ntp本地服务器搭建

来源：互联网发布：银联数据是国企吗编辑：程序博客网时间：2024/06/05 00:37

1 前言

集群状态下或者利用ambari安装hdp时要求节点上开启ntpd服务，搭了几次步骤有那么一点点繁琐，这里总结一下。

系统信息：

[root@node1 pgsql]# uname -a

Linux node1.dcom 3.10.0-327.el7.x86_64 #1 SMP Thu Nov 19 22:10:57 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

[root@node1 pgsql]# cat /proc/version

Linux version 3.10.0-327.el7.x86_64 (builder@kbuilder.dev.centos.org) (gcc version 4.8.3 20140911 (Red Hat 4.8.3-9) (GCC) ) #1 SMP Thu Nov 19 22:10:57 UTC 2015

[root@node1 pgsql]# cat /etc/issue

Kernel \r on an \m

[root@node1 pgsql]# cat /etc/redhat-release

CentOS Linux release 7.2.1511 (Core)

2 关闭防火墙

systemctl stopfirewalld.service 关闭防火墙

systemctldisable firewalld.service 禁止开机启动防火墙

3 服务器配置

这里以node1.dcom为ntp服务器节点

编辑修改/etc/ntp.conf

# For more information about this file, see the man pages

# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).

driftfile /var/lib/ntp/drift

# Permit time synchronization with our time source, but do not

# permit the source to query or modify the service on this system.

#restrict default nomodify notrap nopeer noquery

restrict default nomodify

# Permit all access over the loopback interface. This could

# be tightened as well, but to do so would effect some of

# the administrative functions.

restrict 127.0.0.1

restrict ::1

# Hosts on local network are less restricted.

#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

显示的指出时间服务器所涉及的ip范围

restrict 20.2.37.0 mask 255.255.255.0 nomodify

# Use public servers from the pool.ntp.org project.

# Please consider joining the pool (http://www.pool.ntp.org/join.html).

#server 0.centos.pool.ntp.org iburst

#server 1.centos.pool.ntp.org iburst

#server 2.centos.pool.ntp.org iburst

#server 3.centos.pool.ntp.org iburst

注释掉上面的网络服务器地址，采用下面本地时间作为源

server 127.127.1.0

fudge 127.127.1.0 stratum 10

#broadcast 192.168.1.255 autokey # broadcast server

#broadcastclient # broadcast client

#broadcast 224.0.1.1 autokey # multicast server

#multicastclient 224.0.1.1 # multicast client

#manycastserver 239.255.254.254 # manycast server

#manycastclient 239.255.254.254 autokey # manycast client

# Enable public key cryptography.

#crypto

includefile /etc/ntp/crypto/pw

# Key file containing the keys and key identifiers used when operating

# with symmetric key cryptography.

keys /etc/ntp/keys

# Specify the key identifiers which are trusted.

#trustedkey 4 8 42

# Specify the key identifier to use with the ntpdc utility.

#requestkey 8

# Specify the key identifier to use with the ntpq utility.

#controlkey 8

# Enable writing of statistics records.

#statistics clockstats cryptostats loopstats peerstats

# Disable the monitoring facility to prevent amplification attacks using ntpdc

# monlist command when default restrict does not include the noquery flag. See

# CVE-2013-5211 for more details.

# Note: Monitoring will not be disabled with the limited restriction flag.

disable monitor

4 ntp client配置

客户端配置相对来说比较简单

# For more information about this file, see the man pages

# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).

