CentOS7搭建NTP服务器及客户端同步时间

1、个人安装环境

1.1 CentOS Linux release 7.7.1908 (Core)

1.2 ntp-4.2.6

2、安装步骤

1. 查看服务器是否安装ntp,系统默认安装ntpdate

rpm -qa | grep ntp

 执行结果:

fontpackages-filesystem-1.44-8.el7.noarch
ntpdate-4.2.6p5-28.el7.centos.x86_64
python-ntplib-0.3.2-1.el7.noarch

 2.安装ntp ntpdate,其中ntpdate默认安装,可以只安装ntp

yum install ntp ntpdate -y

 3.查看是否已安装完成,与第2步对比

rpm -qa | grep ntp

  执行结果:

fontpackages-filesystem-1.44-8.el7.noarch
ntpdate-4.2.6p5-28.el7.centos.x86_64
ntp-4.2.6p5-28.el7.centos.x86_64
python-ntplib-0.3.2-1.el7.noarch

 4.查看ntp服务器状态,两条命令效果一样

systemctl status ntpd

 执行结果:

● ntpd.service - Network Time Service
   Loaded: loaded (/usr/lib/systemd/system/ntpd.service; disabled; vendor preset: disabled)
   Active: inactive (dead)

 or

service ntpd status

  执行结果:

Redirecting to /bin/systemctl status ntpd.service
● ntpd.service - Network Time Service
   Loaded: loaded (/usr/lib/systemd/system/ntpd.service; disabled; vendor preset: disabled)
   Active: inactive (dead)

 5.修改配置文件

使该NTP服务器在不联网的情况下,使用本服务器的时间作为同步时间

vim /etc/ntp.conf

 把如下四行代码注释掉

server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst

 在下面再添加一行

server 127.127.1.0 iburst

 6.启动ntp服务

systemctl start ntpd

 or

service ntpd start

 7.再次查看服务器状态

systemctl status ntpd

 执行结果:

● ntpd.service - Network Time Service
   Loaded: loaded (/usr/lib/systemd/system/ntpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2018-08-21 14:29:12 CST; 8s ago
  Process: 6588 ExecStart=/usr/sbin/ntpd -u ntp:ntp $OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 6589 (ntpd)
    Tasks: 1
   CGroup: /system.slice/ntpd.service
           └─6589 /usr/sbin/ntpd -u ntp:ntp -g
 
Aug 21 14:29:12 web ntpd[6589]: Listen normally on 2 lo 127.0.0.1 UDP 123
Aug 21 14:29:12 web ntpd[6589]: Listen normally on 3 eno1 192.168.0.163 UDP 123
Aug 21 14:29:12 web ntpd[6589]: Listen normally on 4 virbr0 192.168.122.1 UDP 123
Aug 21 14:29:12 web ntpd[6589]: Listen normally on 5 lo ::1 UDP 123
Aug 21 14:29:12 web ntpd[6589]: Listen normally on 6 eno1 fe80::6e92:bfff:fe6f:daea UDP 123
Aug 21 14:29:12 web ntpd[6589]: Listening on routing socket on fd #23 for interface updates
Aug 21 14:29:12 web ntpd[6589]: 0.0.0.0 c016 06 restart
Aug 21 14:29:12 web ntpd[6589]: 0.0.0.0 c012 02 freq_set kernel 0.000 PPM
Aug 21 14:29:12 web ntpd[6589]: 0.0.0.0 c011 01 freq_not_set
Aug 21 14:29:13 web ntpd[6589]: 0.0.0.0 c514 04 freq_mode

 or

service ntpd status

  执行结果:

Redirecting to /bin/systemctl status ntpd.service
● ntpd.service - Network Time Service
   Loaded: loaded (/usr/lib/systemd/system/ntpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2018-08-21 14:29:12 CST; 56s ago
  Process: 6588 ExecStart=/usr/sbin/ntpd -u ntp:ntp $OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 6589 (ntpd)
    Tasks: 1
   CGroup: /system.slice/ntpd.service
           └─6589 /usr/sbin/ntpd -u ntp:ntp -g
 
Aug 21 14:29:12 web ntpd[6589]: Listen normally on 2 lo 127.0.0.1 UDP 123
Aug 21 14:29:12 web ntpd[6589]: Listen normally on 3 eno1 192.168.0.163 UDP 123
Aug 21 14:29:12 web ntpd[6589]: Listen normally on 4 virbr0 192.168.122.1 UDP 123
Aug 21 14:29:12 web ntpd[6589]: Listen normally on 5 lo ::1 UDP 123
Aug 21 14:29:12 web ntpd[6589]: Listen normally on 6 eno1 fe80::6e92:bfff:fe6f:daea UDP 123
Aug 21 14:29:12 web ntpd[6589]: Listening on routing socket on fd #23 for interface updates
Aug 21 14:29:12 web ntpd[6589]: 0.0.0.0 c016 06 restart
Aug 21 14:29:12 web ntpd[6589]: 0.0.0.0 c012 02 freq_set kernel 0.000 PPM
Aug 21 14:29:12 web ntpd[6589]: 0.0.0.0 c011 01 freq_not_set
Aug 21 14:29:13 web ntpd[6589]: 0.0.0.0 c514 04 freq_mode

 8.查看是否同步

ntpq -p

  执行结果:

remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*LOCAL(0)        .LOCL.           5 l   20   64    7    0.000    0.000   0.000

 9.设置开机启动

systemctl enable ntpd

 10.设置防火墙,打开udp123端口

firewall-cmd --permanent --add-port=123/udp
firewall-cmd --reload

 11.查看防火墙已打开端口

iptables -L -n | grep 123

 执行结果:

ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:123 ctstate NEW,UNTRACKED