NTP服务搭建

NTP是网络时间协议(Network Time Protocol)，它是用来同步网络中各个计算机的时间的协议。它的用途是把计算机的时钟同步到世界协调时UTC，其精度在局域网内可达0.1ms，在互联网上绝大多数的地方其精度可以达到1-50ms。

---

1.搭建本地NTP服务器

yum -y update
yum -y install ntp
# 调整好yum源，并安装ntp服务

2.查询并测试本地服务器是否能和Intent上的NTP服务器通信

time1.aliyun.com
time2.aliyun.com
time3.aliyun.com
time4.aliyun.com
time5.aliyun.com
time6.aliyun.com
time7.aliyun.com
# 以上为国内aliyun的时间服务器列表

ntpdate -q time1.aliyun.com
# 使用ntpdate检查本机是否可以和aliyun的时间服务器通信
   
server 203.107.6.88, stratum 2, offset 0.046559, delay 0.06445
14 Sep 16:08:23 ntpdate[2286]: adjust time server 203.107.6.88 offset 0.046559 sec
# 若显示结果和上图相同则代表可以通信

3.修改NTP服务器的配置文件

vim /etc/ntp.conf    # 修改配置文件

# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).

driftfile /var/lib/ntp/drift

# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1 
restrict -6 ::1

# 新增内容
# 允许以下指定网段的服务器来校时，但不允许客户端来修改，登录ntp服务器 
restrict 192.168.100.0 mask 255.255.255.0 nomodify notrap
restrict 192.168.200.0 mask 255.255.255.0 nomodify notrap
# 结束

# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
# server 0.centos.pool.ntp.org iburst
# server 1.centos.pool.ntp.org iburst
# server 2.centos.pool.ntp.org iburst
# server 3.centos.pool.ntp.org iburst
# 将以上四个默认的时间服务器地址注释掉，并手动添加国内aliyun的时间服务器地址
server time1.aliyun.com
server time2.aliyun.com
server time3.aliyun.com
server time4.aliyun.com
server time5.aliyun.com
server time6.aliyun.com
server time7.aliyun.com

# broadcast 192.168.1.255 autokey	# broadcast server
# broadcastclient			# broadcast client
# broadcast 224.0.1.1 autokey		# multicast server
# multicastclient 224.0.1.1		# multicast client
# manycastserver 239.255.254.254		# manycast server
# manycastclient 239.255.254.254 autokey # manycast client

# Enable public key cryptography.
#crypto

includefile /etc/ntp/crypto/pw

# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography. 
keys /etc/ntp/keys

# Specify the key identifiers which are trusted.
#trustedkey 4 8 42

# Specify the key identifier to use with the ntpdc utility.
#requestkey 8

# Specify the key identifier to use with the ntpq utility.
#controlkey 8

# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats

4.设置硬件时钟频率和时间服务器保持一致

vim /etc/sysconfig/ntpd    # 添加以下参数
SYNC_HWCLOCK=yes

重启服务器，并设置开机自启
CentOS 6.X
service ntpd start    # 启动NTP服务
chkconfig ntpd on     # 设置ntp服务开机自启

CentOS 7.X
systemctl start ntpd    # 启动ntp服务
systemctl enable ntpd   # 设置ntp服务开机自启

5.服务器端验证是否和上层aliyun服务器连接

# 等待10-15分钟后执行ntpstat查看同步状态
[root@localhost ~]# ntpstat 
synchronised to NTP server (203.107.6.88) at stratum 3 
   time correct to within 31 ms
   polling server every 64 s
# 以上描述为成功

执行ntpq -p 查看与aliyun时间服务器的连接状态
[root@localhost ~]# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*203.107.6.88    10.165.84.13     2 u    2   64  377   34.263    0.545   2.465
# *表示目前正在使用的上层NTP，+表示已连线,可提供时间更新的候补服务器

6.设置客户端配置文件，使其从搭建好的NTP服务器端进行时间同步

客户端先安装ntp服务，然后修改/etc/ntp.conf配置文件

# 设置允许ntpserver主动修改客户端时间
restrict 192.168.100.35 nomodify notrap noquery

# 将自带服务器列表项注释掉，添加自己搭建的时间服务器
server 192.168.100.35

# 设置服务产生的日志位置
logfile /var/log/ntp.log

# 使用ntpq -p 和 ntpstat 命令验证客户端是否和本地NTP时间服务器连接并同步成功