如何在 CentOS 中设置 NTP 服务器 如何在 CentOS 中设置 NTP 服务器
\u5982\u4f55\u5728CentOS\u4e2d\u642d\u5efaNTP\u670d\u52a1\u5668\u4e00\u3001\u642d\u5efa\u65f6\u95f4\u670d\u52a1\u5668
1\u3001\u5728\u4e00\u53f0linux\u670d\u52a1\u5668\u5b89\u88c5ntp server
tar zxvf ntp-4.2.6.tar.gz
cd ntp-4.2.6
./configure --prefix=/usr/local/ntp --enable-all-clocks --enable-parse-clocks
make && make install
2\u3001\u4fee\u6539ntp.conf\u914d\u7f6e\u6587\u4ef6
vi /etc/ntp.conf
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
#restrict default kod nomodify notrap nopeer noquery
restrict default nomodify
(\u5141\u8bb8\u4efb\u4f55IP\u7684\u5ba2\u6237\u673a\u90fd\u53ef\u4ee5\u8fdb\u884c\u65f6\u95f4\u540c\u6b65,\u5982\u679c\u662f\u53ea\u5141\u8bb8\u67d0\u4e2a\u7f51\u6bb5\u7684\u5ba2\u6237\u673a\u8fdb\u884c\u65f6\u95f4\u540c\u6b65\u53ef\u4ee5\u8fd9\u6837\u5199
restrict 10.58.26.0 mask 255.255.255.0 nomodify)
restrict -6 default kod nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict -6 ::1
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool
#server 0.rhel.pool.ntp.org\uff08\u9ed8\u8ba4\u65f6\u95f4\u670d\u52a1\u5668\uff09
#server 1.rhel.pool.ntp.org\uff08\u9ed8\u8ba4\u65f6\u95f4\u670d\u52a1\u5668\uff09
#server 2.rhel.pool.ntp.org\uff08\u9ed8\u8ba4\u65f6\u95f4\u670d\u52a1\u5668\uff09
server 10.128.14.25 \uff08\u624b\u5de5\u8bbe\u7f6e\u7684\u65f6\u95f4\u670d\u52a1\u5668\uff09
\uff08\u5982\u679c\u662f\u53ef\u4ee5\u76f4\u8fde\u5916\u7f51\uff0c\u53ef\u4ee5\u4f7f\u7528LINUX\u9ed8\u8ba4\u63d0\u4f9b\u7684\u4e09\u7ec4\u6807\u51c6\u65f6\u95f4\u670d\u52a1\u5668\uff0c\u5426\u5219\u53ef\u4ee5\u81ea\u5df1\u6307\u5b9a\u4e00\u4e2a\u540c\u6b65\u65f6\u95f4\u6e90\uff09
#broadcast 192.168.1.255 key 42 # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 key 42 # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 key 42 # manycast client
# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available.
