一 . 内网NTP-Server(192.168.1.12)
备份配置文件
cp /etc/ntp.conf /etc/ntp.conf.bak
改配置文件
vim /etc/ntp.conf
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile /var/lib/ntp/drift
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict ::1
# Hosts on local network are less restricted.
# 允许网段访问
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
# 注释掉
# server 0.centos.pool.ntp.org iburst
# server 1.centos.pool.ntp.org iburst
# server 2.centos.pool.ntp.org iburst
# server 3.centos.pool.ntp.org iburst
#broadcast 192.168.1.255 autokey # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 autokey # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 autokey # manycast client
# Enable public key cryptography.
#crypto
includefile /etc/ntp/crypto/pw
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats
# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor
# 下面2行, 以本地时间作为时间服务
server 127.127.1.0
fudge 127.127.1.0 stratum 10
start启动服务,enable 开机启动, status查看状态。
systemctl start ntpd.service
systemctl enable ntpd.service
systemctl status ntpd.service
查看ntpd端口情况
[root@node1 ~]# ss -tlunp |grep ntp
udp UNCONN 0 0 192.168.1.12:123 *:* users:(("ntpd",pid=114741,fd=19))
udp UNCONN 0 0 127.0.0.1:123 *:* users:(("ntpd",pid=114741,fd=18))
udp UNCONN 0 0 *:123 *:* users:(("ntpd",pid=114741,fd=16))
udp UNCONN 0 0 fe80::8c4a:435d:d7ec:6826%ens33:123 :::* users:(("ntpd",pid=114741,fd=21))
udp UNCONN 0 0 ::1:123 :::* users:(("ntpd",pid=114741,fd=20))
udp UNCONN 0 0 :::123 :::* users:(("ntpd",pid=114741,fd=17))
ntpq -p 查看网络中的NTP服务器,同时显示客户端和每个服务器的关系
# ntpq -p
改时间
date -s 18:00:00
二 . 内网NTP-Clients(192.168.1.13)
备份配置文件
cp /etc/ntp.conf /etc/ntp.conf.bak
改配置文件
vim /etc/ntp.conf
#改成相对应的服务器,把下面的注释掉
server 192.168.1.12 iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
多台ntp的情况
客户端配置
driftfile /var/lib/ntp/drift
server 192.168.8.102 prefer
server 192.168.8.101
includefile /etc/ntp/crypto/pw
keys /etc/ntp/keys
start启动服务,enable 开机启动, status查看状态。
systemctl start ntpd.service
systemctl enable ntpd.service
systemctl status ntpd.service
查看时间
date
查看网络中的NTP服务器
ntpq -p
[root@node2 /etc]# ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
*node1 LOCAL(0) 11 u 62 64 77 2.050 -2.689 2.395
网友评论