티스토리 뷰
## 관련글 : Chrony를 이용한 서버 시간 동기화 - http://blog.naver.com/wizardkyn/220841000603
참고 URL :
http://www.tecmint.com/install-ntp-server-in-centos/
사전준비 : ntp 대신 더 개선된 chrony가 기본적으로 설치되어 있다. 이를 먼저 제거한다.
ntp vs chrony에 대해 참조문서는 모바일 혹은 가상 시스템처럼 빈번한 대기나 접속 차단이 불가피한 상황에서는 chrony를 사용하고, 항상 연결이 보장된 상황에서는 ntp를 사용하라고 권고한다. 또한 chrony가 대칭키 인증만 지원하는 반면 Autokey protocol을 사용한 패킷 인증이 필요한 상황에서는 ntp를 사용할 수 밖에 없다고 한다.
[root@oracle ~]# systemctl status chronyd [root@oracle ~]# systemctl stop chronyd [root@oracle ~]# systemctl disable chronyd [root@oracle ~]# yum remove chrony
1. NTP Daemon이 설치되어 있지 않다면 설치
[root@oracle ~]# yum install ntp
2. 설정 파일 Setting (한국 공용 타임서버 풀 목록 : http://www.pool.ntp.org/zone/kr)
[root@oracle ~]# vi /etc/ntp.conf # 기존 서버 목록은 주석 처리 #server 0.centos.pool.ntp.org iburst #server 1.centos.pool.ntp.org iburst #server 2.centos.pool.ntp.org iburst #server 3.centos.pool.ntp.org iburst # 한국 공용 타임서버 목록 설정 server 1.kr.pool.ntp.org server 0.asia.pool.ntp.org server 2.asia.pool.ntp.org # 내부 네트워크에서 이 서버를 타임서버로 참조하기 위한 설정 restrict 192.168.110.0 mask 255.255.255.0 nomodify notrap # 클라이언트 서버들은 이 서버의 IP를 타임서버로 추가해서 사용 # 예: server 192.168.110.140
3. 방화벽 등록 (Network Time Protocol은 UDP 123 포트를 사용한다)
[root@oracle ~]# firewall-cmd --add-service=ntp --permanent [root@oracle ~]# firewall-cmd --reload
4. NTP Daemon 시작 및 동기화 확인
[root@oracle ~]# systemctl start ntpd
[root@oracle ~]# systemctl enable ntpd
# 동기화 보기
[root@oracle ~]# ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
+106.247.248.106 203.248.240.140 3 u 41 64 1 10.898 20.087 0.000
+ntp.uii.net.id 10.84.87.146 2 u 40 64 1 244.110 61.631 0.000
*210.23.18.200 .PPS. 1 u 40 64 1 131.000 13.749 0.000
# * 표시가 현재 동기화 중인 서버를 가리킨다
# + 표시는 동기화 후보를 나타낸다
내부 네트워크에서 다른 서버가 이 서버를 타임서버로 참조한 모습
[root@oracle ~]# ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
*192.168.110.140 210.23.25.77 2 u 32 64 1 0.494 -34.340 0.000
설정파일(/etc/ntp.conf)에 타임서버만 설정한 상태(server 192.168.110.140)
참고. 즉시 동기화 명령들
[root@oracle ~]# ntpdate -q time.bora.net [root@oracle ~]# ntpdate -d time.bora.net [root@oracle ~]# ntpdate -q 0.asia.pool.ntp.org 1.kr.pool.ntp.org server 157.7.203.102, stratum 3, offset -0.007056, delay 0.05814 server 106.247.248.106, stratum 3, offset 0.009812, delay 0.03073 server 202.156.0.34, stratum 0, offset 0.000000, delay 0.00000 server 218.189.210.3, stratum 2, offset -0.004372, delay 0.10338 server 211.233.40.78, stratum 2, offset -0.012524, delay 0.03069 server 211.233.84.186, stratum 2, offset -0.001627, delay 0.02975 server 106.247.248.106, stratum 0, offset 0.000000, delay 0.00000 server 114.207.245.166, stratum 2, offset -0.007980, delay 0.03070 19 Oct 20:11:58 ntpdate[3448]: adjust time server 211.233.84.186 offset -0.001627 seccf.https://zetawiki.com/wiki/%EB%A6%AC%EB%88%85%EC%8A%A4_%EC%8B%9C%EA%B0%84_%EB%A7%9E%EB%8A%94%EC%A7%80_%ED%99%95%EC%9D%B8
----------------------------------------------------------------------------------------------------------------------------------------------------
*20180524
노트북의 chrony를 삭제하고 NTP 설치 및 구성한 로그
[root@kiostory ~]# ntpq -p
bash: ntpq: 명령을 찾을 수 없습니다...
