1) Confirm whether ntp is installed.
Command rpm–QA | grepntp
If there is only NTUpdate and ntp is not seen, you need to delete the original NTUpdate. For example:
ntpdate-4 . 2 . 6 P5-22 . el7 _ 0 . x86 _ 64
font packages-file system- 1.44-8.el7 . no arch
python-ntplib-0 . 3 . 2- 1 . el7 . no arch
2) Delete the installed ntp
Command yum–y remove update-4.2.6p5-22.el7.x86 _ 64
3) Reinstall ntp
Command yum -y install ntp
(2) Configure ntp service
1) Modify /etc/ntp.conf of all nodes.
Command vi /etc/ntp.conf
content
Restrict192.168.6.3 No modification, no rap, no peer-to-peer query//IP address of the current node.
Restrict192.168.6.2mask255.255.0 no modify notrap//Genmask of the network segment where the gateway and cluster are located.
2) Select a master node and modify its/etc/ntp.conf.
Command vi /etc/ntp.conf
Add a section to the server section and comment out server0 ~ n.
Server127.127.1.0
Fudge127.127.1.0 formation 10
3) Continue to modify /etc/ntp.conf, except for the master node.
Command vi /etc/ntp.conf
Add the following statement to the server section to point the server to the master node.
Server 192. 168.6.3
Fudge 192. 168.6.3 stratum 10
= = = Before modification = = =
picture
= = = After modification = = =
Node1(192.168.6.3):
picture
Node 2( 192. 168.6.4):
picture
Node 3( 192. 168.6.5):
picture
(3) Start ntp service and check the status.
1) Start ntp service.
Command service ntpd starts.
2) Check whether the ntp server is connected with the upper ntp.
Command ntpstat
picture
When viewing ntp status, the following situations may occur.
① The unsynchronized time server restarts the polling server every 8 seconds.
picture
② Polling servers that are not synchronized every 8 s.
picture
This situation is normal. After the ntp server is configured, you need to wait 5- 10 minutes to synchronize with the standard time configured in/etc/ntp.conf.
After waiting for a period of time, use ntpstat command to check the status again, and it will become the following normal result:
picture
3) Check the status of ntp server and upper ntp.
Command ntpq -p
picture
Remote: ip or host name of local and upper ntp, where "+"indicates priority and "*" indicates secondary priority.
Refid: refers to the upper ntp host address.
St: stratum stratum
Time: How many seconds ago did you synchronize the time?
Voting: How many seconds after the next update?
Arrival: The number of requests for updates from the upper ntp server.
Latency: network latency
Offset: time compensation
Jitter: Time difference between system time and bios.
4) Check the status of ntpd process
Command and monitor "ntpq -p"
Terminate press Ctrl+C to stop the viewing process.
picture
The characters in the first column represent the quality of the source. An asterisk (*) indicates that the source is the current reference.
Remote: lists the IP address or host name of the source.
When: indicates the elapsed time (in seconds) since polling the source.
Polling: indicates the polling interval. This value will increase according to the accuracy of the local clock.
Reach: is an octal number indicating the accessibility of the source. A value of 377 indicates that the source has answered the first eight consecutive votes.
Offset: is the time difference (in milliseconds) between the source clock and the local clock.
(4) set the boot.
Command chkconfig ntpd on
(e) Excerpts from other blogs.
===/etc/ntp.conf Configuration content = = =
[
Copy code
](JavaScript:void(0); "copy code")
& ltpre style = " margin:0px; Fill: 0px Blank: Pre-newline; Word wrap: hyphenation; Font series: "Express New"! Important; font-size: 12px! Important; "># 1. first deal with the authority problem, including releasing the upper server and opening up the source of LAN users:
Restrict the default kod no modify no rap no peer no query < = = Reject users of IPv4.
Restrict -6 default kod no modify no rap no peer no query < = = Users who reject IPv6.
Limit 220.130.158.71< = = Let tock.stdtime.gov.tw enter this NTP server.
Limit 59.124.196.83 <; = = Let tick.stdtime.gov.tw enter this NTP server.
Limit 59.124.196.84 <; = = Let time.stdtime.gov.tw enter this NTP server.
