Linux的时间服务

1. NTP时间同步服务

1.1 实验环境说明

1） ntp-server

ntp-server：192.168.43.146/24   OS：Centos7

2）ntp-client

node1：192.168.43.140/24        OS：Centos6
node2：192.168.43.141/24        OS：Centos7
node3：192.168.43.143/24        OS：Rhel5

1.2 实验拓扑图

topu.jpg

1.3 实验说明

1）时间同步服务，无非就是作为客户端从哪里同步？作为服务端向哪里提供服务？只要在配置之前弄清楚这两个问题，进行配置就很容易了。
2）本实验选用ntp-server主机从互联网同步时间，同时向本地主机提供时间同步服务。本地共有三个客户端，node1,node2,node3。
3）本次实验涉及到Centos7，Centos6，Rhel5三个版本的操作系统，配置略有区别，将在时间结束后进行通过比对说明。

1.4 服务配置

0）准备工作（非常重要）！

1. 关闭selinux
    1.1 立即生效：
    node1(CentOS6), node2(CentOS7), node3(Rhel5)
       [root@node1 ~]# setenforce 0
    1.2 永久有效：
    node1(CentOS6), node3(Rhel5)修改配置文件/etc/sysconfig/selinux
    将SELINUX=enforcing改写为SELINUC=disabled
       [root@node1 ~]# vi /etc/sysconfig/selinux 
       [root@node1 ~]# cat /etc/sysconfig/selinux |grep SELINUX
       # SELINUX= can take one of these three values:
       SELINUX=disabled
       [root@node3 ~]# vi /etc/sysconfig/selinux 
       [root@node3 ~]# cat /etc/sysconfig/selinux |grep SELINUX
       # SELINUX= can take one of these three values:
       SELINUX=disabled
    node2(CentOS7)修改配置文件/etc/selinux/config 
        [root@node2 ~]# vi /etc/selinux/config 
        [root@node2 ~]# cat /etc/selinux/config |grep SELINUX
        # SELINUX= can take one of these three values:
        SELINUX=disabled

2. 关闭防火墙
    2.1 立即生效：
    node1(CentOS6), node3(Rhel5)
       [root@node1 ~]# service iptables stop
       [root@node3 ~]# service iptables stop
    node2(CentOS7),
       [root@node2 ~]# systemctl stop firewalld
    2.2 永久有效：
    node1(CentOS6), node3(Rhel5)
       [root@node1 ~]# chkconfig iptables off
       [root@node1 ~]# service iptables status
       iptables: Firewall is not running.
       [root@node1 ~]# chkconfig iptables --list
       iptables         0:off   1:off   2:off   3:off   4:off   5:off   6:off
       [root@node3 ~]# chkconfig iptables off
       [root@node3 ~]# service iptables status
       Firewall is stopped.
       [root@node3 ~]# chkconfig iptables --list
       iptables         0:off   1:off   2:off   3:off   4:off   5:off   6:off
    node2(CentOS7)
       [root@node2 ~]# systemctl status firewalld
       ● firewalld.service - firewalld - dynamic firewall daemon
          Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
          Active: active (running) since Sat 2020-03-28 23:25:34 CST; 1h 4min ago
       [root@node2 ~]# systemctl disable firewalld
       Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
       Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
       [root@node2 ~]# systemctl stop firewalld
       [root@node2 ~]# systemctl status firewalld
       ● firewalld.service - firewalld - dynamic firewall daemon
          Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
          Active: inactive (dead)
            Docs: man:firewalld(1)

1）服务端：ntp-server：

[root@ntp-server etc]# systemctl status ntpd
● ntpd.service - Network Time Service
   Loaded: loaded (/usr/lib/systemd/system/ntpd.service; disabled; vendor preset: disabled)
   Active: inactive (dead)
[root@ntp-server etc]# vim ntp.conf 
    server ntp.aliyun.com iburst          将本机时间与阿里云同步
    server 0.centos.pool.ntp.org iburst   
[root@ntp-server etc]# date -s '1 year' +%F      将系统时间故意改错
2021-03-28
[root@ntp-server etc]# date
Sun Mar 28 01:30:40 CST 2021
[root@ntp-server etc]# systemctl start ntpd     启动ntp时间同步服务 
[root@ntp-server etc]# systemctl status ntpd    查看ntp服务状态
● ntpd.service - Network Time Service
   Loaded: loaded (/usr/lib/systemd/system/ntpd.service; disabled; vendor preset: disabled)
   Active: active (running) since Sun 2021-03-28 01:30:50 CST; 11 months 30 days left
  Process: 4038 ExecStart=/usr/sbin/ntpd -u ntp:ntp $OPTIONS (code=exited, status=0/SUCCESS)
[root@ntp-server etc]# date         查看系统时间，已同步
Sat Mar 28 01:31:03 CST 2020