server 127.127.1.0 # local clock
fudge 127.127.1.0 stratum 10
3\u3001\u4ee5\u5b88\u62a4\u8fdb\u7a0b\u542f\u52a8ntpd
#/etc/rc.d/init.d/ntpd -c /etc/ntp.conf -p /tmp/ntpd.pid
#/etc/rc.d/init.d/ntpd start
#ps -ef|grep ntpd
4\u3001\u5728ntp server\u4e0a\u542f\u52a8ntp\u670d\u52a1\u540e\uff0cntp server\u81ea\u8eab\u6216\u8005\u4e0e\u5176server\u7684\u540c\u6b65\u7684\u9700\u8981\u4e00\u4e2a\u65f6\u95f4\u6bb5\uff0c\u8fd9\u4e2a\u8fc7\u7a0b\u53ef\u80fd\u662f5\u5206\u949f\uff0c\u5728\u8fd9\u4e2a\u65f6\u95f4\u4e4b\u5185\u5728\u5ba2\u6237\u7aef\u8fd0\u884cntpdate\u547d\u4ee4\u8fdb\u884c\u540c\u6b65\u65f6\u4f1a\u4ea7\u751fno server suitable for synchronization found\u7684\u9519\u8bef\u3002
\u90a3\u4e48\u5982\u4f55\u77e5\u9053\u4f55\u65f6ntp server\u5b8c\u6210\u4e86\u548c\u81ea\u8eab\u540c\u6b65\u7684\u8fc7\u7a0b\u5462\uff1f
\u5728ntp server\u4e0a\u4f7f\u7528\u547d\u4ee4\uff1a
# watch ntpq -p
\u51fa\u73b0\u5982\u4e0b\u753b\u9762\uff1a
\u6ce8\u610fLOCAL\u7684\u8fd9\u4e2a\u5c31\u662f\u4e0e\u81ea\u8eab\u540c\u6b65\u7684ntp server\u3002
\u6ce8\u610freach\u8fd9\u4e2a\u503c\uff0c\u5728\u542f\u52a8ntp server\u670d\u52a1\u540e\uff0c\u8fd9\u4e2a\u503c\u5c31\u4ece0\u5f00\u59cb\u4e0d\u65ad\u589e\u52a0\uff0c\u5f53\u589e\u52a0\u523017\u7684\u65f6\u5019\uff0c\u4ece0\u523017\u662f5\u6b21\u7684\u53d8\u66f4\uff0c\u6bcf\u4e00\u6b21\u662fpoll\u7684\u503c\u7684\u79d2\u6570\uff0c\u662f64\u79d2*5=320\u79d2\u7684\u65f6\u95f4\u3002
\u4e8c\u3001\u914d\u7f6e\u65f6\u95f4\u540c\u6b65\u5ba2\u6237\u673a
vi /var/spool/cron/root\uff08\u6216crontab -e\uff09
\u589e\u52a0\u4e00\u884c\uff0c\u5728\u6bcf\u5929\u76841\u70b910\u5206\u30019\u70b910\u5206\u300117\u70b910\u5206\u4e0e\u65f6\u95f4\u540c\u6b65\u670d\u52a1\u5668\u8fdb\u884c\u540c\u6b65\u5e76\u5199\u5165BIOS
10 1 ,9,17* * * root /usr/sbin/ntpdate 10.128.14.25; /sbin/hwclock -w
\u5982\u679c\u540c\u6b65\u4e0d\u6b63\u5e38\uff0c\u53ef\u4ee5\u52a0\u8f93\u51fa\u65e5\u5fd7\u6216\u770b\u7cfb\u7edf\u65e5\u5fd7
\u8f93\u51fa\u65e5\u5fd7\u7684\u65b9\u6cd5\uff1a
10 1 ,9,17* * * root /usr/sbin/ntpdate 10.128.14.25>>/tmp/1.txt; /sbin/hwclock -w
\u57281.txt\u4e2d\u53ef\u67e5\u770b\u65f6\u95f4\u540c\u6b65\u65f6\u7684\u8f93\u51fa\u7ed3\u679c\u3002
\u6216\u8005\u770b/var/mail/root\u7cfb\u7edf\u65e5\u5fd7
Subject: Cron /usr/sbin/ntpdate 10.128.14.25;/sbin/hwclock -w
X-Cron-Env:
X-Cron-Env:
X-Cron-Env:
X-Cron-Env:
X-Cron-Env:
Message-Id:
Date: Tue, 27 Nov 2012 18:30:01 +0800 (CST)
