Use NTP for time synchronization in CentOS 7

Time synchronization using NTP in CentOS 7#

[ Date: 2015-11-07] Source: Linux community Author: scorpio3k [font: medium and small]
  1. NTP clock synchronization method description
    NTP has two clock synchronization methods under Linux, namely direct synchronization and smooth synchronization:
    Direct sync
    Use the ntpdate command to synchronize and directly change the time. If there is a task running at 12 o'clock on the server, the current server time is 13:00, but the standard time is 11 o'clock, using this command may cause the task to be repeated. Therefore, the use of ntpdate synchronization may cause risks, so this command is also used when configuring the clock synchronization service for the first time synchronization.
    Smooth synchronization
    Using ntpd for clock synchronization can ensure that a time does not go through twice, and the offset of each synchronization time will not be too steep, and it will take slowly. Because of this, ntpd smooth synchronization may take a long time.

Standard clock synchronization service
The http://www.pool.ntp.org/zone/cn website contains the global standard time synchronization service, as well as the synchronization of China time. The corresponding URL is cn.pool.ntp.org, which also describes ntp Suggested wording in the configuration file:
server 1.cn.pool.ntp.org 
server 3.asia.pool.ntp.org 
server 2.asia.pool.ntp.org

  1. Environment
    Prepare four computers, namely:
IP Use
192.168.11.212 ntpd server, used to synchronize standard time with external public ntpd
172.16.248.129 ntpd client, used to synchronize time with ntpd
172.16.248.130 ntpd client, used to synchronize time with ntpd
172,16,248.131 ntpd client, used to synchronize time with ntpd

3. Check if the service is installed

[ root@localhost kevin]# rpm -q ntp
ntp-4.2.6p5-19.el7.CentOS.3.x86_64

[ root@localhost kevin]# yum -y install ntp
[ root@localhost kevin]# systemctl enable ntpd
[ root@localhost kevin]# systemctl start ntpd

4. Set up ntp server: 192.168.11.212

Use the command before configuration: ntpdate -u cn.pool.ntp.org, synchronize server

# For more information about this file, see the man pages
# ntp.conf(5),ntp_acc(5),ntp_auth(5),ntp_clock(5),ntp_misc(5),ntp_mon(5). driftfile /var/lib/ntp/drift # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. restrict default nomodify notrap nopeer noquery  # Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1 restrict ::1  # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap restrict 172.16.248.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool(http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  server 2.cn.pool.ntp.org server 1.asia.pool.ntp.org server 2.asia.pool.ntp.org  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client #Allow the upper time server to actively modify the local time restrict 2.cn.pool.ntp.org nomodify notrap noquery restrict 1.asia.pool.ntp.org nomodify notrap noquery restrict 2.asia.pool.ntp.org nomodify notrap noquery  server 127.0.0.1 # local clock fudge 127.0.0.1 stratum 10  # Enable public key cryptography. #crypto  includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4842  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor

After the modification is completed, restart the ntpd service systemctl restart ntpd

Use ntpq -p to view the NTP servers in the network, and display the relationship between the client and each server

Use the ntpstat command to view the time synchronization status. It usually takes 5-10 minutes to successfully connect and synchronize. Therefore, you need to wait a while after the server starts:
When it first starts, it is generally:

# ntpstat 
unsynchronised
 time server re-starting
 polling server every 64 s

After connecting and syncing:

# ntpstat 
synchronised to NTP server(202.112.10.36) at stratum 3
 time correct to within 275 ms
 polling server every 256 s

5. Set up ntp client: 172.16.248.129|130|131

Install the ntp service and set it to start automatically, the same as the previous setting. Then edit the /etc/ntp.conf file, the red font is the changed content.

# For more information about this file, see the man pages
# ntp.conf(5),ntp_acc(5),ntp_auth(5),ntp_clock(5),ntp_misc(5),ntp_mon(5).  driftfile /var/lib/ntp/drift  # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. restrict default nomodify notrap nopeer noquery  # Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1 restrict ::1  # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap  # Use public servers from the pool.ntp.org project. # Please consider joining the pool(http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst  server 172.16.248.1  restrict 172.16.248.1 nomodify notrap noquery  server 127.0.0.1 fudge 127.0.0.1 stratum 10  #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client  # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw  # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys  # Specify the key identifiers which are trusted. #trustedkey 4842  # Specify the key identifier to use with the ntpdc utility. #requestkey 8  # Specify the key identifier to use with the ntpq utility. #controlkey 8  # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats  # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor

Restart the ntpd service

# systemctl restart ntpd

After starting, check the synchronization

# ntpq -p
# ntpstat

Because it is an intranet, ntpstat can be synchronized quickly.

( adsbygoogle = window.adsbygoogle || []).push({});

Recommended Posts

Use NTP for time synchronization in CentOS 7
Detailed use of nmcli in CentOS8
Set static IP for CentOS in VMware
Use command to clear specific hostname in CentOS7
Tutorial for deploying nginx+uwsgi in django project under Centos8
For the first time in history, Python surpassed Java!
CentOS 8 enable NTP service
Install MySQL5.7 in centos7
Install php in centos
Use supervisor in ubuntu
Install redis5.0 in CentOS7
Build Hadoop in CentOS
Use RapidSVN on CentOS7
KVM virtualization in centos
How to configure NTP to join the NTP pool project in CentOS
How to set or modify the time zone in CentOS 8