ntp服务配置

2018-01-17 14:43:12 浏览数 (1)

在linux系统中,为了避免主机时间因为长时间运行下所导致的时间偏差,进行时间同步(synchronize)的工作是非常必要的。linux系统下,一般使用ntp服务来同步不同机器的时间。NTP是网络时间协议(Network Time Protocol)的简称,就是通过网络协议使计算机之间的时间同步化。

安装NTP包

检查是否安装了ntp相关包。如果安装ntp相关包,使用rpm或者yum安装,非常简单。

[root@localhost ~]# rpm -qa |grep ntp

fontpackages-filesystem-1.41-1.1.el6.noarch

ntpdate-4.2.6p5-10.el6.centos.2.i686

ntp-4.2.6p5-10.el6.centos.2.i686

NTP的配置

A.配置/etc/ntp.conf

  NTP server的主要配置文件为/etc/ntp.conf,没有修改过的ntp。conf文件内同如下:

[root@localhost ~]# more /etc/ntp.conf

# For more information about this file, see the man pages

# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).

driftfile /var/lib/ntp/drift

# Permit time synchronization with our time source, but do not

# permit the source to query or modify the service on this system.

restrict default kod nomodify notrap nopeer noquery

restrict -6 default kod nomodify notrap nopeer noquery

# Permit all access over the loopback interface.  This could

# be tightened as well, but to do so would effect some of

# the administrative functions.

restrict 127.0.0.1

restrict -6 ::1

# Hosts on local network are less restricted.

#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

# Use public servers from the pool.ntp.org project.

# Please consider joining the pool (http://www.pool.ntp.org/join.html).

server 0.rhel.pool.ntp.org iburst

server 1.rhel.pool.ntp.org iburst

server 2.rhel.pool.ntp.org iburst

server 3.rhel.pool.ntp.org iburst

#broadcast 192.168.1.255 autokey        # broadcast server

#broadcastclient                        # broadcast client

#broadcast 224.0.1.1 autokey            # multicast server

#multicastclient 224.0.1.1              # multicast client

#manycastserver 239.255.254.254         # manycast server

#manycastclient 239.255.254.254 autokey # manycast client

# Enable public key cryptography.

#crypto

includefile /etc/ntp/crypto/pw

# Key file containing the keys and key identifiers used when operating

# with symmetric key cryptography.

keys /etc/ntp/keys

# Specify the key identifiers which are trusted.

#trustedkey 4 8 42

# Specify the key identifier to use with the ntpdc utility.

#requestkey 8

# Specify the key identifier to use with the ntpq utility.

#controlkey 8

# Enable writing of statistics records.

#statistics clockstats cryptostats loopstats peerstats

  1)设定NTP主机来源(其中prefer表示优先主机),192.168.66.131是本地的NTP服务器,所以优先指定从该主机同步时间

server 192.168.66.131 prefer

server 0.centos.pool.ntp.org iburst

server 1.centos.pool.ntp.org iburst

server 2.centos.pool.ntp.org iburst

server 3.centos.pool.ntp.org iburst

  2)限制你允许的这些服务器的访问类型,在这个例子中的服务器是不容许修改运行时配置或者查询您的linux ntp服务器

#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

以上的掩码地址扩展为255,因此从192.168.1.1-192.168.1.254的服务器都可以使用我们的NTP服务器来同步时间

#设置默认策略为允许任何主机进行时间同步

 restrict default ignore

  3)确保localhost有足够权限,使用没有任何限制关键词的语法

    restrict 127.0.0.1

restrict -6 ::1

B.配置/etc/ntp/step-tickers文件

修改/etc/ntp/step-tickers文件,内容如下(当ntp服务启动时,会自动与该文件中记录的上层NTP服务进行时间校对)

[root@localhost ~]# more /etc/ntp/step-tickers

# List of servers used for initial synchronization.

server 192.168.66.131 prefer

server 0.centos.pool.ntp.org iburst

server 1.centos.pool.ntp.org iburst

server 2.centos.pool.ntp.org iburst

server 3.centos.pool.ntp.org iburst

以上是通过了vi修改

C.配置/etc/sysconfig/ntpd文件

ntp服务,默认智慧同步系统时间。如果让ntp同时同步硬件时间,可以设置/etc/sysconfig/ntpd文件,在/etc/sysconfig/ntpd文件中添加,SYNC_HWCLOCK=yes这样,就可以让硬件时间与系统时间一起同步。

IPTABLES配置

由于ntp服务需要使用到UDP端口号为123,所以当系统的防火墙(iptables)启动的情况下,必须开放UDP端口号123

启动NTP服务

service ntpd status

service ntpd start

netstat -lntup|grep ntp

检查ntp是否开机启动:[root@localhost ~]# chkconfig --level 35 ntpd on

http://www.cnblogs.com/kerrycode/archive/2015/08/20/4744804.html(ntp配置参考文件)

0 人点赞