.jpg)
??在linux系統(tǒng)中,為了避免主機(jī)時(shí)間因?yàn)殚L(zhǎng)時(shí)間運(yùn)行下所導(dǎo)致的時(shí)間偏差,進(jìn)行時(shí)間同步(synchronize)的工作是非常必要的。linux系統(tǒng)下,一般使用ntp服務(wù)來(lái)同步不同機(jī)器的時(shí)間。ntp是網(wǎng)絡(luò)時(shí)間協(xié)議(network time protocol)的簡(jiǎn)稱(chēng),就是通過(guò)網(wǎng)絡(luò)協(xié)議使計(jì)算機(jī)之間的時(shí)間同步化。
安裝NTP包
檢查是否安裝了ntp相關(guān)包。如果安裝ntp相關(guān)包,使用rpm或者yum安裝,非常簡(jiǎn)單。
[root@localhost ~]# rpm -qa |grep ntp
fontpackages-filesystem-1.41-1.1.el6.noarch
ntpdate-4.2.6p5-10.el6.centos.2.i686
ntp-4.2.6p5-10.el6.centos.2.i686
?
NTP的配置
A.配置/etc/ntp.conf
??NTP server的主要配置文件為/etc/ntp.conf,沒(méi)有修改過(guò)的ntp。conf文件內(nèi)同如下:
[root@localhost ~]# more /etc/ntp.conf
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
?
driftfile /var/lib/ntp/drift
?
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default?kod nomodify notrap nopeer noquery
restrict -6 default?kod nomodify notrap nopeer noquery
?
# Permit all access over the loopback interface.? This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict -6 ::1
?
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
?
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool ().
server 0.rhel.pool.ntp.org iburst
server 1.rhel.pool.ntp.org iburst
server 2.rhel.pool.ntp.org iburst
server 3.rhel.pool.ntp.org iburst
?
?
#broadcast 192.168.1.255 autokey??????? # broadcast server
#broadcastclient??????????????????????? # broadcast client
#broadcast 224.0.1.1 autokey??????????? # multicast server
#multicastclient 224.0.1.1????????????? # multicast client
#manycastserver 239.255.254.254???????? # manycast server
#manycastclient 239.255.254.254 autokey # manycast client
?
# Enable public key cryptography.
#crypto
?
includefile /etc/ntp/crypto/pw
?
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys
?
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
?
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
?
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
?
# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats
??1)設(shè)定NTP主機(jī)來(lái)源(其中prefer表示優(yōu)先主機(jī)),192.168.66.131是本地的NTP服務(wù)器,所以?xún)?yōu)先指定從該主機(jī)同步時(shí)間
server 192.168.66.131 prefer
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
??2)限制你允許的這些服務(wù)器的訪問(wèn)類(lèi)型,在這個(gè)例子中的服務(wù)器是不容許修改運(yùn)行時(shí)配置或者查詢(xún)您的linux ntp服務(wù)器
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
以上的掩碼地址擴(kuò)展為255,因此從192.168.1.1-192.168.1.254的服務(wù)器都可以使用我們的NTP服務(wù)器來(lái)同步時(shí)間
#設(shè)置默認(rèn)策略為允許任何主機(jī)進(jìn)行時(shí)間同步
?restrict default ignore
??3)確保localhost有足夠權(quán)限,使用沒(méi)有任何限制關(guān)鍵詞的語(yǔ)法
????restrict 127.0.0.1
restrict -6 ::1
?
B.配置/etc/ntp/step-tickers文件
修改/etc/ntp/step-tickers文件,內(nèi)容如下(當(dāng)ntp服務(wù)啟動(dòng)時(shí),會(huì)自動(dòng)與該文件中記錄的上層NTP服務(wù)進(jìn)行時(shí)間校對(duì))
[root@localhost ~]# more /etc/ntp/step-tickers
# List of servers used for initial synchronization.
server 192.168.66.131 prefer
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
以上是通過(guò)了vi修改
?
C.配置/etc/sysconfig/ntpd文件
ntp服務(wù),默認(rèn)智慧同步系統(tǒng)時(shí)間。如果讓ntp同時(shí)同步硬件時(shí)間,可以設(shè)置/etc/sysconfig/ntpd文件,在/etc/sysconfig/ntpd文件中添加,SYNC_HWCLOCK=yes這樣,就可以讓硬件時(shí)間與系統(tǒng)時(shí)間一起同步。
?
IPTABLES配置
由于ntp服務(wù)需要使用到UDP端口號(hào)為123,所以當(dāng)系統(tǒng)的防火墻(iptables)啟動(dòng)的情況下,必須開(kāi)放UDP端口號(hào)123
?
啟動(dòng)NTP服務(wù)
service ntpd status
service ntpd start
netstat -lntup|grep ntp
.png)
