Author: Liangshang Feng screen name: Mr. Nice / longfei original source: www.chinaunix.net reference documentation: http: //www.chinalinuxpub.com/read.htm id = 1337 http://www.fengnet.com/showart?. ASP? ART_ID = 395 & cat_id = 10 http://chinaUnix.net/jh/6/16555.html Thanks to the foregoing reproduced please keep the above information ================== ============================================================================================================================================================================================================= ===== Spring is coming to spring, a blink of an eye has been mixed in Cu for a year. In this year, I learned a lot in Cu, thanks to Cu, thank you for your support and care. I am doing technology, thinking about writing a technical document to commemorate this special day. Leisure less, the words retired. I. Time Server Settings (here we use NTP: Network Time Protocol) Time Server Instant Server. We often find that the server is incorrect, which will affect our app, sometimes there will even bring some adverse consequences. For example, affect our backup, affect our database update, etc. The more common solution is to synchronize with the time server on the public online (only using crontab 00 02 * * * / usr / sbin / ntpdate 195.11.153), followed by 195.13.1.153 is the time server available on the public online One), but the computer must connect to the public network, so there may be some security issues. And if your computer can't connect directly to the public server directly connected to the public network, then ... Today we will talk about the practice of building our own time server. Method 1: Time server synchronizes with the time server on the public network, and other machines are synchronized with their own time servers. Disadvantages: Time Server is also exposed to public online. Steps: 1. Check if there is a corresponding package
Code: # rpm -qa | GREP NTP NTP-4.1.1A-9 ChkFontPath-1.9.6-3
If there is no NTP package, put it from the disc. Perform the following command to install NTP RPM package: # rpm -ivh ntp-4.1.1a-9.i386.rpm (I use redhat 8.0, please install the corresponding package according to your actual situation) 2. Modify the configuration file / ETC / NTP.CONF is the main configuration file of NTP, which sets the domain name or IP address of the time server you use to synchronize. The following is the most basic configuration to the Internet synchronization time: First let us define the time server you like. : (Available Time Server, see http://chinaunix.net/jh/5/100591.html, or see: http://www.eecis.udel.edu/~mills/NTP/Servers.html)
Code: server 195.13.1.153 Server 194.137.39.67 Next, we set the access to the two servers above, in which we do not allow them to modify or query the NTP server we are configured on Linux.
Code: Restrict 195.13.153 Mask 255.255.255.255 Nomodify NOTRAP NOQUERY Restrict 194.137.39.67 Mask 255.255.255.255 Nomodify NOTLAP NOQUERY
Description: Mask 255.255.255.255 is used to limit the mask address of the remote NTP server. Then set the intranet machine that allows access. Please note that NOQuery in the configuration has been removed:
Code: Restrict 192.168.1.0 Mask 255.255.255.0 Notrust Nomodify Notrap
In this example, the mask address is extended to 255, so our NTP server can be used to synchronize using our NTP server from 192.168.1.1-92.168.1.254. If you want to limit more strict, you can modify your mask. Finally, it is also the most important thing that the default restriction configuration is to be removed from your configuration file, otherwise it will overwrite all your configuration options, you will find that your time server will only communicate with your time if you do not delete it. If there is a row in ntp.conf, please comment it:
Code: # Restrict Default Ignore
3. Check availability a. Save your profile and then check the query command for each time server configured in NTP.CONF, make sure these upstream time servers are available.
Code: # ntpdate 195.13.1.153 27 Jun 10:12:01 ntpdate [25475]: adjust time server 133.100.11.8 offset -0.127154 sec # ntpdate 194.137.39.67 27 Jun 10:12:06 ntpdate [25478]: adjust time server 133.100 .9.2 Offset 0.010008 Sec
b. Execute the following command # ntpq -p ... ... Output a slight evidence that can prove synchronization issues is that all remote servers' Jitter value is 4000 and the value of Delay and Reach are 0.
