In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-05 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/01 Report--
This article mainly explains "the configuration of NTP protocol under Linux system". Interested friends may wish to have a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn how to configure the NTP protocol under the Linux system.
In Linux system, in order to avoid the time deviation caused by the host time running for a long time, it is very necessary to carry out time synchronization (synchronize). Under Linux system, ntp service is generally used to synchronize the time of different machines. NTP is short for Network time Protocol (Network Time Protocol). What is it used for? Is to synchronize the time between computers through network protocols.
Install the NTP package
Check to see if ntp related packages are installed. If you do not install ntp-related packages, use rpm or yum to install, the installation is also very simple and convenient.
The code is as follows:
[root@localhost ~] # rpm-qa | grep
Ntpntpdate-4.2.6p5-1.el6.x86_64
Fontpackages-filesystem-1.41-1.1.el6.noarch
Ntp-4.2.6p5-1.el6.x86_64
Configuration of NTP
A: configuration / etc/ntp.conf
The main configuration file of NTP Server is / etc/ntp.conf. The contents of the unmodified ntp.conf file are shown below. The configuration options have relevant annotated information (Linux version is Red Hat Enterprise Linux Server release 6.6)
The code is as follows:
[root@localhost ~] # more / etc/ntp.conf
# For more information about this file, see the man pages
# ntp.conf (5), ntp_acc (5), ntp_auth (5), ntp_clock (5), ntp_misc (5), ntp_mon (5).
Driftfile / var/lib/ntp/drift
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
Restrict default kod nomodify notrap nopeer noquery
Restrict-6 default kod nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
Restrict 127.0.0.1
Restrict-6:: 1
# Hosts on local network are less restricted.
# restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
Server 0.rhel.pool.ntp.org iburst
Server 1.rhel.pool.ntp.org iburst
Server 2.rhel.pool.ntp.org iburst
Server 3.rhel.pool.ntp.org iburst
# broadcast 192.168.1.255 autokey # broadcast server
# broadcastclient # broadcastclient
# broadcast 224.0.1.1 autokey # multicast server
# multicastclient 224.0.1.1 # multicastclient
# manycastserver 239.255.254.254 # manycastserver
# manycastclient 239.255.254.254 autokey # manycastclient
# Enable public key cryptography.
# crypto
Includefile / etc/ntp/crypto/pw
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
Keys / etc/ntp/keys
# Specify the key identifiers which are trusted.
# trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
# requestkey 8
# Specify the key identifier to use with the ntpq utility.
# controlkey 8
# Enable writing of statistics records.
# statistics clockstats cryptostats loopstats peerstats
[root@localhost ~] # more / etc/ntp.conf
# For more information about this file, see the man pages
# ntp.conf (5), ntp_acc (5), ntp_auth (5), ntp_clock (5), ntp_misc (5), ntp_mon (5).
Driftfile / var/lib/ntp/drift
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
Restrict default kod nomodify notrap nopeer noquery
Restrict-6 default kod nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
Restrict 127.0.0.1
Restrict-6:: 1
# Hosts on local network are less restricted.
# restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
Server 0.rhel.pool.ntp.org iburst
Server 1.rhel.pool.ntp.org iburst
Server 2.rhel.pool.ntp.org iburst
Server 3.rhel.pool.ntp.org iburst
# broadcast 192.168.1.255 autokey # broadcast server
# broadcastclient # broadcastclient
# broadcast 224.0.1.1 autokey # multicast server
# multicastclient 224.0.1.1 # multicastclient
# manycastserver 239.255.254.254 # manycastserver
# manycastclient 239.255.254.254 autokey # manycastclient
# Enable public key cryptography.
# crypto
Includefile / etc/ntp/crypto/pw
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
Keys / etc/ntp/keys
# Specify the key identifiers which are trusted.
# trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
# requestkey 8
# Specify the key identifier to use with the ntpq utility.
# controlkey 8
# Enable writing of statistics records.
# statistics clockstats cryptostats loopstats peerstats
Individual option information:
# record the deviation between system time and BIOS events
Driftfile / etc/ntp/drift
Restrict controls the relevant permissions.
Syntax is: restrict IP address mask subnet mask parameter
The IP address can also be default, and default refers to all IP.
The parameters are as follows:
Ignore: turn off all NTP online services
Nomodify: the client cannot change the time parameter of the server, but the client can calibrate the time on the network through the server.
