centos7系统的NTP客户端及NTP服务器配置 |
centos系统,直接用yum进行安装就可以了: yum -y install ntp 1. 配置文件centos7的ntp配置文件存放路径为:/etc/ntp.conf。 2. restrict 控制相关权限。 语法为: restrict IP地址 mask 子网掩码 参数 其中IP地址也可以是default ,default 就是指所有的IP。 参数有以下几个: ignore :关闭所有的 NTP 联机服务 nomodify:客户端不能更改服务端的时间参数,但是客户端可以通过服务端进行网络校时。 notrust :客户端除非通过认证,否则该客户端来源将被视为不信任子网 noquery :不提供客户端的时间查询:用户端不能使用ntpq,ntpc等命令来查询ntp服务器 notrap :不提供trap远端登陆:拒绝为匹配的主机提供模式 6 控制消息陷阱服务。陷阱服务是 ntpdq 控制消息协议的子系统,用于远程事件日志记录程序。 nopeer :用于阻止主机尝试与服务器对等,并允许欺诈***器控制时钟 kod : 访问违规时发送 KoD 包。 restrict -6 表示IPV6地址的权限设置。 3. server 设定NTP主机来源 语法为:server 主机ip或域名 参数 参数有以下几个: burst:When the server is reachable, send a burst of eight packets instead of the usual one. The packet spacing is nor‐mally 2 s; however, the spacing between the first and second packets can be changed with the calldelay command to allow additional time for a modem or ISDN call to complete. This option is valid only with the server command and type s addressesa. It is a recommended option when the maxpoll option is greater than 10 (1024 s). iburst:When the server is unreachable, send a burst of eight packets instead of the usual one. The packet spacing is normally 2 s; however, the spacing between the first and second packets can be changed with the calldelay command to allow additional time for a modem or ISDN call to complete. This option is valid only with the server command and type s addresses. It is a recommended option with this command. prefer:Mark the server as preferred. All other things being equal, this host will be chosen for synchronization among a set of correctly operating hosts. See the Mitigation Rules and the prefer Keyword page for further information. This option is valid only with the server and peer commands. true:Mark the association to assume truechimer status; that is, always survive the selection and clustering algorithms. This option can be used with any association, but is most useful for reference clocks with large jitter on the serial port and precision pulse-per-second (PPS) signals. Caution: this option defeats the algorithms designed to cast out falsetickers and can allow these sources to set the system clock. This option is valid only with the server and peer commands. 因为翻译捉急就不翻译了。 例如:以下表示优先连接192.168.7.49这部主机进行时间同步。 server 192.168.7.49 prefer 4. fudge 主机ip stratum 层数 这个配置主要用来设定本机作为为其他机器的时间源的时候,其层数为多少,层数必须在15层之内,一般取10。 服务端与客户端配置1. 服务端配置 driftfile /var/lib/ntp/drift restrict default nomodify notrap nopeer noquery restrict 127.0.0.1 restrict ::1 server 0.cn.pool.ntp.org server 1.asia.pool.ntp.org server 2.asia.pool.ntp.org server 127.0.0.1 fudge 127.0.0.1 stratum 10 includefile /etc/ntp/crypto/pw keys /etc/ntp/keys disable monitor 实际上修改的地方不多,主要是修改了几个时间源: server 0.cn.pool.ntp.org server 1.asia.pool.ntp.org server 2.asia.pool.ntp.org server 127.0.0.1 前面一个是中国的时间源,后面两个是亚洲洲际的时间源,最后一个表示允许在前面同步失败的情况从本机同步。 然后就是设定本机的时间服务层次为10: fudge 127.0.0.1 stratum 10 2. 客户端配置 driftfile /var/lib/ntp/drift restrict default nomodify notrap nopeer noquery restrict 127.0.0.1 restrict ::1 server host1 includefile /etc/ntp/crypto/pw keys /etc/ntp/keys disable monitor 客户端只改了一个地方,就是将时间源服务器定为host1,这是时间服务主机的域名,也可以直接指定ip地址。 3. 检查状态 以服务端为例子,设置完之后启动服务: systemctl start ntpd.service 检查是否成功,用ntpstat命令查看同步状态,出现以下状态代表启动成功: synchronised to NTP server (85.199.214.101) at stratum 2 time correct to within 155 ms polling server every 64 s 如果出现异常请等待几分钟,一般等待5-10分钟才能同步。 如果客户端无法连接服务端,请禁用防火墙和selinux后再试试。 |