ubuntu下配置时间同步NTP
1参考⽂献:
1.鸟哥的Linux私房菜:(强烈建议看完)
2架构
Stratum 1/2 Internet NTP Server
Stratum 3 公司防⽕墙(防⽕墙带有ntp功能,并且能够连接外⽹)
Stratum 4 ⾃⼰搭建ntp server(跟公司防⽕墙的ntp server对时,这样的好处有两个,⼀是降低了防⽕墙的压⼒,⼆是降低耦合性,防⽌因为防⽕墙的变更⽽带来更多的改动)
Stratum 5 公司内的各台机器,相当于是⼀个ntp client。
3安装
3.1在线安装
ntp在线安装的⽅式很简单,只需要执⾏以下命令即可帮你安装好ntp以及所有的依赖包
sudo apt-get install ntp
3.2离线安装
  对于下载的deb包,我们使⽤dpkg安装包来安装,先安装依赖包,最后安装程序包。具体安装过程如下:
root@BJCGNMON01:/var/cache/apt/archives# dpkg  -i  libopts25_1%3a5.12-0.1ubuntu1_amd64.deb
Selecting previously unselected package libopts25.
(Reading database ... 51276 files and directories currently installed.)
Unpacking libopts25 (from libopts25_1%3a5.12-0.1ubuntu1_amd64.deb) ...
Setting up libopts25 (1:5.12-0.1ubuntu1) ...
Processing triggers for libc-bin ...
ldconfig deferred processing now taking place
root@BJCGNMON01:/var/cache/apt/archives# dpkg  -i  ntp_1%3a4.2.6.p3+dfsg-1ubuntu3.1_amd64.deb
(Reading database ... 51324 files and directories currently installed.)
Preparing to replace ntp 1:4.2.6.p3+dfsg-1ubuntu3.1 (using ntp_1%3a4.2.6.p3+dfsg-1ubuntu3.1_amd64.deb) ...
Unpacking replacement ntp ...
Setting up ntp (1:4.2.6.p3+dfsg-1ubuntu3.1) ...
* Starting NTP server ntpd
...done.
Processing triggers for ureadahead ...
ureadahead will be reprofiled on next reboot
Processing triggers for man-db ...
  当然还有更加简单的⽅法,将下载的deb包拷贝到/var/cache/apt/archives⽬录下,然后在执⾏⼀下命令同样可以安装。
sudo apt-get install ntp
安装完毕以后我们可以查看服务是否启动,执⾏以下命令:
enadmin@ubuntu-server:~/ftp/ntp_ubuntu$ service --status-all
[ ? ]  acpid
[ ? ]  apache
[ + ]  apache2
[ - ]  apparmor
[ ? ]  apport
[ ? ]  atd
[ - ]  bootlogd
[ ? ]  console-setup
[ ? ]  cron
[ ? ]  dbus
[ ? ]  dmesg
[ ? ]  dns-clean
[ ? ]  friendly-recovery
[ - ]  grub-common
[ ? ]  hostname
[ ? ]  hwclock
[ ? ]  hwclock-save
[ ? ]  irqbalance
[ ? ]  killprocs
[ ? ]  module-init-tools
[ ? ]  mysql
[ + ]  nagios
[ + ]  nagios-bak
[ ? ]  network-interface
[ ? ]  network-interface-container
[ ? ]  network-interface-security
[ ? ]  networking
[ + ]  ntp
[ ? ]  ondemand
可以看到ntp服务已经启动([+]表⽰已经启动。)
4配置⽂件/f解析
sudo vim /f
这个⽂件是配置ntp最重要的⼀个⽂件,也是ntp配置过程中的唯⼀难点,之前⼀直不知道这个配置问价当中配置选项的含义,所以⼀直⽆从下⼿。
4.1配置上层server
利⽤ server关键字设定上层 NTP 服务器,上层 NTP 服务器的设定⽅式为:
server [IP or hostname] [prefer]ubuntu vim命令
在 server 后端可以接 IP 或主机名,个⼈⽐较喜欢使⽤ IP 来设定, perfer 表⽰『优先使⽤』的服务器。
4.2利⽤ restrict 来管理权限控制
在 f 档案内可以利⽤『 restrict 』来控管权限,这个参数的设定⽅式为:
restrict [IP] mask [netmask_IP] [parameter]
其中 parameter 的参数主要有底下这些:
ignore:拒绝所有类型的 NTP 联机;
nomodify:客户端不能使⽤ ntpc 与 ntpq 这两⽀程序来修改服务器的时间参数,但客户端仍可透过这部主机来进⾏⽹络校时的;
noquery:客户端不能够使⽤ ntpq, ntpc 等指令来查询时间服务器,等于不提供 NTP 的⽹络校时;
notrap:不提供 trap 这个远程事件登录 (remote event logging) 的功能。
notrust:拒绝没有认证的客户端。
如果你没有在 parameter 的地⽅加上任何参数的话,这表⽰『该 IP 或⽹段不受任何限制』。⼀般来说,我们可以先关闭 NTP 的权限,然后再⼀个⼀个的启⽤允许登⼊的⽹段。
ntp server配置
ntp server的需求:
1. 我的上层 NTP 服务器共只有防⽕墙的ntp server:10.138.16.251。
2. 不对Internet 提供服务,仅允许来⾃内部⽹域10.138.0.0/255.255.0.0的查询⽽已;
