2019-01-16 Ubuntu 18.04安装NTP服务

安装NTP服务可以说很容易,几个要点搞定就成。下面是我装NTP服务器的记录。
一、首先当然是惯例更新

sudo apt update
sudo apt upgrade
axing@84:~$sudo apt install ntp
Reading state information... Done
The following packages were automatically installed and are no longer required:
  libcurses-perl libcurses-ui-perl libpkcs11-helper1 libterm-readkey-perl
Use 'sudo apt autoremove' to remove them.
Suggested packages:
  ntp-doc
The following NEW packages will be installed:
  ntp
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 640 kB of archives.
After this operation, 1,952 kB of additional disk space will be used.
Get:1 http://gb.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 ntp amd64 1:4.2.8p10+dfsg-5ubuntu7.1 [640 kB]
Fetched 640 kB in 0s (13.1 MB/s)
Selecting previously unselected package ntp.

然后修改下配置文件。
这里我们建议去找最近的ntp公共服务器,访问站点 https://www.ntppool.org/
查找你的区域,比如我需要找 Europe/United Kingdom,可以发现有这么几个,记下来要在配置文件里改的。

server 0.uk.pool.ntp.org
server 1.uk.pool.ntp.org
server 2.uk.pool.ntp.org
server 3.uk.pool.ntp.org

这里是中国常用的NTP服务器,以供参考:

210.72.145.44 (国家授时中心服务器IP地址)
202.112.10.36 # 1.cn.pool.ntp.org
59.124.196.83 # 0.asia.pool.ntp.org
s2m.time.edu.cn 北京大学
s2c.time.edu.cn 北京邮电大学

二、修改配置文件 /etc/ntp.conf

# Specify one or more NTP servers.

# Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board
# on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for
# more information.
#这里常用的选项是prefer - 优先主机, iburst -当服务器不可用时将发包检测
server 0.uk.pool.ntp.org iburst
server 1.uk.pool.ntp.org iburst
server 2.uk.pool.ntp.org iburst
server 3.uk.pool.ntp.org iburst
#pool 0.ubuntu.pool.ntp.org iburst
#pool 1.ubuntu.pool.ntp.org iburst
#pool 2.ubuntu.pool.ntp.org iburst
#pool 3.ubuntu.pool.ntp.org iburst

# Clients from this (example!) subnet have unlimited access, but only if
# cryptographically authenticated.
#访问网段限制
restrict xx.xxx.xx.0 mask 255.255.255.0 notrust

三、重启服务,查看服务状态

axing@84:~$ sudo service ntp restart
axing@84:~$ sudo service ntp status
● ntp.service - Network Time Service
   Loaded: loaded (/lib/systemd/system/ntp.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2019-01-16 16:02:17 GMT; 7s ago
     Docs: man:ntpd(8)
  Process: 24693 ExecStart=/usr/lib/ntp/ntp-systemd-wrapper (code=exited, status=0/SUCCESS)
 Main PID: 24711 (ntpd)
    Tasks: 2 (limit: 1110)
   CGroup: /system.slice/ntp.service
           └─24711 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 113:118

Jan 16 16:02:17 84 ntpd[24711]: Listen normally on 2 lo 127.0.0.1:123
Jan 16 16:02:17 84 ntpd[24711]: Listen normally on 3 ens3 xx.xxx.xxx.xx:123
Jan 16 16:02:17 84 ntpd[24711]: Listen normally on 4 lo [::1]:123
Jan 16 16:02:17 84 ntpd[24711]: Listen normally on 5 ens3 [fe80::5054:ff:febd:720d%2]:123
Jan 16 16:02:17 84 ntpd[24711]: Listening on routing socket on fd #22 for interface updates
Jan 16 16:02:18 84 ntpd[24711]: Soliciting pool server 91.189.89.199
Jan 16 16:02:19 84 ntpd[24711]: Soliciting pool server 91.189.94.4
Jan 16 16:02:20 84 ntpd[24711]: Soliciting pool server 91.189.89.198
Jan 16 16:02:21 84 ntpd[24711]: Soliciting pool server 91.189.91.157
Jan 16 16:02:22 84 ntpd[24711]: Soliciting pool server 2001:67c:1560:8003::c8

四、开放防火墙端口,我们看到ntp使用udp 123端口

axing@84:~$ sudo ufw allow 123/udp
Rule added
Rule added (v6)

现在,服务器端就配置完了。 查看与上层ntp服务器的状态

root@84:~# watch ntpq -p
Every 2.0s: ntpq -p                                                                  C84: Wed Jan 16 16:24:16 2019

