1, server side configuration

Install the time synchronization server. There are no special requirements and there is no need to change the configuration. Server ip: 192.168.91.159

[root@www zoneinfo]# yum -y install ntp
[root@www zoneinfo]# systemctl start ntpd
#Change the configuration file and add the following two items
[root@www ntp]# vi /etc/ntp.conf
# If you cannot communicate with the upper ntp server, take the local time as the standard time
server   127.127.1.0    # local clock
fudge    127.127.1.0 stratum 10

#log file
logfile /var/log/ntp.log

[root@www ntp]# systemctl restart ntpd

Note: the server installation is completed

Check whether to synchronize your own time with the upper level time synchronization server

[root@www zoneinfo]# Ntpstat < = = do you want to synchronize your own time with the upper time synchronization server
synchronised to NTP server (185.209.85.222) at stratum 3
   time correct to within 209 ms    <==Correction 109 * 10^(-3)
   polling server every 64 s        <==Calibrate every 64 seconds

ntpq -p can list the current status of our NTP and related upper NTP

[root@www zoneinfo]# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
+119.28.183.184  100.122.36.4     2 u   20   64  137   48.450  -48.957  17.425
-time.cloudflare 10.4.3.52        3 u   12   64  373  177.269  -18.407  23.787
*stratum2-1.ntp. 195.91.239.8     2 u   12   64  373  133.322  -38.504  25.433
+ntp7.flashdance 192.36.143.150   2 u   15   64  107  302.819  -27.658  27.421

• remote: that is, the IP or host name of the NTP host. Note the leftmost symbol
  -If there is "*", it represents the upper NTP currently in action
  -If it is ［ + ］, it means that there is also online connection, and it can be used as the next candidate to provide time update.
• refid: refers to the address of the NTP host on the upper layer
• st: stratum class
• when: time synchronization update was performed a few seconds ago;
• poll: the next update is in a few seconds;
• reach: the number of times updates have been requested from the upper NTP server
• Delay: delay time during network transmission, unit: 10 ^ (- 6) seconds
• offset: the result of time compensation, in 10 ^ (- 3) seconds
• jitter: the difference time between Linux system time and BIOS hardware time, in 10 ^ (- 6) seconds.

2, client side configuration

[root@master ~]# yum -y install ntpdate
[root@master ~]# ntpdate  192.168.91.159
20 Jan 11:04:41 ntpdate[1323]: no server suitable for synchronization found <==This is because the server has not completed the upper layer synchronization
[root@master ~]# ntpdate  192.168.91.159
20 Jan 11:07:17 ntpdate[1324]: step time server 192.168.91.159 offset -0.560287 sec  <==Synchronization succeeded

Note: ntpdate writes the scheduled task and then synchronizes it regularly. You can also use another method, that is, install the time synchronization service on the client to make 192.168.91.159 its upper time synchronization server, that is, add the following in the configuration file:

server   192.168.91.159  prefer   <==Limited use of this time synchronization service

3, ntp server software architecture

Software related

1. NTP: it is the main software of NTP server, including configuration files and execution files.
2. tzdata: the abbreviation of the software name "Time Zone data", which provides the display format corresponding to each time zone.

Configuration related

1. /etc/ntp.conf: the main and only configuration file of NTP server;
2. /usr/share/zoneinfo /: provided by tzdata. It is the time format corresponding file of each time zone.
3. /etc/sysconfig/clock: configuration file for setting the time ZONE and whether to use UTC time clock. After each boot, Linux will automatically read this file to set the time to be displayed by default! For example, in our local time setting in Taiwan, a line of "ZONE =" Asia/Taipei "should appear in this file, which means that our time configuration file" wants to use the file of / usr/share/zoneinfo/Asia/Taipei "!
4. /etc/localtime: this file is the "local time configuration file"

Case: you are going to the United States. How to change the time

[root@www ntp]# date
2022 Thursday, January 20, 2011 11:43:27 CST  <==CST Time zone

#1. Change / etc/sysconfig/clock to the U.S. time zone. You don't need this file now. Just go to the next step
[root@www ntp]# vi /etc/sysconfig/clock
ZONE="America/New_York" <==It's here

2,change/etc/localtime Local time
[root@www zoneinfo]# ll /etc/localtime 
lrwxrwxrwx. 1 root root 35 7 May 20, 2021 /etc/localtime -> ../usr/share/zoneinfo/Asia/Shanghai
[root@www zoneinfo]# rm -f /etc/localtime 
[root@www zoneinfo]# ln -s /usr/share/zoneinfo/America/New_York /etc/localtime
[root@www zoneinfo]# date
2022 Wednesday, January 19, 2007:05:51 EST

4, Profile interpretation

1. Use restrict to manage permission control

restrict  IP perhaps IP paragraph  mask   [parameter]

Parameters of parameter

• ignore: reject all types of NTP online;
• nomodify: the client cannot change the time parameters of the server, but the client can calibrate the network time through the server
• noquery: the client cannot use ntpq, ntpc and other instructions to query the time server, which is equivalent to not providing NTP network timing
• notrap: it does not provide the function of trap remote event logging.
• Nottrust: deny clients without authentication.

restrict default kod nomodify notrap nopeer noquery <==refuse IPv4 User
restrict -6 default kod nomodify notrap nopeer noquery <==refuse IPv6 User
restrict   192.168.91.177   <==Right 192.168.91.177 There are no restrictions.
restrict 127.0.0.1 <==The following two are the default values to release the local source
restrict -6 ::1
restrict 192.168.100.0 mask 255.255.255.0 nomodify <==Source of release area network

2. Use server to set the upper NTP server

server [IP or hostname] [prefer]

• perfer indicates the server with "priority"

server 220.130.158.71 prefer <==Take this host as the top priority
server 59.124.196.83

# If you cannot communicate with the upper ntp server, take the local time as the standard time
server   127.127.1.0    # local clock
fudge    127.127.1.0 stratum 10

3. Record the time difference in a drivefile

driftfile  File absolute path

1. The file followed by the drivetfile needs to use the full path file name;
2. The file cannot be a linked file;
3. The file needs to be set to ntpd, and the daemon can write to it.
4. The unit of value recorded in this file is millionths of a second (ppm).

4,keys [key_file]

In addition to restricting the client's online access, we can also restrict the client through the key system
Authentication, so that the host can be more assured. But we won't discuss this part in this chapter,
Interested friends can refer to the instructions of NTP keygen.