27 Nov 18:29:59 ntpdate[6917]: step time server 10.128.14.25 offset -1.361968 sec
\u53ef\u4ee5\u770b\u5230\u540c\u6b65\u6210\u529f\u4e86\uff0c\u5982\u679c\u672a\u6210\u529f\u4f1a\u62a5\u51fa\u9519\u8bef\u3002
\u4e09\u3001\u65e0\u6cd5\u540c\u6b65\u7684\u95ee\u9898
\u68c0\u67e5ntp server\u4e3b\u673a\u7684\u9632\u706b\u5899\u3002\u53ef\u80fd\u662fntp server\u7684\u9632\u706b\u5899\u5c4f\u853d\u4e86upd 123\u7aef\u53e3\u3002
\u53ef\u4ee5\u7528\u547d\u4ee4
#service iptables stop
\u5907 CentOS \u670d\u52a1\u5668
\u73b0\u5728\u8ba9\u6211\u4eec\u6765\u5f00\u59cb\u5728 CentOS \u4e0a\u8bbe\u7f6e NTP \u670d\u52a1\u5668\u3002
\u9996\u5148\uff0c\u6211\u4eec\u9700\u8981\u4fdd\u8bc1\u6b63\u786e\u8bbe\u7f6e\u4e86\u670d\u52a1\u5668\u7684\u65f6\u533a\u3002\u5728 CentOS 7 \u4e2d\uff0c\u6211\u4eec\u53ef\u4ee5\u4f7f\u7528 timedatectl \u547d\u4ee4\u67e5\u770b\u548c\u66f4\u6539\u670d\u52a1\u5668\u7684\u65f6\u533a(\u6bd4\u5982\uff0c"Australia/Adelaide"\uff0cLCTT \u8bd1\u6ce8\uff1a\u4e2d\u56fd\u53ef\u8bbe\u7f6e\u4e3a Asia/Shanghai )
# timedatectl list-timezones | grep Australia
# timedatectl set-timezone Australia/Adelaide
# timedatectl
\u7ee7\u7eed\u5e76\u4f7f\u7528 yum \u5b89\u88c5\u9700\u8981\u7684\u8f6f\u4ef6
# yum install ntp
\u7136\u540e\u6211\u4eec\u4f1a\u6dfb\u52a0\u5168\u7403 NTP \u670d\u52a1\u5668\u7528\u4e8e\u540c\u6b65\u65f6\u95f4\u3002
# vim /etc/ntp.conf
server 0.oceania.pool.ntp.org
server 1.oceania.pool.ntp.org
server 2.oceania.pool.ntp.org
server 3.oceania.pool.ntp.org
\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0cNTP \u670d\u52a1\u5668\u7684\u65e5\u5fd7\u4fdd\u5b58\u5728 /var/log/messages\u3002\u5982\u679c\u4f60\u5e0c\u671b\u4f7f\u7528\u81ea\u5b9a\u4e49\u7684\u65e5\u5fd7\u6587\u4ef6\uff0c\u90a3\u4e5f\u53ef\u4ee5\u6307\u5b9a\u3002
logfile /var/log/ntpd.log
\u5982\u679c\u4f60\u9009\u62e9\u81ea\u5b9a\u4e49\u65e5\u5fd7\u6587\u4ef6\uff0c\u786e\u4fdd\u66f4\u6539\u4e86\u5b83\u7684\u5c5e\u4e3b\u548c SELinux \u73af\u5883\u3002
# chown ntp:ntp /var/log/ntpd.log
# chcon -t ntpd_log_t /var/log/ntpd.log
\u73b0\u5728\u521d\u59cb\u5316 NTP \u670d\u52a1\u5e76\u786e\u4fdd\u628a\u5b83\u6dfb\u52a0\u5230\u4e86\u5f00\u673a\u542f\u52a8\u3002
# systemctl restart ntp
# systemctl enable ntp
\u9a8c\u8bc1 NTP Server \u65f6\u949f
\u6211\u4eec\u53ef\u4ee5\u4f7f\u7528 ntpq \u547d\u4ee4\u6765\u68c0\u67e5\u672c\u5730\u670d\u52a1\u5668\u7684\u65f6\u949f\u5982\u4f55\u901a\u8fc7 NTP \u540c\u6b65\u3002
\u63a7\u5236\u5230 NTP \u670d\u52a1\u5668\u7684\u8bbf\u95ee
