Configurare “NTP (Network Time Protocol) Server” in CentOS 7

Network Time Protocol ‘ntp’  è un protocollo che viene eseguito sulla porta UDP 123 a livello di trasporto e consente ai computer di sincronizzare l’ora su reti per un tempo preciso. Mentre il tempo passa, l’orologio interno dei computer  tende ad andare alla deriva causando  problemi di tempo incoerenti, soprattutto su server e client file di log o se si desidera replicare server o database.


Questo tutorial vi dimostrerà come è possibile installare e configurare server NTP su CentOS 7 e sincronizzare automaticamente il tempo con il più vicino server geograficamente coetanei disponibile per la posizione server utilizzando NTP pubblico Pool Time nell’elenco dei server.

Step 1: Installazione e configurazione del servizio NTP

1. Il pacchetto server NTP è fornito di default dai repository ufficiali di CentOS e può essere installato con il seguente comando.

# yum -y install ntp
Loaded plugins: fastestmirror
Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast
base                                    | 3.6 kB  00:00:00     
extras                                  | 3.4 kB  00:00:00     
updates                                 | 3.4 kB  00:00:00     
updates/7/x86_64/primary_db             | 3.9 MB  00:00:02     
Determining fastest mirrors
 * base: mirror.maeh.org
 * extras: mirror.ratiokontakt.de
 * updates: mirror.23media.de
Resolving Dependencies
--> Running transaction check
---> Package ntp.x86_64 0:4.2.6p5-25.el7.centos.1 will be installed
--> Processing Dependency: ntpdate = 4.2.6p5-25.el7.centos.1 for package: ntp-4.2.6p5-25.el7.centos.1.x86_64
--> Processing Dependency: libopts.so.25()(64bit) for package: ntp-4.2.6p5-25.el7.centos.1.x86_64
--> Running transaction check
---> Package autogen-libopts.x86_64 0:5.18-5.el7 will be installed
---> Package ntpdate.x86_64 0:4.2.6p5-25.el7.centos.1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=========================================================================
 Package    Arch         Version                   Repository     Size
=========================================================================
Installing:
 ntp        x86_64       4.2.6p5-25.el7.centos.1   updates        547 k
Installing for dependencies:
 autogen-libopts  x86_64 5.18-5.el7                base            66 k
 ntpdate          x86_64 4.2.6p5-25.el7.centos.1   updates         85 k

Transaction Summary
=========================================================================
Install  1 Package (+2 Dependent packages)

Total download size: 699 k
Installed size: 1.6 M
Downloading packages:
(1/3): autogen-libopts-5.18-5.el7.x86_64.rpm         |  66 kB  00:00:00  
(2/3): ntp-4.2.6p5-25.el7.centos.1.x86_64.rpm        | 547 kB  00:00:00  
(3/3): ntpdate-4.2.6p5-25.el7.centos.1.x86_64.rpm    |  85 kB  00:00:00     
-------------------------------------------------------------------------
Total                                                                                                    764 kB/s | 699 kB  00:00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : ntpdate-4.2.6p5-25.el7.centos.1.x86_64       1/3 
  Installing : autogen-libopts-5.18-5.el7.x86_64            2/3 
  Installing : ntp-4.2.6p5-25.el7.centos.1.x86_64           3/3 
  Verifying  : ntp-4.2.6p5-25.el7.centos.1.x86_64           1/3 
  Verifying  : autogen-libopts-5.18-5.el7.x86_64            2/3 
  Verifying  : ntpdate-4.2.6p5-25.el7.centos.1.x86_64       3/3 

Installed:
  ntp.x86_64 0:4.2.6p5-25.el7.centos.1                                                                                                   
Dependency Installed:
  autogen-libopts.x86_64 0:5.18-5.el7    
  ntpdate.x86_64 0:4.2.6p5-25.el7.centos.1                             

Complete!
# 

Step 2: Aggiungere la regola al Firewall e avviare il servizio NTP

2. Il servizio NTP utilizza la porta UDP 123 sul livello di trasporto OSI (livello 4). Per aprire questa porta su CentOS 7 eseguire i seguenti comandi.

