NTP service set up
ntp and ntpdate difference
1. The two services are centos own (centos7 not own ntp). The name of the installation package is ntp ntp, ntpdate installation package is ntpdate. They are not provided by an installation package.
2.ntp daemon is ntpd, the configuration file is /etc/ntp.conf
Correction 3.ntpdate time for the client, the server can not start non-NTP NTP.
Description: ntp full name of the Network Time Protocol . NTP server can provide time proofreading services to other hosts.
Preparing the environment: two servers, one as an NTP server and the other as a client -side test server to synchronize time.
NTP server: 156.0.26.6
client end: 156.0.0.27
Installation and Configuration: From the perspective of our configuration file to explain ntp configuration
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile / var / lib / ntp / drift # default. driftfile specifies a frequency error between this unit and the upper NTP server record. The unit is millionth of a second.
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
The NOQUERY default nomodify notrap nopeer the restrict
#restrict used to manage access control. The restrict format [single ip | network | default] Parameter
Parameter:
the ignore: ntp reject all connections
nomodify: The client can not change the time and parameters for the server used ntpc ntpq two programs, a single client may be performed by this host network school.
noquery: clients can not use ntpc and ntpq commands to query the server time, when the school network does not provide equal services.
notrap: This network does not provide a trap landing time functions
notrust: refuse clients without authentication
# Example: restrict 156.0.26.7 nomodify
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1 # following two default, release the unit source
restrict ::1
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.centos.pool.ntp.org iburst # following four as the default, you can comment out
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
#server: to set the upper NTP server, it means the client whom to call for NTP time synchronization.
# Special attention, including network environment inability to connect to the network, for example, there is no way to National Time Service Center 210.72.145.44 synchronization time
# can only speak a host of network settings for the server, to the other within the NTP server provides network services.
server 127.127.1.0 prefer
# The machine time to time as a service. In this network configuration must be added, otherwise it will lead NTP service is unavailable
#prefer on behalf of this host with the highest priority.
#broadcast 192.168.1.255 autokey # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 autokey # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 autokey # manycast client
# Enable public key cryptography.
#crypto
includefile /etc/ntp/crypto/pw
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys / etc / ntp / keys ## in addition to restrict client connections to the outer limit, to the client can be authenticated by way of a secret key.
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats
# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor
Examples
# Server side need to modify /etc/ntp.conf, add the following
server 127.127.1.0 prefer # Set the machine to the NTP server
restrict 156.0.26.7 # 156.0.26.7 allows the client requests time synchronization to the native
restrict 156.0.26.0 mask 255.255.255.0 # 156.0.26.0 segment allows the client to all hosts this time synchronization requests
# The client needs to be modified /etc/ntp.conf, add the following
server 156.0.26.6 # NTP server named top
restrict 156.0.26.6 # released 156.0.26.6
verification
First, verify that the service starts successfully
Start the service: service ntpd start
Check whether the service is started: netstat -tunlp | grep ntp; ntp default listens to UDP port 123
Second, verify that NTP is working
Here we need to use 156.0.26.7 this Client server on this host can use the command ntpstat two or ntpq -p command.
ntpstat: This command can view our client (here 156.0.26.7) whether a successful connection to the server (156.0.26.6).
FIG substantially the meaning is: 156.0.26.6 and has native NTP server located on this layer, the seventh time synchronization, time accurate to within 36ms. Each of the 512s to synchronize a time.
ntpq -p: This command lists the current status of NTP and NTP upper host.
remote: IP or hostname of the upper NTP server. The main left-most *
*: Representatives currently in use in the upper FTP
+: It has been successfully connected, and a candidate for the next time providing services.
refid: it refers to a remote server (156.0.26.6) providing time synchronization server, superior superior native NTP server.
Why shown as LOCAL (0)?
Because here within the network environment, we can not go public host time synchronization outside the network, so we are set on 156.0.26.6 156.0.26.6 itself at the same time, using the server 127.127.1.0 prefer named his superiors as NTP time server for its own .
st: is the stratum level. Similar to the DN, NTP is hierarchical structure, the top server, up to 15 layers. To alleviate network congestion and load, it should be avoided in principle be connected directly to the level 1 servers.
when: a few seconds pass before time
poll: a long time to synchronize the time too.
reach: the number of times has been synchronized
delay: during network transmission delay unit 10 -6 seconds power.
offset: Time correction value, which is the most critical value, it is time to tell the difference between our local and server .. -3 10 to the power unit.
jitter: Difference Time linux system time (time software) and hardware BIOS time, the unit 10 -6 seconds power. Host and NTP server synchronization time in Europe, you can use hwclock -w to write the system time BIOS.