Notrust: unless the client is authenticated, the client source will be considered an untrusted subnet
Noquery: no client time query: the client cannot use commands such as ntpq,ntpc to query the ntp server
Notrap: does not provide trap remote login: refuses to provide mode 6 control message trap service for matching hosts. Trap service is a subsystem of ntpdq control message protocol and is used for remote event loggers.
Nopeer: used to prevent hosts from trying to peer with the server and to allow fraudulent servers to control the clock
Kod: sends KoD packets when access violations occur.
Restrict-6 represents the permission setting for the IPV6 address.
1: set the source of the NTP host (where prefer represents the priority host). 192.168.7.49 is the local NTP server, so the synchronization time from this host is given priority.
The code is as follows:
Server 192.168.7.49 prefer
Server 0.rhel.pool.ntp.org iburst
Server 1.rhel.pool.ntp.org iburst
Server 2.rhel.pool.ntp.org iburst
Server 3.rhel.pool.ntp.org iburst
2: limit the types of access you allow to these servers. In this case, the server is not allowed to modify the runtime configuration or query your Linux NTP server.
The code is as follows:
Restrict 192.168.0.0 mask 255.255.255.0 notrust nomodify notrap
In the above example, the mask address is extended to 255, so servers from 192.168.0.1 to 192.168.0.254 can use our NTP server to synchronize time
The code is as follows:
# at this point, it means to restrict the provision of NTP services to servers with IP segments from 192.168.0.1 to 192.168.0.254.
Restrict 192.168.0.0 mask 255.255.255.0 notrust nomodify notrap noquery
# set the default policy to allow any host to synchronize time
Restrict default ignore
3: make sure that localhost (this commonly used IP address refers to the Linux server itself) has sufficient permissions. Use syntax that does not have any restrictions on keywords:
The code is as follows:
Restrict 127.0.0.1
Restrict-6:: 1
B: configuration / etc/ntp/stpe-tickers file
Modify the / etc/ntp/stpe-tickers file as follows (when the ntpd service starts, it will automatically check the time with the upper NTP service recorded in the file)
The code is as follows:
[root@localhost ntp] # more / etc/ntp/step-tickers
# List of servers used for initial synchronization.
[root@localhost ntp] # vi / etc/ntp/step-tickers
# List of servers used for initial synchronization.
Server 192.168.7.49 prefer
Server 0.rhel.pool.ntp.org
Server 1.rhel.pool.ntp.org
Server 2.rhel.pool.ntp.org
Server 3.rhel.pool.ntp.org
C: configuration / etc/sysconfig/ntpd file
Ntp service, which only synchronizes system time by default. If you want ntp to synchronize the hardware time at the same time, you can set the / etc/sysconfig/ntpd file and add SYNC_HWCLOCK=yes to the / etc/sysconfig/ntpd file so that the hardware time can be synchronized with the system time.
The code is as follows:
# allow BIOS to synchronize with system time, or through the hwclock-w command
SYNC_HWCLOCK=yes
IPTABLES configuration
Because the NTP service needs to use UDP port number 123, when the system's firewall (Iptables) starts, the UDP port number 123 must be opened.
The code is as follows:
[root@localhost ~] # / etc/init.d/iptables status
Table: filter
Chain INPUT (policy ACCEPT)
Num target prot opt source destination
1 ACCEPT all-- 0.0.0. 0. 0. 0. 0. 0. 0
2 ACCEPT icmp-0. 0. 0. 0. 0. 0. 0
3 ACCEPT all-0. 0. 0. 0. 0. 0. 0. 0
4 ACCEPT tcp-- 0.0.0.0Universe 0 0.0.0.0Uniplex 0 state NEW tcp dpt:22
5 REJECT all-- 0.0.0.0Universe 0 0.0.0.0Sterling 0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
Num target prot opt source destination
1 REJECT all-- 0.0.0. 0. 0. 0. 0. 0. 0
Chain OUTPUT (policy ACCEPT)
Num target prot opt source destination
[root@localhost] # / sbin/iptables-I INPUT-p udp-- dport 123-j ACCEPT
[root@localhost ~] # / etc/init.d/iptables status
Table: filter
Chain INPUT (policy ACCEPT)
Num target prot opt source destination
1 ACCEPT udp-- 0.0.0. 0. 0. 0. 0. 0. 0
2 ACCEPT all-- 0.0.0.0Universe 0 0.0.0.0Uniplex 0 state RELATED,ESTABLISHED
3 ACCEPT icmp-0. 0. 0. 0. 0. 0. 0. 0
4 ACCEPT all-0. 0. 0. 0. 0. 0. 0. 0
5 ACCEPT tcp-- 0.0.0.0Universe 0 0.0.0.0Sterling 0 state NEW tcp dpt:22
6 REJECT all-- 0.0.0.0Universe 0 0.0.0.0Uniplex 0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
Num target prot opt source destination
1 REJECT all-- 0.0.0. 0. 0. 0. 0. 0. 0
Chain OUTPUT (policy ACCEPT)
Num target prot opt source destination
[root@localhost ~] #
If the firewall does not open UDP port number 123, the following may occur.
