1) Confirm whether ntp is installed.

Command rpm–QA | grepntp

If there is only NTUpdate and ntp is not seen, you need to delete the original NTUpdate. For example:

ntpdate-4 . 2 . 6 P5-22 . el7 _ 0 . x86 _ 64

font packages-file system- 1.44-8.el7 . no arch

python-ntplib-0 . 3 . 2- 1 . el7 . no arch

2) Delete the installed ntp

Command yum–y remove update-4.2.6p5-22.el7.x86 _ 64

3) Reinstall ntp

Command yum -y install ntp

(2) Configure ntp service

1) Modify /etc/ntp.conf of all nodes.

Command vi /etc/ntp.conf

content

Restrict192.168.6.3 No modification, no rap, no peer-to-peer query//IP address of the current node.

Restrict192.168.6.2mask255.255.0 no modify notrap//Genmask of the network segment where the gateway and cluster are located.

2) Select a master node and modify its/etc/ntp.conf.

Command vi /etc/ntp.conf

Add a section to the server section and comment out server0 ~ n.

Server127.127.1.0

Fudge127.127.1.0 formation 10

3) Continue to modify /etc/ntp.conf, except for the master node.

Command vi /etc/ntp.conf

Add the following statement to the server section to point the server to the master node.

Server 192. 168.6.3

Fudge 192. 168.6.3 stratum 10

= = = Before modification = = =

picture

= = = After modification = = =

Node1(192.168.6.3):

picture

Node 2( 192. 168.6.4):

picture

Node 3( 192. 168.6.5):

picture

(3) Start ntp service and check the status.

1) Start ntp service.

Command service ntpd starts.

2) Check whether the ntp server is connected with the upper ntp.

Command ntpstat

picture

When viewing ntp status, the following situations may occur.

① The unsynchronized time server restarts the polling server every 8 seconds.

picture

② Polling servers that are not synchronized every 8 s.

picture

This situation is normal. After the ntp server is configured, you need to wait 5- 10 minutes to synchronize with the standard time configured in/etc/ntp.conf.

After waiting for a period of time, use ntpstat command to check the status again, and it will become the following normal result:

picture

3) Check the status of ntp server and upper ntp.

Command ntpq -p

picture

Remote: ip or host name of local and upper ntp, where "+"indicates priority and "*" indicates secondary priority.

Refid: refers to the upper ntp host address.

St: stratum stratum

Time: How many seconds ago did you synchronize the time?

Voting: How many seconds after the next update?

Arrival: The number of requests for updates from the upper ntp server.

Latency: network latency

Offset: time compensation

Jitter: Time difference between system time and bios.

4) Check the status of ntpd process

Command and monitor "ntpq -p"

Terminate press Ctrl+C to stop the viewing process.

picture

The characters in the first column represent the quality of the source. An asterisk (*) indicates that the source is the current reference.

Remote: lists the IP address or host name of the source.

When: indicates the elapsed time (in seconds) since polling the source.

Polling: indicates the polling interval. This value will increase according to the accuracy of the local clock.

Reach: is an octal number indicating the accessibility of the source. A value of 377 indicates that the source has answered the first eight consecutive votes.

Offset: is the time difference (in milliseconds) between the source clock and the local clock.

(4) set the boot.

Command chkconfig ntpd on

(e) Excerpts from other blogs.

===/etc/ntp.conf Configuration content = = =

[

Copy code

](JavaScript:void(0)； "copy code")

& ltpre style = " margin:0px； Fill: 0px Blank: Pre-newline; Word wrap: hyphenation; Font series: "Express New"! Important; font-size: 12px！ Important; "># 1. first deal with the authority problem, including releasing the upper server and opening up the source of LAN users:

Restrict the default kod no modify no rap no peer no query < = = Reject users of IPv4.

Restrict -6 default kod no modify no rap no peer no query < = = Users who reject IPv6.

Limit 220.130.158.71< = = Let tock.stdtime.gov.tw enter this NTP server.

Limit 59.124.196.83 <; = = Let tick.stdtime.gov.tw enter this NTP server.

Limit 59.124.196.84 <; = = Let time.stdtime.gov.tw enter this NTP server.

