Network Time Protocol ‘ntp’ è un protocollo che viene eseguito sulla porta UDP 123 a livello di trasporto e consente ai computer di sincronizzare l’ora su reti per un tempo preciso. Mentre il tempo passa, l’orologio interno dei computer tende ad andare alla deriva causando problemi di tempo incoerenti, soprattutto su server e client file di log o se si desidera replicare server o database.
Questo tutorial vi dimostrerà come è possibile installare e configurare server NTP su CentOS 7 e sincronizzare automaticamente il tempo con il più vicino server geograficamente coetanei disponibile per la posizione server utilizzando NTP pubblico Pool Time nell’elenco dei server.
Step 1: Installazione e configurazione del servizio NTP
1. Il pacchetto server NTP è fornito di default dai repository ufficiali di CentOS e può essere installato con il seguente comando.
# yum -y install ntp Loaded plugins: fastestmirror Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast base | 3.6 kB 00:00:00 extras | 3.4 kB 00:00:00 updates | 3.4 kB 00:00:00 updates/7/x86_64/primary_db | 3.9 MB 00:00:02 Determining fastest mirrors * base: mirror.maeh.org * extras: mirror.ratiokontakt.de * updates: mirror.23media.de Resolving Dependencies --> Running transaction check ---> Package ntp.x86_64 0:4.2.6p5-25.el7.centos.1 will be installed --> Processing Dependency: ntpdate = 4.2.6p5-25.el7.centos.1 for package: ntp-4.2.6p5-25.el7.centos.1.x86_64 --> Processing Dependency: libopts.so.25()(64bit) for package: ntp-4.2.6p5-25.el7.centos.1.x86_64 --> Running transaction check ---> Package autogen-libopts.x86_64 0:5.18-5.el7 will be installed ---> Package ntpdate.x86_64 0:4.2.6p5-25.el7.centos.1 will be installed --> Finished Dependency Resolution Dependencies Resolved ========================================================================= Package Arch Version Repository Size ========================================================================= Installing: ntp x86_64 4.2.6p5-25.el7.centos.1 updates 547 k Installing for dependencies: autogen-libopts x86_64 5.18-5.el7 base 66 k ntpdate x86_64 4.2.6p5-25.el7.centos.1 updates 85 k Transaction Summary ========================================================================= Install 1 Package (+2 Dependent packages) Total download size: 699 k Installed size: 1.6 M Downloading packages: (1/3): autogen-libopts-5.18-5.el7.x86_64.rpm | 66 kB 00:00:00 (2/3): ntp-4.2.6p5-25.el7.centos.1.x86_64.rpm | 547 kB 00:00:00 (3/3): ntpdate-4.2.6p5-25.el7.centos.1.x86_64.rpm | 85 kB 00:00:00 ------------------------------------------------------------------------- Total 764 kB/s | 699 kB 00:00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : ntpdate-4.2.6p5-25.el7.centos.1.x86_64 1/3 Installing : autogen-libopts-5.18-5.el7.x86_64 2/3 Installing : ntp-4.2.6p5-25.el7.centos.1.x86_64 3/3 Verifying : ntp-4.2.6p5-25.el7.centos.1.x86_64 1/3 Verifying : autogen-libopts-5.18-5.el7.x86_64 2/3 Verifying : ntpdate-4.2.6p5-25.el7.centos.1.x86_64 3/3 Installed: ntp.x86_64 0:4.2.6p5-25.el7.centos.1 Dependency Installed: autogen-libopts.x86_64 0:5.18-5.el7 ntpdate.x86_64 0:4.2.6p5-25.el7.centos.1 Complete! #
Step 2: Aggiungere la regola al Firewall e avviare il servizio NTP
2. Il servizio NTP utilizza la porta UDP 123 sul livello di trasporto OSI (livello 4). Per aprire questa porta su CentOS 7 eseguire i seguenti comandi.
