linux 內網時間同步配置

在工做中，內網環境機器的時間會有所差別，在某些測試環境下須要一毫秒都不容許出現偏差，但又不想同步外網時間，那咱們能夠選擇一臺機器做爲時間服務器來供其餘機器進行時間同步，例如每隔1分鐘同步一次時間。

1、環境

系統：Centos 6.5

ntp_client IP：192.168.0.117

ntp_server IP：192.168.0.124

2、安裝ntp服務

root@fenfa ~]# yum install ntp -y
[root@fenfa ~]# chkconfig --add ntpd
[root@fenfa ~]# chkconfig ntpd on

3、配置/etc/ntp.conf文件：

server:

[root@fenfa ~]# vim /etc/ntp.conf 

  1 # For more information about this file, see the man pages
  2 # ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
  3 
  4 driftfile /var/lib/ntp/drift
  5 
  6 # Permit time synchronization with our time source, but do not
  7 # permit the source to query or modify the service on this system.
  8 restrict default kod nomodify notrap nopeer noquery #默認的client拒絕全部的操做 9 restrict -6 default kod nomodify notrap nopeer noquery
 10 
 11 # Permit all access over the loopback interface.  This could
 12 # be tightened as well, but to do so would effect some of
 13 # the administrative functions.
 14 restrict 127.0.0.1 #容許本機地址一切的操做
 15 restrict -6 ::1
 16 
 17 # Hosts on local network are less restricted.
 18 restrict 192.168.0.0 mask 255.255.255.0 nomodify notrap #容許集羣192.1680.0網段鏈接同步時間，拒絕client修改服務器時間19 
 20 # Use public servers from the pool.ntp.org project.
 21 # Please consider joining the pool (http://www.pool.ntp.org/join.html).
 22 #server 0.centos.pool.ntp.org iburst #默認配置，同步網絡時間
 23 #server 1.centos.pool.ntp.org iburst
 24 #server 2.centos.pool.ntp.org iburst
 25 #server 3.centos.pool.ntp.org iburst
 26 
 27 server 127.127.1.0  #本地時間
 28 fudge 127.127.1.0 stratum 1 #時間服務器的層次。設爲0則爲頂級
 29 
 30 #broadcast 192.168.1.255 autokey        # broadcast server
 31 #broadcastclient                        # broadcast client
 32 #broadcast 224.0.1.1 autokey            # multicast server
 33 #multicastclient 224.0.1.1              # multicast client
 34 #manycastserver 239.255.254.254         # manycast server
 35 #manycastclient 239.255.254.254 autokey # manycast client
 36 
 37 # Enable public key cryptography.
 38 #crypto
 39 
 40 includefile /etc/ntp/crypto/pw
 41 
 42 # Key file containing the keys and key identifiers used when operating
 43 # with symmetric key cryptography. 
 44 keys /etc/ntp/keys
 45 
 46 # Specify the key identifiers which are trusted.
 47 #trustedkey 4 8 42
 48 
 49 # Specify the key identifier to use with the ntpdc utility.
 50 #requestkey 8
 51 
 52 # Specify the key identifier to use with the ntpq utility.
 53 #controlkey 8
 54 
 55 # Enable writing of statistics records.
 56 #statistics clockstats cryptostats loopstats peerstats

注：紅色字體的地方爲新增或修改的部分

client：

[root@nfs ~]# vim /etc/ntp.conf 

# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
  3 
  4 driftfile /var/lib/ntp/drift
  5 
  6 # Permit time synchronization with our time source, but do not
  7 # permit the source to query or modify the service on this system.
  8 restrict default kod nomodify notrap nopeer noquery
  9 restrict -6 default kod nomodify notrap nopeer noquery
 10 
 11 # Permit all access over the loopback interface.  This could
 12 # be tightened as well, but to do so would effect some of
 13 # the administrative functions.
 14 restrict 127.0.0.1
 15 restrict -6 ::1
 16 
 17 # Hosts on local network are less restricted.
 18 restrict 192.168.0.0 mask 255.255.255.0 nomodify notrap 19 
 20 # Use public servers from the pool.ntp.org project.
 21 # Please consider joining the pool (http://www.pool.ntp.org/join.html).
 22 #server 0.centos.pool.ntp.org iburst
 23 #server 1.centos.pool.ntp.org iburst
 24 #server 2.centos.pool.ntp.org iburst
 25 #server 3.centos.pool.ntp.org iburst
 26 
 27 server 192.168.0.124 profer #時間服務器地址28 
 29 #broadcast 192.168.1.255 autokey        # broadcast server
 30 #broadcastclient                        # broadcast client
 31 #broadcast 224.0.1.1 autokey            # multicast server
 32 #multicastclient 224.0.1.1              # multicast client
 33 #manycastserver 239.255.254.254         # manycast server
 34 #manycastclient 239.255.254.254 autokey # manycast client
 35 
 36 # Enable public key cryptography.
 37 #crypto
 38 
 39 includefile /etc/ntp/crypto/pw
 40 
 41 # Key file containing the keys and key identifiers used when operating
 42 # with symmetric key cryptography. 
 43 keys /etc/ntp/keys
 44 
 45 # Specify the key identifiers which are trusted.
 46 #trustedkey 4 8 42
 47 
 48 # Specify the key identifier to use with the ntpdc utility.
 49 #requestkey 8
 50 
 51 # Specify the key identifier to use with the ntpq utility.
 52 #controlkey 8
 53 
 54 # Enable writing of statistics records.
 55 #statistics clockstats cryptostats loopstats peerstat

4、設置client主機與時間服務器時間的同步

• serverd端從啓ntp服務
• client端更改系統時間
• 執行同步命令：ntpdate -u 192.168.0.124

[root@fenfa x86_64]# service ntpd restart
關閉 ntpd：                                                [肯定]
正在啓動 ntpd：                                            [肯定]

[root@nfs ~]# date
2019年 08月 19日 星期一 21:52:25 CST
[root@nfs ~]# date -s 2018-08-19
2018年 08月 19日 星期日 00:00:00 CST
[root@nfs ~]# date
2018年 08月 19日 星期日 00:00:05 CST
[root@nfs ~]# ntpdate -u 192.168.0.124
19 Aug 21:54:22 ntpdate[1861]: step time server 192.168.0.124 offset 31614767.907398 sec
[root@nfs ~]# date
2019年 08月 19日 星期一 21:54:28 CST

能夠在client機器上編寫一個定時腳本：

[root@nfs ~]# crontab -l
####ntpd  Synchronize every 1 minute
00-59/60 * * * * /usr/sbin/ntpdate -u 192.168.0.124 >/dev/null 2>&1

修改/etc/ntp/stpe-tickers文件，內容以下（當ntpd服務啓動時，會自動與該文件中記錄的上層NTP服務進行時間校對

[root@nfs ~]# cat /etc/ntp/step-tickers 
# List of servers used for initial synchronization.
server 192.168.0.124 prefer 

ntp服務，默認只會同步系統時間。若是想要讓ntp同時同步硬件時間，能夠設置/etc/sysconfig/ntpd文件，在/etc/sysconfig/ntpd文件中，添加 SYNC_HWCLOCK=yes 這樣，就可讓硬件時間與系統時間一塊兒同步。