centos如何搭建ntp服务器(Linux系统搭建NTP服务器-以centos7为例)
首先ssh登录到服务器,获取root权限cat /etc/redhat-release
,下面我们就来聊聊关于centos如何搭建ntp服务器?接下来我们就一起去了解一下吧!
centos如何搭建ntp服务器
Linux系统搭建NTP服务器-以centos7为例
首先ssh登录到服务器,获取root权限。
1.检查服务器版本信息
cat /etc/redhat-release
centos Linux release 7.9.2009 (Core)
2.检查服务器是否安装NTP服务
rpm -qa | grep ntp
fontpackages-filesystem-1.44-8.el7.noarch ntp-4.2.6p5-29.el7.centos.2.x86_64 ntpdate-4.2.6p5-29.el7.centos.2.x86_64
3.安装NTP服务
yum install ntp -y
已加载插件:fastestmirror, langpacks Determining fastest mirrors Could not get metalink https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=x86_64 error was 14: curl#6 - "Could not resolve host: mirrors.fedoraproject.org; 未知的错误"
base: mirrors.aliyun.com
epel: epel.mirror.angkasa.id
extras: mirrors.aliyun.com
updates: mirrors.aliyun.com http://mirrors.aliyun.com/centos/7/os/x86_64/repodata/repomd.xml: [Errno 14] curl#6 - "Could not resolve host: mirrors.aliyun.com; 未知的错误" 正在尝试其它镜像。 http://mirrors.cloud.aliyuncs.com/centos/7/os/x86_64/repodata/repomd.xml: [Errno 14] curl#6 - "Could not resolve host: mirrors.cloud.aliyuncs.com; 未知的错误" 正在尝试其它镜像。 http://mirrors.aliyuncs.com/centos/7/os/x86_64/repodata/repomd.xml: [Errno 14] curl#6 - "Could not resolve host: mirrors.aliyuncs.com; 未知的错误" 正在尝试其它镜像。 http://mirrors.aliyun.com/centos/7/extras/x86_64/repodata/repomd.xml: [Errno 14] curl#6 - "Could not resolve host: mirrors.aliyun.com; 未知的错误" 正在尝试其它镜像。 http://mirrors.cloud.aliyuncs.com/centos/7/extras/x86_64/repodata/repomd.xml: [Errno 14] curl#6 - "Could not resolve host: mirrors.cloud.aliyuncs.com; 未知的错误" 正在尝试其它镜像。 http://mirrors.aliyuncs.com/centos/7/extras/x86_64/repodata/repomd.xml: [Errno 14] curl#6 - "Could not resolve host: mirrors.aliyuncs.com; 未知的错误" 正在尝试其它镜像。 http://mirrors.aliyun.com/centos/7/updates/x86_64/repodata/repomd.xml: [Errno 14] curl#6 - "Could not resolve host: mirrors.aliyun.com; 未知的错误" 正在尝试其它镜像。 http://mirrors.cloud.aliyuncs.com/centos/7/updates/x86_64/repodata/repomd.xml: [Errno 14] curl#6 - "Could not resolve host: mirrors.cloud.aliyuncs.com; 未知的错误" 正在尝试其它镜像。 http://mirrors.aliyuncs.com/centos/7/updates/x86_64/repodata/repomd.xml: [Errno 14] curl#6 - "Could not resolve host: mirrors.aliyuncs.com; 未知的错误" 正在尝试其它镜像。 软件包 ntp-4.2.6p5-29.el7.centos.2.x86_64 已安装并且是最新版本 软件包 ntpdate-4.2.6p5-29.el7.centos.2.x86_64 已安装并且是最新版本 无须任何处理
可能会出现以上情况,这个是dns解析问题,需要设置dns 服务器 按实际情况填写
vim /etc/resolv.conf
#Generated by NetworkManager
nameserver 192.168.2.1 nameserver 218.2.135.1 ~ ~ ~ ~
添加dns即可
设置好正确的dns就可以了
再次执行
yum install ntp -y
base | 3.6 kB 00:00:00 epel | 4.7 kB 00:00:00 extras | 2.9 kB 00:00:00 updates | 2.9 kB 00:00:00 (1/5): epel/x86_64/group_gz | 96 kB 00:00:00 (2/5): epel/x86_64/updateinfo | 1.1 MB 00:00:00 (3/5): epel/x86_64/primary_db | 7.0 MB 00:00:00 (4/5): extras/7/x86_64/primary_db | 246 kB 00:00:00 (5/5): updates/7/x86_64/primary_db | 14 MB 00:00:42 软件包 ntp-4.2.6p5-29.el7.centos.2.x86_64 已安装并且是最新版本 软件包 ntpdate-4.2.6p5-29.el7.centos.2.x86_64 已安装并且是最新版本
