lab environment:
1. View the current server time zone & list the time zone and set the time zone (if it is already the correct time zone, please skip it):
# timedatectl # timedatectl list-timezones # timedatectl set-timezone Asia/Shanghai
2. Time zone concept understanding:
GMT、UTC、CST、DST
UTC:
The entire earth is divided into 24 time zones, each of which has its own local time. In international radio communication occasions, for the sake of unification, a unified time is used, called Universal Time Coordinated (UTC: Universal Time Coordinated).
GMT:
Greenwich Mean Time refers to the standard time at the Royal Greenwich Observatory in suburban London, England, because the prime meridian is defined as the longitude passing there (UTC and GMT are basically the same time).
CST:
China Standard Time
GMT + 8 = UTC + 8 = CST
DST:
Daylight Saving Time (Daylight Saving Time) refers to moving the time forward by one hour when the sun rises earlier in summer to advance the use of sunlight (not used in China).
2. Use NTP Public Pool Time Servers http://www.pool.ntp.org to synchronize your server time.
Check if it is installed:
# rpm -q ntp ntp-4.2.6p5-25.el7.centos.2.x86_64
If it is already installed, please skip this step, otherwise please execute the following command to install:
# yum install ntpdate ntp -y
Modify NTP configuration:
Note: Green is the original content I commented out, red is the new addition to replace the previous commented content, others are default.
# vim /etc/ntp.conf # For more information about this file, see the man pages # ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5). operation file / var / lib / ntp / operation #Add: log directory. logfile /var/log/ntpd.log # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. restrict default nomodify notrap nopeer noquery # Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1 restrict ::1 #The meaning of this line is to authorize all machines on the 172.16.128.0 network segment to query and synchronize time from this machine. restrict 172.16.128.0 mask 255.255.255.0 nomodify notrap # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst #server 1.centos.pool.ntp.org iburst #server 2.centos.pool.ntp.org iburst #server 3.centos.pool.ntp.org iburst #Added: Time server list. server 0.cn.pool.ntp.org iburst server 1.cn.pool.ntp.org iburst server 2.cn.pool.ntp.org iburst server 3.cn.pool.ntp.org iburst #New: Use local time when external time is not available. server 172.16.128.171 iburst fudge 127.0.0.1 stratum 10 #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client #New: Allow the upper time server to actively modify the local time. restrict 0.cn.pool.ntp.org nomodify notrap noquery restrict 1.cn.pool.ntp.org nomodify notrap noquery restrict 2.cn.pool.ntp.org nomodify notrap noquery # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys # Specify the key identifiers which are trusted. #trustedkey 4 8 42 # Specify the key identifier to use with the ntpdc utility. #requestkey 8 # Specify the key identifier to use with the ntpq utility. #controlkey 8 # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor
3. Set the system to start automatically after booting:
# systemctl enable ntpd # systemctl enable ntpdate # systemctl is-enabled ntpd
When the ntpd service starts, first use the ntpdate command to synchronize the time:
# ntpdate -u 1.cn.pool.ntp.org
One of the reasons: When the time error between the server and the client is too large, modifying the time at this time may bring unpredictable problems to the system or application, and NTP will stop time synchronization. If the time is not synchronized after checking the NTP, it should be considered that the time error may be too large. In this case, you need to manually synchronize the time.
Start the NTP server:
# systemctl start ntpdate # systemctl start ntpd
4. Join the firewall:
# firewall-cmd --permanent --add-service=ntp # firewall-cmd --reload
5. Check the ntp connection status If there is no problem, write the correct time to the hardware:
# ss -tlunp | grep ntp # ntpq -p # hwclock -w
5.1. System time and hardware time
Hardware time:
RTC (Real-Time Clock) or CMOS time is generally powered by a battery on the motherboard, and the server will continue to run after the power is turned off. Only datetime values are saved, time zone and daylight saving time settings cannot be saved.
system time:
Usually the RTC time is copied when the server starts, and then it runs independently, saving the time, time zone, and daylight saving time settings.
6. Client:
Real-time synchronization as a service process (need to install NTP):
# vim /etc/ntp.conf server 172.16.128.171
Important: Modifying the NTP configuration file of any node server requires restarting the ntpd service:
# systemctl restart ntpd
Schedule the synchronization time with crontab tasks (need to install ntpdate, and update the synchronization time at 24:00 every day):
# crontab -e 0 0 * * * /usr/sbin/sntp -P no -r 172.16.128.171;hwclock -w
Deployed. In this way, the cluster will automatically synchronize the services periodically, so that the time of the cluster remains consistent.
The original text comes from: https://www.linuxprobe.com/centos7-ntp-time.html