1、yum 安装 NTP服务器
[root@master ~]# yum -y install ntp
2、启动ntpd服务
[root@master ~]# systemctl start ntpd
3、设置开机自启
[root@master ~]# systemctl enable ntpd
4、设置server端
[root@master ~]# vi /etc/ntp.conf
# For more information about this file, see the man pages # ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5). #记录system clock的误差值开机时不会丢失 driftfile /var/lib/ntp/drift # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. #默认拒绝所有来源的任何访问 restrict default nomodify notrap nopeer noquery # Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. #允许本机地址一切操作 restrict 127.0.0.1 restrict ::1 # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
#restrict 对ntp做权限控制 ignore:忽略所有类型的NTP连接请求 nomodify:限制客户端不能使用命令ntpc和ntpq来修改服务器端的时间
#noquery:不提供NTP网络校时服务 notrap:不接受远程登录请求 notrust:不接受没有经过认证的客户端的请求
#允许局域网66网段内所有client连接到这台服务器同步时间.但是拒绝让他们修改服务器上的时间和远程登录 restrict 192.168.66.0 mask 255.255.255.0 nomodify notrap # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst #server 1.centos.pool.ntp.org iburst #server 2.centos.pool.ntp.org iburst #server 3.centos.pool.ntp.org iburst #指定ntp服务器的地址 #将当前主机作为时间服务器 server 127.127.1.0 #时间服务器层级0-15 0表示* 10通常用于给局域网主机提供时间服务 fudge 127.127.1.0 stratum 10 #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys # Specify the key identifiers which are trusted. #trustedkey 4 8 42 # Specify the key identifier to use with the ntpdc utility. #requestkey 8 # Specify the key identifier to use with the ntpq utility. #controlkey 8 # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor
5、重启server端
[root@master ~]# systemctl restart ntpd
6、查看状态
[root@master ~]# ntpstat synchronised to local net (127.127.1.0) at stratum 11 time correct to within 7948 ms polling server every 64 s [root@master ~]#
7、设置client端
[root@node1 ~]# vi /etc/ntp.conf
# Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst #server 1.centos.pool.ntp.org iburst #server 2.centos.pool.ntp.org iburst #server 3.centos.pool.ntp.org iburst
#client端仅仅加入server端IP
server master
7、重启client端
[root@node1 ~]# systemctl restart ntpd
8、检查网络中的NTP服务器
[root@node1 ~]# ntpq -p remote refid st t when poll reach delay offset jitter ============================================================================== *master LOCAL(0) 11 u 43 64 37 0.223 -134.33 92.058 [root@node1 ~]#
*表示目前使用的NTP Server,这里选择的本机;
st:即stratum阶层,值越小表示ntp serve的精准度越高;
when:单位秒,几秒前曾做过时间同步更新的操作;
poll表示,每隔多少毫秒与ntp server同步一次;
reach:已经向上层NTP服务器要求更新的次数;
delay:网络传输过程钟延迟的时间;
offset:时间补偿的结果;
jitter:Linux系统时间与BIOS硬件时间的差异时间
9、问题
NTP Server端重启后,Client端需要等5分钟再与其进行时间同步,否则会提示“no server suitable for synchronization found”错误。等待的时间可以通过命令 watch ntpq -p来监控