ntp服务器搭建及客户端配置-使用阿里云


1. NTP服务器搭建

安装ntp yum install -y ntp

2. 外网使用ntp服务器作为基准

ntp服务器列表: time1.aliyun.com time2.aliyun.com time3.aliyun.com time4.aliyun.com time5.aliyun.com time6.aliyun.com time7.aliyun.com

先ntpdate检查能否和以上ntp服务器通信。ntpdate -q time1.aliyun.com

有以下输出表示正常

server 115.28.122.198, stratum 2, offset 53.490757, delay 0.0670913 Sep 15:27:48 ntpdate[16092]: step time server 115.28.122.198 offset 53.490757 sec

3. 修改配置文件

vim /etc/ntp.conf 做出以下修改

# For more information about this file, see the man pages# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5). driftfile /var/lib/ntp/drift # Permit time synchronization with our time source, but do not# permit the source to query or modify the service on this system.restrict default nomodify notrap nopeer noquery # Permit all access over the loopback interface.  This could# be tightened as well, but to do so would effect some of# the administrative functions.restrict 127.0.0.1restrict ::1 # 允许1-4网段的服务器来校时,不允许客户端来修改,登录ntp服务器 restrict 192.168.1.0 mask 255.255.255.0 nomodify notraprestrict 192.168.2.0 mask 255.255.255.0 nomodify notraprestrict 192.168.3.0 mask 255.255.255.0 nomodify notraprestrict 192.168.4.0 mask 255.255.255.0 nomodify notrap  # Hosts on local network are less restricted.#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap # Use public servers from the pool.ntp.org project.# Please consider joining the pool (http://www.pool.ntp.org/join.html).#server 0.centos.pool.ntp.org iburst#server 1.centos.pool.ntp.org iburst#server 2.centos.pool.ntp.org iburst#server 3.centos.pool.ntp.org iburst server time1.aliyun.comserver time2.aliyun.comserver time3.aliyun.comserver time4.aliyun.comserver time5.aliyun.comserver time6.aliyun.comserver time7.aliyun.com #broadcast 192.168.1.255 autokey        # broadcast server#broadcastclient                        # broadcast client#broadcast 224.0.1.1 autokey            # multicast server#multicastclient 224.0.1.1              # multicast client#manycastserver 239.255.254.254         # manycast server#manycastclient 239.255.254.254 autokey # manycast client # Enable public key cryptography.#crypto includefile /etc/ntp/crypto/pw # Key file containing the keys and key identifiers used when operating# with symmetric key cryptography. keys /etc/ntp/keys # Specify the key identifiers which are trusted.#trustedkey 4 8 42 # Specify the key identifier to use with the ntpdc utility.#requestkey 8 # Specify the key identifier to use with the ntpq utility.#controlkey 8 # Enable writing of statistics records.#statistics clockstats cryptostats loopstats peerstats # Disable the monitoring facility to prevent amplification attacks using ntpdc# monlist command when default restrict does not include the noquery flag. See# CVE-2013-5211 for more details.# Note: Monitoring will not be disabled with the limited restriction flag.disable monitor # Enable Logfilelogfile /var/log/ntp.log

4. 使硬件时间和系统时间一致

修改配置文件 vim /etc/sysconfig/ntpd 添加

SYNC_HWCLOCK=yes

5. 启动ntpd服务并查看状态

systemctl start ntpd

设置自动启动

 chkconfig ntpd on

等待10-15分钟后执行 ntpstat 查看同步状态

synchronised to NTP server (182.92.12.11) at stratum 3    time correct to within 470 ms   polling server every 64 s发现已经同步。

执行ntpq -p 查看与ntp服务器连接状态

remote           refid      st t when poll reach   delay   offset  jitter==============================================================================+time6.aliyun.co 10.137.38.86     2 u   10   64   77   41.139    8.490   1.523-time4.aliyun.co 10.137.38.86     2 u    5   64   77    3.479   15.026   1.354*time5.aliyun.co 10.137.38.86     2 u   10   64   77   37.243   10.643   1.554+120.25.115.19   10.137.38.86     2 u    5   64   77    3.574    5.228   2.803

*表示目前正在使用的上层NTP,+表示已连线,可提供时间更新的候补服务器

执行一下 hwclock –systohc 使系统时间和硬件时间一致。

6. 打开防火墙

由于ntp服务使用 123端口udp协议 所以需要打开防火墙。 执行firewall-cmd –zone=public –add-port=123/udp –permanent之后,再执行firewall-cmd –reload。

7. Linux 客户端使用ntpd服务同步时间

先安装ntp服务执行yum install -y ntp

修改配置文件 vim /etc/ntp.conf 修改server,添加日志

# 允许ntpserver主动修改客户端时间restrict 192.168.1.85 nomodify notrap noqueryrestrict 192.168.1.50 nomodify notrap noquery server 192.168.1.85server 182.168.1.50 logfile /var/log/ntp.log

其他保持默认。

启动 ntpd服务systemctl start ntpd

打开本地放火墙 123 UDP端口

执行 ntpq -p 查看与服务器连接状态。

remote           refid      st t when poll reach   delay   offset  jitter==============================================================================+192.168.1.50    182.92.12.11     3 u   31   64   77    0.189  -30.963  42.392*192.168.1.85    182.92.12.11     3 u   43   64   77    0.190   -1.903  18.890 LOCAL(0)        .LOCL.          10 l   60   64   77    0.000    0.000   0.000

执行 ntpstat 查看同步状态

synchronised to NTP server (192.168.1.85) at stratum 4 time correct to within 131 ms polling server every 64 s

8 Windows 使用客户端同步

8.1 组策略配置

win+r 运行gpedit.msc 启用全局配置

20170914-031152.png

启用ntp客户端

20170914-031233.png

win+r 执行 gpupdate /force

8.2. 使用自动配置工具

下载自动配置工具MicrosoftEasyFix50395.msi 下载地址在这个页面中

运行自动配置工具,做以下配置,多个服务器用空格隔开。

20170914-031246.png

之后在系统时间日期内执行同步查看结果。

20170914-031302.png

原创文章,作者:ItWorker,如若转载,请注明出处:https://blog.ytso.com/tech/aiops/290877.html

(0)
上一篇 2022年10月11日 16:00
下一篇 2022年10月11日 16:00

发表回复

登录后才能评论