由于ntp服务和ntpdate互相冲突,因此如果需要通过ntpd服务来同步时间或者作为时间同步服务器,需要关闭ntpdate的定时任务

安装ntp服务

仅需要ntp服务端安装

1
yum install -y ntp

如果没有网络,也可以使用rpm包安装

1
rpm -ivh ntp-4.2.6p5-29.el7.centos.2.x86_64.rpm

修改ntp配置

1
vim /etc/ntp.conf

注释掉默认的server,使用本地时间server 127.127.1.0,(固定值,非局域网ip)

如果能连上公网,可以增加一个上游时间服务server ntp.aliyun.com

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).

driftfile /var/lib/ntp/drift
# 防止时间偏差大于1000s ntp不工作
tinker  panic  0
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify notrap nopeer noquery

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1 
restrict ::1

# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server ntp.aliyun.com
server 127.127.1.0

#broadcast 192.168.1.255 autokey        # broadcast server
#broadcastclient                        # broadcast client
#broadcast 224.0.1.1 autokey            # multicast server
#multicastclient 224.0.1.1              # multicast client
#manycastserver 239.255.254.254         # manycast server
#manycastclient 239.255.254.254 autokey # manycast client

# Enable public key cryptography.
#crypto

includefile /etc/ntp/crypto/pw

# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography. 
keys /etc/ntp/keys

# Specify the key identifiers which are trusted.
#trustedkey 4 8 42

# Specify the key identifier to use with the ntpdc utility.
#requestkey 8

# Specify the key identifier to use with the ntpq utility.
#controlkey 8

# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats

# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor
1
2
3
4
5
启用ntp
systemctl start ntpd

开机自启动
systemctl enable ntpd

一些常见问题

开机无法自启动

调整chronyd,防止冲突导致ntpd无法开机自启

1
systemctl disable chronyd

主机时间偏差大于1000s无法启动

1
2
3
4
5
6
7
systemctl status ntpd

Apr 28 11:50:08 jianghuihui02 ntpd[6145]: 0.0.0.0 c617 07 panic_stop -2510 s; set clock manually within 1000 s.
Apr 28 11:50:08 jianghuihui02 systemd[1]: ntpd.service: main process exited, code=exited, status=255/n/a
Apr 28 11:50:08 jianghuihui02 systemd[1]: Unit ntpd.service entered failed state.
Apr 28 11:50:08 jianghuihui02 systemd[1]: ntpd.service failed.
客户端的时间与服务端的时间超过1000s,那么ntp进程就会退出并在系统日志文件中记录。

解决方法:
在配置文件 / etc/ntp.conf 中增加一行:

1
2
tinker  panic  0
使ntp在时间差较大时依然工作

查看ntp状态

ntpq -p

1
2
3
4
5
[root@master192 ~]# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 LOCAL(0)        .LOCL.           5 l 123m   64    0    0.000    0.000   0.000
*203.107.6.88    10.137.38.86     2 u  171  256  377   25.486   -0.175   0.451

ntpq -p命令列出了所有作为时钟源校正过本地NTP服务器时钟上层NTP服务器的列表,每一列的含义分别如下:

remote:响应请求的NTP服务器的名称(IP地址或域名),带“*”的表示本地NTP服务器与该服务器同步

refid:远程NTP服务器使用的上一级ntp服务器的IP地址

st:远程NTP服务器的级别,由于NTP是层级结构,有顶端的服务器,多层的Relay Server再到客户端。所以服务器从高到低,级别可以设定为1~16级。为了减缓负荷和网络堵塞,原则上应该避免直接连接到级别为1的服务器。

t:本地NTP服务器与远程NTP服务器的通信方式。u:单播;b:广播;I:本地

when:上次成功请求后到现在的秒数

poll:本地NTP服务器与远程NTP服务器同步的时间间隔。

reach:这是一个八进制的值,用来测试衡量前八次查询是否成功和服务器连接。377表示都成功,0表示不成功

delay:网络延时,单位为微秒(μs)

offset:本地NTP服务器与远程NTP服务器的时间偏移,单位为毫秒(ms)。offset越接近于0,主机与NTP服务器的时间越接近

jitter:查询偏差的分布值,用于表示远程NTP的网络延时是否稳定,单位为微秒(μs)。

ntpstat

1
2
3
4
[root@master192 ~]# ntpstat
synchronised to NTP server (203.107.6.88) at stratum 3
   time correct to within 46 ms
   polling server every 256 s

安装ntpdate客户端

如果需要其他节点以ntp服务端作为基准来同步时间,可以安装ntpdate来作为客户端同步时间

1
2
yum install -y ntpdate
或者rmp -ivh ntpdate-4.2.6p5-29.el7.centos.2.x86_64.rpm
1
2
3
4
5
6
# 测试一下ntpdate ntpd主机ip
ntpdate 10.109.100.211

# 通过定时任务执行时间同步
crontab -e
0 */1 * * * /usr/sbin/ntpdate 10.109.100.211