網頁

2013年9月21日 星期六

NTP --- Install & Configure NTP daemon on Minimal CentOS 6.x

The time correction is very important on any systems as tracking log between servers, business data flow, Kerberos authentication and so on. For this reason, I will build a internal time server as bridgehead to synchronize the time between servers and clients.
Which one is chosen about Time Server? The NTPD(Network Time Protocol Daemon) will be best choice on Linux platform.
How to do it? The general process is that first install & configure ntpd, then correct the current time/zone on this server, adjust the firewall rule, configure ntpd on server boot, and verify whether the function is normal.

Install NTP via tarball
Prerequisite
To create a new ntp group with a specific groupid by using the groupadd –g 38 ntp commandScreenShot006To create a new ntp user with specific userid by using the useradd –d /etc/ntp –u 38 –g ntp –s /sbin/nologin ntp commandScreenShot007To install the Development tools for compiling any application by using the yum groupinstall “Development tools” commandScreenShot003
Compile & Install
To download a recent NTP tarfile from NTP home page http://www.ntp.org/ and extract this compressed package in the /tmp directory by using the tar –zxvf  ntp-4.2.6p5.tar.gz commandScreenHunter_01So does that the ntp source tree will be created. To switch to the distribution base directory for making this software.ScreenHunter_03To configure sources for performing an automatic configuration procedure that inspect the hardware & software environment and configure the build process by using ./configure - -prefix=/usr - -sysconfdir=/etc - -with-binsubdir=sbin - -with-lineeditlibs=readline - - enable-clockctl command (# 1)ScreenShot016ScreenHunter_14To compile and link the distribution sources by using make commandScreenShot005ScreenHunter_10To install ntp by using make install command so that the executable file by default is in the /usr/local/bin directoryScreenHunter_15ScreenHunter_11
Set Permission and Parameter
To create a /var/lib/ntp directory next to set the directory permission to 755 by using the chmod 755 /var/lib/ntp command and change the UIG:GID for /var/lib/ntp to ntp:ntp by using the chown –v ntp:ntp /var/lib/ntp commandScreenShot011To change the /var/run/ntpd.pid UIG:GID to ntp:ntp by using the chown ntp:ntp /var/run/ntpd.pid command
To create a /etc/sysconfig/ntpd directory and add some parameters for passing argument to the ntpd daemon at boot time.ScreenShot012
To create a /etc/ntp/crypto directory, the /etc/ntp/crypto/pw & /etc/ntp/keys file and change the owner & permission to this directory

Install NTP via yum
To install ntpd by using the yum install ntp commandScreenShot003ScreenShot004
Configure NTP via tarball or yum

After finish the above one installation, we have to modify or add the /etc/ntp.conf file based on our environment by using vi /etc/ntp.conf command. (# 2)

The following expression is different result before- and after- modify the ntp.conf file.
AS-ISScreenShot005TO-BEScreenShot015

Adjust iptables for NTP
To add a firewall rule by using the iptables command that will open the UDP port 123 for allowing this NTP server communicate with the internal client and external time server.ScreenShot017ScreenShot018Due to the above command just temporarily store in memory, we have to execute the service iptables save command that avoid the new rule miss after the system reboot. For applying the new rule, we will restart iptables daemon by using the service iptables restart command.ScreenShot019
The following expression is different result before- and after- do the iptables command.
AS-ISScreenShot005TO-BEScreenShot020

Start NTP automatically
If the ntp is installed via tarball, we need to create a /etc/init.d/ntpd file and add some content as follows next to set this file permission to 755ScreenShot014/etc/init.d/ntpdScreenShot018ScreenShot019To set ntp daemon to auto start on boot by using the chkconfig ntpd on commandScreenShot001
If the ntp is installed via yum,we can update chkconfig by executing the chkconfig - - level 235 on command so that the ntp will start automatically on the system startup.ScreenShot011
Start NTP manually
If the ntp is installed via tarball, we can start this daemon by using the /etc/init.d/ntpd start commandScreenShot017
If the ntp is installed via yum,we can start it by using the /etc/init.d/ntpd start or service ntpd start commandScreenShot005

Verify NTP mechanism
To realize whether the ntp daemon is running now by using the service ntpd status command.ScreenShot020To confirm whether the system clock can synchronize the outside time server by using the ntpstat command.ScreenShot017To realize the relationship between the ntp and up time server by using the ntpd –p command. (# 3)
ScreenShot018To realize whether the UDP port 123 is listening now by using the netstat –unlnp | grep 123 commandScreenShot014
Until now, we have already finish NTP daemon setup and installation.

Reference :
(# 1) If execute configure command without the - - enable-clockctl parameter, we will get the error when start ntpd daemon.ScreenShot015
(# 2) If we want to configure NTP time server in /etc/ntp.conf, maybe we can refer to the NTP Pool Project Web Site and choose the neighboring time server as Asia for us.ScreenHunter_07To choose the neighbor zone as TaiwanScreenHunter_03So does that we can add the pool zone to the /etc/ntp.conf fileScreenHunter_04
(# 3) If it have no a NTP drift file after time correction, we have to create a drift file manually by using the echo 0 > /var/lib/ntp/drift commandScreenShot004and change the UIG:GID to ntp:ntp by using the chown ntp:ntp /var/lib/ntp/drift commandScreenShot005

沒有留言:

張貼留言

Since 2010 Design by Davidwa
©Copyright Davidwa Inc. All rights reserved.