Code: Remote Refid St Then Poll Reach Delay Offset Jitter ======================================= ======================================== ======== Local (0) local (0) 10 L - 64 7 0.000 0.000 0.008 * 0.0.0.0 16 U - 64 0 0.000 0.000 4000.00
4. Set Self-Start To enable NTP services to automatically start, execute: Code: # chkconfig ntpd on system boot
The command to start / close / restart NTP is:
Code: # /etc/init.d/ntpd start # /etc/init.d/ntpd stop
# /etc/init.d/ntpd Restart 5. The client settings a.Linux client logs in as root, execute crontab -e input 00 02 * * * / usr / sbin / ntpdate 192.168.1.1 (changed to your time The IP of Server is automatically synchronized with Time Server at two o'clock in the morning. B.Windows XP client Double-click the time of the lower right corner, the "Date and Time Properties" window, select the Internet time, enter your Time Server IP in the server column, click "Update Now", a few seconds Can see prompts for updated success. Then check "Automatic and Internet Time Server Synchronization". Click OK. Method 2: Time server synchronizes with its own hardware clock, other machines are synchronized with time server. Disadvantages: If the hardware clock of Time Server is inaccurate, all times will not be accurate. Advantages: Safer, no machines exposed on public online. There are two clocks of UNIX system, one is a hardware clock, one is a system clock. It is not described herein. The steps are as follows: 1. Calibrate the hardware clock of the Time Server (can be set directly in the BIOS), or use the hwclock command to school, for example: hwclock - set --date = "6/16/04 11:14:05" 2 Set system time and hardware clock synchronization: Enter: hwclock --hctosys. 3. Modify the configuration file vi /etc/ntp.conf, my ntp.conf is as follows
Code:
# Prohibit general access to this service # restrict default ignore # Permit all access over the loopback interface This could # be tightened as well, but to do so would effect some of # the administrative functions restrict 127.0.0.1 # -... CLIENT NETWORK ------- # Permit systems on this network to synchronize with this # time service. do not permit those systems to modify the # configuration of this service. Also, do not use those # systems as peers for synchronization. # restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap # --- OUR tIMESERVERS ----- # or remove the default restrict line # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. # restrict mytrustedtimeserverip mask 255.255.255.255 nomodify notrap noquery # --- NTP MULTICASTCLIENT --- #multicastclient # listen on default 224.0.1.1 # restrict 224.0.1.1 mask 255.255.255.255 notrust nomodify notrap # restrict 19 2.168.1.0 mask 255.255.255.0 notrust nomodify notrap restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap # --- GENERAL CONFIGURATION --- # # Undisciplined Local Clock. This is a fake driver intended for backup # and when no outside source of synchronized time is available. The # default stratum is usually 3, but in this case we elect to use stratum # 0. Since the server line does not have the prefer keyword, this driver # is never used for synchronization, unless no other other # Synchronization Source is Available.
In case the local host is # controlled by some external source, such as an external oscillator or # another protocol, the prefer keyword would cause the local host to # disregard all other synchronization sources, unless the kernel # modifications are in use and declare an unsynchronized condition # #server 127.127.1.0 # local clock server 127.127.1.0 prefer fudge 127.127.1.0 stratum 10 # # Drift file. Put this in a directory which the daemon can write to. # No symbolic links allowed, either, since the daemon updates the file # by creating a temporary in the same directory and then rename () 'ing # it to the file. # driftfile / etc / ntp / drift broadcastdelay 0.008 # # Authentication delay. If you use, or plan to use someday, the # authentication facility you should make the programs in the auth_stuff # directory and figure out what this number should be on your machine. # authenticate yes # # Keys file. If you want to diddle your server at run time, make a # keys file (Mode 600 fo r sure) and define the key number to be # used for making requests. # # PLEASE DO NOT USE THE DEFAULT VALUES HERE. Pick your own, or remote # systems might be able to reset your clock at will. Note also that # ntpd IS Started with a -a flag, disabling authentication, That # Will Have to be removed as well. # Keys / etc / ntp / keys Other settings and methods, start NTP services, configure the client.
