文章目录


1、准备

服务器作用
192.168.0.1服务端
192.168.0.2客户端

注意:timedatectl 和date命令有冲突,安装配置期间千万不要执行date命令,不然会出现服务ntp长时间不生效的问题,有可能需要半个小时左右的时间等待ntp服务恢复正常


2、ntp 安装

yum install ntp ntpdate -y

3、ntp.conf 配置


目录:/etc/ntp.conf

3.1、服务端配置
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).

driftfile /var/lib/ntp/drift

logconfig all
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict ::1

restrict default nomodify notrap nopeer noquery

# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
# 因为是内网,没有外部网络,所以注释以下server
# server 0.centos.pool.ntp.org iburst
# server 1.centos.pool.ntp.org iburst
# server 2.centos.pool.ntp.org iburst
# server 3.centos.pool.ntp.org iburst

# 表示从本机获取时间
server 127.127.1.0
fudge 127.127.1.0 stratum 10

#broadcast 192.168.1.255 autokey        # broadcast server
#broadcastclient                        # broadcast client
#broadcast 224.0.1.1 autokey            # multicast server
#multicastclient 224.0.1.1              # multicast client
#manycastserver 239.255.254.254         # manycast server
#manycastclient 239.255.254.254 autokey # manycast client

# Enable public key cryptography.
#crypto

includefile /etc/ntp/crypto/pw

# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography. 
keys /etc/ntp/keys

# Specify the key identifiers which are trusted.
#trustedkey 4 8 42

# Specify the key identifier to use with the ntpdc utility.
#requestkey 8

# Specify the key identifier to use with the ntpq utility.
#controlkey 8

# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats

# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor

3.2、客户端配置
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).

driftfile /var/lib/ntp/drift
logconfig all
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1 
restrict ::1

restrict default nomodify notrap nopeer noquery
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
# server 0.centos.pool.ntp.org iburst
# server 1.centos.pool.ntp.org iburst
# server 2.centos.pool.ntp.org iburst
# server 3.centos.pool.ntp.org iburst
server 192.168.0.1
server 192.168.0.1 iburst minpoll 4 maxpoll 4

server 127.127.1.0
Fudge 127.127.1.0 stratum 10

#broadcast 192.168.1.255 autokey	# broadcast server
#broadcastclient			# broadcast client
#broadcast 224.0.1.1 autokey		# multicast server
#multicastclient 224.0.1.1		# multicast client
#manycastserver 239.255.254.254		# manycast server
#manycastclient 239.255.254.254 autokey # manycast client

# Enable public key cryptography.
#crypto

includefile /etc/ntp/crypto/pw

# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography. 
keys /etc/ntp/keys

# Specify the key identifiers which are trusted.
#trustedkey 4 8 42

# Specify the key identifier to use with the ntpdc utility.
#requestkey 8

# Specify the key identifier to use with the ntpq utility.
#controlkey 8

# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats

# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor

4、启动


服务端、客户端一样的操作

启动前务必执行,不然会发生错误

timedatectl set-ntp no

timedatectl set-time "当前时间" 
或 
ntpdate "服务端ntp地址"

timedatectl set-ntp yes
timedatectl set-local-rtc 0
ntpd -gq

启动命令如下,务必把服务设为开机启动

# 停止服务
systemctl stop ntpd
# 启动服务
systemctl start ntpd
# 重新启动
systemctl restart ntpd
# 开机启动
systemctl enable ntpd

5、ntp服务状态

5.1、 ntpq -p
[root@localhost ~]# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 20.206.2.38     LOCAL(0)        11 u    2   64  177    3.406   19.901   1.602
*LOCAL(0)        .LOCL.           5 l   14   64  177    0.000    0.000   0.000
[root@localhost ~]#
字段描述
remote本机和上层ntp的ip或主机名,“+”表示优先,“*”表示次优先
refid参考上一层ntp主机地址
ststratum阶层
when多少秒前曾经同步过时间
poll下次更新在多少秒后
reach已经向上层ntp服务器要求更新的次数
delay网络延迟
offset时间补偿
jitter系统时间与bios时间差

5.2、timedatectl

NTP enabled: yes
NTP synchronized: yes

这两个参数为yes表示服务正常,synchronized反应比较慢,可以稍等四五分钟再看

[root@localhost ~]# timedatectl
      Local time: 四 2023-04-06 15:33:57 CST
  Universal time: 四 2023-04-06 07:33:57 UTC
        RTC time: 四 2023-04-06 07:38:20
       Time zone: Asia/Shanghai (CST, +0800)
     NTP enabled: yes
NTP synchronized: yes
 RTC in local TZ: no
      DST active: n/a