     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 ntp.ubuntu.com  .POOL.          16 p    -   64    0    0.000    0.000   0.000
+lond-web-1.spee 87.242.168.84    2 u   60   64  377    1.501   -0.110   0.215
+bode.spiderspac 85.199.214.99    2 u   65   64  377    1.342   -0.112   0.096
*87.242.168.84 ( .UPPS.           1 u   58   64  377   11.249   -0.027   0.079
+ntp1.wirehive.n 195.66.241.2     2 u    -   64  377    5.466   -0.073   0.245
-alphyn.canonica 132.246.11.231   2 u   10   64  377   75.283   -3.859   0.057
-pugot.canonical 17.253.52.253    2 u   11   64  377    1.762    0.029   0.150
-chilipepper.can 145.238.203.14   2 u    6   64  377    1.293    0.061   0.057
-golem.canonical 17.253.52.125    2 u   16   64  377    1.288    0.029   0.551

其中这些状态的意思是:

remote: 连接的远程NTP服务器;
refid: 提供时间同步的服务器IP;
st: 远程服务器的层级别(stratum)。由于NTP是层型结构,有顶端的服务器、多层的Relay服务器、再到客户端。所以服务器级别从高到低可以设定为1-16。为了减缓负荷和网络堵塞,原则上应该避免直接连接到级别为1的服务器;
when: 几秒钟前曾经做过时间同步更新的动作;
poll: 本地主机和远程服务器多少时间进行一次同步(单位:s);
reach: 已经向上层NTP服务器要求更新的次数;
delay: 网络传输过程当中延迟的时间(单位:10^(-6)s,微秒);
offset: 时间补偿的结果(单位与:10^(-3)s,毫秒);
jitter: Linux系统时间与BIOS硬件时间的差值(单位:10^(-6)s,微秒)。其绝对值越小,主机和对时服务器的时间就越接近;
*: 远端的服务器已经被确认为主NTP Server,系统时间将由这台机器所提供;
+: 作为辅助的NTP Server,与带有*号的服务器一起为我们提供同步服务. 当```*```号服务器不可用时,它就可以接管;
-: 远程服务器被clustering algorithm认为是不合格的NTP Server;
x: 远程服务器不可用;

五、linux客户端配置ntp
5.1先安装ntpdate,测试NTP工具

axing@THN:~$ sudo apt install ntpdate
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed
  ntpdate
0 to upgrade, 1 to newly install, 0 to remove and 0 not to upgrade.
Need to get 51.8 kB of archives.
After this operation, 183 kB of additional disk space will be used.
Get:1 http://us.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 ntpdate amd64 1:4.2.8p10+dfsg-5ubuntu7.1 [51.8 kB]
Fetched 51.8 kB in 0s (162 kB/s)
Selecting previously unselected package ntpdate.
(Reading database ... 92007 files and directories currently installed.)
Preparing to unpack .../ntpdate_1%3a4.2.8p10+dfsg-5ubuntu7.1_amd64.deb ...
Unpacking ntpdate (1:4.2.8p10+dfsg-5ubuntu7.1) ...
Setting up ntpdate (1:4.2.8p10+dfsg-5ubuntu7.1) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...

测试NTP服务器是否好用(如有提示“ntpdate[XXX]: the ntp socket is in use, exiting”, 可加参数 -u )

axing@THN:~$ sudo ntpdate xx.xxx.xxx.xx
16 Jan 16:48:51 ntpdate[22307]: adjust time server xx.xxx.xxx.xx offset -0.001725 sec

5.2 很好,那么我们先停止ubuntu自带的时间同步服务

axing@THN:~$ sudo timedatectl set-ntp off

5.3 安装ntp服务并添加主NTP服务器,可以修改/etc/ntp.cfg,或者直接使用下面语句添加:

axing@THN:~$ sudo bash -c "echo server xx.xxx.xxx.xx prefer iburst >> /etc/ntp.conf"
#重启NTP服务
axing@THN:~$ sudo service ntp restart

看一下同步状态:

axing@THN:~$ watch ntpq -p
Every 2.0s: ntpq -p                                                                  THN: Wed Jan 16 17:32:29 2019

     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 ntp.ubuntu.com  .POOL.          16 p    -   64    0    0.000    0.000   0.000
*xx.xxx.xxx.xx   xx.xxx.xx.4      3 u   57   64   77    0.825   -0.951   0.706
+ns1.luns.net.uk 158.43.192.66    2 u   58   64   77    8.456   -0.887   0.751
-37.220.20.12 (h 82.69.97.89      2 u   53   64   77    3.795   -3.091   0.580
+time.rdg.uk.as4 87.242.168.84    2 u   56   64   77    2.171   -1.905   0.719
-armcd.co.uk     130.88.212.143   3 u   55   64   77    1.756   -0.599   0.706
-pugot.canonical 140.203.204.77   2 u   60   64   77    1.737   -0.923   0.492
-alphyn.canonica 132.246.11.231   2 u    1   64  177   75.296   -4.481   0.427
-golem.canonical 17.253.52.125    2 u   65   64   77    1.313   -1.000   0.693
-chilipepper.can 193.79.237.14    2 u    3   64  177    1.477   -0.380   0.335

可以看到,已经和主服务器同步成功了。

    原文作者:AK蜗牛
    原文地址: https://www.jianshu.com/p/c3a11cf0e798
    本文转自网络文章,转载此文章仅为分享知识,如有侵权,请联系博主进行删除。
点赞