NTP是网络时间协议(Network Time Protocol),它是用来同步网络中各个计算机的时间的协议。它的用途是把计算机的时钟同步到世界协调时UTC,其精度在局域网内可达0.1ms,在互联网上绝大多数的地方其精度可以达到1-50ms。
1.搭建本地NTP服务器
yum -y update
yum -y install ntp
# 调整好yum源,并安装ntp服务
2.查询并测试本地服务器是否能和Intent上的NTP服务器通信
time1.aliyun.com
time2.aliyun.com
time3.aliyun.com
time4.aliyun.com
time5.aliyun.com
time6.aliyun.com
time7.aliyun.com
# 以上为国内aliyun的时间服务器列表
ntpdate -q time1.aliyun.com
# 使用ntpdate检查本机是否可以和aliyun的时间服务器通信
server 203.107.6.88, stratum 2, offset 0.046559, delay 0.06445
14 Sep 16:08:23 ntpdate[2286]: adjust time server 203.107.6.88 offset 0.046559 sec
# 若显示结果和上图相同则代表可以通信
3.修改NTP服务器的配置文件
vim /etc/ntp.conf # 修改配置文件
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile /var/lib/ntp/drift
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict -6 ::1
# 新增内容
# 允许以下指定网段的服务器来校时,但不允许客户端来修改,登录ntp服务器
restrict 192.168.100.0 mask 255.255.255.0 nomodify notrap
restrict 192.168.200.0 mask 255.255.255.0 nomodify notrap
# 结束
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
# server 0.centos.pool.ntp.org iburst
# server 1.centos.pool.ntp.org iburst
# server 2.centos.pool.ntp.org iburst
# server 3.centos.pool.ntp.org iburst
# 将以上四个默认的时间服务器地址注释掉,并手动添加国内aliyun的时间服务器地址
server time1.aliyun.com
server time2.aliyun.com
server time3.aliyun.com
server time4.aliyun.com
server time5.aliyun.com
server time6.aliyun.com
server time7.aliyun.com
# broadcast 192.168.1.255 autokey # broadcast server
# broadcastclient # broadcast client
# broadcast 224.0.1.1 autokey # multicast server
# multicastclient 224.0.1.1 # multicast client
# manycastserver 239.255.254.254 # manycast server
# manycastclient 239.255.254.254 autokey # manycast client
# Enable public key cryptography.
#crypto
includefile /etc/ntp/crypto/pw
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats
4.设置硬件时钟频率和时间服务器保持一致
vim /etc/sysconfig/ntpd # 添加以下参数
SYNC_HWCLOCK=yes
重启服务器,并设置开机自启
CentOS 6.X
service ntpd start # 启动NTP服务
chkconfig ntpd on # 设置ntp服务开机自启
CentOS 7.X
systemctl start ntpd # 启动ntp服务
systemctl enable ntpd # 设置ntp服务开机自启
5.服务器端验证是否和上层aliyun服务器连接
# 等待10-15分钟后执行ntpstat查看同步状态
[root@localhost ~]# ntpstat
synchronised to NTP server (203.107.6.88) at stratum 3
time correct to within 31 ms
polling server every 64 s
# 以上描述为成功
执行ntpq -p 查看与aliyun时间服务器的连接状态
[root@localhost ~]# ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
*203.107.6.88 10.165.84.13 2 u 2 64 377 34.263 0.545 2.465
# *表示目前正在使用的上层NTP,+表示已连线,可提供时间更新的候补服务器
6.设置客户端配置文件,使其从搭建好的NTP服务器端进行时间同步
客户端先安装ntp服务,然后修改/etc/ntp.conf配置文件
# 设置允许ntpserver主动修改客户端时间
restrict 192.168.100.35 nomodify notrap noquery
# 将自带服务器列表项注释掉,添加自己搭建的时间服务器
server 192.168.100.35
# 设置服务产生的日志位置
logfile /var/log/ntp.log
# 使用ntpq -p 和 ntpstat 命令验证客户端是否和本地NTP时间服务器连接并同步成功