Limit127.0.0.1< = = The bottom two are the default values, and the local source code is published.
restrict-6:: 1 restrict 192. 168. 100.0 mask 255 . 255 . 255 . 0 no modify & lt; = = Publish the source of LAN users, or list personal IP.
2. To set the host source, please note the original setting of [0 |1| 2] .centos.pool.ntp.org:
Server 220.130.158.71preferred < = = Take this host as the highest priority server.
Server 59. 124. 196.83 server 59. 124. 196.84 # 3. When there is no external NTP server, the default internal clock data is used to provide services for LAN users:
Server127.127.1.0 # local clock
Fudge127.127.1.0 formation 10 # 4. Default time difference analysis file and temporarily unused key, etc. , no need to change:
driftfile /var/lib/ntp/drift
keys/etc/NTP/keys & lt; /pre & gt;
[
Copy code
](JavaScript:void(0); "copy code")
= = = Limit option format = = =
Restrict [client IP] mask [IP mask] [parameters]
Client IP and IP Mask specify the range of computers in the network to be controlled. If the default keyword is used, it means that all computers are controlled and the parameters specify specific restrictions. Common parameters are as follows:
◆ Ignore: refused to connect to NTP server.
◆ nomodiy: The client cannot change the time parameters of the server, but the client can correct the network time through the server.
◆ noquery: no time query is provided for the client.
◆ notrap: The trap remote login function is not provided, and the trap service is a remote time log service.
◆not trust: Unless the client is authenticated, the source of the client will be regarded as an untrusted subnet.
◆ nopeer: provides time service, but does not act as a peer.
◆ kod: Send a kiss of death message to unsafe visitors.
= = = Server Option Format = = =
Server host [key n] [version n] [preferred] [mode n] [minimum polling n] [maximum polling n] [iburst]
Where host is the IP address or domain name of the upper NTP server, and the following parameters are explained as follows:
◆ key: indicates that all messages sent to the server contain authentication information encrypted with a key, and n is a 32-bit integer, indicating the key number.
◆ Version: indicates the version number of the message sent to the upper server. N defaults to 3, which can be 1 or 2.
◆ prefer: If there are multiple server options, the servers that use this parameter will be restricted.
◆ Mode: specifies the value of the data message mode field.
◆ minpoll: specify that the minimum time interval for querying the server is 2 to the nth power second, where n defaults to 6 and the range is 4- 14.
◆ maxpoll: The maximum time interval for specifying and querying this server is 2 to the nth power second, where n defaults to 10 and the range is 4- 14.
◆ iburst: When the initial synchronization request is sent, eight messages are sent in a burst mode, with a time interval of 2 seconds.
= = = View gateway method = = =
Command 1 route -n
Command 2ip route display
Command 3netstat -r
= = = Level = = =
Stratum is set according to the level of the upper server (+1).
For hosts that provide network time service providers, the layer setting should be as accurate as possible.
As a time service provider of LAN, stratum is usually set to 10.
picture
The server in Layer 0 uses physical devices such as atomic clock and GPS clock, and stratum 1 is directly connected to stratum 0.
The future layer is connected with the upper layer through the network, and the servers in the same layer can also interact.
Ntpd is the service server of the lower client and the client of the upper server.
Ntpd decides whether to provide clock service for other servers or synchronize clocks from other servers according to the parameters of the configuration file. All configurations are in the /etc/ntp.conf file.
[image upload failed ... (image-f2dcb9-1561634142658)]
= = = Please note that the firewall will block ntp ports = = =
The default port of ntp server is 123. If the firewall is turned on, some operations may go wrong. Remember to turn off the firewall. Time udp protocol adopted by ntp.
Sudo firewall-cmd-zone = public-add-port =123/UDP-permanent.
= = = Synchronize hardware clock = = =
Ntp service, which only synchronizes the system time by default.
If you want ntp to synchronize the hardware time at the same time, you can set the file /etc/sysconfig/ntpd.
In the /etc/sysconfig/ntpd file, add SYNC_HWCLOCK=yes so that the hardware time can be synchronized with the system time.
Allow the BIOS to synchronize with the system time, or through the hwclock -w command.
The difference between ===ntpd and ntpdate = = =
The following is the relevant information about the difference between ntpd and ntpdate on the internet. As shown in the figure below:
Before using it, it is necessary to find out the difference between ntpd and ntpdate in update time.
