rpm -qa | grep ntp #查询已安装的ntp版本信息等
rpm -e --nodeps ntp-4.2.6p5-29.el7.centos.2.x86_64 #卸载
systemctl status ntpd #查询ntp服务状态
systemctl start ntpd #启动
systemctl stop ntpd #停止
systemctl restart ntpd #重启
ntpq -p #查看ntp服务器与上层ntp的状态
ntpstat #查看时间同步状态(查看ntp服务器有无和上层ntp连通),这个一般需要5-10分钟后才能成功连接和同步。所以,服务器启动后需要稍等下。
链接:https://pan.baidu.com/s/15yJV9A9zn2KBvy08A080Kw
提取码:cdjz
ntp:可以为其配置ntp.conf将其设置为自动同步某服务器时钟。
rpm -ivh ntp-4.2.6p5-29.el7.centos.2.x86_64.rpm
安装说明:
直接安装ntp-4.2.6p5-29.el7.centos.2.x86_64.rpm如果不提示缺少依赖就不用再安装另外两个了。
如果提示缺少安装相应的rpm包,也是rpm -ivh …
三台虚拟机:
IP | 节点 |
---|---|
192.168.79.100 | master |
192.168.79.101 | worker1 |
192.168.79.102 | worker2 |
首先设置ntp服务器(master)
编辑配置文件(vim /etc/ntp.conf),注释默认ntp服务地址,具体修改部分突出显示,如下:
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile /var/lib/ntp/drift
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict ::1
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
restrict 192.168.79.2 mask 255.255.255.0 nomodify notrap #集群所在网段的网关(Gateway),子网掩码(Genmask)
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server 127.0.0.1
fudge 127.0.0.1 stratum 10
#broadcast 192.168.1.255 autokey # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 autokey # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 autokey # manycast client
# Enable public key cryptography.
#crypto
includefile /etc/ntp/crypto/pw
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats
# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor
修改完成后保存退出,并重启ntp(systemctl restart ntpd)。
设置ntp客户端(以worker1为例,其余相同,略)
编辑配置文件(vim /etc/ntp.conf),注释掉默认ntp服务,使用我们自己配置的ntp服务器(即 192.168.79.100),具体修改部分突出显示,如下:
【!!!】这里需要注意的是,在使用ntp服务器时,如果有防火墙,则需要开启ntp服务器的udp协议123端口,否则其他虚拟机不能成功同步时间。
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile /var/lib/ntp/drift
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict ::1
restrict 192.168.79.100 nomodify notrap noquery
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server 192.168.79.100
Fudge 192.168.79.100 stratum 10
#broadcast 192.168.1.255 autokey # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 autokey # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 autokey # manycast client
# Enable public key cryptography.
#crypto
includefile /etc/ntp/crypto/pw
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats
# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor
修改完成后保存退出并重启ntp(systemctl restart ntpd)。
1)启动ntp服务
systemctl start ntpd
2)查看ntp服务器有无和上层ntp连通
ntpstat
3)查看ntp服务器与上层ntp的状态
ntpq -p
systemctl enable ntpd.service
查看从ntp服务状态可能会有如下错误
inappropriate address 192.168.79.100 for the fudge command, line ignored
经测试改了fudge的首字母为F就可以修复上述错误,看网上也都是小写的,很奇怪。
几分钟后查看主从ntp主机的时间就同步了,同步较慢稍等即可。
参考文章:
https://blog.csdn.net/qq_29171935/article/details/87916664
https://blog.csdn.net/qq_38591756/article/details/85243965
https://blog.51cto.com/13670314/2409692