\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0cNTP \u670d\u52a1\u5668\u5141\u8bb8\u6765\u81ea\u6240\u6709\u4e3b\u673a\u7684\u67e5\u8be2\u3002\u5982\u679c\u4f60\u60f3\u8fc7\u6ee4\u8fdb\u6765\u7684 NTP \u540c\u6b65\u8fde\u63a5\uff0c\u4f60\u53ef\u4ee5\u5728\u4f60\u7684\u9632\u706b\u5899\u4e2d\u6dfb\u52a0\u89c4\u5219\u8fc7\u6ee4\u6d41\u91cf\u3002
# iptables -A INPUT -s 192.168.1.0/24 -p udp --dport 123 -j ACCEPT
# iptables -A INPUT -p udp --dport 123 -j DROP
\u8be5\u89c4\u5219\u5141\u8bb8\u4ece 192.168.1.0/24 \u6765\u7684 NTP \u6d41\u91cf(\u7aef\u53e3 UDP/123)\uff0c\u4efb\u4f55\u5176\u5b83\u7f51\u7edc\u7684\u6d41\u91cf\u4f1a\u88ab\u4e22\u5f03\u3002\u4f60\u53ef\u4ee5\u6839\u636e\u9700\u8981\u66f4\u6539\u89c4\u5219\u3002
\u914d\u7f6e NTP \u5ba2\u6237\u7aef
1. Linux
NTP \u5ba2\u6237\u7aef\u4e3b\u673a\u9700\u8981 ntpupdate \u8f6f\u4ef6\u5305\u6765\u548c\u670d\u52a1\u5668\u540c\u6b65\u65f6\u95f4\u3002\u53ef\u4ee5\u8f7b\u677e\u5730\u4f7f\u7528 yum \u6216 apt-get \u5b89\u88c5\u8fd9\u4e2a\u8f6f\u4ef6\u5305\u3002\u5b89\u88c5\u5b8c\u8f6f\u4ef6\u5305\u4e4b\u540e\uff0c\u7528\u670d\u52a1\u5668\u7684 IP \u5730\u5740\u8fd0\u884c\u4e0b\u9762\u7684\u547d\u4ee4\u3002
# ntpdate
\u57fa\u4e8e RHEL \u548c Debian \u7684\u7cfb\u7edf\u547d\u4ee4\u90fd\u76f8\u540c\u3002
2. Windows
\u5982\u679c\u4f60\u6b63\u5728\u4f7f\u7528 Windows\uff0c\u5728\u65e5\u671f\u548c\u65f6\u95f4\u8bbe\u7f6e(Date and Time settings)\u4e0b\u67e5\u627e\u7f51\u7edc\u65f6\u95f4(Internet Time)\u3002
3. Cisco \u8bbe\u5907
\u5982\u679c\u4f60\u60f3\u8981\u540c\u6b65 Cisco \u8bbe\u5907\u7684\u65f6\u95f4\uff0c\u4f60\u53ef\u4ee5\u5728\u5168\u5c40\u914d\u7f6e\u6a21\u5f0f\u4e0b\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u3002
# ntp server
\u6765\u81ea\u5176\u5b83\u5382\u5bb6\u7684\u652f\u6301 NTP \u7684\u8bbe\u5907\u6709\u81ea\u5df1\u7684\u7528\u4e8e\u7f51\u7edc\u65f6\u95f4\u7684\u53c2\u6570\u3002\u5982\u679c\u4f60\u60f3\u5c06\u8bbe\u5907\u548c NTP\u670d\u52a1\u5668\u540c\u6b65\u65f6\u95f4\uff0c\u8bf7\u67e5\u770b\u8bbe\u5907\u7684\u8bf4\u660e\u6587\u6863\u3002
\u7ed3\u8bba
\u603b\u800c\u8a00\u4e4b\uff0cNTP \u662f\u5728\u4f60\u7684\u6240\u6709\u4e3b\u673a\u4e0a\u540c\u6b65\u65f6\u949f\u7684\u4e00\u4e2a\u534f\u8bae\u3002\u6211\u4eec\u5df2\u7ecf\u4ecb\u7ecd\u4e86\u5982\u4f55\u8bbe\u7f6e NTP \u670d\u52a1\u5668\u5e76\u4f7f\u652f\u6301 NTP \u7684\u8bbe\u5907\u548c\u670d\u52a1\u5668\u540c\u6b65\u65f6\u95f4\u3002
1、在一台linux服务器安装ntp server
tar zxvf ntp-4.2.6.tar.gz
