ntp.org，同步服务器

修改/etc/ntp.conf文件，红色字体是修改的内容

# For more information about this file,see the man pages
# ntp.conf(5),ntp_acc(5),ntp_auth(5),ntp_clock(5),ntp_misc(5),ntp_mon(5). driftfile /var/lib/ntp/drift # Permit time synchronization with our time source,but do not # permit the source to query or modify the service on this system. restrict default nomodify notrap nopeer noquery  # Permit all access over the loopback interface. This could # be tightened as well,but to do so would effect some of # the administrative functions. restrict 127.0.0.1 restrict ::1 # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap restrict 172.16.248.0 mask 255.255.255.0 nomodify notrap # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst server 2.cn.pool.ntp.org server 1.asia.pool.ntp.org server 2.asia.pool.ntp.org #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # 允许上层时间服务器主动修改本机时间 restrict 2.cn.pool.ntp.org nomodify notrap noquery restrict 1.asia.pool.ntp.org nomodify notrap noquery restrict 2.asia.pool.ntp.org nomodify notrap noquery server 127.0.0.1 # local clock fudge 127.0.0.1 stratum 10 # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys # Specify the key identifiers which are trusted. #trustedkey 4 8 42 # Specify the key identifier to use with the ntpdc utility. #requestkey 8 # Specify the key identifier to use with the ntpq utility. #controlkey 8 # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # ntp.conf(5),monospace; padding:0px; font-size:undefined; color:inherit; background-color:transparent; word-wrap:normal">disable monitor driftfile /var/lib/ntp/drift disable monitor # Permit time synchronization with our time source,monospace; padding:0px; font-size:undefined; color:inherit; background-color:transparent; word-wrap:normal">disable monitor # permit the source to query or modify the service on this system. disable monitor restrict default nomodify notrap nopeer noquery disable monitor disable monitor # Permit all access over the loopback interface. This could disable monitor # be tightened as well,monospace; padding:0px; font-size:undefined; color:inherit; background-color:transparent; word-wrap:normal">disable monitor # the administrative functions. disable monitor restrict 127.0.0.1 disable monitor restrict ::1 disable monitor disable monitor # Hosts on local network are less restricted. disable monitor #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap disable monitor restrict 172.16.248.0 mask 255.255.255.0 nomodify notrap disable monitor disable monitor # Use public servers from the pool.ntp.org project. disable monitor # Please consider joining the pool (http://www.pool.ntp.org/join.html). disable monitor #server 0.centos.pool.ntp.org iburst disable monitor disable monitor server 2.cn.pool.ntp.org disable monitor server 1.asia.pool.ntp.org disable monitor server 2.asia.pool.ntp.org disable monitor disable monitor #broadcast 192.168.1.255 autokey # broadcast server disable monitor #broadcastclient # broadcast client disable monitor #broadcast 224.0.1.1 autokey # multicast server disable monitor #multicastclient 224.0.1.1 # multicast client disable monitor #manycastserver 239.255.254.254 # manycast server disable monitor #manycastclient 239.255.254.254 autokey # manycast client disable monitor # 允许上层时间服务器主动修改本机时间 disable monitor restrict 2.cn.pool.ntp.org nomodify notrap noquery disable monitor restrict 1.asia.pool.ntp.org nomodify notrap noquery disable monitor restrict 2.asia.pool.ntp.org nomodify notrap noquery disable monitor disable monitor server 127.0.0.1 # local clock disable monitor fudge 127.0.0.1 stratum 10 disable monitor disable monitor # Enable public key cryptography. disable monitor #crypto disable monitor disable monitor includefile /etc/ntp/crypto/pw disable monitor disable monitor # Key file containing the keys and key identifiers used when operating disable monitor # with symmetric key cryptography. disable monitor keys /etc/ntp/keys disable monitor disable monitor # Specify the key identifiers which are trusted. disable monitor #trustedkey 4 8 42 disable monitor disable monitor # Specify the key identifier to use with the ntpdc utility. disable monitor #requestkey 8 disable monitor disable monitor # Specify the key identifier to use with the ntpq utility. disable monitor #controlkey 8 disable monitor disable monitor # Enable writing of statistics records. disable monitor #statistics clockstats cryptostats loopstats peerstats disable monitor disable monitor # Disable the monitoring facility to prevent amplification attacks using ntpdc disable monitor # monlist command when default restrict does not include the noquery flag. See disable monitor # CVE-2013-5211 for more details. disable monitor # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor disable monitor

