需求：最近发现多个服务器之间的时间不一致，导致很多问题。
解决：使用ntp实现多台服务器时间同步
[ntp] 网络时间协议，英文名称：Network Time Protocol（NTP）
概念：是用来使计算机时间同步化的一种协议，它可以使计算机对其服务器或时钟源（如石英钟，GPS等等)做同步化，它可以提供高精准度的时间校正（LAN上与标准间差小于1毫秒，WAN上几十毫秒），且可介由加密确认的方式来防止恶毒的协议攻击。NTP的目的是在无序的Internet环境中提供精确和健壮的时间服务。

start

前景
如果是多台的话选择一台机器为主节点，其他的为从节点，主节点用来同步从节点时间。

安装

• 搭建主节点时间服务器
• 需要手动安装ntp服务，这个服务有的linux版本上会默认装上，我们可以通过如下命令来查看是否有装上
• rpm -qa | grep ntp

[root@localhost etc]# rpm -qa |grep ntp fontpackages-filesystem-1.44-8.el7.noarch ntp-4.2.6p5-29.el7.centos.2.x86_64 ntpdate-4.2.6p5-29.el7.centos.2.x86_64

出现以上 ，说明已安装
如果没有的话手动安装一下即可

1、yum list | grep ntp 2、yum -y install ntp.x86_64 或者 yum install ntp –y

配置文件路径

/etc/ntp.conf

编辑文件

vi /etc/ntp.conf# For more information about this file, see the man pages # ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5). driftfile /var/lib/ntp/drift # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. restrict default nomodify notrap nopeer noquery # Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. # 这个默认是关闭的，注意要打开，不然执行nptd 命令会超时 # 因为是内网，所以用本地时间做为服务器时间 restrict 127.0.0.1 restrict ::1 # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst #server iburst #server 2.centos.pool.ntp.org iburst #server 3.centos.pool.ntp.org iburst #inux自带的时间同步，需要注释掉 #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys # Specify the key identifiers which are trusted. #trustedkey 4 8 42 # Specify the key identifier to use with the ntpdc utility. #requestkey 8 # Specify the key identifier to use with the ntpq utility. #controlkey 8 # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor # 代表允许的网段，设置自己的网段，在这个网段的所有机器都可以作为时间同步服务端 restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap server 127.127.1.0 fudge 127.127.1.0 stratum 10

restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap代表允许192.168网段的服务器与此服务器进行时间同步
然后 保存 :wq!

开启服务

service ntpd start 或者 systemctl start ntpd

设置开机自启

chkconfig ntpd on

放行端口123

需要对ntp的默认端口123进行放行，这个要配，或者你关闭了防火墙，否则会报错，
问题：不开启会报 no server suitable for synchronization found 错误

iptables -I INPUT -p tcp --dport 123 -j ACCEPT

查看端口占用
sudo lsof -i -P -n
-i：如果没有指定IP地址，这个选项选择列出所有网络文件
-P：禁止将端口号转换为端口名称, 如 3306 转为 MySQL
-n：禁止IP转换为hostname，缺省是不加上-n参数

查看状态

service ntpd status 或者 systemctl status ntpd 或者 /etc/init.d/ntpd start

停止

service ntpd stop 或者 systemctl stop ntpd

配置客户端（从节点）

安装按以上步骤

编辑配置文件

vi /etc/ntp.conf# For more information about this file, see the man pages # ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5). driftfile /var/lib/ntp/drift # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. restrict default nomodify notrap nopeer noquery # Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1 restrict ::1 # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst #server iburst #server 2.centos.pool.ntp.org iburst #server 3.centos.pool.ntp.org iburst #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys # Specify the key identifiers which are trusted. #trustedkey 4 8 42 # Specify the key identifier to use with the ntpdc utility. #requestkey 8 # Specify the key identifier to use with the ntpq utility. #controlkey 8 # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor restrict 192.168.54.0 mask 255.255.255.0 nomodify notrap #server 127.127.1.0 server 192.168.54.xxx #增加主服务器ip即可 #fudge 127.127.1.0 stratum 10 fudge 192.168.54.xxx startum 10 #设置stratum级别

保存退出：:wq!

注意

如果想要让ntp同时同步硬件时间，可设置

vi /etc/sysconfig/ntpd

添加【SYNC_HWCLOCK=yes】就可以让硬件时间与系统时间一起同步

启动

service ntpd status
service ntpd start
service ntpd restart

查看是否会定时同步

ntpq -p[root@minio3 etc]# ntpq -p remote refid st t when poll reach delay offset jitter ============================================================================== 192.168.54.xxx LOCAL(0) 11 u 55 64 7 0.260 -0.001 0.026

remote 就是配置的远程地址
when就代表上次同步距离现在的时间，通过这个时间久可以判断是否有在自动同步。

设置自启动

chkconfig ntpd on

可尝试立即同步

ntpdate -d 192.168.54.xxx 主服务器地址[root@minio3 etc]# ntpdate -d 192.168.54.xxx 31 May 16:51:36 ntpdate[23931]: ntpdate [email protected] Tue Jun 23 15:38:19 UTC 2020 (1) Looking for host 192.168.54.xxx and service ntp host found : 192.168.54.xxx transmit(192.168.54.xxx) receive(192.168.54.xxx) transmit(192.168.54.xxx) receive(192.168.54.xxx) transmit(192.168.54.xxx) receive(192.168.54.xxx) transmit(192.168.54.xxx) receive(192.168.54.xxx) server 192.168.54.xxx, port 123 stratum 11, precision -24, leap 00, trust 000 refid [192.168.54.xxx], delay 0.02582, dispersion 0.00130 transmitted 4, in filter 4 reference time: e640558a.4c2701f9 Tue, May 31 2022 16:51:22.297 originate timestamp: e64055b2.98e02642 Tue, May 31 2022 16:52:02.597 transmit timestamp: e64055b2.77791f84 Tue, May 31 2022 16:52:02.466 filter delay: 0.02614 0.02582 0.02647 0.02589 0.00000 0.00000 0.00000 0.00000 filter offset: 0.127412 0.128211 0.128878 0.130258 0.000000 0.000000 0.000000 0.000000 delay 0.02582, dispersion 0.00130 offset 0.128211 31 May 16:52:02 ntpdate[23931]: adjust time server 192.168.54.xxx offset 0.128211 sec

修改系统时间（可在主节点设置，从节点查看效果）

date -s '2022-04-29 10:39:00' clock -w 强制将时间写入coms同步bios时间,强制把系统时间写入CMOS：