3. 侦测⼀些 BIOS 时钟与 Linux 系统时间的差异并写⼊ /var/lib/ntp/drift 档案当中。
# /f, configuration for ntpd; f(5) for help
driftfile /var/lib/ntp/ntp.drift #草稿⽂件
#⽇志⽂件
statsdir /var/log/ntpstats/
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
#上层ntp server
server 10.138.16.251 prefer
#让NTP Server和其⾃⾝保持同步,如果在/f中定义的server都不可⽤时,将使⽤local时间作为ntp服务提供给ntp客户端
server 127.127.1.0
fudge 127.127.1.0 stratum 5
#不允许来⾃公⽹上ipv4和ipv6客户端的访问
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery
#运⾏上层ntp server的所有权限
restrict 10.138.16.251
#允许这个⽹段的对时请求
restrict 10.138.0.0 mask 255.255.0.0 nomodify
# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1
使⽤ ntpd渐进式更新时间
ntp⼜是服务器,⼜是客户端,只需要通过配置即可。上⾯我们将10.138.16.232配置成了ntp服务器,下⾯这台服务器我们以10.138.16.232作为ntp服务器配置client。
# /f, configuration for ntpd; f(5) for help
driftfile /var/lib/ntp/ntp.drift
# Enable this if you want statistics to be logged.
#statsdir /var/log/ntpstats/
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
# Specify one or more NTP servers.
# Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board
# on 2011-02-08 (LP: #104525). See p.org/join.html for
# more information.
#server 0.p.org
#server 1.p.org
#server 2.p.org
#server 3.p.org
# Use Ubuntu's ntp server as a fallback.
#server ntp.ubuntu
server 10.138.16.251 prefer
server 127.127.1.0
fudge 127.127.1.0 stratum 10
# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
# details.  The web page </bin/view/Support/AccessRestrictions>
# might also be helpful.
#
# Note that "restrict" applies to both servers and clients, so a configuration
# that might be intended to block requests from certain clients could also end
# up blocking replies from your own upstream servers.
# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery
restrict 10.138.16.251
restrict 10.138.0.0 mask 255.255.0.0 nomodify
# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1
# Clients from this (example!) subnet have unlimited access, but only if
# cryptographically authenticated.
#restrict 192.168.123.0 mask 255.255.255.0 notrust
# If you want to provide time to your local subnet, change the next line.
# (Again, the address is an example only.)
#broadcast 192.168.123.255
# If you want to listen to time broadcasts on your local subnet, de-comment the
# next lines.  Please do this only if you trust everybody on the network!
#disable auth
#broadcastclient
使⽤ntpdate更新时间
在客户端只需要运⾏⼀下命令接⼝进⾏对时操作
sudo ntpdate 10.138.16.232
ntpdate命令是要在ntp进程退出的情况下执⾏,如果执⾏上述命令出错,那么请先关闭ntp进程,具体操作⽇下所⽰:root@BJCGNMON01:/etc/init.d# ntpdate 10.138.16.232
27 Feb 14:59:32 ntpdate[18546]: the NTP socket is in use, exiting
root@BJCGNMON01:/etc/init.d# service ntp stop
* Stopping NTP server ntpd
...done.
root@BJCGNMON01:/etc/init.d# ntpdate 10.138.16.232
27 Feb 14:58:13 ntpdate[18557]: step time server 10.138.16.232 offset -98.402560 sec
如果是windows操作系统,按照参考⽂献1进⾏修改。

版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。