NTP是网络时间协议(Network Time Protocol),它是用来同步网络中各个计算机的时间的协议。下面假设
内部网络中的所有服务器都无法访问互联网,但是需要与互联网上的NTP服务器同步时间,所以在内部网络中
搭建一台本地NTP服务器,这台本地NTP服务器可以访问互联网。
需要NTP服务的内部网络分段为:172.16.0.0/16
配置NTP服务器
1,安装NTP包
yum install -y ntp
2,修改ntp配置文件,确认红色字体部份正确如下
vi /etc/ntp.conf
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile /var/lib/ntp/drift
restrict 172.16.0.0 mask 255.255.0.0 nomodify notrap
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict ::1
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.pool.ntp.org
server 1.pool.ntp.org
server 2.pool.ntp.org
server 3.pool.ntp.org
#broadcast 192.168.1.255 autokey # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 autokey # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 autokey # manycast client
# Enable public key cryptography.
#crypto
3,重启ntp服务并设置自动启动
systemctl start ntpd.service
systemctl enable ntpd.service
客户端配置
1,编辑/etc/ntp.conf,将服务器设置成前面配置了NTP Server的服务器域名或IP地址
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict -6 ::1
server ntp.server.com
driftfile /var/lib/ntp/drift
keys /etc/ntp/keys
2,重启ntp服务并设置自动启动
systemctl start ntpd.service
systemctl enable ntpd.service
timedatectl使用方法
在RHEL7 / CentOS7中,提供了一个实用程序来配置和显示日期和时间信息。就是timedatectl命令。
此实用程序是systemd系统和服务管理器的一部分。使用timedatectl命令可以:
● 更改当前日期和时间
● 设定时区
● 配置NTP服务
运行timedatectl,不加任何参数,可以显示当前的时间,时区,NTP等信息
[root@localhost ~]# timedatectl
Local time: Thu 2018-10-11 10:52:14 EDT
Universal time: Thu 2018-10-11 14:52:14 UTC
RTC time: Thu 2018-10-11 10:52:15
Time zone: America/New_York (EDT, -0400)
NTP enabled: yes
NTP synchronized: yes
RTC in local TZ: yes
DST active: yes
Last DST change: DST began at
Sun 2018-03-11 01:59:59 EST
Sun 2018-03-11 03:00:00 EDT
Next DST change: DST ends (the clock jumps one hour backwards) at
Sun 2018-11-04 01:59:59 EDT
Sun 2018-11-04 01:00:00 EST
Warning: The system is configured to read the RTC time in the local time zone.This mode can not be fully supported. It will create various problems
with time zone changes and daylight saving time adjustments. The RTC time is never updated, it relies on external facilities to maintain it. If at all possible, use RTC in UTC by calling
‘timedatectl set-local-rtc 0’.
更改当前日期和时间
1,修改日期:timedatectl set-time [YYYY-MM-DD]
例如:timedatectl set-time 2018-10-11
2,修改时间:timedatectl set-time [HH:MM:SS] 注意使用24小时格式
例如:timedatectl set-time 20:20:00
3,设置系统时间与硬件时钟同步:
timedatectl set-local-rtc yes
4,设置系统使用UTC时间(协调世界时)
timedatectl set-local-rtc no
更改时区
1,使用以下命令列出所有可用的时区:
timedatectl list-timezones
Africa/Abidjan
Africa/Accra
Africa/Addis_Ababa
Africa/Algiers
Africa/Asmara
Africa/Bamako
Africa/Bangui
……
2,可通过grep参数查找特定的范围
timedatectl list-timezones grep Asia/S
Asia/Sakhalin
Asia/Samarkand
Asia/Seoul
Asia/Shanghai
Asia/Singapore
Asia/Srednekolymsk
3,通过以下命令修改时区,例如修改时区为上海
timedatectl set-timezone Asia/Shanghai
开启或关闭NTP
使用set-ntp参数启用或禁用系统时钟与远程NTP服务器的自动同步。
启用NTP同步
timedatectl set-ntp yes
禁用NTP同步
timedatectl set-ntp no