5.3、ntpstat
[root@localhost home]# ntpstat
synchronised to local net (127.127.1.0) at stratum 11
   time correct to within 12 ms
   polling server every 64 s

6、ntp.conf 参数详解

6.1、restrict

作用:对ntp做权限控制,如果没有任何参数则表示不做任何限制

参数描述
ignore忽略所以类型的ntp连接请求
nomodify限制客户端不能使用命令ntpc和ntpq来修改服务器端的时间
noquery不提供NTP网络校时服务
notrap不接受远程登录请求
notrust不接受没有经过认证的客户端的请求

6.2、server

作用:指定ntp服务器地址

server [ip or hostname] [ key n ] [ version n ] [ prefer ] [ mode n ] [ minpoll n ] [ maxpoll n ] [ iburst ]
参数描述
key所有发往服务器的报文包含有秘钥加密的认证信息,n是32位的整数,表示秘钥号
version表示发往上层服务器的报文使用的版本号,n默认是3,可以是1或者2。
prefer如果有多个server选项,具有该参数的服务器优先使用
mode指定数据报文mode字段的值。
minpoll指定与查询该服务器的最小时间间隔为2的n次方秒,n默认为6,范围为4-14。
maxpoll指定与查询该服务器的最大时间间隔为2的n次方秒,n默认为10,范围为4-14。
iburst当初始同步请求时,采用突发方式接连发送8个报文,时间间隔为2秒。

6.3、fudge

作用:设置时间服务器的层级,fudge必须和server一块用, 而且是在server的下一行

fudge ip [stratum int]

stratum:0~15

0: 表示顶级
10: 用于给局域网主机提供时间服务


7、ERROR

7.1、 NTP enabled: no
[root@localhost]# timedatectl
      Local time: 四 2023-04-06 11:27:29 CST
  Universal time: 四 2023-04-06 03:27:29 UTC
        RTC time: 四 2023-04-06 11:27:29
       Time zone: Asia/Shanghai (CST, +0800)
     NTP enabled: no
NTP synchronized: yes
 RTC in local TZ: yes
      DST active: n/a

Warning: The system is configured to read the RTC time in the local time zone.
         This mode can not be fully supported. It will create various problems
         with time zone changes and daylight saving time adjustments. The RTC
         time is never updated, it relies on external facilities to maintain it.
         If at all possible, use RTC in UTC by calling
         'timedatectl set-local-rtc 0'.

错误查看 Warning: 的内容

解决方案:

timedatectl set-local-rtc 0

然后重启服务

# 停止服务
systemctl stop ntpd
# 启动服务
systemctl start ntpd

7.2、NTP synchronized: no

这个问题出错比较多,也有可能是服务器没有反应过来,需要最多半个小时的等待

建议7.27.3中三种方案全部执行一遍

7.2.1、解决方案一

时间相差过大引起错误

# 停止服务
systemctl stop ntpd
timedatectl set-ntp no
timedatectl set-time "当前时间"
timedatectl set-ntp yes
# 启动服务
systemctl start ntpd
7.2.1、解决方案二

防火墙引起错误

# 停止服务
systemctl stop ntpd
firewall-cmd --permanent --add-port=123/udp
firewall-cmd --permanent --add-service=ntp
firewall-cmd --reload
firewall-cmd --list-port
# 启动服务
systemctl start ntpd

7.3、unsynchronised

这个问题出错比较多,也有可能是服务器没有反应过来,需要最多半个小时的等待

建议7.27.3中三种方案全部执行一遍

[root@localhost home]# ntpstat
unsynchronised
  time server re-starting
   polling server every 8 s

解决方案

# 停止服务
systemctl stop ntpd
ntpd -gq
systemctl start ntpd
# 服务器 # 运维 # linux # centos
Logo
GitCode 开源社区

旨在为数千万中国开发者提供一个无缝且高效的云端环境,以支持学习、使用和贡献开源项目。

更多推荐

【目标检测】目标检测的一些常用神经网络模型及方法

我的阶段性总结????文章目录1.概述1.2 目标检测的任务1.3 目标检测的分类2.R-CNN系列2.1 [R-CNN(Region with CNN features)](https://arxiv.org/pdf/1311.2524.pdf)2.2 [Fast R-CNN](https://www.cv-foundation.org/openaccess/content_iccv_2015/

avatar GitCode 开源社区
cover

用C++实现4种YOLO目标检测(内附完整代码)

avatar GitCode 开源社区
cover

静态时序分析:SDC约束命令create_generated_clock详解(上)

avatar GitCode 开源社区