driftfile /var/lib/ntp/drift

# Permit time synchronization with our time source, but do not

# permit the source to query or modify the service on this system.

restrict default nomodify notrap nopeer noquery

# Permit all access over the loopback interface. This could

# be tightened as well, but to do so would effect some of

# the administrative functions.

restrict 127.0.0.1

restrict ::1

# Hosts on local network are less restricted.

#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

# Use public servers from the pool.ntp.org project.

# Please consider joining the pool (http://www.pool.ntp.org/join.html).

#server 0.centos.pool.ntp.org iburst

#server 1.centos.pool.ntp.org iburst

#server 2.centos.pool.ntp.org iburst

#server 3.centos.pool.ntp.org iburst

server node1.dcom 指明本地ntp服务器地址

#broadcast 192.168.1.255 autokey # broadcast server

#broadcastclient # broadcast client

#broadcast 224.0.1.1 autokey # multicast server

#multicastclient 224.0.1.1 # multicast client

#manycastserver 239.255.254.254 # manycast server

#manycastclient 239.255.254.254 autokey # manycast client

# Enable public key cryptography.

#crypto

includefile /etc/ntp/crypto/pw

# Key file containing the keys and key identifiers used when operating

# with symmetric key cryptography.

keys /etc/ntp/keys

# Specify the key identifiers which are trusted.

#trustedkey 4 8 42

# Specify the key identifier to use with the ntpdc utility.

#requestkey 8

# Specify the key identifier to use with the ntpq utility.

#controlkey 8

# Enable writing of statistics records.

#statistics clockstats cryptostats loopstats peerstats

# Disable the monitoring facility to prevent amplification attacks using ntpdc

# monlist command when default restrict does not include the noquery flag. See

# CVE-2013-5211 for more details.

# Note: Monitoring will not be disabled with the limited restriction flag.

disable monitor

5 开启ntpd服务

服务器和客户端配置完成后

systemctl enable ntpd 开机启动

systemctl start ntpd 开启服务

systemctl status ntpd 查看状态

client端具体实例：

[root@node4 ~]# systemctl enable ntpd

Created symlink from /etc/systemd/system/multi-user.target.wants/ntpd.service to /usr/lib/systemd/system/ntpd.service.

[root@node4 ~]# systemctl start ntpd

[root@node4 ~]# systemctl status ntpd

?.ntpd.service - Network Time Service

Loaded: loaded (/usr/lib/systemd/system/ntpd.service; enabled; vendor preset: disabled)

Active: active (running) since Wed 2016-07-06 10:20:28 CST; 1min 5s left

Process: 3561 ExecStart=/usr/sbin/ntpd -u ntp:ntp $OPTIONS (code=exited, status=0/SUCCESS)

Main PID: 3562 (ntpd)

CGroup: /system.slice/ntpd.service

?..3562 /usr/sbin/ntpd -u ntp:ntp -g

Jul 06 10:20:28 node4.dcom ntpd[3562]: Listen normally on 4 virbr0 192.168.122.1 UDP 123

Jul 06 10:20:28 node4.dcom ntpd[3562]: Listen normally on 5 lo ::1 UDP 123

Jul 06 10:20:28 node4.dcom ntpd[3562]: Listen normally on 6 eno1 fe80::ec4:7aff:fec1:540e UDP 123

Jul 06 10:20:28 node4.dcom ntpd[3562]: Listening on routing socket on fd #23 for interface updates

Jul 06 10:20:28 node4.dcom ntpd[3562]: 0.0.0.0 c016 06 restart

Jul 06 10:20:28 node4.dcom ntpd[3562]: 0.0.0.0 c012 02 freq_set kernel 0.000 PPM

Jul 06 10:20:28 node4.dcom ntpd[3562]: 0.0.0.0 c011 01 freq_not_set

Jul 06 10:20:29 node4.dcom ntpd[3562]: 0.0.0.0 c61c 0c clock_step -68.572092 s

Jul 06 10:19:21 node4.dcom ntpd[3562]: 0.0.0.0 c614 04 freq_mode

Jul 06 10:19:22 node4.dcom ntpd[3562]: 0.0.0.0 c618 08 no_sys_peer

[root@node4 ~]# ntpdate-u node1.dcom 手动与ntp本地服务器同步

6 Jul 10:19:52 ntpdate[3572]: adjust timeserver 20.2.37.200 offset -0.000324 sec

[root@node4 ~]# ntpq–p 查看ntpd服务状态

remote refid st t when poll reach delay offset jitter

==============================================================================

*node1.dcom LOCAL(0) 11 u 51 64 1 0.139 0.000 0.000

上面的ntpdate-u node1.dcom只是手动同步了一次，要想长期同步需要在各个客户端主机上做一些配置，具体如下：

[root@node2 yum.repos.d]# vi /etc/crontab

SHELL=/bin/bash

PATH=/sbin:/bin:/usr/sbin:/usr/bin

MAILTO=root

# For details see man 4 crontabs

# Example of job definition:

# .---------------- minute (0 - 59)

# | .------------- hour (0 - 23)

# | | .---------- day of month (1 - 31)

# | | | .------- month (1 - 12) OR jan,feb,mar,apr ...

# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat

# | | | | |

# * * * * * user-name command to be executed

0 1 * * * /usr/sbin/ntpdate -u node1.dcom #每天的1点与本地ntp服务器同步一次

Tips：

ntpdate –u 可以去掉-u 加上-u是以防防火墙的干扰。

装机时可能没注意选择时区导致无法同步成功。

[root@node5 ~]# date -R

Wed, 06 Jul 201620:16:45 +0800 东八区北京时间

修改时区的话可采用：

cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime 将上海时区拷贝至系统时区

hwclock –w 保存配置，写入硬件时钟

时区更改生效。

6 参考资料

最后可能同步过程中会遇到一些问题，最主要的还是防火墙是否正常关闭其他的可参考以下网络资料：

7 修订说明

日期

版本

修订

审批

修订说明

2016.9.29

1.0

章鑫8

阅读全文

0 0