在linux系统中,为了避免主机时间因为长时间运行下所导致的时间偏差,进行时间同步(synchronize)的工作是非常必要的。linux系统下,一般使用ntp服务来同步不同机器的时间。NTP是网络时间协议(Network Time Protocol)的简称,就是通过网络协议使计算机之间的时间同步化。
安装NTP包
检查是否安装了ntp相关包。如果安装ntp相关包,使用rpm或者yum安装,非常简单。
[root@localhost ~]# rpm -qa |grep ntp
fontpackages-filesystem-1.41-1.1.el6.noarch
ntpdate-4.2.6p5-10.el6.centos.2.i686
ntp-4.2.6p5-10.el6.centos.2.i686
NTP的配置
A.配置/etc/ntp.conf
NTP server的主要配置文件为/etc/ntp.conf,没有修改过的ntp。conf文件内同如下:
[root@localhost ~]# more /etc/ntp.conf
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile /var/lib/ntp/drift
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict -6 ::1
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.rhel.pool.ntp.org iburst
server 1.rhel.pool.ntp.org iburst
server 2.rhel.pool.ntp.org iburst
server 3.rhel.pool.ntp.org iburst
#broadcast 192.168.1.255 autokey # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 autokey # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 autokey # manycast client
# Enable public key cryptography.
#crypto
includefile /etc/ntp/crypto/pw
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats
1)设定NTP主机来源(其中prefer表示优先主机),192.168.66.131是本地的NTP服务器,所以优先指定从该主机同步时间
server 192.168.66.131 prefer
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
2)限制你允许的这些服务器的访问类型,在这个例子中的服务器是不容许修改运行时配置或者查询您的linux ntp服务器
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
以上的掩码地址扩展为255,因此从192.168.1.1-192.168.1.254的服务器都可以使用我们的NTP服务器来同步时间
#设置默认策略为允许任何主机进行时间同步
restrict default ignore
3)确保localhost有足够权限,使用没有任何限制关键词的语法
restrict 127.0.0.1
restrict -6 ::1
B.配置/etc/ntp/step-tickers文件
修改/etc/ntp/step-tickers文件,内容如下(当ntp服务启动时,会自动与该文件中记录的上层NTP服务进行时间校对)
[root@localhost ~]# more /etc/ntp/step-tickers
# List of servers used for initial synchronization.
server 192.168.66.131 prefer
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
以上是通过了vi修改
C.配置/etc/sysconfig/ntpd文件
ntp服务,默认智慧同步系统时间。如果让ntp同时同步硬件时间,可以设置/etc/sysconfig/ntpd文件,在/etc/sysconfig/ntpd文件中添加,SYNC_HWCLOCK=yes这样,就可以让硬件时间与系统时间一起同步。
IPTABLES配置
由于ntp服务需要使用到UDP端口号为123,所以当系统的防火墙(iptables)启动的情况下,必须开放UDP端口号123
启动NTP服务
service ntpd status
service ntpd start
netstat -lntup|grep ntp
检查ntp是否开机启动:[root@localhost ~]# chkconfig --level 35 ntpd on
http://www.cnblogs.com/kerrycode/archive/2015/08/20/4744804.html(ntp配置参考文件)