centos 7 配置ntp服务

CentOS配置ntp server

网络时间协议 - NTP - 是运行在传输层 123 号端口的 UDP 协议,它允许计算机通过网络同步准确时间。随着时间的流逝,计算机内部时间会出现漂移,这会导致时间不一致问题,尤其是对于服务器和客户端日志文件,或者你想要复制服务器的资源或数据库。

安装和配置ntp serve

安装配置过程记录如下:

安装

可直接通过官方yum安装。

1
sudo yum install ntp

选择NTP SERVER

NTP Public Pool Time Servers,安装NTP后,可以在NTP公共服务器池中选择所在地理位置的服务器列表。服务池链接[请戳][1]。

如中国的服务器池为:

0.cn.pool.ntp.org
1.cn.pool.ntp.org
2.cn.pool.ntp.org
3.cn.pool.ntp.org

更改ntp服务配置文件

配置文件为/etc/ntp.conf:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
vim /etc/ntp.conf

# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).

driftfile /var/lib/ntp/drift

# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify notrap nopeer noquery

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1 
restrict ::1

# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

restrict 172.17.10.0 mask 255.255.255.0 nomodify notrap
restrict 52.109.3.0 mask 255.255.255.0 nomodify notrap

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.cn.pool.ntp.org
server 1.cn.pool.ntp.org
server 2.cn.pool.ntp.org
server 3.cn.pool.ntp.org

#broadcast 192.168.1.255 autokey        # broadcast server
#broadcastclient                        # broadcast client
#broadcast 224.0.1.1 autokey            # multicast server
#multicastclient 224.0.1.1              # multicast client
#manycastserver 239.255.254.254         # manycast server
#manycastclient 239.255.254.254 autokey # manycast client

# Enable public key cryptography.
#crypto

includefile /etc/ntp/crypto/pw

# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography. 
keys /etc/ntp/keys

# Specify the key identifiers which are trusted.
#trustedkey 4 8 42

# Specify the key identifier to use with the ntpdc utility.
#requestkey 8

# Specify the key identifier to use with the ntpq utility.
#controlkey 8

# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats

# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor

logfile /var/log/ntp.log

更改如上所示:

restrict 172.17.10.0 mask 255.255.255.0 nomodify notrap

nomodify notrap 语句意味着不允许你的客户端配置服务器或者作为同步时间的节点。

logfile /var/log/ntp.log

如果需要用于错误处理的额外信息,以防你的 NTP 守护进程出现问题,添加一个 logfile 语句,用于记录所有 NTP 服务器问题到一个指定的日志文件。

保存配置文件。

启用服务以及防火墙配置

开放NTP SERVE端口

1
2
sudo firewall-cmd --add-service=ntp --permanent
sudo firewall-cmd --complete-reload

启用NTP SERVER

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
sudo systemctl start ntpd
sudo systemctl enable ntpd
sudo systemctl status ntpd

● ntpd.service - Network Time Service
   Loaded: loaded (/usr/lib/systemd/system/ntpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2019-03-31 14:33:27 CST; 23min ago
 Main PID: 14926 (ntpd)
   CGroup: /system.slice/ntpd.service
           └─14926 /usr/sbin/ntpd -u ntp:ntp -g

Mar 31 14:33:27 ntp-server systemd[1]: Starting Network Time Service...
Mar 31 14:33:27 ntp-server systemd[1]: Started Network Time Service.
Mar 31 14:33:27 ntp-server ntpd[14926]: proto: precision = 0.054 usec
Mar 31 14:33:27 ntp-server ntpd[14926]: 0.0.0.0 c01d 0d kern kernel time sync enabled

验证

1
2
3
4
5
6
7
[root@ntp-server ~]# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 ntp1.ams1.nl.le 130.133.1.10     2 u  309  128  104  286.324  -30.954   2.799
*electrode.felix 89.231.96.83     2 u   79  128  177  245.661   -4.341  11.315
 118.190.21.209  .STEP.          16 u    - 1024    0    0.000    0.000   0.000
 biisoni.miuku.n .STEP.          16 u    - 1024    0    0.000    0.000   0.000
1
2
[root@ntp-server ~]# date -R
Sun, 31 Mar 2019 15:06:12 +0800

查询ntp服务:

1
2
3
4
5
6
[root@ntp-server ~]# ntpdate -q 0.cn.pool.ntp.org
server 78.46.102.180, stratum 2, offset -0.004452, delay 0.25752
server 51.15.238.170, stratum 0, offset 0.000000, delay 0.00000
server 199.182.204.197, stratum 0, offset 0.000000, delay 0.00000
server 94.130.49.186, stratum 3, offset -0.021914, delay 0.32487
31 Mar 15:09:05 ntpdate[24663]: adjust time server 78.46.102.180 offset -0.004452 sec
linux
#ntp
centos 7 配置ntp服务
https://ywmy.xyz/2019/03/31/centos-7-配置ntp服务/
作者
ian
发布于
2019年3月31日
许可协议