ntp实现多台服务器时间同步[实测]

需求：最近发现多个服务器之间的时间不一致，导致很多问题。
解决：使用ntp实现多台服务器时间同步
[ntp] 网络时间协议，英文名称：Network Time Protocol（NTP）
概念：是用来使计算机时间同步化的一种协议，它可以使计算机对其服务器或时钟源（如石英钟，GPS等等)做同步化，它可以提供高精准度的时间校正（LAN上与标准间差小于1毫秒，WAN上几十毫秒），且可介由加密确认的方式来防止恶毒的协议攻击。NTP的目的是在无序的Internet环境中提供精确和健壮的时间服务。

start

前景
如果是多台的话选择一台机器为主节点，其他的为从节点，主节点用来同步从节点时间。

安装

搭建主节点时间服务器
需要手动安装ntp服务，这个服务有的linux版本上会默认装上，我们可以通过如下命令来查看是否有装上
rpm -qa | grep ntp

[root@localhost etc]# rpm -qa |grep ntpfontpackages-filesystem-1.44-8.el7.noarchntp-4.2.6p5-29.el7.centos.2.x86_64ntpdate-4.2.6p5-29.el7.centos.2.x86_64

出现以上，说明已安装
如果没有的话手动安装一下即可

1、yum list | grep ntp
2、yum -y install ntp.x86_64
或者 yum install ntp –y

配置文件路径

  /etc/ntp.conf

编辑文件

vi /etc/ntp.conf

# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).driftfile /var/lib/ntp/drift# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify notrap nopeer noquery# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
# 这个默认是关闭的，注意要打开，不然执行nptd 命令会超时
# 因为是内网，所以用本地时间做为服务器时间
restrict 127.0.0.1
restrict ::1# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst#inux自带的时间同步，需要注释掉
#broadcast 192.168.1.255 autokey        # broadcast server
#broadcastclient                        # broadcast client
#broadcast 224.0.1.1 autokey            # multicast server
#multicastclient 224.0.1.1              # multicast client
#manycastserver 239.255.254.254         # manycast server
#manycastclient 239.255.254.254 autokey # manycast client# Enable public key cryptography.
#cryptoincludefile /etc/ntp/crypto/pw# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys# Specify the key identifiers which are trusted.
#trustedkey 4 8 42# Specify the key identifier to use with the ntpdc utility.
#requestkey 8# Specify the key identifier to use with the ntpq utility.
#controlkey 8# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor
# 代表允许的网段，设置自己的网段，在这个网段的所有机器都可以作为时间同步服务端
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
server  127.127.1.0
fudge   127.127.1.0 stratum 10

restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap代表允许192.168网段的服务器与此服务器进行时间同步
然后保存 :wq!

开启服务

service ntpd start   或者 systemctl start ntpd

设置开机自启

chkconfig ntpd on

放行端口123

需要对ntp的默认端口123进行放行，这个要配，或者你关闭了防火墙，否则会报错，
问题：不开启会报 no server suitable for synchronization found 错误

iptables -I INPUT -p tcp --dport 123 -j ACCEPT

查看端口占用
sudo lsof -i -P -n
-i：如果没有指定IP地址，这个选项选择列出所有网络文件
-P：禁止将端口号转换为端口名称, 如 3306 转为 MySQL
-n：禁止IP转换为hostname，缺省是不加上-n参数

查看状态

service ntpd status 或者 systemctl status ntpd 或者 /etc/init.d/ntpd start

停止

service ntpd stop 或者 systemctl stop ntpd

配置客户端（从节点）

安装按以上步骤

编辑配置文件

vi /etc/ntp.conf

# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).driftfile /var/lib/ntp/drift# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify notrap nopeer noquery# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict ::1# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst#broadcast 192.168.1.255 autokey        # broadcast server
#broadcastclient                        # broadcast client
#broadcast 224.0.1.1 autokey            # multicast server
#multicastclient 224.0.1.1              # multicast client
#manycastserver 239.255.254.254         # manycast server
#manycastclient 239.255.254.254 autokey # manycast client# Enable public key cryptography.
#cryptoincludefile /etc/ntp/crypto/pw# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys# Specify the key identifiers which are trusted.
#trustedkey 4 8 42# Specify the key identifier to use with the ntpdc utility.
#requestkey 8# Specify the key identifier to use with the ntpq utility.
#controlkey 8# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor
restrict 192.168.54.0 mask 255.255.255.0 nomodify notrap
#server  127.127.1.0server  192.168.54.xxx  #增加主服务器ip即可
#fudge   127.127.1.0 stratum 10fudge   192.168.54.xxx startum 10  #设置stratum级别

保存退出：:wq!

注意

如果想要让ntp同时同步硬件时间，可设置

vi /etc/sysconfig/ntpd

添加【SYNC_HWCLOCK=yes】就可以让硬件时间与系统时间一起同步

启动

service ntpd status
service ntpd start
service ntpd restart

查看是否会定时同步

ntpq -p

[root@minio3 etc]# ntpq -premote           refid      st t when poll reach   delay   offset  jitter
==============================================================================192.168.54.xxx  LOCAL(0)        11 u   55   64    7    0.260   -0.001   0.026

remote 就是配置的远程地址
when就代表上次同步距离现在的时间，通过这个时间久可以判断是否有在自动同步。

设置自启动

chkconfig ntpd on

可尝试立即同步

ntpdate -d 192.168.54.xxx  主服务器地址

[root@minio3 etc]# ntpdate -d 192.168.54.xxx
31 May 16:51:36 ntpdate[23931]: ntpdate 4.2.6p5@1.2349-o Tue Jun 23 15:38:19 UTC 2020 (1)
Looking for host 192.168.54.xxx and service ntp
host found : 192.168.54.xxx
transmit(192.168.54.xxx)
receive(192.168.54.xxx)
transmit(192.168.54.xxx)
receive(192.168.54.xxx)
transmit(192.168.54.xxx)
receive(192.168.54.xxx)
transmit(192.168.54.xxx)
receive(192.168.54.xxx)
server 192.168.54.xxx, port 123
stratum 11, precision -24, leap 00, trust 000
refid [192.168.54.xxx], delay 0.02582, dispersion 0.00130
transmitted 4, in filter 4
reference time:    e640558a.4c2701f9  Tue, May 31 2022 16:51:22.297
originate timestamp: e64055b2.98e02642  Tue, May 31 2022 16:52:02.597
transmit timestamp:  e64055b2.77791f84  Tue, May 31 2022 16:52:02.466
filter delay:  0.02614  0.02582  0.02647  0.02589 0.00000  0.00000  0.00000  0.00000
filter offset: 0.127412 0.128211 0.128878 0.1302580.000000 0.000000 0.000000 0.000000
delay 0.02582, dispersion 0.00130
offset 0.12821131 May 16:52:02 ntpdate[23931]: adjust time server 192.168.54.xxx offset 0.128211 sec

修改系统时间（可在主节点设置，从节点查看效果）

date -s '2022-04-29 10:39:00'
clock -w    强制将时间写入coms同步bios时间,强制把系统时间写入CMOS：