NTP サーバーの設定 / CentOS 6.5 (64-bit)
外部の NTP サーバーを用いて時間合わせを行います。また、ほかのサーバーなどからの時間問い合わせに応答します。
【インストール】
[root@vm003 ~]# yum -y install ntp Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: ftp.riken.jp * extras: ftp.riken.jp * updates: ftp.riken.jp base | 3.7 kB 00:00 extras | 3.4 kB 00:00 updates | 3.4 kB 00:00 updates/primary_db | 1.4 MB 00:00 Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package ntp.x86_64 0:4.2.6p5-1.el6.centos will be installed --> Processing Dependency: ntpdate = 4.2.6p5-1.el6.centos for package: ntp-4.2.6p5-1.el6.centos.x86_64 --> Running transaction check ---> Package ntpdate.x86_64 0:4.2.6p5-1.el6.centos will be installed --> Finished Dependency Resolution Dependencies Resolved ======================================================================================================================== Package Arch Version Repository Size ======================================================================================================================== Installing: ntp x86_64 4.2.6p5-1.el6.centos base 592 k Installing for dependencies: ntpdate x86_64 4.2.6p5-1.el6.centos base 75 k Transaction Summary ======================================================================================================================== Install 2 Package(s) Total download size: 667 k Installed size: 1.7 M Downloading Packages: (1/2): ntp-4.2.6p5-1.el6.centos.x86_64.rpm | 592 kB 00:00 (2/2): ntpdate-4.2.6p5-1.el6.centos.x86_64.rpm | 75 kB 00:00 ------------------------------------------------------------------------------------------------------------------------ Total 1.0 MB/s | 667 kB 00:00 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : ntpdate-4.2.6p5-1.el6.centos.x86_64 1/2 Installing : ntp-4.2.6p5-1.el6.centos.x86_64 2/2 Verifying : ntp-4.2.6p5-1.el6.centos.x86_64 1/2 Verifying : ntpdate-4.2.6p5-1.el6.centos.x86_64 2/2 Installed: ntp.x86_64 0:4.2.6p5-1.el6.centos Dependency Installed: ntpdate.x86_64 0:4.2.6p5-1.el6.centos Complete! [root@vm003 ~]#
【関係するファイル】
■ /etc/ntp.conf : 設定ファイル(赤太字:変更箇所 / 青太字:説明)
# For more information about this file, see the man pages # ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5). driftfile /var/lib/ntp/drift 時刻の補正情報記録用ファイル # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. restrict default kod nomodify notrap nopeer noquery すべての問い合わせを無視 restrict -6 default kod nomodify notrap nopeer noquery すべての問い合わせを無視 # Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1 自分自身との通信を許可(IPv4) restrict -6 ::1 自分自身との通信を許可(IPv6) # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap restrict 192.168.101.0 mask 255.255.255.0 nomodify notrap LAN からの通信を許可(IPv6) # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst #server 1.centos.pool.ntp.org iburst #server 2.centos.pool.ntp.org iburst #server 3.centos.pool.ntp.org iburst server ntp.nict.jp 参照する NTP サーバー server ntp.jst.mfeed.ad.jp 参照する NTP サーバー server s2csntp.miz.nao.ac.jp 参照する NTP サーバー server ats1.e-timing.ne.jp 参照する NTP サーバー server ntp.shoshin.co.jp 参照する NTP サーバー #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 autokey # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 autokey # manycast client # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys # Specify the key identifiers which are trusted. #trustedkey 4 8 42 # Specify the key identifier to use with the ntpdc utility. #requestkey 8 # Specify the key identifier to use with the ntpq utility. #controlkey 8 # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats
■ /etc/sysconfig/iptables : ポート:123(NTP)を解放(赤太字:追記箇所)
# Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 123 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 123 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT
【オペレーション】
■ /var/lib/ntp/drift の初期化(ntp サービスの停止時に実行)
[root@vm003 ~]# echo -n "0" > /var/lib/ntp/drift [root@vm003 ~]# ls -l /var/lib/ntp total 4 -rw-r--r--. 1 root root 1 Feb 5 22:20 drift [root@vm003 ~]#
■ ntp サーバーを用いた時刻合わせ(ntpd サービスの起動前に実行)
[root@vm003 ~]# ntpdate ntp.nict.jp 5 Feb 21:56:25 ntpdate[1412]: step time server 133.243.238.164 offset -7.121093 sec [root@vm003 ~]#
■ 起動時に ntpd を自動開始を有効化
[root@vm003 ~]# chkconfig ntpd on [root@vm003 ~]#
■ 起動時に ntpd を自動起動を無効化
[root@vm003 ~]# chkconfig ntpd off [root@vm003 ~]#
■ ランレベル毎の起動状況確認(自動起動:有効)
[root@vm003 ~]# chkconfig --list ntpd ntpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off [root@vm003 ~]#
■ ランレベル毎の起動状況確認(自動起動:無効)
[root@vm003 ~]# chkconfig --list ntpd ntpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off [root@vm003 ~]#
■ ntpd サービスの開始(起動)
[root@vm003 ~]# service ntpd start Starting ntpd: [ OK ] [root@vm003 ~]#
■ ntpd サービスの終了(停止)
[root@vm003 ~]# service ntpd stop Shutting down ntpd: [ OK ] [root@vm003 ~]#
■ ntpd サービスの再起動
[root@vm003 ~]# service ntpd restart Shutting down ntpd: [ OK ] Starting ntpd: [ OK ] [root@vm003 ~]#
■ NTP サーバーとの同期状態確認 : IP アドレスの前の"*"は同期が取れている NTP サーバーを示す
[root@vm003 ~]# ntpq -np remote refid st t when poll reach delay offset jitter ============================================================================== *133.243.238.243 .NICT. 1 u 16 64 177 18.588 -21.065 5.375 -210.173.160.27 172.29.2.50 2 u 13 64 177 18.332 -15.786 6.844 -133.40.41.134 133.40.41.133 2 u 16 64 177 29.874 -24.744 7.189 +61.114.187.55 .PPS. 1 u 10 64 177 18.876 -13.214 9.165 +210.168.211.231 .CDMA. 1 u 12 64 177 24.947 -15.717 5.860 [root@vm003 ~]#
« 内部 DNS の構築 / CentOS 6.5 (64-bit) | トップページ | VMware vSphere Clinet 5.5 のインストール / vSpher 5.5 Update 1(ESXi5.5U1) »
「Linux」カテゴリの記事
- NTP サーバーの設定 / CentOS 6.5 (64-bit)(2014.02.05)
- 内部 DNS の構築 / CentOS 6.5 (64-bit)(2013.12.31)
- NTP クライアントの設定 / CentOS 6.5 (64-bit)(2013.12.28)
- TCP Wrapper によるアクセス制御 / CentOS 6.5 (64-bit)(2013.12.28)
- wheel グループに所属するユーザーが "sudo" コマンドを使用できるようにする / CentOS 6.5 (64-bit)(2013.12.24)