Limit127.0.0.1< = = The bottom two are the default values, and the local source code is published.

restrict-6:: 1 restrict 192. 168. 100.0 mask 255 . 255 . 255 . 0 no modify & lt； = = Publish the source of LAN users, or list personal IP.

2. To set the host source, please note the original setting of [0 |1| 2] .centos.pool.ntp.org:

Server 220.130.158.71preferred < = = Take this host as the highest priority server.

Server 59. 124. 196.83 server 59. 124. 196.84 # 3. When there is no external NTP server, the default internal clock data is used to provide services for LAN users:

Server127.127.1.0 # local clock

Fudge127.127.1.0 formation 10 # 4. Default time difference analysis file and temporarily unused key, etc. , no need to change:

driftfile /var/lib/ntp/drift

keys/etc/NTP/keys & lt； /pre & gt；

[

Copy code

](JavaScript:void(0)； "copy code")

= = = Limit option format = = =

Restrict [client IP] mask [IP mask] [parameters]

Client IP and IP Mask specify the range of computers in the network to be controlled. If the default keyword is used, it means that all computers are controlled and the parameters specify specific restrictions. Common parameters are as follows:

◆ Ignore: refused to connect to NTP server.

◆ nomodiy: The client cannot change the time parameters of the server, but the client can correct the network time through the server.

◆ noquery: no time query is provided for the client.

◆ notrap: The trap remote login function is not provided, and the trap service is a remote time log service.

◆not trust: Unless the client is authenticated, the source of the client will be regarded as an untrusted subnet.

◆ nopeer: provides time service, but does not act as a peer.

◆ kod: Send a kiss of death message to unsafe visitors.

= = = Server Option Format = = =

Server host [key n] [version n] [preferred] [mode n] [minimum polling n] [maximum polling n] [iburst]

Where host is the IP address or domain name of the upper NTP server, and the following parameters are explained as follows:

◆ key: indicates that all messages sent to the server contain authentication information encrypted with a key, and n is a 32-bit integer, indicating the key number.

◆ Version: indicates the version number of the message sent to the upper server. N defaults to 3, which can be 1 or 2.

◆ prefer: If there are multiple server options, the servers that use this parameter will be restricted.

◆ Mode: specifies the value of the data message mode field.

◆ minpoll: specify that the minimum time interval for querying the server is 2 to the nth power second, where n defaults to 6 and the range is 4- 14.

◆ maxpoll: The maximum time interval for specifying and querying this server is 2 to the nth power second, where n defaults to 10 and the range is 4- 14.

◆ iburst: When the initial synchronization request is sent, eight messages are sent in a burst mode, with a time interval of 2 seconds.

= = = View gateway method = = =

Command 1 route -n

Command 2ip route display

Command 3netstat -r

= = = Level = = =

Stratum is set according to the level of the upper server (+1).

For hosts that provide network time service providers, the layer setting should be as accurate as possible.

As a time service provider of LAN, stratum is usually set to 10.

picture

The server in Layer 0 uses physical devices such as atomic clock and GPS clock, and stratum 1 is directly connected to stratum 0.

The future layer is connected with the upper layer through the network, and the servers in the same layer can also interact.

Ntpd is the service server of the lower client and the client of the upper server.

Ntpd decides whether to provide clock service for other servers or synchronize clocks from other servers according to the parameters of the configuration file. All configurations are in the /etc/ntp.conf file.

[image upload failed ... (image-f2dcb9-1561634142658)]

= = = Please note that the firewall will block ntp ports = = =

The default port of ntp server is 123. If the firewall is turned on, some operations may go wrong. Remember to turn off the firewall. Time udp protocol adopted by ntp.

Sudo firewall-cmd-zone = public-add-port =123/UDP-permanent.

= = = Synchronize hardware clock = = =

Ntp service, which only synchronizes the system time by default.

If you want ntp to synchronize the hardware time at the same time, you can set the file /etc/sysconfig/ntpd.

In the /etc/sysconfig/ntpd file, add SYNC_HWCLOCK=yes so that the hardware time can be synchronized with the system time.

Allow the BIOS to synchronize with the system time, or through the hwclock -w command.

The difference between ===ntpd and ntpdate = = =

The following is the relevant information about the difference between ntpd and ntpdate on the internet. As shown in the figure below:

Before using it, it is necessary to find out the difference between ntpd and ntpdate in update time.