The code is as follows:
[root@localhost ~] # / usr/sbin/ntpq-c rv | grep stratum
Stratum=16, precision=-24, rootdelay=0.000, rootdisp=3.525, refid=INIT
[root@localhost~] #
A stratum level of 16 indicates that NTP is not synchronizing correctly.If a stratum level of 16 is detected, wait 15 minutes and issue the command again. It may take this long for the NTP server to stabilize.If NTP continues to detect a stratum level of 16, verify that the NTP port (UDP Port 123) is open on all firewalls between the cluster and the remote machine you are attempting to synchronize to.
Start the NTP service
The code is as follows:
[root@localhost ~] # service ntpd status
Ntpd is stopped
[root@localhost ~] # service ntpd start
Starting ntpd: [OK]
[root@localhost ~] #
Service ntpd status # View ntpd service status
Service ntpd start # start the ntpd service
Service ntpd stop # stop the ntpd service
Service ntpd restart # restart the ntpd service
Check to see if the ntp service is powered on and set it to boot.
[root@localhost] # chkconfig-- list ntpd
Ntpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@localhost ~] # runlevel
N 3
[root@localhost ~] # chkconfig ntpd on # is set to run automatically on runlevels 2, 3, 4, 5
[root@localhost] # chkconfig-- list ntpd
Ntpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@localhost ~] #
If you want to set to run automatically at the run level, you can use the following command
The code is as follows:
Chkconfig-level 345 ntpd on
You can detect whether the NTP service is running with the following command
The code is as follows:
[root@localhost ~] # pgrep ntpd
2639
2641
[root@localhost ~] # netstat-tlunp | grep ntp # if you see port 123, the ntp service starts successfully.
Udp 0 0 192.168.7.224 123 0.0.0.0 * 2639/ntpd
Udp 0 0127.0.0.1purl 123 0.0.0.0purl * 2639/ntpd
Udp 0 0 0.0.0. 0. 0. 0. 0. 0. 0. 0. 0. 12. 0. 0. 0. 0. 0
Udp 0 0 fe80::250:56ff:feb3:b5:123: * 2639/ntpd
Udp 0 0:: 1 123: * 2639/ntpd
Udp 0 0: 123: * 2639/ntpd
[root@localhost ~] #
Check to see if the ntp server is connected to the upper ntp
The code is as follows:
[root@localhost ~] # ntpstat
Synchronised to NTP server (192.168.7.49) at stratum 6
Time correct to within 440 ms
Polling server every 128 s
[root@localhost ~] #
Check the status of the ntp server and the upper ntp
Remote-ip or hostname of the native and upper ntp. "+" indicates priority, and "*" indicates secondary priority.
Refid-refer to the upper layer ntp host address
St-stratum class
When-how many seconds ago have you synchronized the time
Poll-how many seconds after the next update
Reach-the number of updates that have been requested from the upper ntp server
Delay-Network delay
Offset-time compensation
Jitter-time difference between system time and bios
To view the status of the ntpd process, run the following command and press Ctrl+C to stop viewing the process.
Remote-ip or hostname of the native and upper ntp. "+" indicates priority, and "*" indicates secondary priority.
Refid-refer to the upper layer ntp host address
St-stratum class
When-how many seconds ago have you synchronized the time
Poll-how many seconds after the next update
Reach-the number of updates that have been requested from the upper ntp server
Delay-Network delay
Offset-time compensation
Jitter-time difference between system time and bios
To view the status of the ntpd process, run the following command and press Ctrl+C to stop viewing the process.
At this point, I believe you have a deeper understanding of "NTP protocol configuration under the Linux system". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.