2）客户端：node1

[root@node1 ~]# vi /etc/ntp.conf
server 192.168.43.146 iburst   配置文件23行，指定ntp服务器ip地址
[root@node1 ~]# date -s '1 year'   调整时间
Sun Mar 28 23:41:19 CST 2021
[root@node1 ~]# date
Sun Mar 28 23:41:19 CST 2021
[root@node1 ~]# service ntpd restart      重启服务
Shutting down ntpd:                                        [  OK  ]
Starting ntpd:                                             [  OK  ]
[root@node1 ~]# date    服务刚重启，还需要略微等待
Sun Mar 28 23:41:35 CST 2021
[root@node1 ~]# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 192.168.43.146  203.107.6.88     3 u    1   64    1    0.819   -0.279   0.020
[root@node1 ~]# date     同步完成
Sat Mar 28 23:41:44 CST 2020
[root@node1 ~]# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*192.168.43.146  203.107.6.88     3 u    1   64    1    0.923   -0.312   0.054
[root@node1 ~]# chkconfig --list ntpd
ntpd            0:off   1:off   2:off   3:off   4:off   5:off   6:off
[root@node1 ~]# chkconfig ntpd on   将ntp设置为开机自启
[root@node1 ~]# chkconfig --list ntpd
ntpd            0:off   1:off   2:on    3:on    4:on    5:on    6:off

3）客户端：node2

[root@node2 ~]# vi /etc/ntp.conf
 server 192.168.43.146 iburst    配置文件23行，指定ntp服务器ip地址
[root@node2 ~]# date -s '1 year' 
Sun Mar 28 23:48:31 CST 2021
[root@node2 ~]# date
Sun Mar 28 23:48:32 CST 2021
[root@node2 ~]# systemctl restart ntpd    重启服务
[root@node2 ~]# date
Sun Mar 28 23:48:49 CST 2021
[root@node2 ~]# date
Sun Mar 28 23:48:50 CST 2021
[root@node2 ~]# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 192.168.43.146  203.107.6.88     3 u    2   64    1    3.384    1.250   2.517
[root@node2 ~]# date
Sat Mar 28 23:48:58 CST 2020
[root@node2 ~]# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*192.168.43.146  203.107.6.88     3 u    2   64    1    1.307   -0.123   1.350
[root@node2 ~]# systemctl enable ntpd   将ntp设置为开机自启
[root@node2 ~]# systemctl status ntpd  
● ntpd.service - Network Time Service
   Loaded: loaded (/usr/lib/systemd/system/ntpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2021-03-28 23:48:43 CST; 11 months 30 days left

4）客户端：node3

[root@node3 ~]# vi /etc/ntp.conf
server 192.168.43.146 prefer   配置文件17行，指定ntp服务器ip地址
# server        127.127.1.0     # local clock  同时将30行注释
# fudge 127.127.1.0 stratum 10                 同时将31行注释
[root@node3 ~]# date
Sun Mar 28 23:55:26 CST 2021
[root@node3 ~]# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 192.168.43.146  203.107.6.88     3 u   12   64    1    0.645    0.083   0.001
[root@node3 ~]# date   漫长的等待，终于恢复了，rhel5是真的慢
Sat Mar 28 23:59:27 CST 2020
[root@node3 ~]# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*192.168.43.146  203.107.6.88     3 u   32   64  377    0.402    3.109   0.450
[root@node3 ~]# chkconfig --list ntpd
ntpd            0:off   1:off   2:off   3:off   4:off   5:off   6:off
[root@node3 ~]# chkconfig ntpd on     将ntp设置为开机自启
[root@node3 ~]# chkconfig --list ntpd
ntpd            0:off   1:off   2:on    3:on    4:on    5:on    6:off

4）总结

Linux时间做为基础服务之一，重要性不言而喻：
    a. 建议对于Selinux，iptables相关规则不是非常了解尽量将其都关闭
    b. Client端配置相对简单，只需要将自身同步的服务器ip地址写准确即可。Rhel5上需要将配置文件中30，31行（具体行数随个人而定）屏蔽。
    c. Server端：
        [root@ntp-server ~]# vim /etc/ntp.conf
        restrict default nomodify notrap nopeer noquery
        本次实验无论是将CentOS6或CentOS7做为Server都未将其屏蔽，均实现功能。
        如果实验过程中出现Client无法同步时间时，将以可将此行屏蔽，再重启服务。
    d. 对于CentOS6,7而言，相比Rhel5较快，这是系统的自身差异。
    e. 由于ntp协议自身工作原理，导致相较于Chrony速度较慢，下文将会继续介绍chrony。

2. CHRONY时间同步服务

2.1 实验环境准备

NODE1:
[root@node1 ~]# service ntpd stop
Shutting down ntpd:                                        [  OK  ]
[root@node1 ~]# service ntpd status
ntpd is stopped

