前置步骤:
默认yum源已经配置;
一、NTP服务部署
服务端口:
[root@pop-t-yum ~]# grep -E ^n+tp /etc/services
nntp 119/tcp readnews untp # USENET News Transfer Protocol
nntp 119/udp readnews untp # USENET News Transfer Protocol
ntp 123/tcp
ntp 123/udp # Network Time Protocol
nntps 563/tcp # NNTP over SSL
nntps 563/udp # NNTP over SSL
安装NTP服务端:
[root@pop-t-yum ~]# yum -y install ntp
安装NTP客户端:
[root@pop-t-yum ~]# yum -y install ntpdate
NTP 配置文件所在位置:
[root@pop-t-yum ~]# ls /etc/ntp.conf
/etc/ntp.conf
启动NTP服务端:
[root@pop-t-yum ~]# systemctl start ntpd
[root@pop-t-yum ~]# /etc/init.d/ntpd start
检查服务端口123
[root@pop-t-yum ~]# netstat -lntup |grep ntp
udp 0 0 192.168.134.10:123 0.0.0.0:* 1424/ntpd
udp 0 0 127.0.0.1:123 0.0.0.0:* 1424/ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:* 1424/ntpd
udp6 0 0 :::123 :::* 1424/ntpd
添加开机自启动
[root@pop-t-yum ~]# systemctl enable ntpd
[root@pop-t-yum ~]# chkconfig ntpd on
二、NTP手动同步
从NTP server端配置文件中检查可用的NTP服务器地址:
[root@pop-t-yum ~]# vim /etc/ntp.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.rhel.pool.ntp.org iburst #从server 列表中选择一个可以使用的地址
server 1.rhel.pool.ntp.org iburst
server 2.rhel.pool.ntp.org iburst
server 3.rhel.pool.ntp.org iburst
server 192.168.134.10 iburst #这个是自定义的IP地址
在NTP client上与NTP server配置中的时间服务器进行同步
同步成功则输出如下信息:
[root@pop-s-test-1 ~]# ntpdate 192.168.134.10
1 Jun 09:37:31 ntpdate[6294]: adjust time server 192.168.134.10 offset -0.471004 sec
同步失败则输入如下记录:
[root@pop-s-test-1 ~]# ntpdate 192.168.134.10
1 Jun 09:37:07 ntpdate[6285]: no server suitable for synchronization found
分析:NTP server端服务未启动
使用ntpdate命令进行同步操作,报socket错误:
[root@pop-s-test-1 ~]# ntpdate 192.168.134.10
1 Jun 09:46:13 ntpdate[6391]: the NTP socket is in use, exiting
分析:NTP clent端启动了ntpd服务,导致socket被占用
补充知识点:ntp、ntpdate、iptables不能同时开启,只能选择一个;
特别注意:使用ntpdate命令同步是一次性将时间拉回与NTP服务器时间一致;
三、NTP自动同步
搭建内网NTP服务器自动进行时间同步
[root@pop-t-yum ~]# vi /etc/ntp.conf
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1 restrict -6 ::1 restrict 10.0.0.0 mask 255.255.255.0
restrict 10.0.0.0 mask 255.0.0.0 nomodify notrap
restrict 192.168.134.0/24
restrict 10.0.0.16
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 192.168.134.52 iburst true
server 192.168.134.53 iburst
server 210.72.145.44 iburst
server 133.100.11.8 iburst
#server 0.rhel.pool.ntp.org iburst
#server 1.rhel.pool.ntp.org iburst
#server 2.rhel.pool.ntp.org iburst
#server 3.rhel.pool.ntp.org iburst
server 127.127.1.0
fudge 127.127.1.0
stratum 10
启动ntpd服务:
[root@pop-t-yum ~]# systemctl restart ntpd
[root@pop-t-yum ~]# /etc/init.d/ntpd start
[root@pop-t-yum ~]# netstat -lntup|grep ntp
udp 0 0 192.168.134.10:123 0.0.0.0:* 1330/ntpd
udp 0 0 127.0.0.1:123 0.0.0.0:* 1330/ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:* 1330/ntpd
udp6 0 0 :::123 :::* 1330/ntpd
查看ntpd服务状态
指令“ntpq -p”可以列出目前我们的NTP与相关的上层NTP的状态
当将52设置为优先使用的时候【true 参数】
[root@pop-s-test-3 ~]# ntpq -p
remote refid st t when poll reach delay offset jitter
=============================================================================
+192.168.134.52 LOCAL(0) 11 u 2 64 1 0.235 -0.040 0.025
*192.168.134.53 LOCAL(0) 11 u 2 64 1 0.172 9.196 0.039
当将53设置为优先使用的时候【true 参数】
[root@pop-s-test-3 ~]# ntpq -p
remote refid st t when poll reach delay offset jitter
=============================================================================
*192.168.134.52 LOCAL(0) 11 u 1 64 1 0.259 -0.054 0.015
+192.168.134.53 LOCAL(0) 11 u 1 64 1 0.198 9.173 0.052
主备ntp客户端配置:
server 192.168.134.238
server 192.168.134.10 true
或者
server 192.168.134.238 iburst
server 192.168.134.10 iburst true
列出与上游服务器的连接:
[root@pop-s-test-1 ~]# ntpstat
synchronised to NTP server (192.168.134.10) at stratum 7
time correct to within 1972 ms
polling server every 64 s