1. Goal
Install and set up the ntp server on centos7;
Set up ntp client on centos7.
2. Architecture
ip | role | os & module |
10.1.1.5 | ntp server | centos 7.6,ntpd |
10.1.1.6 | ntp client | centos 7.6 ,ntpd |
Three, ntp server installation and configuration
1. Install ntp components
yum install -y ntp ntpdate -y
2. Query the ntp component on the server (may be omitted)
[root@ntpserver ~]# rpm -qa |grep ntp
fontpackages-filesystem-1.44-8.el7.noarch
python-ntplib-0.3.2-1.el7.noarch
ntpdate-4.2.6p5-29.el7.centos.2.x86_64
ntp-4.2.6p5-29.el7.centos.2.x86_64
3. Modify the ntp server configuration file
cp /etc/ntp.conf{,.bak}
vim /etc/ntp.conf
● Comment out [#restrict default nomodify notrap nopeer noquery]
● Add a line [restrict 10.1.1.5 nomodify notrap nopeer noquery]
● Add a line [restrict 10.1.1.0 mask 255.255.255.0 nomodify notrap]
● Comment out [server 0.centos.pool.ntp.org iburst]
● Comment out [server 1.centos.pool.ntp.org iburst]
● Comment out [server 2.centos.pool.ntp.org iburst]
● Comment out [server 3.centos.pool.ntp.org iburst]
● Add a line【server 127.127.1.0】
● Add one line【Fudge 127.127.1.0 stratum 10】
The complete configuration is shown below
driftfile /var/lib/ntp/drift
restrict 10.1.1.5 nomodify notrap nopeer noquery
restrict 10.1.1.0 mask 255.255.255.0 nomodify notrap
restrict 127.0.0.1
restrict ::1
server 127.127.1.0
Fudge 127.127.1.0 stratum 10
includefile /etc/ntp/crypto/pw
keys /etc/ntp/keys
disable monitor
Note: According to the above settings, if the ntp server time is different from the real time, the ntp client will follow the ntp server in the end.
I feel that if you want to synchronize the ntp server and the Internet time, then comment out restrict 127.0.0.1, and change server 127.127.1.0 to such as ntp.aliyun.com
4. Restart the ntpd service and set it to start automatically after booting
systemctl restart ntpd
systemctl enable ntpd
5. Open ntp port udp123
●Method 1: Turn off the firewall
systemctl stop firewalld
systemctl disable firewalld
●Method 2: Open port udp123
firewall-cmd --permanent --add-port=123/udp
firewall-cmd --reload
firewall-cmd --list-all
6. Verify that the NTP server is successfully installed
[root@ntpserver ~]# netstat -tlunp | grep ntp
udp 0 0 192.168.122.1:123 0.0.0.0:* 86814/ntpd
udp 0 0 10.1.1.5:123 0.0.0.0:* 86814/ntpd
udp 0 0 127.0.0.1:123 0.0.0.0:* 86814/ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:* 86814/ntpd
udp6 0 0 fe80::ee7:2e9:62c4::123 :::* 86814/ntpd
udp6 0 0 ::1:123 :::* 86814/ntpd
udp6 0 0 :::123 :::* 86814/ntpd
Four, ntp client settings
1. Install ntp components
yum install -y ntp ntpdate -y
2. Modify the ntp client configuration file
cp /etc/ntp.conf{,.bak}
vim /etc/ntp.conf
● Comment out [#restrict default nomodify notrap nopeer noquery]
● Add a line [restrict 10.1.1.5 nomodify notrap nopeer noquery]
● Add a line [restrict 10.1.1.0 mask 255.255.255.0 nomodify notrap]
● Comment out [server 0.centos.pool.ntp.org iburst]
● Comment out [server 1.centos.pool.ntp.org iburst]
● Comment out [server 2.centos.pool.ntp.org iburst]
● Comment out [server 3.centos.pool.ntp.org iburst]
● Add a line【server 10.1.1.5】
● Add one line【Fudge 10.1.1.5 stratum 10】
3. Restart the ntpd service and set it to start automatically after booting
systemctl restart ntpd
systemctl enable ntpd
Five, expansion
1. Manually synchronize the time on the client
ntpdate 10.1.1.5
2. View the communication between the server and the upper-level clock server
Both ntp server and client can be used
ntpq -p
-------------------END------------------November 5, 2020 18:00:00- --------------------------------