一、NTP伺服器介紹
參考連結:
阿裡巴巴開源鏡像站 NTP下載下傳安裝教程網絡時間協定(Network Time Protocol,NTP)伺服器,也就是日常所說的NTP伺服器,用來提供同步時間服務。在生産環境中,很多人都會忽略時間問題,實際上伺服器、網絡裝置等,特别是Linux作業系統和虛拟化平台的時間不同步會導緻很多問題。那麼搭建一台NTP伺服器就非常重要,生産環境中的裝置可以直接與NTP伺服器進行時間同步,NTP伺服器本身也可以通路互連的NTP伺服器進行同步。NTP伺服器可以是實體伺服器,也可以是虛拟機。
二、安裝NTP服務元件
在Linux伺服器(如,CentOS、Ubuntu等作業系統)上,使用指令進行安裝。
本實驗以CentOS 7 Linux環境進行示範操作記錄。
YUM源已更新成阿裡雲開源鏡像站裡的CentOS鏡像,加速快捷通路。
[root@ntp ~]# yum clean all
Loaded plugins: fastestmirror
Cleaning repos: base extras updates
Cleaning up list of fastest mirrors
[root@ntp ~]# yum repolist
Loaded plugins: fastestmirror
Determining fastest mirrors
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
base | 3.6 kB 00:00:00
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
(1/4): base/7/x86_64/group_gz | 153 kB 00:00:00
(2/4): extras/7/x86_64/primary_db | 243 kB 00:00:00
(3/4): updates/7/x86_64/primary_db | 12 MB 00:00:01
(4/4): base/7/x86_64/primary_db | 6.1 MB 00:00:03
repo id repo name status
base/7/x86_64 CentOS-7 - Base - mirrors.aliyun.com 10,072
extras/7/x86_64 CentOS-7 - Extras - mirrors.aliyun.com 500
updates/7/x86_64 CentOS-7 - Updates - mirrors.aliyun.com 2,963
repolist: 13,535
[root@ntp ~]#
執行
yum install -y ntp
指令,進行ntp元件安裝。
[root@ntp ~]# yum install -y ntp
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
Resolving Dependencies
--> Running transaction check
---> Package ntp.x86_64 0:4.2.6p5-29.el7.centos.2 will be installed
--> Processing Dependency: ntpdate = 4.2.6p5-29.el7.centos.2 for package: ntp-4.2.6p5-29.el7.centos.2.x86_64
--> Processing Dependency: libopts.so.25()(64bit) for package: ntp-4.2.6p5-29.el7.centos.2.x86_64
--> Running transaction check
---> Package autogen-libopts.x86_64 0:5.18-5.el7 will be installed
---> Package ntpdate.x86_64 0:4.2.6p5-29.el7.centos.2 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=================================================================================================================
Package Arch Version Repository Size
=================================================================================================================
Installing:
ntp x86_64 4.2.6p5-29.el7.centos.2 base 549 k
Installing for dependencies:
autogen-libopts x86_64 5.18-5.el7 base 66 k
ntpdate x86_64 4.2.6p5-29.el7.centos.2 base 87 k
Transaction Summary
=================================================================================================================
Install 1 Package (+2 Dependent packages)
Total download size: 701 k
Installed size: 1.6 M
Downloading packages:
(1/3): autogen-libopts-5.18-5.el7.x86_64.rpm | 66 kB 00:00:00
(2/3): ntpdate-4.2.6p5-29.el7.centos.2.x86_64.rpm | 87 kB 00:00:00
(3/3): ntp-4.2.6p5-29.el7.centos.2.x86_64.rpm | 549 kB 00:00:00
-----------------------------------------------------------------------------------------------------------------
Total 1.7 MB/s | 701 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : autogen-libopts-5.18-5.el7.x86_64 1/3
Installing : ntpdate-4.2.6p5-29.el7.centos.2.x86_64 2/3
Installing : ntp-4.2.6p5-29.el7.centos.2.x86_64 3/3
Verifying : ntpdate-4.2.6p5-29.el7.centos.2.x86_64 1/3
Verifying : ntp-4.2.6p5-29.el7.centos.2.x86_64 2/3
Verifying : autogen-libopts-5.18-5.el7.x86_64 3/3
Installed:
ntp.x86_64 0:4.2.6p5-29.el7.centos.2
Dependency Installed:
autogen-libopts.x86_64 0:5.18-5.el7 ntpdate.x86_64 0:4.2.6p5-29.el7.centos.2
Complete!
