Shulou(Shulou.com)06/01 Report--

This article introduces the relevant knowledge of "how Centos7 deploys NTP time server". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

NTP (Network Time Protocol) network time protocol is based on UDP, which is used for network time synchronization. The computer clock in the network can be synchronized to UTC, and the accurate synchronization can be realized with the offset adjustment of each time zone.

Experimental environment:

OS:Linux Centos 7.4 x86_64

1. View the current server time zone & list the time zone and set it (skip if it is the correct time zone):

# timedatectl# timedatectl list-timezones# timedatectl set-timezone Asia/Shanghai2. Understanding of the concept of time zone:

GMT 、 UTC 、 CST 、 DST

UTC:

The whole earth is divided into 24 time zones, each of which has its own local time. In international radio communications, for the sake of unity, a unified time is used, which is called Universal coordinated time (UTC:Universal Time Coordinated).

GMT:

Greenwich mean time (Greenwich Mean Time) refers to the standard time of the Royal Greenwich Observatory on the outskirts of London, England, because the prime meridian is defined as the longitude through which it passes (UTC and GMT time are basically the same).

CST:

China Standard time (China Standard Time)

GMT + 8 = UTC + 8 = CST

DST:

Daylight saving time (Daylight Saving Time) refers to setting the time forward one hour when the sun rises earlier in summer to advance the use of daylight (not used in China).

two。 Use the NTP Common time Server Pool (NTP Public Pool Time Servers) http://www.pool.ntp.org to synchronize your server time.

To see if it is installed:

# rpm-Q ntpntp-4.2.6p5-25.el7.centos.2.x86_64

Skip this step if you have already installed, otherwise execute the following command to install:

# yum install ntpdate ntp-y

Modify the NTP configuration:

Note: green is the original content I commented out, red is added instead of the previous comments, and other defaults.

# vim / etc/ntp.conf# For more information about this file, see the man pages# ntp.conf (5), ntp_acc (5), ntp_auth (5), ntp_clock (5), ntp_misc (5), ntp_mon (5). Driftfile / var/lib/ntp/drift# added: log directory .logfile / var/log/ntpd.log# Permit time synchronization with our time source, but do not# permit the source to query or modify the service on this system.restrict default nomodify notrap nopeer noquery# Permit all access over the loopback interface. This could# be tightened as well The meaning of this line is to authorize all machines on the 172.16.128.0 network segment to query and synchronize time from this machine. But to do so would effect some of# the administrative functions.restrict 127.0.0.1restrict 172.16.128.0 mask 255.255.255.0 nomodify notrap# Hosts on local network are less restricted.#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap# Use public servers from the pool.ntp .org project.# Please consider joining the pool (added to http://www.pool.ntp.org/join.html).#server 0.centos.pool.ntp.org iburst#server 1.centos.pool.ntp.org iburst#server 2.centos.pool.ntp.org iburst#server 3.centos.pool.ntp.org iburst#: list of time servers .server 0.cn.pool.ntp.org iburstserver 1.cn.pool.ntp.org iburstserver 2.cn.pool.ntp.org iburstserver 3 .cn.pool.ntp.org iburst# added: when external time is not available Use the local time .server 172.16.128.171 iburstfudge 127.0.0.1 stratum 10#broadcast 192.168.1.255 autokey # broadcast server#broadcastclient # broadcastclient # broadcast 224.0.1.1 autokey # multicast server#multicastclient 224.0.1.1 # multicastclient # manycastserver 239.255.254.254 # manycastserver # manycastclient 239.255.254.254 autokey # manycastclient # added: allow the upper time server to actively modify the local time. Pool.ntp.org nomodify notrap noqueryrestrict 1.cn.pool.ntp.org nomodify notrap noqueryrestrict 2.cn.pool.ntp.org nomodify notrap noquery# Enable public key cryptography.#cryptoincludefile / etc/ntp/crypto/pw# Key file containing the keys and key identifiers used when operating# with symmetric key cryptography.keys / etc/ntp/keys# Specify the key identifiers which are trusted.#trustedkey 4 8 42# Specify the key identifier to use with the ntpdc utility.#requestkey 8# Specify the key identifier to use with the ntpq utility.#controlkey 8# Enable writing Of statistics records.#statistics clockstats cryptostats loopstats peerstats# Disable the monitoring facility to prevent amplification attacks using ntpdc# monlist command when default restrict does not include the noquery flag. See# CVE-2013-5211 for more details.# Note: Monitoring will not be disabled with the limited restriction flag.disable monitor3. Set the system to boot: # systemctl enable ntpd# systemctl enable ntpdate# systemctl is-enabled ntpd

When the ntpd service starts, first use the ntpdate command to synchronize the time:

# ntpdate-u 1.cn.pool.ntp.org

One of the reasons: when the time error between the server and the client is too large, the modification time may bring unpredictable problems to the system or application, and NTP will stop time synchronization. If you check that the time is not synchronized after starting the NTP, you should consider that it may be caused by a large time error. At this time, you need to synchronize the time manually.

Start the NTP server:

# systemctl start ntpdate# systemctl start ntpd4. Join the firewall: # firewall-cmd-permanent-add-service=ntp# firewall-cmd-reload5. Check ntp connection status if there is no problem, write the correct time to the hardware: # ss-tlunp | grep ntp# ntpq-p # hwclock-w

5.1. System time and hardware time

Hardware time:

RTC (Real-Time Clock) or CMOS time, usually powered by a battery on the motherboard, and the server will continue to run after a power outage. Only date-time values are saved, and time zone and daylight saving time settings cannot be saved.

System time:

Generally, the RTC time is copied when the server starts, and then runs independently, saving the time, time zone, and daylight saving time settings.

6. Client:

Real-time synchronization as a service process (NTP needs to be installed):

# vim / etc/ntp.confserver 172.16.128.171

Important: modifying the NTP configuration file of any node server requires restarting the ntpd service:

# systemctl restart ntpd

Schedule the synchronization time by crontab task (install ntpdate and update the synchronization time at 24:00 every day):

# crontab-e0 0 * / usr/sbin/sntp-P no-r 172.16.128.171 × hwclock-w

It's been deployed. In this way, the cluster automatically synchronizes the services on a regular basis, so that the time of the cluster is consistent.

This is the end of the content of "how Centos7 deploys NTP time server". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.