# firewall-cmd --add-service=ntp --permanent
# firewall-cmd --reload

Step 3: Avviare i servizio

3. Eseguire i seguenti comandi per attivare e avviare il servizio NTP.

# systemctl start ntpd
# systemctl enable ntpd
# systemctl status ntpd

Step 4: Modifichiamo il file di configurazione

4. Eseguire i seguenti comandi per modificare i server di zona per la sincronizzazione NTP, prima però andiamo e controllando sul sito: http://www.pool.ntp.org/zone/it ‘To use this specific pool zone, add the following to your ntp.conf file:’

# vi /etc/ntp.conf 

includefile /etc/ntp/crypto/pw
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).

driftfile /var/lib/ntp/drift

# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify notrap nopeer noquery

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict ::1

# Hosts on local network are less restricted.
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap ##uncomment

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst ##comment
#server 1.centos.pool.ntp.org iburst ##comment
#server 2.centos.pool.ntp.org iburst ##comment
#server 3.centos.pool.ntp.org iburst ##comment

#Add:
server 0.it.pool.ntp.org iburst
server 1.it.pool.ntp.org iburst
server 2.it.pool.ntp.org iburst
server 3.it.pool.ntp.org iburst

#broadcast 192.168.1.255 autokey        # broadcast server
#broadcastclient                        # broadcast client
#broadcast 224.0.1.1 autokey            # multicast server
#multicastclient 224.0.1.1              # multicast client
#manycastserver 239.255.254.254         # manycast server
#manycastclient 239.255.254.254 autokey # manycast client

# Enable public key cryptography.
#crypto

includefile /etc/ntp/crypto/pw

# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys

# Specify the key identifiers which are trusted.
#trustedkey 4 8 42

# Specify the key identifier to use with the ntpdc utility.
#requestkey 8

# Specify the key identifier to use with the ntpq utility.
#controlkey 8

# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats

# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor

## ADD Log
logfile /var/log/ntp.log

Step 5: Riavviare il servizio:

5. Confermate e salvate le modifiche e riavviate il servizio con:

# systemctl restart ntpd
# systemctl status ntpd

OUTPUT:
● ntpd.service - Network Time Service
   Loaded: loaded (/usr/lib/systemd/system/ntpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2017-04-04 17:13:13 EDT; 5min ago
 Main PID: 16856 (ntpd)
   CGroup: /system.slice/ntpd.service
           └─16856 /usr/sbin/ntpd -u ntp:ntp -g

Apr 04 17:13:13 server.smbisoshare.local ntpd[16856]: Listen normally on 2 lo 127.0.0.1 UDP 123
Apr 04 17:13:13 server.smbisoshare.local ntpd[16856]: Listen normally on 3 ens192 192.168.1.200 UDP 123
Apr 04 17:13:13 server.smbisoshare.local ntpd[16856]: Listen normally on 4 lo ::1 UDP 123
Apr 04 17:13:13 server.smbisoshare.local ntpd[16856]: Listen normally on 5 ens192 fe80::e304:6d4f:120b:16ae UDP 123
Apr 04 17:13:13 server.smbisoshare.local ntpd[16856]: Listening on routing socket on fd #22 for interface updates
Apr 04 17:13:13 server.smbisoshare.local systemd[1]: Started Network Time Service.
Apr 04 17:13:14 server.smbisoshare.local ntpd[16856]: 0.0.0.0 c016 06 restart
Apr 04 17:13:14 server.smbisoshare.local ntpd[16856]: 0.0.0.0 c012 02 freq_set kernel 0.000 PPM
Apr 04 17:13:14 server.smbisoshare.local ntpd[16856]: 0.0.0.0 c011 01 freq_not_set
Apr 04 17:13:21 server.smbisoshare.local ntpd[16856]: 0.0.0.0 c614 04 freq_mode

Step 6: Verificare Server Time Sync

6. Dopo che il servizio NTP è stato avviato, attendere qualche minuto per sincronizzare il tempo con i suoi list server configurati, quindi eseguire i seguenti comandi per verificare lo stato della sincronizzazione NTP e il tempo del vostro  sistema.

# ntpq -p
# date -R
Es:
# ntpq -p
remote           refid     st t when poll reach   delay   offset  jitter
=========================================================================
server1.quickdr .INIT.     16 u    -   64    0    0.000    0.000   0.000
212.121.88.250  .INIT.     16 u    -   64    0    0.000    0.000   0.000
mini.blesmrt.ne .INIT.     16 u    -   64    0    0.000    0.000   0.000
host22-187-177- .INIT.     16 u    -   64    0    0.000    0.000   0.000
# date -R
Tue, 04 Apr 2017 17:21:45 -0400


 

Loading