Ntpd is not only a time synchronization server, it can also synchronize the time between the client and the standard time server, and it is smooth synchronization.
Ntpdate will not synchronize immediately, which is why you should use Ntpdate carefully in a production environment.
Clock jitter will bring serious problems to some programs.
Many applications rely on continuous clocks-after all, it is a common assumption that the acquisition time is linear.
Some operations, such as database transactions, usually rely on the fact that time will not jump back.
Unfortunately, the way NTUpdate adjusts the time is what we call "jumping": after getting a time, NTUpdate uses the settimeofday(2) to set the system time.
There are several very obvious problems:
First, it is not safe.
The setting of ntpdate depends on the security of ntp server. Attackers can take advantage of some software design flaws to shut down the ntp server and make the synchronization server perform some consuming tasks.
Because ntpdate uses jumps, the server that follows it can't know whether an exception has occurred (the only way is to take the server as the standard).
Second, this is not accurate.
Once the ntp server is shut down, the servers that follow it will not be able to synchronize the time.
Unlike this, ntpd can not only calibrate the computer time, but also calibrate the computer clock.
Third, it's not elegant enough.
Because it is jumping, rather than making time faster or slower, programs that rely on timing will make mistakes.
(For example, if ntpdate finds that your time runs very fast, you may experience two identical moments, which is fatal for some applications).
So the only time to jump is when the computer has just started, but many services have not started yet.
The rest of the time, it is ideal to calibrate the clock with ntpd instead of adjusting the time on the computer clock.
During synchronization with the time server, NTPD will record the oscillation frequency deviation of BIOS timer-or the natural drift of local clock.
In this way, even if there is a problem with the network, the machine can still maintain a fairly accurate driving time.
= = = Address and IP of NTP servers commonly used in China = = =
2 10.72. 145.44 (IP address of national time service center server)
133.100.11.8 Fukuoka University, Japan
Time-a.nist.gov129.6.15.28 NIST, gaithersburg, Maryland
Time-b.nist.gov129.6.15.29 NIST, gaithersburg, Maryland
Time-a.timefreq.bldrdoc.gov, Boulder, Colorado132.163.4.101NIST
Time-b.timefreq.bldrdoc.gov132.163.4.102 NIST, Boulder, Colorado
Time-c.timefreq.bldrdoc.gov132.163.4.103 NIST, Boulder, Colorado
Utcnist.colorado.edu128.138.140.44 University of Colorado at Boulder
Time.nist.gov192.43.244.18 NCAR, Boulder, Colorado
Time-nw.nist.gov131.107.1.10 Microsoft Corporation in Redmond, Washington.
Nist1.symmetricom.com 69.25.96.13 symmetricom, San Jose, California.
Nist1-dc.glassey.com216.200.93.8 above Virginia net.
NIST1-ny.glassey.com208.184.49.9 new york City
NIST1-sj.glassey.com 207.126.98.204 above, San Jose, California.
Nist1.AOL-ca.truetime.com207.200.81.113 truetime, AOL, Sunnyvale, California.
American online facility in Virginia Truetime in 64.236.96.53
————————————————————————————————————
Ntp.sjtu.edu.cn 202.120.2.1kloc-0/(NTP server address of Shanghai Jiaotong University Network Center)
S 1a.time.edu.cn Beijing University of Posts and Telecommunications
S 1b.time.edu.cn Tsinghua University
Peking University S 1c.time.edu.cn
S 1d.time.edu.cn Southeast University
S 1e.time.edu.cn Tsinghua University
Tsinghua University, s2a.time.edu.cn
Tsinghua University, s2b.time.edu.cn
S2c.time.edu.cn Beijing University of Posts and Telecommunications
S2d.time.edu.cn southwest region network center
S2e.time.edu.cn Northwest Area Network Center
S2f.time.edu.cn Northeast Area Network Center
S2g.time.edu.cn Southeast China Network Center
S2h.time.edu.cn Sichuan University Network Management Center
S2j.time.edu.cn Dalian University of Technology Network Center
S2k.time.edu.cn CERNET Guilin main node
Peking University, S2m.time.edu.cn