Ntpd is not only a time synchronization server, it can also synchronize the time between the client and the standard time server, and it is smooth synchronization.

Ntpdate will not synchronize immediately, which is why you should use Ntpdate carefully in a production environment.

Clock jitter will bring serious problems to some programs.

Many applications rely on continuous clocks-after all, it is a common assumption that the acquisition time is linear.

Some operations, such as database transactions, usually rely on the fact that time will not jump back.

Unfortunately, the way NTUpdate adjusts the time is what we call "jumping": after getting a time, NTUpdate uses the settimeofday(2) to set the system time.

There are several very obvious problems:

First, it is not safe.

The setting of ntpdate depends on the security of ntp server. Attackers can take advantage of some software design flaws to shut down the ntp server and make the synchronization server perform some consuming tasks.

Because ntpdate uses jumps, the server that follows it can't know whether an exception has occurred (the only way is to take the server as the standard).

Second, this is not accurate.

Once the ntp server is shut down, the servers that follow it will not be able to synchronize the time.

Unlike this, ntpd can not only calibrate the computer time, but also calibrate the computer clock.

Third, it's not elegant enough.

Because it is jumping, rather than making time faster or slower, programs that rely on timing will make mistakes.

(For example, if ntpdate finds that your time runs very fast, you may experience two identical moments, which is fatal for some applications).

So the only time to jump is when the computer has just started, but many services have not started yet.

The rest of the time, it is ideal to calibrate the clock with ntpd instead of adjusting the time on the computer clock.

During synchronization with the time server, NTPD will record the oscillation frequency deviation of BIOS timer-or the natural drift of local clock.

In this way, even if there is a problem with the network, the machine can still maintain a fairly accurate driving time.

= = = Address and IP of NTP servers commonly used in China = = =

2 10.72. 145.44 (IP address of national time service center server)

133.100.11.8 Fukuoka University, Japan

Time-a.nist.gov129.6.15.28 NIST, gaithersburg, Maryland

Time-b.nist.gov129.6.15.29 NIST, gaithersburg, Maryland

Time-a.timefreq.bldrdoc.gov, Boulder, Colorado132.163.4.101NIST

Time-b.timefreq.bldrdoc.gov132.163.4.102 NIST, Boulder, Colorado

Time-c.timefreq.bldrdoc.gov132.163.4.103 NIST, Boulder, Colorado

Utcnist.colorado.edu128.138.140.44 University of Colorado at Boulder

Time.nist.gov192.43.244.18 NCAR, Boulder, Colorado

Time-nw.nist.gov131.107.1.10 Microsoft Corporation in Redmond, Washington.

Nist1.symmetricom.com 69.25.96.13 symmetricom, San Jose, California.

Nist1-dc.glassey.com216.200.93.8 above Virginia net.

NIST1-ny.glassey.com208.184.49.9 new york City

NIST1-sj.glassey.com 207.126.98.204 above, San Jose, California.

Nist1.AOL-ca.truetime.com207.200.81.113 truetime, AOL, Sunnyvale, California.

American Online Facility in Virginia Truetime in 64.236.96.53

————————————————————————————————————

Ntp.sjtu.edu.cn 202.120.2.1kloc-0/(NTP server address of Shanghai Jiaotong University Network Center)

S 1a.time.edu.cn Beijing University of Posts and Telecommunications

S 1b.time.edu.cn Tsinghua University

Peking University S 1c.time.edu.cn

S 1d.time.edu.cn Southeast University

S 1e.time.edu.cn Tsinghua University

Tsinghua University, s2a.time.edu.cn

Tsinghua University, s2b.time.edu.cn

S2c.time.edu.cn Beijing University of Posts and Telecommunications

S2d.time.edu.cn southwest region network center

S2e.time.edu.cn Northwest Area Network Center

S2f.time.edu.cn Northeast Area Network Center

S2g.time.edu.cn Southeast China Network Center

S2h.time.edu.cn Sichuan University Network Management Center

S2j.time.edu.cn Dalian University of Technology Network Center

S2k.time.edu.cn CERNET Guilin main node

Peking University, S2m.time.edu.cn