NTP network time synchronization server

1, Time zone concept

UTC(Universal Time Coordinated)

World coordinated time; The time obtained through rigorous calculation is accurate to seconds, and the error is within 0.9s, which is a more accurate world time than GMT.

GMT(Greenwich Mean Time)

gmt; Greenwich, London, UK, is defined as the place where the 0 ° longitude begins. The earth is divided into a time zone every 15 ° longitude, which is divided into 24 time zones, with a difference of one hour between adjacent time zones; Example: Beijing, China is located in Dongba district. GMT time is 8 hours slower than Beijing time.

CST:

CST can represent the following four different time zones at the same time
Central Standard Time (USA) UT-6:00 US standard time
Central Standard Time (Australia) UT+9:30 Australian standard time
China Standard Time UT+8:00
Cuba Standard Time UT-4:00 Cuba standard time

DST(Daylight Saving Time)

Save time in summer, i.e. daylight saving time; It is to adjust the time one hour earlier in order to make use of the sufficient light in summer. Many countries in North America and Europe implement daylight saving time;

2, ntp seerver setup

1. Time zone setting

[root@localhost ~]# timedatectl
[root@localhost ~]# timedatectl list-timezones
[root@localhost ~]# timedatectl set-timezone Asia/Shanghai

2. ntp server setup

Check to see if it is installed
[root@localhost ~]# rpm -q ntp

install
[root@localhost ~]# yum install ntp -y

Manual synchronization time
[root@localhost ~]# ntpdate -u cn.pool.ntp.org

3. Modify ntp configuration

[root@localhost ~]# vim /etc/ntp.conf
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).

driftfile /var/lib/ntp/drift

# Add: log directory
logfile /var/log/ntpd.log

# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify notrap nopeer noquery

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1 
restrict ::1

# New: all machines in the 172.16.128.0 network segment are authorized to query and synchronize time from this machine
restrict 172.16.128.0 mask 255.255.255.0 nomodify notrap

# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
# Modifying: time server list
server 0.cn.pool.ntp.org iburst
server 1.cn.pool.ntp.org iburst
server 2.cn.pool.ntp.org iburst
server 3.cn.pool.ntp.org iburst

# New: use local time when external time is unavailable
server 172.16.128.171 iburst
fudge 127.0.0.1 stratum 10

#broadcast 192.168.1.255 autokey	# broadcast server
#broadcastclient			# broadcast client
#broadcast 224.0.1.1 autokey		# multicast server
#multicastclient 224.0.1.1		# multicast client
#manycastserver 239.255.254.254		# manycast server
#manycastclient 239.255.254.254 autokey # manycast client

# New: allows the upper layer time server to actively modify the local time
restrict 0.cn.pool.ntp.org nomodify notrap noquery
restrict 1.cn.pool.ntp.org nomodify notrap noquery
restrict 2.cn.pool.ntp.org nomodify notrap noquery

# Enable public key cryptography.
#crypto

includefile /etc/ntp/crypto/pw

# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography. 
keys /etc/ntp/keys

# Specify the key identifiers which are trusted.
#trustedkey 4 8 42

# Specify the key identifier to use with the ntpdc utility.
#requestkey 8

# Specify the key identifier to use with the ntpq utility.
#controlkey 8

# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats

# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor

4. Start service

[root@localhost ~]# systemctl enable ntpd
[root@localhost ~]# systemctl start ntpd

