First, the concept of NTP server
It is generally used for time synchronization of LAN servers, which can ensure that the time of all servers in the LAN is consistent with the time server. Some applications have high requirements on real-time time and must unify the time.
In layman's terms, a computer room needs to maintain a consistent time for management.
Second, the establishment of NTP server (used in local area network)
1. The NTP server port is UDP 123. You need to add a rule to the local firewall or close the firewall directly (it is recommended to change the SELinux mode to permissive at the same time):
Turn off the firewall: service iptables stop
Add a local firewall rule: iptables -I INPUT 1 -p udp --dport 123 -j ACCEPT
vim /etc/selinux/config 修改SELINUX=disabled
(It is recommended to turn off the firewall first, and then set the firewall after the experiment is successful)
2. Installation of NTP server: yum install ntp
3. Configuration file /etc/ntp.conf
Add a network segment as shown. It means that the ip in this network segment can synchronize time through my NTP server.
Add a host source as shown. It is the source of the synchronization time. Ali's synchronization source is used here.
4. Restart the ntp service, where you can also view the host source status through ntpq -p.
At this point, the server-side configuration is complete.
Start configuring the client
1, also need yum to install ntp
2, ntpdate 192.168.66.128 (here is the IP address of my server)
3, the original comment out. replace
In fact, there is a second way to configure the client!
ntpdate server ip
View time and BIOS time
date; hwclock–r
vim /etc/crontab
# add this line
10 5 * * * root (/usr/sbin/ntpdatexxx.xxx.xxx.xxx&& /sbin/hwclock-w) &> /dev/null
After using crontab, the Linux system will automatically perform network time calibration at 5:10 every day. However, this method is only suitable for the situation where NTP is not enabled. If you have too many machines, then the client should also start the NTP service! Actively update the time through NTP
Third, interpret the /etc/ntp.conf configuration file
restrict controls related permissions.
The syntax is: restrict IP address mask subnet mask parameter
The IP address can also be default, default refers to all IP
The parameters are as follows:
ignore : Turn off all NTP online services
nomodify
: The client cannot change the time parameters of the server, but the client can perform network time calibration through the server.
notrust
: This client origin will be treated as a non-trust subnet unless the client is authenticated
noquery
: Does not provide time query of the client: the client cannot use ntpq, ntpc and other commands to query the ntp server, which is equivalent to not providing the network time of NTP.
notrap
: do not provide trap remote login: deny mode 6 control message trap service for matching hosts. The trap service is a subsystem of the ntpdq control message protocol for remote event loggers.
nopeer: used to block host attempts to peer with the server and allow rogue servers to control the clock
restrict -6 indicates permission settings for IPV6 addresses.
[root@www~]# vim /etc/ntp.conf
# 1. First deal with the issue of permissions, including releasing the upper-level server and opening the source of users on the local network:
restrict default kod nomodify notrap nopeer noquery<== deny IPv4 users
restrict -6 default kod nomodify notrap nopeer noquery<== deny IPv6 users
restrict 59.124.196.84 <== release time.stdtime.gov.tw to enter this NTP server
restrict 127.0.0.1 <== The bottom two are the default values, allowing the local source
restrict -6 ::1
restrict 192.168.100.0 mask 255.255.255.0 nomodify<== release area network source
# 2. Set the host source
server 220.130.158.71 prefer <== this host is the highest priority
server 59.124.196.83
server 59.124.196.84
# 3. The default time difference analysis file and unused keys, etc., do not need to be changed:
operation file / var / lib / ntp / operation
keys /etc/ntp/keys
Chestnut:
Servers from 192.168.0.1-192.168.0.254 can use our NTP server to synchronize time
restrict 192.168.0.0 mask 255.255.255.0 notrustnomodifynotrap
Restrict the provision of NTP services to servers in these IP ranges from 192.168.0.1-192.168.0.254
restrict 192.168.0.0 mask 255.255.255.0 notrustnomodifynotrapnoquery
Set the default policy to allow time synchronization from any host
restrict default ignore
Make sure that localhost (the common IP address used to refer to the Linux server itself) has sufficient permissions. Use the syntax without any restriction keywords:
restrict 127.0.0.1
restrict -6 ::1
Add the following two lines to indicate that the local hardware time is also used as one of the time sources for synchronization, so that the local time can be used as the synchronization time source when the network is not connected. In the intranet environment, other servers in the configuration file can be used. are deleted.
server 127.127.1.0 # local clock
fudge 127.127.1.0 stratum 10
stratum is the level of the server. If you want to update the time to other NTP servers, please do not set it to 0. Its value range is 0-15.
Attached (related information such as NTP server list)
Applicable to the domestic NTP server address, which can be used for time synchronization or Android accelerated GPS positioning
https://blog.csdn.net/maxsky/article/details/53866475