NTP サーバーの設定 / CentOS 6.5 (64-bit)
外部の NTP サーバーを用いて時間合わせを行います。また、ほかのサーバーなどからの時間問い合わせに応答します。
【インストール】
[root@vm003 ~]# yum -y install ntp Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: ftp.riken.jp * extras: ftp.riken.jp * updates: ftp.riken.jp base | 3.7 kB 00:00 extras | 3.4 kB 00:00 updates | 3.4 kB 00:00 updates/primary_db | 1.4 MB 00:00 Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package ntp.x86_64 0:4.2.6p5-1.el6.centos will be installed --> Processing Dependency: ntpdate = 4.2.6p5-1.el6.centos for package: ntp-4.2.6p5-1.el6.centos.x86_64 --> Running transaction check ---> Package ntpdate.x86_64 0:4.2.6p5-1.el6.centos will be installed --> Finished Dependency Resolution Dependencies Resolved ======================================================================================================================== Package Arch Version Repository Size ======================================================================================================================== Installing: ntp x86_64 4.2.6p5-1.el6.centos base 592 k Installing for dependencies: ntpdate x86_64 4.2.6p5-1.el6.centos base 75 k Transaction Summary ======================================================================================================================== Install 2 Package(s) Total download size: 667 k Installed size: 1.7 M Downloading Packages: (1/2): ntp-4.2.6p5-1.el6.centos.x86_64.rpm | 592 kB 00:00 (2/2): ntpdate-4.2.6p5-1.el6.centos.x86_64.rpm | 75 kB 00:00 ------------------------------------------------------------------------------------------------------------------------ Total 1.0 MB/s | 667 kB 00:00 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : ntpdate-4.2.6p5-1.el6.centos.x86_64 1/2 Installing : ntp-4.2.6p5-1.el6.centos.x86_64 2/2 Verifying : ntp-4.2.6p5-1.el6.centos.x86_64 1/2 Verifying : ntpdate-4.2.6p5-1.el6.centos.x86_64 2/2 Installed: ntp.x86_64 0:4.2.6p5-1.el6.centos Dependency Installed: ntpdate.x86_64 0:4.2.6p5-1.el6.centos Complete! [root@vm003 ~]#
【関係するファイル】
■ /etc/ntp.conf : 設定ファイル(赤太字:変更箇所 / 青太字:説明)
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile /var/lib/ntp/drift 時刻の補正情報記録用ファイル
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery すべての問い合わせを無視
restrict -6 default kod nomodify notrap nopeer noquery すべての問い合わせを無視
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1 自分自身との通信を許可(IPv4)
restrict -6 ::1 自分自身との通信を許可(IPv6)
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
restrict 192.168.101.0 mask 255.255.255.0 nomodify notrap
LAN からの通信を許可(IPv6)
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server ntp.nict.jp 参照する NTP サーバー
server ntp.jst.mfeed.ad.jp 参照する NTP サーバー
server s2csntp.miz.nao.ac.jp 参照する NTP サーバー
server ats1.e-timing.ne.jp 参照する NTP サーバー
server ntp.shoshin.co.jp 参照する NTP サーバー
#broadcast 192.168.1.255 autokey # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 autokey # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 autokey # manycast client
# Enable public key cryptography.
#crypto
includefile /etc/ntp/crypto/pw
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats
■ /etc/sysconfig/iptables : ポート:123(NTP)を解放(赤太字:追記箇所)
# Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 123 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 123 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT
【オペレーション】
■ /var/lib/ntp/drift の初期化(ntp サービスの停止時に実行)
[root@vm003 ~]# echo -n "0" > /var/lib/ntp/drift [root@vm003 ~]# ls -l /var/lib/ntp total 4 -rw-r--r--. 1 root root 1 Feb 5 22:20 drift [root@vm003 ~]#
■ ntp サーバーを用いた時刻合わせ(ntpd サービスの起動前に実行)
[root@vm003 ~]# ntpdate ntp.nict.jp 5 Feb 21:56:25 ntpdate[1412]: step time server 133.243.238.164 offset -7.121093 sec [root@vm003 ~]#
■ 起動時に ntpd を自動開始を有効化
[root@vm003 ~]# chkconfig ntpd on [root@vm003 ~]#
■ 起動時に ntpd を自動起動を無効化
[root@vm003 ~]# chkconfig ntpd off [root@vm003 ~]#
■ ランレベル毎の起動状況確認(自動起動:有効)
[root@vm003 ~]# chkconfig --list ntpd ntpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off [root@vm003 ~]#
■ ランレベル毎の起動状況確認(自動起動:無効)
[root@vm003 ~]# chkconfig --list ntpd ntpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off [root@vm003 ~]#
■ ntpd サービスの開始(起動)
[root@vm003 ~]# service ntpd start Starting ntpd: [ OK ] [root@vm003 ~]#
■ ntpd サービスの終了(停止)
[root@vm003 ~]# service ntpd stop Shutting down ntpd: [ OK ] [root@vm003 ~]#
■ ntpd サービスの再起動
[root@vm003 ~]# service ntpd restart Shutting down ntpd: [ OK ] Starting ntpd: [ OK ] [root@vm003 ~]#
■ NTP サーバーとの同期状態確認 : IP アドレスの前の"*"は同期が取れている NTP サーバーを示す
[root@vm003 ~]# ntpq -np
remote refid st t when poll reach delay offset jitter
==============================================================================
*133.243.238.243 .NICT. 1 u 16 64 177 18.588 -21.065 5.375
-210.173.160.27 172.29.2.50 2 u 13 64 177 18.332 -15.786 6.844
-133.40.41.134 133.40.41.133 2 u 16 64 177 29.874 -24.744 7.189
+61.114.187.55 .PPS. 1 u 10 64 177 18.876 -13.214 9.165
+210.168.211.231 .CDMA. 1 u 12 64 177 24.947 -15.717 5.860
[root@vm003 ~]#
« 内部 DNS の構築 / CentOS 6.5 (64-bit) | トップページ | VMware vSphere Clinet 5.5 のインストール / vSpher 5.5 Update 1(ESXi5.5U1) »
「Linux」カテゴリの記事
- NTP サーバーの設定 / CentOS 6.5 (64-bit)(2014.02.05)
- 内部 DNS の構築 / CentOS 6.5 (64-bit)(2013.12.31)
- NTP クライアントの設定 / CentOS 6.5 (64-bit)(2013.12.28)
- TCP Wrapper によるアクセス制御 / CentOS 6.5 (64-bit)(2013.12.28)
- wheel グループに所属するユーザーが "sudo" コマンドを使用できるようにする / CentOS 6.5 (64-bit)(2013.12.24)