[root@ntp ~]#
三、配置阿裡雲鏡像站NTP服務
配置之前,測試伺服器是否能夠通路到阿裡雲NTP伺服器。
ping ntp.aliyun.com -c 5
![](https://img.laitimes.com/img/_0nNw4CM6IyYiwiM6ICdiwiI2EzX4xSZz91ZsAzNfRHLGZkRGZkRfJ3bs92YsATMfVmepNHLaxWRSlGbIVWQClGVF5UMR9Fd4VGdsATNfd3bkFGazxycykFaKdkYzZUbapXNXlleSdVY2pESa9VZwlHdssmch1mclRXY39CXldWYtlWPzNXZj9mcw1ycz9WL49zZuBnLyQzY1YmMiF2YzATM3YmN5ATZzQDO3MDZ3UDO1QmY2EzLc52YucWbp5GZzNmLn9Gbi1yZtl2Lc9CX6MHc0RHaiojIsJye.png)
修改
/etc/ntp.conf
配置檔案。
注釋掉原來配置檔案中的NTP伺服器位址,添加阿裡雲NTP伺服器位址。
[root@ntp ~]# vi /etc/ntp.conf
[root@ntp ~]# cat /etc/ntp.conf
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile /var/lib/ntp/drift
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict ::1
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server ntp.aliyun.com
#broadcast 192.168.1.255 autokey # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 autokey # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 autokey # manycast client
# Enable public key cryptography.
#crypto
includefile /etc/ntp/crypto/pw
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats
# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor
[root@ntp ~]#
四、啟動NTP服務
啟動ntp服務設定ntp服務開機自啟動
systemctl start ntpd
檢視ntp服務是否正常
systemctl enable ntpd
systemctl status ntpd
[root@ntp ~]# systemctl start ntpd
[root@ntp ~]# systemctl enable ntpd
Created symlink from /etc/systemd/system/multi-user.target.wants/ntpd.service to /usr/lib/systemd/system/ntpd.service.
[root@ntp ~]# systemctl status ntpd
● ntpd.service - Network Time Service
Loaded: loaded (/usr/lib/systemd/system/ntpd.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2021-11-28 19:06:34 CST; 23h left
Main PID: 1988 (ntpd)
CGroup: /system.slice/ntpd.service
└─1988 /usr/sbin/ntpd -u ntp:ntp -g
Nov 28 19:06:34 ntp ntpd[1988]: Listen normally on 3 ens32 192.168.1.50 UDP 123
Nov 28 19:06:34 ntp ntpd[1988]: Listen normally on 4 lo ::1 UDP 123
Nov 28 19:06:34 ntp ntpd[1988]: Listen normally on 5 ens32 fe80::e4b:3ef:613c:8741 UDP 123
Nov 28 19:06:34 ntp ntpd[1988]: Listening on routing socket on fd #22 for interface updates
Nov 28 19:06:34 ntp ntpd[1988]: 0.0.0.0 c016 06 restart
Nov 28 19:06:34 ntp ntpd[1988]: 0.0.0.0 c012 02 freq_set kernel 0.000 PPM
Nov 28 19:06:34 ntp ntpd[1988]: 0.0.0.0 c011 01 freq_not_set
Nov 28 19:09:51 ntp ntpd[1988]: 0.0.0.0 c61c 0c clock_step -86398.982768 s
Nov 27 19:09:52 ntp ntpd[1988]: 0.0.0.0 c614 04 freq_mode
Nov 27 19:09:53 ntp ntpd[1988]: 0.0.0.0 c618 08 no_sys_peer
[root@ntp ~]#
五、檢視NTP源
ntpq -p
即[203.107.6.88]位址為阿裡雲NTP伺服器的IP位址。
[root@ntp ~]# ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
203.107.6.88 100.107.25.114 2 u 56 64 7 13.685 -0.002 0.415
六、檢視NTP服務狀态
# 輸出如下内容,表示在同步中,需要耐心等待一下
[root@ntp ~]# ntpstat
unsynchronised
time server re-starting
polling server every 8 s
# 輸出如下内容,表示同步成功
[root@ntp ~]# ntpstat
synchronised to NTP server (203.107.6.88) at stratum 3
time correct to within 958 ms
polling server every 64 s
七、将用戶端與NTP伺服器同步
[root@client ~]# ntpdate -d 192.168.1.50
28 Nov 19:37:54 ntpdate[2880]: ntpdate [email protected] Tue Jun 23 15:38:19 UTC 2020 (1)
Looking for host 192.168.1.50 and service ntp
host found : 192.168.1.50
transmit(192.168.1.50)
receive(192.168.1.50)
transmit(192.168.1.50)
receive(192.168.1.50)
transmit(192.168.1.50)
receive(192.168.1.50)
transmit(192.168.1.50)
receive(192.168.1.50)
server 192.168.1.50, port 123
stratum 3, precision -25, leap 00, trust 000
refid [192.168.1.50], delay 0.02652, dispersion 0.00000
transmitted 4, in filter 4
reference time: e54c9534.6f868aa9 Sat, Nov 27 2021 19:29:56.435
originate timestamp: e54c9719.4617ce7f Sat, Nov 27 2021 19:38:01.273
transmit timestamp: e54de898.b45bc870 Sun, Nov 28 2021 19:38:00.704
filter delay: 0.02658 0.02655 0.02652 0.02660
0.00000 0.00000 0.00000 0.00000
filter offset: -86399.4 -86399.4 -86399.4 -86399.4
0.000000 0.000000 0.000000 0.000000
delay 0.02652, dispersion 0.00000
offset -86399.431479
28 Nov 19:38:00 ntpdate[2880]: step time server 192.168.1.50 offset -86399.431479 sec
[root@client ~]#
八、将系統時間同步到硬體
[root@client ~]# hwclock -w
[root@client ~]# date
Sun Nov 28 19:39:10 CST 2021