« 内部 DNS の構築 / CentOS 6.5 (64-bit) | トップページ | VMware vSphere Clinet 5.5 のインストール / vSpher 5.5 Update 1(ESXi5.5U1) »

NTP サーバーの設定 / CentOS 6.5 (64-bit)

外部の NTP サーバーを用いて時間合わせを行います。また、ほかのサーバーなどからの時間問い合わせに応答します。



【インストール】

[root@vm003 ~]# yum -y install ntp
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: ftp.riken.jp
 * extras: ftp.riken.jp
 * updates: ftp.riken.jp
base                                                                                             | 3.7 kB     00:00
extras                                                                                           | 3.4 kB     00:00
updates                                                                                          | 3.4 kB     00:00
updates/primary_db                                                                               | 1.4 MB     00:00
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package ntp.x86_64 0:4.2.6p5-1.el6.centos will be installed
--> Processing Dependency: ntpdate = 4.2.6p5-1.el6.centos for package: ntp-4.2.6p5-1.el6.centos.x86_64
--> Running transaction check
---> Package ntpdate.x86_64 0:4.2.6p5-1.el6.centos will be installed
--> Finished Dependency Resolution

Dependencies Resolved

========================================================================================================================
 Package                   Arch                     Version                                Repository              Size
========================================================================================================================
Installing:
 ntp                       x86_64                   4.2.6p5-1.el6.centos                   base                   592 k
Installing for dependencies:
 ntpdate                   x86_64                   4.2.6p5-1.el6.centos                   base                    75 k

Transaction Summary
========================================================================================================================
Install       2 Package(s)

Total download size: 667 k
Installed size: 1.7 M
Downloading Packages:
(1/2): ntp-4.2.6p5-1.el6.centos.x86_64.rpm                                                       | 592 kB     00:00
(2/2): ntpdate-4.2.6p5-1.el6.centos.x86_64.rpm                                                   |  75 kB     00:00
------------------------------------------------------------------------------------------------------------------------
Total                                                                                   1.0 MB/s | 667 kB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : ntpdate-4.2.6p5-1.el6.centos.x86_64                                                                  1/2
  Installing : ntp-4.2.6p5-1.el6.centos.x86_64                                                                      2/2
  Verifying  : ntp-4.2.6p5-1.el6.centos.x86_64                                                                      1/2
  Verifying  : ntpdate-4.2.6p5-1.el6.centos.x86_64                                                                  2/2

Installed:
  ntp.x86_64 0:4.2.6p5-1.el6.centos

Dependency Installed:
  ntpdate.x86_64 0:4.2.6p5-1.el6.centos

Complete!
[root@vm003 ~]#




【関係するファイル】

■ /etc/ntp.conf : 設定ファイル(赤太字:変更箇所 / 青太字:説明)

# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).

driftfile /var/lib/ntp/drift                                           時刻の補正情報記録用ファイル

# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery                    すべての問い合わせを無視
restrict -6 default kod nomodify notrap nopeer noquery                 すべての問い合わせを無視

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1                                                     自分自身との通信を許可(IPv4)
restrict -6 ::1                                                        自分自身との通信を許可(IPv6)

# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
restrict 192.168.101.0 mask 255.255.255.0 nomodify notrap
                                                                       LAN からの通信を許可(IPv6)
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server ntp.nict.jp                     参照する NTP サーバー
server ntp.jst.mfeed.ad.jp             参照する NTP サーバー
server s2csntp.miz.nao.ac.jp           参照する NTP サーバー
server ats1.e-timing.ne.jp             参照する NTP サーバー
server ntp.shoshin.co.jp               参照する NTP サーバー

#broadcast 192.168.1.255 autokey        # broadcast server
#broadcastclient                        # broadcast client
#broadcast 224.0.1.1 autokey            # multicast server
#multicastclient 224.0.1.1              # multicast client
#manycastserver 239.255.254.254         # manycast server
#manycastclient 239.255.254.254 autokey # manycast client

# Enable public key cryptography.
#crypto

includefile /etc/ntp/crypto/pw

# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys

# Specify the key identifiers which are trusted.
#trustedkey 4 8 42

# Specify the key identifier to use with the ntpdc utility.
#requestkey 8

# Specify the key identifier to use with the ntpq utility.
#controlkey 8

# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats


■ /etc/sysconfig/iptables : ポート:123(NTP)を解放(赤太字:追記箇所)

# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 123 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 123 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT




【オペレーション】

■ /var/lib/ntp/drift の初期化(ntp サービスの停止時に実行)

[root@vm003 ~]# echo -n "0" > /var/lib/ntp/drift
[root@vm003 ~]# ls -l /var/lib/ntp
total 4
-rw-r--r--. 1 root root 1 Feb  5 22:20 drift
[root@vm003 ~]#


■ ntp サーバーを用いた時刻合わせ(ntpd サービスの起動前に実行)

[root@vm003 ~]# ntpdate ntp.nict.jp
 5 Feb 21:56:25 ntpdate[1412]: step time server 133.243.238.164 offset -7.121093 sec
[root@vm003 ~]#


■ 起動時に ntpd を自動開始を有効化

[root@vm003 ~]# chkconfig ntpd on
[root@vm003 ~]#


■ 起動時に ntpd を自動起動を無効化

[root@vm003 ~]# chkconfig ntpd off
[root@vm003 ~]#


■ ランレベル毎の起動状況確認(自動起動:有効)

[root@vm003 ~]# chkconfig --list ntpd
ntpd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
[root@vm003 ~]#


■ ランレベル毎の起動状況確認(自動起動:無効)

[root@vm003 ~]# chkconfig --list ntpd
ntpd            0:off   1:off   2:off   3:off   4:off   5:off   6:off
[root@vm003 ~]#


■ ntpd サービスの開始(起動)

[root@vm003 ~]# service ntpd start
Starting ntpd:                                             [  OK  ]
[root@vm003 ~]#


■ ntpd サービスの終了(停止)

[root@vm003 ~]# service ntpd stop
Shutting down ntpd:                                        [  OK  ]
[root@vm003 ~]#


■ ntpd サービスの再起動

[root@vm003 ~]# service ntpd restart
Shutting down ntpd:                                        [  OK  ]
Starting ntpd:                                             [  OK  ]
[root@vm003 ~]#


■ NTP サーバーとの同期状態確認 : IP アドレスの前の"*"は同期が取れている NTP サーバーを示す

[root@vm003 ~]# ntpq -np
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*133.243.238.243 .NICT.           1 u   16   64  177   18.588  -21.065   5.375
-210.173.160.27  172.29.2.50      2 u   13   64  177   18.332  -15.786   6.844
-133.40.41.134   133.40.41.133    2 u   16   64  177   29.874  -24.744   7.189
+61.114.187.55   .PPS.            1 u   10   64  177   18.876  -13.214   9.165
+210.168.211.231 .CDMA.           1 u   12   64  177   24.947  -15.717   5.860
[root@vm003 ~]#

« 内部 DNS の構築 / CentOS 6.5 (64-bit) | トップページ | VMware vSphere Clinet 5.5 のインストール / vSpher 5.5 Update 1(ESXi5.5U1) »

Linux」カテゴリの記事