NTP使用方法记录

介绍

NTP(Network Time Protocol)是计算机系统之间进行时钟同步的网络协议。通常用于集群环境中的各个节点保持一致的时间。例如,在一个局域网环境中,选择一台主机作为提供时间源的ntp server,在其上运行ntpd进程,其他主机定时调用ntpdate与ntp server进行时间同步。也可以所有节点都运行ntpd进程与上层ntp server进行同步。

NTP服务器

安装与运行相关命令:

# 在CentOS7下安装ntp
yum install -y ntp
# 启动
systemctl start ntpd
# 停止
systemctl stop ntpd
# 重启
systemctl restart ntpd
# 开机自启
systemctl enable ntpd
# 查看状态
ntpstat
# 查看上层状态
ntpq -np

ntpd默认使用UDP 123端口,使用ntpdate从ntp server同步时间时需要开放ntp server的123端口。

ntpd的配置文件是/etc/ntp.conf,内容如下:

# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).

driftfile /var/lib/ntp/drift

# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
#restrict default nomodify notrap nopeer noquery
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict ::1

# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst

# Check the newest list at http://www.pool.ntp.org/zone/cn
#server 0.cn.pool.ntp.org
#server 1.cn.pool.ntp.org
#server 2.cn.pool.ntp.org
#server 3.cn.pool.ntp.org

#broadcast 192.168.1.255 autokey        # broadcast server
#broadcastclient                        # broadcast client
#broadcast 224.0.1.1 autokey            # multicast server
#multicastclient 224.0.1.1              # multicast client
#manycastserver 239.255.254.254         # manycast server
#manycastclient 239.255.254.254 autokey # manycast client

# Enable public key cryptography.
#crypto

includefile /etc/ntp/crypto/pw

# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys

# Specify the key identifiers which are trusted.
#trustedkey 4 8 42

# Specify the key identifier to use with the ntpdc utility.
#requestkey 8

# Specify the key identifier to use with the ntpq utility.
#controlkey 8

# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats

# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor

NTP客户端

# 在CentOS7下安装ntpdate
yum install -y ntpdate

需要同步时间的ntp客户端可以通过在crontab里增加ntpdate来实现时间定时同步。

*/5 * * * * /usr/sbin/ntpdate 172.27.10.101 >/dev/null 2>/dev/null
Creative Commons License

本文基于署名-非商业性使用-相同方式共享 4.0许可协议发布,欢迎转载、使用、重新发布,但请保留文章署名wanghengbin(包含链接:https://wanghengbin.com),不得用于商业目的,基于本文修改后的作品请以相同的许可发布。

发表评论