需求:最近发现多个服务器之间的时间不一致,导致很多问题。 解决:使用ntp实现多台服务器同步时间 [ntp] 网络时间协议,英文名称:Network Time Protocol(NTP) 概念:它是一种协议,用于同步计算机时间,它可以使计算机对其服务器或时钟源(如石英钟,GPS等等)做同步化,它可以提供高精准度的时间校正(LAN标准间差小于1毫秒,WAN几十毫秒),可以通过加密确认来防止恶毒协议攻击。NTP目的是无序的Internet在环境中提供精确健康的时间服务。
start
前景 若是多台机器,则选择一台机器作为主节点,其他机器为从节点,主节点用于同步从节点时间。
安装
- 构建主节点时间服务器
- 需要手动安装ntp有些服务,这个服务linux默认安装版本,我们可以通过以下命令检查是否安装
rpm -qa | grep ntp
[root@localhost etc]# rpm -qa |grep ntp fontpackages-filesystem-1.44-8.el7.noarch ntp-4.2.6p5-29.el7.centos.2.x86_64 ntpdate-4.2.6p5-29.el7.centos.2.x86_64 出现以上 ,说明已安装 如果没有,可以手动安装
1、yum list | grep ntp 2、yum -y install ntp.x86_64 或者 yum install ntp –y 配置文件路径
/etc/ntp.conf 编辑文件
vi /etc/ntp.conf # For more information about this file, see the man pages # ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5). driftfile /var/lib/ntp/drift # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. restrict default nomodify notrap nopeer noquery # Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. # 默认是关闭的,注意打开,否则执行nptd 命令会超时 # 因为是内网,所以用本地时间作为服务器时间 restrict 127.0.0.1 restrict ::1 # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst #server 1.centos.pool.ntp.org iburst #server 2.centos.pool.ntp.org iburst #server 3.centos.pool.ntp.org iburst #inux自带的时间同步,需要注释掉 #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw # Key file contaning the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats
# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor
# 代表允许的网段,设置自己的网段,在这个网段的所有机器都可以作为时间同步服务端
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
server 127.127.1.0
fudge 127.127.1.0 stratum 10
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap代表允许192.168网段的服务器与此服务器进行时间同步 然后 保存 :wq!
开启服务
service ntpd start 或者 systemctl start ntpd
设置开机自启
chkconfig ntpd on
放行端口123
需要对ntp的默认端口123进行放行,这个要配,或者你关闭了防火墙,否则会报错, 问题:不开启会报 no server suitable for synchronization found 错误
iptables -I INPUT -p tcp --dport 123 -j ACCEPT
查看端口占用 sudo lsof -i -P -n -i:如果没有指定IP地址,这个选项选择列出所有网络文件 -P:禁止将端口号转换为端口名称, 如 3306 转为 MySQL -n:禁止IP转换为hostname,缺省是不加上-n参数
查看状态
service ntpd status 或者 systemctl status ntpd 或者 /etc/init.d/ntpd start
停止
service ntpd stop 或者 systemctl stop ntpd
配置客户端(从节点)
安装按以上步骤
编辑配置文件
vi /etc/ntp.conf
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile /var/lib/ntp/drift
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict ::1
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
#broadcast 192.168.1.255 autokey # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 autokey # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 autokey # manycast client
# Enable public key cryptography.
#crypto
includefile /etc/ntp/crypto/pw
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats
# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor
restrict 192.168.54.0 mask 255.255.255.0 nomodify notrap
#server 127.127.1.0
server 192.168.54.xxx #增加主服务器ip即可
#fudge 127.127.1.0 stratum 10
fudge 192.168.54.xxx startum 10 #设置stratum级别
保存退出::wq!
注意
如果想要让ntp同时同步硬件时间,可设置
vi /etc/sysconfig/ntpd
添加【SYNC_HWCLOCK=yes】就可以让硬件时间与系统时间一起同步
启动
service ntpd status service ntpd start service ntpd restart
查看是否会定时同步
ntpq -p
[root@minio3 etc]# ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
192.168.54.xxx LOCAL(0) 11 u 55 64 7 0.260 -0.001 0.026
remote 就是配置的远程地址 when就代表上次同步距离现在的时间,通过这个时间久可以判断是否有在自动同步。
设置自启动
chkconfig ntpd on
可尝试立即同步
ntpdate -d 192.168.54.xxx 主服务器地址
[root@minio3 etc]# ntpdate -d 192.168.54.xxx
31 May 16:51:36 ntpdate[23931]: ntpdate 4.2.6p5@1.2349-o Tue Jun 23 15:38:19 UTC 2020 (1)
Looking for host 192.168.54.xxx and service ntp
host found : 192.168.54.xxx
transmit(192.168.54.xxx)
receive(192.168.54.xxx)
transmit(192.168.54.xxx)
receive(192.168.54.xxx)
transmit(192.168.54.xxx)
receive(192.168.54.xxx)
transmit(192.168.54.xxx)
receive(192.168.54.xxx)
server 192.168.54.xxx, port 123
stratum 11, precision -24, leap 00, trust 000
refid [192.168.54.xxx], delay 0.02582, dispersion 0.00130
transmitted 4, in filter 4
reference time: e640558a.4c2701f9 Tue, May 31 2022 16:51:22.297
originate timestamp: e64055b2.98e02642 Tue, May 31 2022 16:52:02.597
transmit timestamp: e64055b2.77791f84 Tue, May 31 2022 16:52:02.466
filter delay: 0.02614 0.02582 0.02647 0.02589
0.00000 0.00000 0.00000 0.00000
filter offset: 0.127412 0.128211 0.128878 0.130258
0.000000 0.000000 0.000000 0.000000
delay 0.02582, dispersion 0.00130
offset 0.128211
31 May 16:52:02 ntpdate[23931]: adjust time server 192.168.54.xxx offset 0.128211 sec
修改系统时间(可在主节点设置,从节点查看效果)
date -s '2022-04-29 10:39:00'
clock -w 强制将时间写入coms同步bios时间,强制把系统时间写入CMOS: