简介在一些集群服务中,不同的主机时间不一致,会导致服务异常。因此都会使用ntp(Network Time Protocol)进行时间同步。操作系统CentOS Linux release 7.6.1810 (Core) 安装yum -y install ntp
配置默认配置会,同步外网的ntp时间服务。# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
#系统时间与BIOS事件的偏差记录
driftfile /var/lib/ntp/drift
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
#restrict 控制相关权限。
#语法为: restrict IP地址 mask 子网掩码 参数
#其中IP地址也可以是default ,default 就是指所有的IP
#参数有以下几个:
#ignore :关闭所有的 NTP 联机服务
#nomodify:客户端不能更改服务端的时间参数,但是客户端可以通过服务端进行网络校时。
#notrust :客户端除非通过认证,否则该客户端来源将被视为不信任子网
#noquery :不提供客户端的时间查询:用户端不能使用ntpq,ntpc等命令来查询ntp服务器
#notrap :不提供trap远端登陆:拒绝为匹配的主机提供模式 6 控制消息陷阱服务。陷阱服务是 ntpdq 控制消息协议的子系统,用于远程事件日志记录程序。
#nopeer :用于阻止主机尝试与服务器对等,并允许欺诈性服务器控制时钟
#kod : 访问违规时发送 KoD 包。
#restrict -6 表示IPV6地址的权限设置。
#对本机不做限制,拥有所有的权限
restrict 127.0.0.1
restrict ::1
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
#设置默认策略为允许任何主机进行时间同步
restrict default ignore
#此处表示限制向从192.168.1.1-192.168.1.254这些IP段的服务器提供NTP服务。
#restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap noquery
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#设定NTP主机来源(其中prefer表示优先主机),192.168.1.123是本地的ntp服务器,所以优先指定从该主机同步时间。
server 192.168.1.123 prefer
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
#broadcast 192.168.1.255 autokey # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 autokey # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 autokey # manycast client
# Enable public key cryptography.
#crypto
includefile /etc/ntp/crypto/pw
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats
# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor
服务启动时,同步的时间服务器 修改/etc/ntp/stpe-tickers文件server 192.168.1.123
server 0.centos.pool.ntp.org
server 1.centos.pool.ntp.org
server 2.centos.pool.ntp.org
server 3.centos.pool.ntp.org
配置硬件时间同步ntp服务,默认只会同步系统时间。如果想要让ntp同时同步硬件时间,可以设置/etc/sysconfig/ntpd文件,在/etc/sysconfig/ntpd文件中,添加 SYNC_HWCLOCK=yes 这样,就可以让硬件时间与系统时间一起同步。#允许BIOS与系统时间同步,也可以通过hwclock -w 命令SYNC_HWCLOCK=yes
#pgc-card .pgc-card-href { text-decoration: none; outline: none; display: block; width: 100%; height: 100%; } #pgc-card .pgc-card-href:hover { text-decoration: none; } /*pc 样式*/ .pgc-card { box-sizing: border-box; height: 164px; border: 1px solid #e8e8e8; position: relative; padding: 20px 94px 12px 180px; overflow: hidden; } .pgc-card::after { content: ” “; display: block; border-left: 1px solid #e8e8e8; height: 120px; position: absolute; right: 76px; top: 20px; } .pgc-cover { position: absolute; width: 162px; height: 162px; top: 0; left: 0; background-size: cover; } .pgc-content { overflow: hidden; position: relative; top: 50%; -webkit-transform: translateY(-50%); transform: translateY(-50%); } .pgc-content-title { font-size: 18px; color: #222; line-height: 1; font-weight: bold; overflow: hidden; text-overflow: ellipsis; white-space: nowrap; } .pgc-content-desc { font-size: 14px; color: #444; overflow: hidden; text-overflow: ellipsis; padding-top: 9px; overflow: hidden; line-height: 1.2em; display: -webkit-inline-box; -webkit-line-clamp: 2; -webkit-box-orient: vertical; } .pgc-content-price { font-size: 22px; color: #f85959; padding-top: 18px; line-height: 1em; } .pgc-card-buy { width: 75px; position: absolute; right: 0; top: 50px; color: #406599; font-size: 14px; text-align: center; } .pgc-buy-text { padding-top: 10px; } .pgc-icon-buy { height: 23px; width: 20px; display: inline-block; background: url(https://lf3-cdn-tos.bytescm.com/obj/cdn-static-resource/pgc/v2/pgc_tpl/static/image/commodity_buy_f2b4d1a.png); } Linux命令行与shell脚本编程大全 第3版 shell脚本程序编程开发 shell编程IT操作系统linux大全书籍 人民邮电出版社 ¥59.9 领1元券 启动服务systemctl start ntpd
查看ntp服务器有无和上层ntp连通ntpstat
synchronised to NTP server (120.25.115.20) at stratum 3 time correct to within 85 ms polling server every 64 s查看ntp服务器与上层ntp的状态ntpq -p remote refid st t when poll reach delay offset jitter==============================================================================*120.25.115.20 10.137.53.7 2 u 39 64 7 34.227 -1.895 5.605 amy.chl.la .INIT. 16 u – 64 0 0.000 0.000 0.000+xk-6-95-a8.bta. 10.41.14.199 2 u 36 64 7 38.472 1.974 1.703 ntp7.flashdance .INIT. 16 u – 64 0 0.000 0.000 0.000remote – 本机和上层ntp的ip或主机名,“+”表示优先,“*”表示次优先refid – 参考上一层ntp主机地址st – stratum阶层when – 多少秒前曾经同步过时间poll – 下次更新在多少秒后reach – 已经向上层ntp服务器要求更新的次数delay – 网络延迟offset – 时间补偿jitter – 系统时间与bios时间差总结时间同步服务,是一个很简单的服务。
本文出自快速备案,转载时请注明出处及相应链接。
本文永久链接: https://www.175ku.com/26943.html