等待安装完成。
重复执行
4.配置NTP服务端首先备份一下ntp服务器配置文件执行完成后,执行
cp /etc/ntp.conf /etc/ntp.conf.bak
vim /etc/ntp.conf
进入编辑界面
# For more information about this file, see the man pages# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).driftfile /var/lib/ntp/drift# Permit time synchronization with our time source, but do not# permit the source to query or modify the service on this system.restrict default nomodify notrap nopeer noquery# Permit all access over the loopback interface. This could# be tightened as well, but to do so would effect some of# the administrative functions.restrict 127.0.0.1restrict ::1#允许内网内192.168.2.0 网段的机器同步时间restrict 192.168.2.0 mask 255.255.255.0 nomodify notrap# Hosts on local network are less restricted.#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap# Use public servers from the pool.ntp.org project.# Please consider joining the pool (http://www.pool.ntp.org/join.html).#server 0.centos.pool.ntp.org iburst#server 1.centos.pool.ntp.org iburst#server 2.centos.pool.ntp.org iburst#server 3.centos.pool.ntp.org iburst#定义上层的时间服务器地址,也就是GPS的地址#这里我用的是一个公网的server 203.107.6.88 iburstFudge 203.107.6.88 stratum 10#允许203.107.6.88这个地址更改本机时间restrict 203.107.6.88 notrap noqueryrestrict 203.107.6.88 nomodify notrap noquery#当时间服务器无效时,使用本机的时间作为时间服务器server 127.127.1.0Fudge 127.127.1.0 stratum 10# permit the source to query or modify the service on this system.restrict default nomodify notrap nopeer noquery# Permit all access over the loopback interface. This could# be tightened as well, but to do so would effect some of# the administrative functions.restrict 127.0.0.1restrict ::1#允许内网内192.168.2.0 网段的机器同步时间restrict 192.168.2.0 mask 255.255.255.0 nomodify notrap# Hosts on local network are less restricted.#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap# Use public servers from the pool.ntp.org project.# Please consider joining the pool (http://www.pool.ntp.org/join.html).#server 0.centos.pool.ntp.org iburst#server 1.centos.pool.ntp.org iburst#server 2.centos.pool.ntp.org iburst#server 3.centos.pool.ntp.org iburst#定义上层的时间服务器地址,也就是GPS的地址#这里我用的是一个公网的server 203.107.6.88 iburstFudge 203.107.6.88 stratum 10#允许203.107.6.88这个地址更改本机时间restrict 203.107.6.88 notrap noqueryrestrict 203.107.6.88 nomodify notrap noquery#当时间服务器无效时,使用本机的时间作为时间服务器server 127.127.1.0Fudge 127.127.1.0 stratum 10#broadcast 192.168.1.255 autokey # broadcast server#broadcastclient # broadcast client#broadcast 224.0.1.1 autokey # multicast server#multicastclient 224.0.1.1 # multicast client#manycastserver 239.255.254.254 # manycast server#manycastclient 239.255.254.254 autokey # manycast client# Enable public key cryptography.#cryptoincludefile /etc/ntp/crypto/pw# Key file containing the keys and key identifiers used when operating# with symmetric key cryptography. keys /etc/ntp/keys# Specify the key identifiers which are trusted.