Centos7搭建NTP服务器-折腾笔记

OAM / 作者:

由于多台机器时间不一致问题,经常会导致很烦的事情发生,所以就自己配置了一台NTP服务器喽!

一、安装ntp

yum install -y ntp ntpdate

二、配置

配置文件位置:/etc/ntp.conf

内容如下:

# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).

#driftfile /var/lib/ntp/drift

# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict 192.168.0.0 mask 255.255.0.0 nomodify notrap

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.

# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 202.120.2.101 prefer
server 0.centos.pool.ntp.org 
server 1.centos.pool.ntp.org 
server 2.centos.pool.ntp.org 
server 3.centos.pool.ntp.org
server time.pool.aliyun.com
server time1.aliyun.com
#broadcast 192.168.1.255 autokey	# broadcast server
server 127.127.1.0
# LCL does't sync
fudge 127.127.1.0  stratum 10 
#broadcastclient			# broadcast client
#broadcast 224.0.1.1 autokey		# multicast server
#multicastclient 224.0.1.1		# multicast client
#manycastserver 239.255.254.254		# manycast server
#manycastclient 239.255.254.254 autokey # manycast client

# Enable public key cryptography.
#crypto

#includefile /etc/ntp/crypto/pw

# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography. 
#keys /etc/ntp/keys

# Specify the key identifiers which are trusted.
#trustedkey 4 8 42

# Specify the key identifier to use with the ntpdc utility.
#requestkey 8

# Specify the key identifier to use with the ntpq utility.
#controlkey 8

# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats

# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
#disable monitor

 

三、启动服务

systemctl start ntpd.service

设为开机启动

systemctl enable ntpd.service

定时重启服务

*/30 * * * * systemctl restart ntpd

 

四、使端口通过防火墙

firewall-cmd --permanent --add-port=123/udp
firewall-cmd --reload

五、查看服务器同步状态

 ntpq -p
 ntpstat

六、客户端同步

Linux:

ntpdate  192.168.0.2

crontab:

*/5 * * * * ntpdate  192.168.0.10

Centos7定时同步脚本:

systemctl enable crond
yum install -y ntp
mkdir -p /home/logs/ntpsync/
ntpdate  192.168.0.10  >>/home/logs/ntpsync/datesync.`date +\%Y\%m\%d`  2>&1 
echo "*/5 * * * * /usr/sbin/ntpdate  192.168.0.10  >>/home/logs/ntpsync/datesync.`date +\%Y\%m\%d`.log  2>&1 "  >> /var/spool/cron/root

#

 

六、问题

1、自行配置的ntp服务器,无法同步自身时间

答案:经过测试,大多数公共服务器都不能使用,更换公共NTP服务器就好

2、客户端无法同步自行搭建的NTP服务器时间

答案:两种可能:1)、ntp server 自身还未完成本地时间同步 2)、ntp server 防火墙问题