RHEL7學習之NTP配置

一，安裝NTP

[root@localhost ~]# yum install ntp
Loaded plugins: product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
cdrom                                                                 | 4.1 kB  00:00:00     
Resolving Dependencies
--> Running transaction check
---> Package ntp.x86_64 0:4.2.6p5-18.el7 will be installed
--> Processing Dependency: ntpdate = 4.2.6p5-18.el7 for package: ntp-4.2.6p5-18.el7.x86_64
--> Processing Dependency: libopts.so.25()(64bit) for package: ntp-4.2.6p5-18.el7.x86_64
--> Running transaction check
---> Package autogen-libopts.x86_64 0:5.18-5.el7 will be installed
---> Package ntpdate.x86_64 0:4.2.6p5-18.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================================
 Package                   Arch             Version                    Repository       Size
=============================================================================================
Installing:
 ntp                       x86_64           4.2.6p5-18.el7             cdrom           539 k
Installing for dependencies:
 autogen-libopts           x86_64           5.18-5.el7                 cdrom            66 k
 ntpdate                   x86_64           4.2.6p5-18.el7             cdrom            82 k

Transaction Summary
=============================================================================================
Install  1 Package (+2 Dependent packages)

Total download size: 687 k
Installed size: 1.6 M
Is this ok [y/d/N]: y
Downloading packages:
---------------------------------------------------------------------------------------------
Total                                                         10 MB/s | 687 kB  00:00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : autogen-libopts-5.18-5.el7.x86_64                                         1/3 
  Installing : ntpdate-4.2.6p5-18.el7.x86_64                                             2/3 
  Installing : ntp-4.2.6p5-18.el7.x86_64                                                 3/3 
  Verifying  : ntpdate-4.2.6p5-18.el7.x86_64                                             1/3 
  Verifying  : autogen-libopts-5.18-5.el7.x86_64                                         2/3 
  Verifying  : ntp-4.2.6p5-18.el7.x86_64                                                 3/3 

Installed:
  ntp.x86_64 0:4.2.6p5-18.el7                                                                

Dependency Installed:
  autogen-libopts.x86_64 0:5.18-5.el7             ntpdate.x86_64 0:4.2.6p5-18.el7            

Complete!

View Code

二，編輯NTP配置文件"/etc/ntp.conf"

[root@localhost ~]# vim /etc/ntp.conf 

# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).

driftfile /var/lib/ntp/drift

# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify notrap nopeer noquery  

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict ::1

# Hosts on local network are less restricted.
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap  //容許"192.168.1.0"使用NTP服務，nomodify notrap 不容許客戶端配置服務器或者做爲同步時間的節點。

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.rhel.pool.ntp.org iburst
#server 1.rhel.pool.ntp.org iburst
#server 2.rhel.pool.ntp.org iburst
#server 3.rhel.pool.ntp.org iburst
server 0.asia.pool.ntp.org   //NTP官方服務器池：http://www.pool.ntp.org/zone/asia 
server 1.asia.pool.ntp.org
server 2.asia.pool.ntp.org
server 3.asia.pool.ntp.org

  server 127.127.1.0        
  fudge 127.127.1.0 stratum 8  //當NTP服務不可用時，使用NTP服務器當前時間同步給客戶機

#broadcast 192.168.1.255 autokey        # broadcast server
#broadcastclient                        # broadcast client
#broadcast 224.0.1.1 autokey            # multicast server
#multicastclient 224.0.1.1              # multicast client
#manycastserver 239.255.254.254         # manycast server
#manycastclient 239.255.254.254 autokey # manycast client

# Enable public key cryptography.
#crypto

includefile /etc/ntp/crypto/pw

# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography. 
keys /etc/ntp/keys

# Specify the key identifiers which are trusted.
#trustedkey 4 8 42

# Specify the key identifier to use with the ntpdc utility.
#requestkey 8

# Specify the key identifier to use with the ntpq utility.
#controlkey 8

# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats

# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor

  logfile /var/log/ntp.log

三，驗證NTP服務

1，驗證NTP服務器從官方NTP服務器同步時間

[root@localhost ~]# ntpstat  //查看這臺服務器是否鏈接到NTP官方服務器
synchronised to NTP server (160.16.201.66) at stratum 3 
   time correct to within 4090 ms
   polling server every 64 s