NODE2:
[root@node2 ~]# systemctl stop ntpd
[root@node2 ~]# systemctl status ntpd
● ntpd.service - Network Time Service
   Loaded: loaded (/usr/lib/systemd/system/ntpd.service; enabled; vendor preset: disabled)
   Active: inactive (dead) since Sun 2020-03-29 01:02:53 CST; 4s ago
 Main PID: 7289 (code=exited, status=0/SUCCESS)

NODE3:  Rhel5版本较老，就不做chrony实验，只将node1,node2两台做为客户端
[root@node3 ~]# service ntpd stop
Shutting down ntpd:                                        [  OK  ]
[root@node3 ~]# service ntpd status
ntpd is stopped

2.2 服务配置

[root@chrony-server ~]# systemctl stop chronyd
[root@chrony-server ~]# systemctl status chronyd
● chronyd.service - NTP client/server
   Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
   Active: inactive (dead) since Sun 2020-03-29 01:24:38 CST; 5s ago
[root@chrony-server ~]# vim /etc/chrony.conf
server ntp.aliyun.com iburst         将本机时间与阿里云同步
[root@chrony-server ~]# date -s '5 year'
Sat Mar 29 01:29:53 CST 2025
[root@chrony-server ~]# clock -w
[root@chrony-server ~]# clock
Sat 29 Mar 2025 01:30:03 AM CST  -0.523055 seconds
[root@chrony-server ~]# date
Sat Mar 29 01:30:14 CST 2025
[root@chrony-server ~]# date
Sat Mar 29 01:30:15 CST 2025
[root@chrony-server ~]# systemctl start chronyd
[root@chrony-server ~]# date
Sat Mar 29 01:30:23 CST 2025
[root@chrony-server ~]# date   时间已同步，想比与ntp服务快很多
Sun Mar 29 01:30:25 CST 2020
[root@chrony-server ~]# ss -ultp |grep chronyd   查看监听端口，323
udp   UNCONN   0   0   127.0.0.1:323       *:*     users:(("chronyd",pid=15316,fd=5))
udp   UNCONN   0   0    [::1]:323          [::]:*    users:(("chronyd",pid=15316,fd=6))

2.3 服务端配置

[root@chrony-server ~]# vim /etc/chrony.conf
allow 192.168.43.0/24   允许与本机同步的主机或网段ip
[root@chrony-server ~]# systemctl restart chronyd
[root@chrony-server ~]# ss -unlt|grep 123
udp    UNCONN     0      0         *:123                   *:* 

node1验证：
[root@node1 ~]# date -s '5 year'
Sat Mar 29 01:46:43 CST 2025
[root@node1 ~]# ntpdate 192.168.43.146
29 Mar 01:46:47 ntpdate[3692]: step time server 192.168.43.146 offset -157766400.003920 sec
[root@node1 ~]# date
Sun Mar 29 01:46:48 CST 2020

[root@chrony-server ~]# vim /etc/chrony.conf 
# Serve time even if not synchronized to a time source.
local stratum 10  取消此行注释，则互联网断开时，仍为本地提供时间服务

2.4 node1配置ntp客户端

[root@node1 ~]# vi /etc/ntp.conf 
[root@node1 ~]# date
Sun Mar 29 01:57:15 CST 2020
[root@node1 ~]# date -s '2 year'
Tue Mar 29 01:57:24 CST 2022
[root@node1 ~]# date
Tue Mar 29 01:57:25 CST 2022
[root@node1 ~]# service ntpd start
Starting ntpd:                                             [  OK  ]
[root@node1 ~]# date
Tue Mar 29 01:57:37 CST 2022
[root@node1 ~]# date
Tue Mar 29 01:57:38 CST 2022
[root@node1 ~]# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 192.168.43.146  .STEP.          16 u   63   64    0    0.000    0.000   0.000
[root@node1 ~]# date
Sun Mar 29 01:57:46 CST 2020
[root@node1 ~]# date
Sun Mar 29 01:57:48 CST 2020
[root@node1 ~]# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*192.168.43.146  203.107.6.88     3 u    1   64    1    0.413   -0.035   0.017

2.5 node2配置chrony客户端

[root@node2 ~]# vi /etc/chrony.conf 
[root@node2 ~]# date -s '20 year'
Thu Mar 29 01:52:36 CST 2040
[root@node2 ~]# systemctl start chronyd
[root@node2 ~]# date
Thu Mar 29 01:52:44 CST 2040
[root@node2 ~]# date
Sun Mar 29 01:52:50 CST 2020
[root@node2 ~]# chronyc sources -v  查看同步状态
210 Number of sources = 1

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| /   '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* 192.168.43.146                3   6    37    60  -4103ns[ -484us] +/-   38ms

2.6 总结

chrony做为服务端，ntp或者chrony做为客户端最佳