#trustedkey 4 8 42# Specify the key identifier to use with the ntpdc utility.#requestkey 8# Specify the key identifier to use with the ntpq utility.#controlkey 8# Enable writing of statistics records.#statistics clockstats cryptostats loopstats peerstats# Disable the monitoring facility to prevent amplification attacks using ntpdc# monlist command when default restrict does not include the noquery flag. See# CVE-2013-5211 for more details.# Note: Monitoring will not be disabled with the limited restriction flag.disable monitorserver 127.127.1.0 iburst
设置完成后,重启NTP服务
5.测试服务器是否正常服务器测试与上层服务器
systemctl restart ntpd
ps -ef |grep ntpd
[root@localhost etc]# ps -ef |grep ntpdntp 3290 1 0 11:25 ? 00:00:00 /usr/sbin/ntpd -u ntp:ntp -groot 4022 31887 0 11:37 pts/0 00:00:00 grep --color=auto ntpd
ntpq -p
remote refid st t when poll reach delay offset jitter==============================================================================*203.107.6.88 100.107.25.114 2 u 2 64 1 23.471 6.077 0.126LOCAL(0) .LOCL. 10 l 11 64 1 0.000 0.000 0.000
Windows客户端测试6.设置开机自动启动ntpd服务
systemctl enable ntp
重启验证
systemctl status ntpd
如果成功 如下加粗字体"active(running)"
● ntpd.service - Network Time Service Loaded: loaded (/usr/lib/systemd/system/ntpd.service; enabled; vendor preset: disabled) Active: active (running) since 三 2022-03-16 13:58:59 CST; 2min 31s ago Process: 949 ExecStart=/usr/sbin/ntpd -u ntp:ntp $OPTIONS (code=exited, status=0/SUCCESS) Main PID: 966 (ntpd) Tasks: 1 CGroup: /system.slice/ntpd.service └─966 /usr/sbin/ntpd -u ntp:ntp -g
3月 16 13:58:57 localhost.localdomain ntpd[966]: 0.0.0.0 c016 06 restart 3月 16 13:58:57 localhost.localdomain ntpd[966]: 0.0.0.0 c012 02 freq_set kernel 1.633 PPM 3月 16 13:58:59 localhost.localdomain ntpd[966]: 0.0.0.0 c515 05 clock_sync 3月 16 13:58:59 localhost.localdomain systemd[1]: Started Network Time Service. 3月 16 13:59:03 localhost.localdomain ntpd[966]: Listen normally on 4 ens192 192.168.2.100 UDP 123 3月 16 13:59:03 localhost.localdomain ntpd[966]: Listen normally on 5 ens192 fe80::3a3a:3d77:52d4:d937 UDP 123 3月 16 13:59:03 localhost.localdomain ntpd[966]: new interface(s) found: waking up resolver 3月 16 13:59:09 localhost.localdomain ntpd[966]: Listen normally on 6 virbr0 192.168.122.1 UDP 123 3月 16 13:59:09 localhost.localdomain ntpd[966]: new interface(s) found: waking up resolver 3月 16 14:00:03 localhost.localdomain ntpd[966]: 0.0.0.0 0613 03 spike_detect -22.010853 s
如果失败 如下所示
● ntpd.service - Network Time Service Loaded: loaded (/usr/lib/systemd/system/ntpd.service; enabled; vendor preset: disabled) Active: inactive (dead)
如果失败需要关闭chronyd服务
systemctl disable chronyd
Removed symlink /etc/systemd/system/multi-user.target.wants/chronyd.service.
disabled
重启验证
,
免责声明:本文仅代表文章作者的个人观点,与本站无关。其原创性、真实性以及文中陈述文字和内容未经本站证实,对本文以及其中全部或者部分内容文字的真实性、完整性和原创性本站不作任何保证或承诺,请读者仅作参考,并自行核实相关内容。文章投诉邮箱:anhduc.ph@yahoo.com