cd ntp-4.2.6
./configure --prefix=/usr/local/ntp --enable-all-clocks --enable-parse-clocks
make && make install
2、修改ntp.conf配置文件
vi /etc/ntp.conf
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
#restrict default kod nomodify notrap nopeer noquery
restrict default nomodify
(允许任何IP的客户机都可以进行时间同步,如果是只允许某个网段的客户机进行时间同步可以这样写
restrict 10.58.26.0 mask 255.255.255.0 nomodify)
restrict -6 default kod nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict -6 ::1
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool
#server 0.rhel.pool.ntp.org(默认时间服务器)
#server 1.rhel.pool.ntp.org(默认时间服务器)
#server 2.rhel.pool.ntp.org(默认时间服务器)
server 10.128.14.25 (手工设置的时间服务器)
(如果是可以直连外网,可以使用LINUX默认提供的三组标准时间服务器,否则可以自己指定一个同步时间源)
#broadcast 192.168.1.255 key 42 # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 key 42 # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 key 42 # manycast client
# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available.
server 127.127.1.0 # local clock
fudge 127.127.1.0 stratum 10
3、以守护进程启动ntpd
#/etc/rc.d/init.d/ntpd -c /etc/ntp.conf -p /tmp/ntpd.pid
#/etc/rc.d/init.d/ntpd start
#ps -ef|grep ntpd
4、
在ntp server上启动ntp服务后,ntp
server自身或者与其server的同步的需要一个时间段,这个过程可能是5分钟,在这个时间之内在客户端运行ntpdate命令进行同步时会产生
no server suitable for synchronization found的错误。
下面命令可以知道何时ntp server完成了和自身同步的过程
在ntp server上使用命令:
# watch ntpq -p
注意LOCAL的这个就是与自身同步的ntp server。
注意reach这个值,在启动ntp server服务后,这个值就从0开始不断增加,当增加到17的时候,从0到17是5次的变更,每一次是poll的值的秒数,是64秒*5=320秒的时间。
二、配置时间同步客户机
vi /var/spool/cron/root(或crontab -e)
增加一行,在每天的1点10分、9点10分、17点10分与时间同步服务器进行同步并写入BIOS
10 1 ,9,17* * * root /usr/sbin/ntpdate 10.128.14.25; /sbin/hwclock -w
如果同步不正常,可以加输出日志或看系统日志
输出日志的方法:
10 1 ,9,17* * * root /usr/sbin/ntpdate 10.128.14.25>>/tmp/1.txt; /sbin/hwclock -w
在1.txt中可查看时间同步时的输出结果。
或者看/var/mail/root系统日志
Subject: Cron <root@tyzssq8> /usr/sbin/ntpdate 10.128.14.25;/sbin/hwclock -w
X-Cron-Env: <SHELL=/bin/sh>
X-Cron-Env: <HOME=/root>
X-Cron-Env: <PATH=/usr/bin:/bin>
X-Cron-Env: <LOGNAME=root>
X-Cron-Env: <USER=root>
Message-Id: <[email protected]>
Date: Tue, 27 Nov 2012 18:30:01 +0800 (CST)
27 Nov 18:29:59 ntpdate[6917]: step time server 10.128.14.25 offset -1.361968 sec
可以看到同步成功了,如果未成功会报出错误。
三、无法同步的问题
检查ntp server主机的防火墙。可能是ntp server的防火墙屏蔽了upd 123端口。
可以用命令
#service iptables stop
扩展阅读:centos 7 找不到硬盘 ... centos sed替换内容指定行 ... centos安装完怎样设置ip ... centos桌面设置中文 ... centos官网 ... centos开启无线网络 ... 电脑显示fix c stage ... centos 安装详细图解 ... 怎么把centos 设置成中文 ...