更改下時間，改成「錯誤」的時間。而後等待NTP服務自動同步準確的時間。

[root@localhost ~]# date
Wed Jan 23 11:44:34 CST 2013

使用命令"watch ntpq -p"查看NTP詳細信息

Every 2.0s: ntpq -p                                                                                                                                Sat Jan 23 00:04:35 2010

     remote           refid     st t when poll reach   delay   offset  jitter
==============================================================================
 y.ns.gin.ntt.ne 249.224.99.213   2 u   69   64   17  110.259  1916229 1106335
 time1.maxonline .GPS.            1 u    9   64   37  330.752  1916229 9581147
 send.mx.cdnetwo 133.100.8.2      2 u   10   64   37   87.927  1916229 9581147
*LOCAL(0)        .LOCL.           8 l   17   64   21    0.000    0.000   0.000

大約10分鐘，同步成功。下面是同步成功的時間。時間同步成功後，並不會同步給硬件時間。系統重啓後還會讀取硬件時間同步給系統時間，因此須要重啓前"clock -w"或者寫入crontab。

Every 2.0s: ntpq -p                                                                                                                                Fri Feb 19 10:15:49 2016

     remote           refid     st t when poll reach   delay   offset  jitter
==============================================================================
 LOCAL(0)        .LOCL.           8 l   50   64    1    0.000    0.000   0.000
+218.189.210.4   118.143.17.82    2 u   50   64    1   80.928    4.568   0.000
*x.ns.gin.ntt.ne 249.224.99.213   2 u   48   64    1   84.978   -9.332   0.000
+31.193.144.2.ar 131.107.13.100   2 u   50   64    1  311.808  -52.737   0.000
-202-65-114-202. 218.100.41.254   2 u   50   64    1  464.010  114.567   0.000

2，驗證Linux客戶端從NTP服務器（192.168.10.10）同步時間

手動同步時間成功，說明NTP服務沒問題。能夠在Linux客戶機上創建crontab任務或者配置NTP服務來同步時間。

[root@localhost ~]# ntpdate -u 192.168.1.10
18 Feb 12:45:50 ntpdate[2835]: adjust time server 192.168.1.10 offset -0.000051 sec
[root@localhost ~]# date
Thu Feb 18 12:45:54 CST 2016

四，配置Linux客戶機自動同步時間的兩種方法

1，使用crontab從NTP服務器同步時間

[root@localhost ~]# crontab -e

30 3 * * *  /usr/sbin/ntpdate -u  192.168.10.10; /usr/sbin/clock -w  //天天3:30從NTP服務器同步時間，並把系統時間同步給硬件時間。

2，使用NTP服務同步時間

安裝NTP服務

[root@localhost ~]# yum install ntp
Loaded plugins: product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Resolving Dependencies
--> Running transaction check
---> Package ntp.x86_64 0:4.2.6p5-18.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

===========================================================================================================================================================================
 Package                              Arch                                    Version                                         Repository                              Size
===========================================================================================================================================================================
Installing:
 ntp                                  x86_64                                  4.2.6p5-18.el7                                  cdrom                                  539 k

Transaction Summary
===========================================================================================================================================================================
Install  1 Package

Total download size: 539 k
Installed size: 1.4 M
Is this ok [y/d/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : ntp-4.2.6p5-18.el7.x86_64                                                                                                                               1/1 
  Verifying  : ntp-4.2.6p5-18.el7.x86_64                                                                                                                               1/1 

Installed:
  ntp.x86_64 0:4.2.6p5-18.el7      

View Code

更改"/etc/ntp.conf"，註釋掉原有NTP服務器地址，加入"server 192.168.10.10"

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.rhel.pool.ntp.org iburst
#server 1.rhel.pool.ntp.org iburst
#server 2.rhel.pool.ntp.org iburst
#server 3.rhel.pool.ntp.org iburst
server 192.168.10.10

將當前時間修改爲「錯誤時間」，經過NTP服務來驗證是否可以同步時間。

[root@localhost ~]# date
Sat Feb 20 00:29:18 CST 2016
[root@localhost ~]# date -s 20130123 
Wed Jan 23 00:00:00 CST 2013

[root@localhost ~]# watch ntpq -p
Every 2.0s: ntpq -p                                                                                                                                Wed Jan 23 00:02:09 2013

     remote           refid     st t when poll reach   delay   offset  jitter
==============================================================================
 192.168.10.10   211.233.84.186   3 u   49   64    3    0.707  9702897 9702897

Every 2.0s: ntpq -p                                                                                                                                Sat Feb 20 00:49:06 2016

     remote           refid     st t when poll reach   delay   offset  jitter
==============================================================================
*192.168.10.10   194.225.150.25   3 u   13   64   17    0.746   98.114  70.556