Centos 7 installation and configuration NTP network time synchronization server

Experimental environment:

OS: Linux Centos 7.4 x86_64

1. View the current server time zone & list the time zone and set the time zone (if it is already the correct time zone, please skip):

# timedatectl
# timedatectl list-timezones
# timedatectl set-timezone Asia/Shanghai

2. Understanding the concept of time and time zone:

GMT, UTC, CST, DST

UTC:

The entire earth is divided into twenty-four time zones, and each time zone has its own local time. In international radio communications, for the sake of unification, a unified time is used, called Universal Time Coordinated (UTC: Universal Time Coordinated).

GMT:

Greenwich Mean Time refers to the standard time of the Royal Greenwich Observatory located in the suburbs of London, England, because the prime meridian is defined on the longitude passing there (UTC and GMT time are basically the same).

CST:

China Standard Time

GMT + 8 = UTC + 8 = CST

DST:

Daylight Saving Time means that when the sun rises earlier in the summer, the time is set forward one hour to advance the use of daylight (not used in China).

2. Use NTP Public Pool Time Servers http://www.pool.ntp.org to synchronize your server time.

Check whether it is installed:

# rpm -q ntp
ntp-4.2.6p5-25.el7.centos.2.x86_64

If it is already installed, please skip this step, otherwise please execute the following command to install:

# yum install ntpdate ntp -y

Modify NTP configuration:

Note: The green color is the original content that I commented out, the red color is the new content that replaces the previous comment, and the others are default.

# vim /etc/ntp.conf
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).

driftfile /var/lib/ntp/drift

#新增:日志目录.
logfile /var/log/ntpd.log

# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify notrap nopeer noquery

# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict ::1
#这一行的含义是授权172.16.128.0网段上的所有机器可以从这台机器上查询和同步时间.
restrict 172.16.128.0 mask 255.255.255.0 nomodify notrap

# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).

#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst

#新增:时间服务器列表.
server 0.cn.pool.ntp.org iburst
server 1.cn.pool.ntp.org iburst
server 2.cn.pool.ntp.org iburst
server 3.cn.pool.ntp.org iburst

#新增:当外部时间不可用时，使用本地时间.
server 172.16.128.171 iburst
fudge 127.0.0.1 stratum 10

#broadcast 192.168.1.255 autokey # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 autokey # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 autokey # manycast client

#新增:允许上层时间服务器主动修改本机时间.
restrict 0.cn.pool.ntp.org nomodify notrap noquery
restrict 1.cn.pool.ntp.org nomodify notrap noquery
restrict 2.cn.pool.ntp.org nomodify notrap noquery

# Enable public key cryptography.
#crypto

includefile /etc/ntp/crypto/pw

# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys

# Specify the key identifiers which are trusted.
#trustedkey 4 8 42

# Specify the key identifier to use with the ntpdc utility.
#requestkey 8

# Specify the key identifier to use with the ntpq utility.
#controlkey 8

# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats

# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor

3. Set the system to start automatically when booting:

# systemctl enable ntpd
# systemctl enable ntpdate
# systemctl is-enabled ntpd

When the ntpd service starts, first use the ntpdate command to synchronize the time:

# ntpdate -u 1.cn.pool.ntp.org

One of the reasons: When the time difference between the server and the client is too large, modifying the time at this time may cause unpredictable problems to the system or application, and NTP will stop time synchronization. If you check that the time is not synchronized after NTP is started, you should consider that the time error may be too large. In this case, you need to manually synchronize the time first.

Start NTP server:

# systemctl start ntpdate
# systemctl start ntpd

4. Join the firewall:

# firewall-cmd --permanent --add-service=ntp
# firewall-cmd --reload

5. Check the ntp connection status. If there is no problem, write the correct time to the hardware:

# ss -tlunp | grep ntp
# ntpq -p
# hwclock -w

5.1. System time and hardware time

Hardware time:

RTC (Real-Time Clock) or CMOS time is usually powered by batteries on the motherboard, and the server will continue to run even after the server is powered off. Only date and time values ​​are saved, time zone and daylight saving time settings cannot be saved.

System time:

Generally, the RTC time is copied when the server starts, and then runs independently, saving the time, time zone and daylight saving time settings.

6. Client:

Real-time synchronization through service process (NTP needs to be installed):

# vim /etc/ntp.conf
server 172.16.128.171

Important: Modifying the NTP configuration file of any node server requires restarting the ntpd service:

# systemctl restart ntpd

Synchronize time with crontab task plan (ntpdate needs to be installed, synchronization time is updated at 24:00 every day):

# crontab -e
0 0 * * * /usr/sbin/sntp -P no -r 172.16.128.171;hwclock -w

Deployed. In this way, the cluster will automatically synchronize services regularly, so that the cluster time will remain consistent.

The above is the detailed content of Centos 7 installation and configuration NTP network time synchronization server. For more information, please follow other related articles on the PHP Chinese website!