修改完成后重启ntpd服务systemctl restart ntpd

使用ntpq -p 查看网络中的NTP服务器，同时显示客户端和每个服务器的关系

使用ntpstat 命令查看时间同步状态，这个一般需要5-10分钟后才能成功连接和同步。所以，服务器启动后需要稍等下：
刚启动的时候，一般是：

  
  1
  
  2
  
  3
  
  4
 
 # ntpstat 
unsynchronised
  time server re-starting
   polling server every 64 s

连接并同步后:

# ntpstat 
synchronised to NTP server (202.112.10.36) at stratum 3
   time correct to within 275 ms
   polling server every 256 s

5. 设置ntp客户端: 172.16.248.129|130|131

安装ntp服务并设置为自动启动，和前面的设置方式相同。然后编辑/etc/ntp.conf文件，红色字体为变化的内容。

server 172.16.248.1 restrict 172.16.248.1 nomodify notrap noquery server 127.0.0.1 disable monitor  # ntp.conf(5),monospace; padding:0px; font-size:undefined; color:inherit; background-color:transparent; word-wrap:normal">  driftfile /var/lib/ntp/drift   # Permit time synchronization with our time source,monospace; padding:0px; font-size:undefined; color:inherit; background-color:transparent; word-wrap:normal"> # permit the source to query or modify the service on this system.  restrict default nomodify notrap nopeer noquery   # Permit all access over the loopback interface. This could  # be tightened as well,monospace; padding:0px; font-size:undefined; color:inherit; background-color:transparent; word-wrap:normal"> # the administrative functions.  restrict 127.0.0.1  restrict ::1   # Hosts on local network are less restricted.  #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap   # Use public servers from the pool.ntp.org project.  # Please consider joining the pool (http://www.pool.ntp.org/join.html).  #server 0.centos.pool.ntp.org iburst   server 172.16.248.1   restrict 172.16.248.1 nomodify notrap noquery   server 127.0.0.1  fudge 127.0.0.1 stratum 10   #broadcast 192.168.1.255 autokey # broadcast server  #broadcastclient # broadcast client  #broadcast 224.0.1.1 autokey # multicast server  #multicastclient 224.0.1.1 # multicast client  #manycastserver 239.255.254.254 # manycast server  #manycastclient 239.255.254.254 autokey # manycast client   # Enable public key cryptography.  #crypto  includefile /etc/ntp/crypto/pw   # Key file containing the keys and key identifiers used when operating  # with symmetric key cryptography.  keys /etc/ntp/keys   # Specify the key identifiers which are trusted.  #trustedkey 4 8 42   # Specify the key identifier to use with the ntpdc utility.  #requestkey 8   # Specify the key identifier to use with the ntpq utility.  #controlkey 8   # Enable writing of statistics records.  #statistics clockstats cryptostats loopstats peerstats   # Disable the monitoring facility to prevent amplification attacks using ntpdc  # monlist command when default restrict does not include the noquery flag. See  # CVE-2013-5211 for more details.  # Note: Monitoring will not be disabled with the limited restriction flag.  disable monitor

重启ntpd服务

  
  1
 
 #systemctl restart ntpd

启动后，查看同步情况

  
  1
  
  2
 
 # ntpq -p
# ntpstat

因为是内网，一般ntpstat很快就可以同步上。

原文链接：https://www.f2er.com/centos/375941.html

1. NTP时钟同步方式说明

2. 环境情况

3. 检查服务是否安装

4. 设置ntp服务器: 192.168.11.212

5. 设置ntp客户端: 172.16.248.129|130|131

猜你在找的CentOS相关文章