日常工作问题解决：配置NTP服务器以及一些常见错误解决

1、配置NTP服务端

环境：redhat 6.5

服务器主机名	ip地址	说明
server	192.168.57.20	NTP服务端
client	192.168.57.21	NTP客户端

搭建说明：

本地server使用外网ntp源同步时间，再作为NTP服务端同步时间给本地client服务器NTP客户端

1.1 安装NTP服务

在ntp服务器查看系统是否安装NTP服务

[root@server~]# rpm -qa|grep ntp
ntpdate-4.2.6p5-1.el6.x86_64
fontpackages-filesystem-1.41-1.1.el6.noarch
ntp-4.2.6p5-1.el6.x86_64

如果没有安装，安装ntp

yum -y install ntp

备份原有ntp配置文件

mv /etc/ntp.conf /etc/npt.conf.bak

1.2 配置NTP服务端

编辑ntp.conf配置文件

# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.

restrict default ignore
restrict 127.0.0.1

restrict 192.168.112.0 mask 255.255.255.0 nomodify 
# 设置容许访问该ntp服务器的网络地址段
restrict 192.168.57.0 mask 255.255.255.0 nomodify


# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
# 设定NTP主机来源（其中prefer表示优先主机）

#server 1.cn.pool.ntp.org prefer 
# 默认优先使用1.cn.pool.ntp.org
#server 1.rhel.pool.ntp.org
server pool.ntp.org

#broadcast 172.30.8.255 key 42         # broadcast server
#broadcastclient                        # broadcast client
#broadcast 224.0.1.1 key 42             # multicast server
#multicastclient 224.0.1.1              # multicast client
#manycastserver 239.255.254.254         # manycast server
#manycastclient 239.255.254.254 key 42  # manycast client

# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available.

server  127.127.1.0    
fudge   127.127.1.0 stratum 10
# local clock设置本地ntp服务器地址，当外网ntp服务器连接异常时，使用本地NTP服务器进行同步


# Drift file.  Put this in a directory which the daemon can write to.
# No symbolic links allowed, either, since the daemon updates the file
# by creating a temporary in the same directory and then rename()'ing
# it to the file.
driftfile /var/lib/ntp/drift

# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography. 
broadcastdelay 0.008
logfile /var/log/ntp.log
keys /etc/ntp/keys

# Specify the key identifiers which are trusted.
#trustedkey 4 8 42

# Specify the key identifier to use with the ntpdc utility.
#requestkey 8

# Specify the key identifier to use with the ntpq utility.
#controlkey 8

启动ntp服务

service ntpd start

设置开机启动

chkconfig ntpd on

查看NTP状态

-bash-4.1$ ntpstat
synchronised to local net at stratum 11 
   time correct to within 12 ms
   polling server every 64 s
   
-bash-4.1$ ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*LOCAL(0)        .LOCL.          10 l   11   64  377    0.000    0.000   0.000
 120.25.115.20   .INIT.          16 u    - 1024    0    0.000    0.000   0.000

2 配置NTP客户端

2.1 安装NTP服务

在ntp服务器查看系统是否安装NTP服务

[root@client~]# rpm -qa|grep ntp
ntpdate-4.2.6p5-1.el6.x86_64
fontpackages-filesystem-1.41-1.1.el6.noarch
ntp-4.2.6p5-1.el6.x86_64

如果没有安装，安装ntp

yum -y install ntp

备份原有ntp配置文件

mv /etc/ntp.conf /etc/npt.conf.bak

2.2 配置NTP服务端

修改/etc/ntp.conf文件

# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).

driftfile /var/lib/ntp/drift

# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1 
restrict -6 ::1

# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
# server 0.rhel.pool.ntp.org iburst
# server 1.rhel.pool.ntp.org iburst
# server 2.rhel.pool.ntp.org iburst

server 192.68.57.20 perfer 
# 设置192.168.57.20为优先的ntp服务器
restrict 192.68.57.20 nomodify notrap noquery
server 127.127.1.0 # local clock
fudge 127.127.1.0 stratum 10


