1, server side configuration
Install the time synchronization server. There are no special requirements and there is no need to change the configuration. Server ip: 192.168.91.159
[root@www zoneinfo]# yum -y install ntp [root@www zoneinfo]# systemctl start ntpd #Change the configuration file and add the following two items [root@www ntp]# vi /etc/ntp.conf # If you cannot communicate with the upper ntp server, take the local time as the standard time server 127.127.1.0 # local clock fudge 127.127.1.0 stratum 10 #log file logfile /var/log/ntp.log [root@www ntp]# systemctl restart ntpd Note: the server installation is completed
Check whether to synchronize your own time with the upper level time synchronization server
[root@www zoneinfo]# Ntpstat < = = do you want to synchronize your own time with the upper time synchronization server synchronised to NTP server (185.209.85.222) at stratum 3 time correct to within 209 ms <==Correction 109 * 10^(-3) polling server every 64 s <==Calibrate every 64 seconds
ntpq -p can list the current status of our NTP and related upper NTP
[root@www zoneinfo]# ntpq -p remote refid st t when poll reach delay offset jitter ============================================================================== +119.28.183.184 100.122.36.4 2 u 20 64 137 48.450 -48.957 17.425 -time.cloudflare 10.4.3.52 3 u 12 64 373 177.269 -18.407 23.787 *stratum2-1.ntp. 195.91.239.8 2 u 12 64 373 133.322 -38.504 25.433 +ntp7.flashdance 192.36.143.150 2 u 15 64 107 302.819 -27.658 27.421
- remote: that is, the IP or host name of the NTP host. Note the leftmost symbol
-If there is "*", it represents the upper NTP currently in action
-If it is [ + ], it means that there is also online connection, and it can be used as the next candidate to provide time update. - refid: refers to the address of the NTP host on the upper layer
- st: stratum class
- when: time synchronization update was performed a few seconds ago;
- poll: the next update is in a few seconds;
- reach: the number of times updates have been requested from the upper NTP server
- Delay: delay time during network transmission, unit: 10 ^ (- 6) seconds
- offset: the result of time compensation, in 10 ^ (- 3) seconds
- jitter: the difference time between Linux system time and BIOS hardware time, in 10 ^ (- 6) seconds.
2, client side configuration
[root@master ~]# yum -y install ntpdate [root@master ~]# ntpdate 192.168.91.159 20 Jan 11:04:41 ntpdate[1323]: no server suitable for synchronization found <==This is because the server has not completed the upper layer synchronization [root@master ~]# ntpdate 192.168.91.159 20 Jan 11:07:17 ntpdate[1324]: step time server 192.168.91.159 offset -0.560287 sec <==Synchronization succeeded
Note: ntpdate writes the scheduled task and then synchronizes it regularly. You can also use another method, that is, install the time synchronization service on the client to make 192.168.91.159 its upper time synchronization server, that is, add the following in the configuration file:
server 192.168.91.159 prefer <==Limited use of this time synchronization service
3, ntp server software architecture
Software related
- NTP: it is the main software of NTP server, including configuration files and execution files.
- tzdata: the abbreviation of the software name "Time Zone data", which provides the display format corresponding to each time zone.
Configuration related
- /etc/ntp.conf: the main and only configuration file of NTP server;
- /usr/share/zoneinfo /: provided by tzdata. It is the time format corresponding file of each time zone.
- /etc/sysconfig/clock: configuration file for setting the time ZONE and whether to use UTC time clock. After each boot, Linux will automatically read this file to set the time to be displayed by default! For example, in our local time setting in Taiwan, a line of "ZONE =" Asia/Taipei "should appear in this file, which means that our time configuration file" wants to use the file of / usr/share/zoneinfo/Asia/Taipei "!
- /etc/localtime: this file is the "local time configuration file"
Case: you are going to the United States. How to change the time
[root@www ntp]# date 2022 Thursday, January 20, 2011 11:43:27 CST <==CST Time zone #1. Change / etc/sysconfig/clock to the U.S. time zone. You don't need this file now. Just go to the next step [root@www ntp]# vi /etc/sysconfig/clock ZONE="America/New_York" <==It's here 2,change/etc/localtime Local time [root@www zoneinfo]# ll /etc/localtime lrwxrwxrwx. 1 root root 35 7 May 20, 2021 /etc/localtime -> ../usr/share/zoneinfo/Asia/Shanghai [root@www zoneinfo]# rm -f /etc/localtime [root@www zoneinfo]# ln -s /usr/share/zoneinfo/America/New_York /etc/localtime [root@www zoneinfo]# date 2022 Wednesday, January 19, 2007:05:51 EST
4, Profile interpretation
1. Use restrict to manage permission control
restrict IP perhaps IP paragraph mask [parameter]
Parameters of parameter
- ignore: reject all types of NTP online;
- nomodify: the client cannot change the time parameters of the server, but the client can calibrate the network time through the server
- noquery: the client cannot use ntpq, ntpc and other instructions to query the time server, which is equivalent to not providing NTP network timing
- notrap: it does not provide the function of trap remote event logging.
- Nottrust: deny clients without authentication.
restrict default kod nomodify notrap nopeer noquery <==refuse IPv4 User restrict -6 default kod nomodify notrap nopeer noquery <==refuse IPv6 User restrict 192.168.91.177 <==Right 192.168.91.177 There are no restrictions. restrict 127.0.0.1 <==The following two are the default values to release the local source restrict -6 ::1 restrict 192.168.100.0 mask 255.255.255.0 nomodify <==Source of release area network
2. Use server to set the upper NTP server
server [IP or hostname] [prefer]
- perfer indicates the server with "priority"
server 220.130.158.71 prefer <==Take this host as the top priority server 59.124.196.83 # If you cannot communicate with the upper ntp server, take the local time as the standard time server 127.127.1.0 # local clock fudge 127.127.1.0 stratum 10
3. Record the time difference in a drivefile
driftfile File absolute path
- The file followed by the drivetfile needs to use the full path file name;
- The file cannot be a linked file;
- The file needs to be set to ntpd, and the daemon can write to it.
- The unit of value recorded in this file is millionths of a second (ppm).
4,keys [key_file]
In addition to restricting the client's online access, we can also restrict the client through the key system
Authentication, so that the host can be more assured. But we won't discuss this part in this chapter,
Interested friends can refer to the instructions of NTP keygen.