09月22日, 2014 120次
功夫效劳器ip(内网搭建一台NTP功夫效劳器)
在公司内网搭建一台ntp功夫效劳器,供局域网内一切呆板光滑同步功夫
公司局域网没辙贯穿internet
观念:NTP是搜集功夫和议(Network Time Protocol),它是用来同步搜集中各个计划机的功夫的和议。
资源:
功夫效劳器IP:192.168.138.140(ntp server)
须要同步功夫的效劳器:192.168.138.136 (ntp client)
linux 体例:CentOS release 6.9
摆设ntp server
翻开192.168.138.140呆板的 /etc/ntp.conf
文献实质如次:
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile /var/lib/ntp/drift
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict -6 ::1
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify&nb口口网sp;notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
#broadcast 192.168.1.255 autokey # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 autokey # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 autokey # manycast client
# Enable public key cryptography.
#crypto口口网
includefile /etc/ntp/crypto/pw
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats摆设权力
文献中
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery上头是摆设的证明,底下是摆设项,这局部的摆设是对存户端(须要同步功夫口口网的效劳器)的乞求的处置战略,默许是中断。有-6的那一条龙是对ipv6的摆设。可选的摆设如次:
ignore :封闭一切的 NTP 联机效劳
nomodify:存户端不许窜改效劳端的功夫参数,但存户端不妨同步功夫。
notrust :中断没有经过认证的存户端呆板
noquery :不供给存户端的功夫查问:用户端不许运用ntpq,ntpc等吩咐来查问ntp效劳器
notrap :不供给trap远端登岸
nopeer :用来遏止长机试验与效劳器平等,并承诺讹诈性效劳器遏制时钟
kod : 考察违规时发送 KoD 包。把这两行解释掉,而后摆设承诺哪些呆板不妨跟ntp server同步功夫
不妨摆设简直的呆板,如:
restrict 192.168.138.136 nomodify不妨摆设网段,如:mask摆设子网掩码
restrict 192.168.0.0 mask 225.225.225.0 nomodify摆设功夫源
即使不妨贯穿internet,不妨摆设internet上的功夫源,internet上的ntp效劳器有很多,不妨去搜一下。
即使不许贯穿internet,则把本机动作功夫源即可,摆设如次:
server 127.127.1.0
fudge 127.127.1.0 stratum 10功夫源不妨摆设多个,先运用最上头的呆板,即使这个呆板不行用(比方搜集连不上),则会逐下运用。
启用或重启ntp效劳
察看ntp效劳运奇迹态:
/etc/init.d/ntpd status启用ntp效劳
/etc/init.d/ntpd start存户端同步功夫
运用ntpdate吩咐同步功夫,ntpdate ntp_server_ip
ntpdate 192.168.138.140linux体例,存户端的ntp效劳不许启用,要不会报如次缺点:
ntpdate[88383]: the NTP socket is in use , exiting遏止ntp效劳
/etc/init.d/ntpd stop即使要每隔一段功夫就同步一次功夫,不妨摆设crontab准时工作,如,每钟点校验一次功夫
* */1 * * * root /usr/sbin/ntpdate 192.168.138.140 >/dev/null 2>&1提防事变:
提防风火墙的题目,即使没辙同步,则查看风火墙