ntp服务搭建 ntp服务配置文件详解

1、NTP服务安装

# 系统自带ntp

rpm -qa ntp

[root@moban ~]# rpm -qa ntp
ntp-4.2.6p5-10.el6.centos.2.x86_64

# 可以更新一下系统自带的ntp服务

yum -y install ntp

# 如果没有就安装

yum -y install ntp

2、配置NTP服务

备份配置文件

   cp /etc/ntp.conf{,.ori}

配置文件详解

[root@node1 ~]# cat /etc/ntp.conf

# For more information about this file, see the man pages

# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).

 

driftfile /var/lib/ntp/drift

 

# Permit time synchronization with our time source, but do not

# permit the source to query or modify the service on this system.

#下面两行默认是拒绝所有来源的任何访问  要注释掉

#restrict default kod nomodify notrap nopeer noquery

#restrict -6 default kod nomodify notrap nopeer noquery

 

# Permit all access over the loopback interface.  This could

# be tightened as well, but to do so would effect some of

# the administrative functions.

#ntpd 需要有 loopback 的参与，而默认是拒绝所有，将 loopback 放行就好了

restrict 127.0.0.1   #开放本机的任何访问

restrict -6 ::1

 

# 允许内网其他机器同步时间

# Hosts on local network are less restricted.

restrict 172.16.31.0 mask 255.255.0.0 nomodify notrap

 

# Use public servers from the pool.ntp.org project.

# Please consider joining the pool (http://www.pool.ntp.org/join.html).

# 注释掉默认的 这里参数指时间服务器向谁同步时间 一般指定国内时间服务器

#server 0.centos.pool.ntp.org iburst

#server 1.centos.pool.ntp.org iburst

#server 2.centos.pool.ntp.org iburst

#server 3.centos.pool.ntp.org iburst

server ntp1.aliyun.com

server time.nist.gov

server 172.16.0.1

 

#broadcast 192.168.1.255 autokey        # broadcast server

#broadcastclient                        # broadcast client

#broadcast 224.0.1.1 autokey            # multicast server

#multicastclient 224.0.1.1              # multicast client

#manycastserver 239.255.254.254         # manycast server

#manycastclient 239.255.254.254 autokey # manycast client

 

# 允许上层时间服务器主动修改本机时间

restrict 172.16.0.1 nomodify notrap noquery

 

# 外部时间服务器不可用时，以本地时间作为时间服务

server 127.127.1.0   #local clock

fudge  127.127.1.0   stratum  10

 

 

# Enable public key cryptography.

#crypto

 

includefile /etc/ntp/crypto/pw

 

# Key file containing the keys and key identifiers used when operating

# with symmetric key cryptography.

keys /etc/ntp/keys

 

# Specify the key identifiers which are trusted.

#trustedkey 4 8 42

 

# Specify the key identifier to use with the ntpdc utility.

#requestkey 8

 

# Specify the key identifier to use with the ntpq utility.

#controlkey 8

 

# Enable writing of statistics records.

#statistics clockstats cryptostats loopstats peerstats

3、启动NTP服务器

   /etc/init.d/ntpd start

检查时间服务

   ntpq -p

[root@lb01 ~]# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 120.25.115.20   10.137.53.7      2 u   18   64    1   35.093  906.240   0.000
 time-c-wwv.nist .INIT.          16 u    -   64    0    0.000    0.000   0.000

4、客户端时间同步测试

   ntpdate ntp时间服务器的IP地址

   ntpdate 172.16.1.5

5、注意事项

# 如果计划任务有时间同步，先注释，两种用法会冲突。

[root@lb01 ~]# crontab -l
#time sync 2018-08-19
#*/10 * * * * /usr/sbin/ntpdate ntp1.aliyun.com &>/dev/null

ntpstat 命令查看时间同步状态，这个一般需要5-10分钟后才能成功连接和同步。所以，服务器启动后需要稍等下。

[root@lb01 ~]# ntpstat 
unsynchronised
  time server re-starting
   polling server every 8 s

正常应该显示：

[root@lb01 ~]# ntpstat 
synchronised to local net at stratum 11 
   time correct to within 3948 ms
   polling server every 64 s