# firewall-cmd --add-service=ntp --permanent # firewall-cmd --reload
Step 3: Avviare i servizio
3. Eseguire i seguenti comandi per attivare e avviare il servizio NTP.
# systemctl start ntpd # systemctl enable ntpd # systemctl status ntpd
Step 4: Modifichiamo il file di configurazione
4. Eseguire i seguenti comandi per modificare i server di zona per la sincronizzazione NTP, prima però andiamo e controllando sul sito: http://www.pool.ntp.org/zone/it ‘To use this specific pool zone, add the following to your ntp.conf file:’
# vi /etc/ntp.conf includefile /etc/ntp/crypto/pw # For more information about this file, see the man pages # ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5). driftfile /var/lib/ntp/drift # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. restrict default nomodify notrap nopeer noquery # Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1 restrict ::1 # Hosts on local network are less restricted. restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap ##uncomment # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst ##comment #server 1.centos.pool.ntp.org iburst ##comment #server 2.centos.pool.ntp.org iburst ##comment #server 3.centos.pool.ntp.org iburst ##comment #Add: server 0.it.pool.ntp.org iburst server 1.it.pool.ntp.org iburst server 2.it.pool.ntp.org iburst server 3.it.pool.ntp.org iburst #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys # Specify the key identifiers which are trusted. #trustedkey 4 8 42 # Specify the key identifier to use with the ntpdc utility. #requestkey 8 # Specify the key identifier to use with the ntpq utility. #controlkey 8 # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor ## ADD Log logfile /var/log/ntp.log
Step 5: Riavviare il servizio:
5. Confermate e salvate le modifiche e riavviate il servizio con:
# systemctl restart ntpd # systemctl status ntpd OUTPUT: ● ntpd.service - Network Time Service Loaded: loaded (/usr/lib/systemd/system/ntpd.service; enabled; vendor preset: disabled) Active: active (running) since Tue 2017-04-04 17:13:13 EDT; 5min ago Main PID: 16856 (ntpd) CGroup: /system.slice/ntpd.service └─16856 /usr/sbin/ntpd -u ntp:ntp -g Apr 04 17:13:13 server.smbisoshare.local ntpd[16856]: Listen normally on 2 lo 127.0.0.1 UDP 123 Apr 04 17:13:13 server.smbisoshare.local ntpd[16856]: Listen normally on 3 ens192 192.168.1.200 UDP 123 Apr 04 17:13:13 server.smbisoshare.local ntpd[16856]: Listen normally on 4 lo ::1 UDP 123 Apr 04 17:13:13 server.smbisoshare.local ntpd[16856]: Listen normally on 5 ens192 fe80::e304:6d4f:120b:16ae UDP 123 Apr 04 17:13:13 server.smbisoshare.local ntpd[16856]: Listening on routing socket on fd #22 for interface updates Apr 04 17:13:13 server.smbisoshare.local systemd[1]: Started Network Time Service. Apr 04 17:13:14 server.smbisoshare.local ntpd[16856]: 0.0.0.0 c016 06 restart Apr 04 17:13:14 server.smbisoshare.local ntpd[16856]: 0.0.0.0 c012 02 freq_set kernel 0.000 PPM Apr 04 17:13:14 server.smbisoshare.local ntpd[16856]: 0.0.0.0 c011 01 freq_not_set Apr 04 17:13:21 server.smbisoshare.local ntpd[16856]: 0.0.0.0 c614 04 freq_mode
Step 6: Verificare Server Time Sync
6. Dopo che il servizio NTP è stato avviato, attendere qualche minuto per sincronizzare il tempo con i suoi list server configurati, quindi eseguire i seguenti comandi per verificare lo stato della sincronizzazione NTP e il tempo del vostro sistema.
# ntpq -p # date -R Es: # ntpq -p remote refid st t when poll reach delay offset jitter ========================================================================= server1.quickdr .INIT. 16 u - 64 0 0.000 0.000 0.000 212.121.88.250 .INIT. 16 u - 64 0 0.000 0.000 0.000 mini.blesmrt.ne .INIT. 16 u - 64 0 0.000 0.000 0.000 host22-187-177- .INIT. 16 u - 64 0 0.000 0.000 0.000 # date -R Tue, 04 Apr 2017 17:21:45 -0400