#broadcast 192.168.1.255 autokey    # broadcast server
#broadcastclient            # broadcast client
#broadcast 224.0.1.1 autokey        # multicast server
#multicastclient 224.0.1.1      # multicast client
#manycastserver 239.255.254.254     # manycast server
#manycastclient 239.255.254.254 autokey # manycast client

# Enable public key cryptography.
#crypto

includefile /etc/ntp/crypto/pw

# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography. 
keys /etc/ntp/keys

# Specify the key identifiers which are trusted.
#trustedkey 4 8 42

# Specify the key identifier to use with the ntpdc utility.
#requestkey 8

# Specify the key identifier to use with the ntpq utility.
#controlkey 8

# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats

启动NTP服务

service ntpd start

设置NTP服务自启动

chkconfig ntpd on

查看ntp服务状态：

-bash-4.1$ ntpstat
synchronised to NTP server (192.168.57.20) at stratum 12 
   time correct to within 21 ms
   polling server every 256 s
   
-bash-4.1$ ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*192.168.57.20     LOCAL(0)        11 u  242  256  377    0.302    0.012   0.187
 LOCAL(0)        .LOCL.          10 l  46m   64    0    0.000    0.000   0.000

3、常见错误

3.1 ntpq -p查看时间同步情况时报localhost: timed out, nothing received错误

在使用ntpq -p时报：

localhost: timed out, nothing received

***Request timed out

解决办法:

1、查看/etc/hosts文件，确认有以下信息，可以正确解析本地ntp服务

127.0.0.1   localhost localhost4 localhost4.localdomain4
::1       localhost localhost.localdomain localhost6 localhost6.localdomain6

2、如果/etc/hosts文件配置正确，使用ntpq -4p（即指定通过ipv4 地址获取返回值），如果正常显示，但是使用ntpq -6p(即指定通过ipv4 地址获取返回值)异常，则说明时因为开启了Ipv6 ，默认ntpq 先走Ipv6的通道，而ECS linux 默认无法直接访问ipv6地址，因此会访问超时

可以禁用接口的IPv6，然后就会正确，方法如下：

/etc/sysctl.conf 文件尾添加如下参数

# 禁用整个系统所有接口的IPv6
net.ipv6.conf.all.disable_ipv6 = 1
# 禁用某一个指定接口的IPv6(例如：eth0, eth1)
net.ipv6.conf.eth1.disable_ipv6 = 1
net.ipv6.conf.eth0.disable_ipv6 = 1

然后重启网络服务

service restart network

然后使用ntpq -p,返回值就正常

3.2 ntpq -p查看时间同步情况时报no association ID's returned错误信息

解决方法：

1、关闭selinux

-bash-4.1$ vi /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
#SELINUX=enforcing
SELINUX=disabled # 设置为disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted 

2、执行restorecon -R -v /etc/ntp.conf

3、重启ntp服务

service ntpd restart

3.3 添加ntp服务开机自启动，报：service nptd does not support chkconfig

解决方法：

1、查看ntpd服务脚本，是不是在/etc/init.d/目录下

-bash-4.1$ ll /etc/init.d/ntpd
-rwxr-xr-x 1 root root 1974 10月 30 20:28 /etc/init.d/ntpd

注：一般成功安装ntp以后都会有

2、在chkconfig工具服务列表中增加ntpd服务，此时服务会被在/etc/rc.d/rcN.d中赋予K/S入口了

chkconfig --add ntpd

3、修改/etc/init.d/ntpd

vi打开/etc/init.d/ntpd文件

在

#!/bin/bash
后加入

# chkconfig: 2345 10 90
# description: myservice

4、设置ntp服务自启动,发现正常

chkconfig ntpd on

来源：https://www.cnblogs.com/yj411511/p/11771595.html