[root@ntp2centos7 ~]# rpm -qa | grep ntp
ntpdate-4.2.6p5-29.el7.centos.2.x86_64
ntp-4.2.6p5-29.el7.centos.2.x86_64
确认有无安装包,#yum install -y ntpdate ntp
关闭防火墙
#sed -i s'/^SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
#systemctl stop firewalld
#systemctl disable firewalld
[root@ntp1centos7 ~]# cat /etc/ntp.conf | grep -v "^#"
driftfile /var/lib/ntp/drift
restrict default nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict ::1
server ntp1.aliyun.com iburst
server ntp2.aliyun.com iburst
server ntp3.aliyun.com iburst
server ntp4.aliyun.com iburst
server ntp5.aliyun.com iburst
server ntp6.aliyun.com iburst
server ntp7.aliyun.com iburst
server 172.16.113.170 iburst
fudge 127.0.0.1 stratum 10
restrict ntp1.aliyun.com nomodifty notrap noquery
restrict ntp2.aliyun.com nomodifty notrap noquery
restrict ntp3.aliyun.com nomodifty notrap noquery
restrict ntp4.aliyun.com nomodifty notrap noquery
restrict ntp5.aliyun.com nomodifty notrap noquery
restrict ntp6.aliyun.com nomodifty notrap noquery
restrict ntp7.aliyun.com nomodifty notrap noquery
includefile /etc/ntp/crypto/pw
keys /etc/ntp/keys
disable monitor
[root@ntp1centos7 ~]# systemctl enable ntpd
[root@ntp1centos7 ~]# systemctl restart ntpd
[root@ntp1centos7 ~]# systemctl status ntpd
● ntpd.service - Network Time Service
Loaded: loaded (/usr/lib/systemd/system/ntpd.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2021-06-23 14:17:45 CST; 6 months 19 days ago
Process: 7338 ExecStart=/usr/sbin/ntpd -u ntp:ntp $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 7339 (ntpd)
CGroup: /system.slice/ntpd.service
└─7339 /usr/sbin/ntpd -u ntp:ntp -g
Jun 23 14:17:46 ntp1centos7 ntpd[7339]: Listen normally on 5 ens192 fe80::6da4:f469:cbb:1079 UDP 123
Jun 23 14:17:46 ntp1centos7 ntpd[7339]: Listening on routing socket on fd #22 for interface updates
Jun 23 14:17:46 ntp1centos7 ntpd[7339]: inappropriate address 127.0.0.1 for the fudge command, line ignored
Jun 23 14:17:46 ntp1centos7 ntpd[7339]: 0.0.0.0 c016 06 restart
Jun 23 14:17:46 ntp1centos7 ntpd[7339]: 0.0.0.0 c012 02 freq_set kernel 6.882 PPM
Jun 23 14:17:52 ntp1centos7 ntpd[7339]: 0.0.0.0 c615 05 clock_sync
Dec 21 19:34:02 ntp1centos7 ntpd[7339]: 0.0.0.0 0613 03 spike_detect +0.286183 s
Dec 21 19:54:38 ntp1centos7 ntpd[7339]: 0.0.0.0 061c 0c clock_step +0.287045 s
Dec 21 19:54:39 ntp1centos7 ntpd[7339]: 0.0.0.0 0615 05 clock_sync
Dec 21 19:54:40 ntp1centos7 ntpd[7339]: 0.0.0.0 c618 08 no_sys_peer
[root@ntp1centos7 ~]#
客户端设置:
Linux客户端设置同步时钟(平滑方式)
[root@testnginx01 ~]# rpm -qa | grep ntp #确认系统是否安装下面两个软件包
ntp-4.2.6p5-29.el7.centos.2.x86_64
ntpdate-4.2.6p5-29.el7.centos.2.x86_64
[root@testnginx01 ~]# cat /etc/sysconfig/ntpd #修改配置文件添加红色字体配置信息
#Command line options for ntpd
SYNC_HWCLOCK=yes
OPTIONS="-g -x" #平滑方式添加参数,"-x",直接同步方式去掉这个参数
root@testnginx01~]# cat / etc/ntp.conf | grep -v ‘^#‘ #添加红色字体的配置文件
driftfile /var/lib/ntp/drift
restrictdefault nomodifynotrapnopeernoquery
restrict127.0.0.1
restrict::1
server ntp1.abxx.net iburst
server ntp2.abxx.net iburst
restrict ntp1.abxx.net nomodify notrap noquery
restrict ntp2.abxx.net nomodify notrap noquery
includefile /etc/ntp/crypto/pw
keys/ etc/ntp/keys
disable monitor
[root@testnginx01~]# systemctl enable ntpd #设置开机自动启动服务
[root@testnginx01~]# systemctl start ntpd #启动ntpd服务
[root@testnginx01 ~]# ntpq -p #验证ntp服务
remote refid st t when poll reach delay offset jitter
==============================================================================
*ntp1.abxx. 203.107.6.88 3 u 766 1024 377 0.376 -0.220 0.390
+ntp2.abcc. 120.25.115.20 3 u 838 1024 377 0.420 1.055 0.625
NTP在Linux下有两种时钟同步方式:
直接同步(也称跳跃同步)和平滑同步(也称微调同步)。
1.直接同步
使用ntpdate命令进行同步,直接进行时间变更。如果服务器上存在一个12点运行的任务,当前服务器时间是13点,但标准时间时11点,使用此命令可能会造成任务重复执行。因此使用ntpdate同步可能会引发风险,因此该命令也多用于配置时钟同步服务时第一次同步时间时使用。
2.平滑同步
使用ntpd进行时钟同步,可以保证一个时间不经历两次,它每次同步时间的偏移量不会太陡,是慢慢来的,这正因为这样,ntpd平滑同步可能耗费的时间比较长。刚开始可能时钟不同步,多等待时间后慢慢就同步了。
offset值 | 0~128ms | 128ms~600s | 600s~1000s | 1000s以上 |
有-x参数 | 微调 | 微调(0.5ms/s,600s需14天) | 跳跃 | 退出(加-g参数可忽略) |
无-x参数 | 微调 | 跳跃 | 跳跃 | 退出(加-g参数可忽略) |
