The time correction is very important on any systems as tracking log between servers, business data flow, Kerberos authentication and so on. For this reason, I will build a internal time server as bridgehead to synchronize the time between servers and clients.
Which one is chosen about Time Server? The NTPD(Network Time Protocol Daemon) will be best choice on Linux platform.
How to do it? The general process is that first install & configure ntpd, then correct the current time/zone on this server, adjust the firewall rule, configure ntpd on server boot, and verify whether the function is normal.
Install NTP via tarball
Prerequisite
To create a new ntp group with a specific groupid by using the groupadd –g 38 ntp commandTo create a new ntp user with specific userid by using the useradd –d /etc/ntp –u 38 –g ntp –s /sbin/nologin ntp commandTo install the Development tools for compiling any application by using the yum groupinstall “Development tools” command
Compile & Install
To download a recent NTP tarfile from NTP home page http://www.ntp.org/ and extract this compressed package in the /tmp directory by using the tar –zxvf ntp-4.2.6p5.tar.gz commandSo does that the ntp source tree will be created. To switch to the distribution base directory for making this software.To configure sources for performing an automatic configuration procedure that inspect the hardware & software environment and configure the build process by using ./configure - -prefix=/usr - -sysconfdir=/etc - -with-binsubdir=sbin - -with-lineeditlibs=readline - - enable-clockctl command (# 1)To compile and link the distribution sources by using make commandTo install ntp by using make install command so that the executable file by default is in the /usr/local/bin directory
Set Permission and Parameter
To create a /var/lib/ntp directory next to set the directory permission to 755 by using the chmod 755 /var/lib/ntp command and change the UIG:GID for /var/lib/ntp to ntp:ntp by using the chown –v ntp:ntp /var/lib/ntp commandTo change the /var/run/ntpd.pid UIG:GID to ntp:ntp by using the chown ntp:ntp /var/run/ntpd.pid command
To create a /etc/sysconfig/ntpd directory and add some parameters for passing argument to the ntpd daemon at boot time.
To create a /etc/ntp/crypto directory, the /etc/ntp/crypto/pw & /etc/ntp/keys file and change the owner & permission to this directory
Install NTP via yum
To install ntpd by using the yum install ntp command
Configure NTP via tarball or yum
After finish the above one installation, we have to modify or add the /etc/ntp.conf file based on our environment by using vi /etc/ntp.conf command. (# 2)
The following expression is different result before- and after- modify the ntp.conf file.
AS-ISTO-BE
Adjust iptables for NTP
To add a firewall rule by using the iptables command that will open the UDP port 123 for allowing this NTP server communicate with the internal client and external time server.Due to the above command just temporarily store in memory, we have to execute the service iptables save command that avoid the new rule miss after the system reboot. For applying the new rule, we will restart iptables daemon by using the service iptables restart command.
The following expression is different result before- and after- do the iptables command.
AS-ISTO-BE
Start NTP automatically
If the ntp is installed via tarball, we need to create a /etc/init.d/ntpd file and add some content as follows next to set this file permission to 755/etc/init.d/ntpdTo set ntp daemon to auto start on boot by using the chkconfig ntpd on command
If the ntp is installed via yum,we can update chkconfig by executing the chkconfig - - level 235 on command so that the ntp will start automatically on the system startup.
Start NTP manually
If the ntp is installed via tarball, we can start this daemon by using the /etc/init.d/ntpd start command
If the ntp is installed via yum,we can start it by using the /etc/init.d/ntpd start or service ntpd start command
Verify NTP mechanism
To realize whether the ntp daemon is running now by using the service ntpd status command.To confirm whether the system clock can synchronize the outside time server by using the ntpstat command.To realize the relationship between the ntp and up time server by using the ntpd –p command. (# 3)
To realize whether the UDP port 123 is listening now by using the netstat –unlnp | grep 123 command
Until now, we have already finish NTP daemon setup and installation.
Reference :
(# 1) If execute configure command without the - - enable-clockctl parameter, we will get the error when start ntpd daemon.
(# 2) If we want to configure NTP time server in /etc/ntp.conf, maybe we can refer to the NTP Pool Project Web Site and choose the neighboring time server as Asia for us.To choose the neighbor zone as TaiwanSo does that we can add the pool zone to the /etc/ntp.conf file
(# 3) If it have no a NTP drift file after time correction, we have to create a drift file manually by using the echo 0 > /var/lib/ntp/drift commandand change the UIG:GID to ntp:ntp by using the chown ntp:ntp /var/lib/ntp/drift command
沒有留言:
張貼留言