5. View synchronization status

[root@localhost ~]# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*114.118.7.161   123.139.33.3     2 u   36   64   77   23.196    6.770   1.028
+120.25.115.20   10.137.53.7      2 u   24   64   77   20.913    6.897   1.506
-139.199.215.251 100.122.36.196   2 u   22   64   77   21.854    8.122   1.458
-119.28.183.184  100.122.36.196   2 u   19   64   77   33.594    4.266   2.011
+ntp6.flashdance 194.58.202.148   2 u   91   64   72  268.044    6.483   1.516
+119.28.206.193  100.122.36.4     2 u   20   64   77   32.332    7.080   1.344
[root@localhost ~]# ntpstat 
synchronised to NTP server (114.118.7.161) at stratum 3
   time correct to within 996 ms
   polling server every 64 s
ntpq -p detailed explanation
  • remote: the name of the NTP server that responded to this request.
  • refid: the upper level NTP server used by the NTP server.
  • st: level of remote server. The server level is set to 1 - 16 from high to low. In order to reduce the load and network congestion, it is recommended to avoid directly connecting to the server level 1 in principle.
  • t: u: unicast, b: broadcast, l: local clock
  • when: the number of seconds since the last successful request.
  • Poll: how often the local machine and remote server synchronize (in seconds). When NTP is initially running, the poll value will be relatively small and the frequency of synchronization with the server will increase. It is recommended to adjust to the correct time range as soon as possible. After adjustment, the poll value will gradually increase and the synchronization frequency will decrease accordingly.
  • Reach: octal value, used to test whether it can connect to the server. Each time a successful connection is made, the value of reach will increase.
  • delay: send the synchronization request from the local machine to the round trip time of the NTP server.
  • Offset: the time offset between the host and the synchronized time source through NTP clock, in milliseconds (ms). The closer the offset is to 0, the closer the time between the host and the NTP server is.
  • Jitter: the value used for statistics. Statistics the distribution of offset s in a specific number of consecutive connections. That is, the smaller the absolute value of the jitter value, the more accurate the time of the host.
Detailed explanation of remote status identification
  • Empty: indicates a host without remote communication
  • x: No longer used
  • -: no longer used
  • #: good remote node or server but not used
  • +: good and preferred remote node or server
  • *****: the remote node or server that is currently the priority primary synchronization object
  • o: PPS node (when the priority node is valid). The actual system synchronization is derived from the pulse per second (PPS), which may be driven by the PPS clock or through the kernel interface

3, Client synchronization - ntpd mode

1. centos7

[root@centos7 ~]# vim /etc/ntp.conf
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server ntpserver iburst

[root@centos7 ~]# vim /etc/hosts
172.27.9.131    ntpserver

[root@centos7 ~]# systemctl enable ntpd
[root@centos7 ~]# systemctl start ntpd

[root@centos7 ~]# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*ntpserver       114.118.7.161    3 u    1   64    3    0.221   12.641   0.495

[root@centos7 ~]# ntpstat 
synchronised to NTP server (172.27.9.131) at stratum 4
   time correct to within 1049 ms
   polling server every 64 s

2. ubuntu1604

root@ubuntu1604:~# view /etc/hosts
172.27.9.131    ntpserver

root@ubuntu1604:~# apt install -y ntp

root@ubuntu1604:~# view /etc/ntp.conf
server ntpserver iburst

root@ubuntu1604:~# systemctl enable ntp
ntp.service is not a native service, redirecting to systemd-sysv-install
Executing /lib/systemd/systemd-sysv-install enable ntp
root@ubuntu1604:~# systemctl start ntp

root@ubuntu1604:~# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*ntpserver       114.118.7.161    3 u   51   64  377    0.254   -4.194   1.090

4, Client synchronization -- ntpdate service mode

[root@centos ~]# sed -i.bak '/centos.pool.ntp.org/s/^/#/' /etc/ntp.conf
[root@centos ~]# sed -i.bak '/driftfile/i server ntpserver iburst' /etc/ntp.conf
[root@centos ~]# sed -i.bak '$a 172.27.9.131    ntpserver' /etc/hosts

[root@centos ~]# systemctl enable ntpdate
[root@centos ~]# systemctl start ntpdate

5, Client synchronization -- ntpdate command mode

[root@centos7 ~]# systemctl stop ntpd

[root@centos7 ~]# ntpdate ntpserver
7 Nov 16:33:02 ntpdate[2618]: adjust time server 172.27.9.131 offset -0.002048 sec

[root@centos7 ~]# crontab -l
0 1 * * * /usr/sbin/ntpdate ntpserver

Tags: Linux Operation & Maintenance cloud computing

Posted on Wed, 01 Dec 2021 00:39:55 -0500 by teddyjas