You have new mail in /var/spool/mail/root
[root@kiostory ~]# cd /etc/
[root@kiostory etc]# ls -al ntpd.conf
ls: cannot access ntpd.conf: 그런 파일이나 디렉터리가 없습니다
[root@kiostory etc]# ls -al ntp*
-rw-r--r--. 1 root root 2136 5월 11 23:23 ntp.conf.rpmsave
ntp:
합계 24
drwxr-xr-x. 2 root root 38 5월 12 17:39 .
drwxr-xr-x. 145 root root 12288 5월 24 21:40 ..
-rw-------. 1 root root 86 4월 11 05:29 keys
-rw-r--r--. 1 root root 74 4월 11 05:29 step-tickers
[root@kiostory etc]# chrony
bash: chrony: 명령을 찾을 수 없습니다...
[root@kiostory etc]# systemctl status cronyd
Unit cronyd.service could not be found.
[root@kiostory etc]# systemctl stop chronyd
[root@kiostory etc]# systemctl start chronyd
[root@kiostory etc]# systemctl status chronyd
● chronyd.service - NTP client/server
Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
Active: active (running) since 목 2018-05-24 21:49:36 KST; 7s ago
Docs: man:chronyd(8)
man:chrony.conf(5)
Process: 31231 ExecStartPost=/usr/libexec/chrony-helper update-daemon (code=exited, status=0/SUCCESS)
Process: 31225 ExecStart=/usr/sbin/chronyd $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 31229 (chronyd)
Tasks: 1
CGroup: /system.slice/chronyd.service
└─31229 /usr/sbin/chronyd
5월 24 21:49:36 kiostory systemd[1]: Starting NTP client/server...
5월 24 21:49:36 kiostory chronyd[31229]: chronyd version 3.2 starting (+CM...)
5월 24 21:49:36 kiostory chronyd[31229]: Frequency -4.777 +/- 2.658 ppm re...t
5월 24 21:49:36 kiostory systemd[1]: Started NTP client/server.
5월 24 21:49:41 kiostory chronyd[31229]: Selected source 92.223.73.5
Hint: Some lines were ellipsized, use -l to show in full.
[root@kiostory etc]# systemctl stop chronyd
[root@kiostory etc]# systemctl disable chronyd
Removed symlink /etc/systemd/system/multi-user.target.wants/chronyd.service.
[root@kiostory etc]#
[root@kiostory etc]#
[root@kiostory etc]#
[root@kiostory etc]# yum remove chronyd
Loaded plugins: fastestmirror, langpacks
No Match for argument: chronyd
No Packages marked for removal
[root@kiostory etc]# yum remove chrony
Loaded plugins: fastestmirror, langpacks
Resolving Dependencies
--> Running transaction check
---> Package chrony.x86_64 0:3.2-2.el7 will be erased
--> Processing Dependency: chrony for package: anaconda-core-21.48.22.134-1.el7.centos.x86_64
--> Running transaction check
---> Package anaconda-core.x86_64 0:21.48.22.134-1.el7.centos will be erased
--> Processing Dependency: anaconda-core = 21.48.22.134-1.el7.centos for package: anaconda-tui-21.48.22.134-1.el7.centos.x86_64
--> Processing Dependency: anaconda-core = 21.48.22.134-1.el7.centos for package: anaconda-gui-21.48.22.134-1.el7.centos.x86_64
--> Running transaction check
---> Package anaconda-gui.x86_64 0:21.48.22.134-1.el7.centos will be erased
--> Processing Dependency: anaconda-gui >= 21.48.22.102 for package: initial-setup-gui-0.3.9.43-1.el7.centos.x86_64
---> Package anaconda-tui.x86_64 0:21.48.22.134-1.el7.centos will be erased
--> Processing Dependency: anaconda-tui >= 21.48.22.102 for package: initial-setup-0.3.9.43-1.el7.centos.x86_64
--> Running transaction check
---> Package initial-setup.x86_64 0:0.3.9.43-1.el7.centos will be erased
---> Package initial-setup-gui.x86_64 0:0.3.9.43-1.el7.centos will be erased
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Removing:
chrony x86_64 3.2-2.el7 @anaconda 476 k
Removing for dependencies:
anaconda-core x86_64 21.48.22.134-1.el7.centos @anaconda 8.1 M
anaconda-gui x86_64 21.48.22.134-1.el7.centos @anaconda 1.4 M
anaconda-tui x86_64 21.48.22.134-1.el7.centos @anaconda 436 k
initial-setup x86_64 0.3.9.43-1.el7.centos @anaconda 221 k
initial-setup-gui x86_64 0.3.9.43-1.el7.centos @anaconda 32 k
Transaction Summary
================================================================================
Remove 1 Package (+5 Dependent packages)
Installed size: 11 M
Is this ok [y/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Erasing : initial-setup-gui-0.3.9.43-1.el7.centos.x86_64 1/6
Erasing : anaconda-gui-21.48.22.134-1.el7.centos.x86_64 2/6
Erasing : initial-setup-0.3.9.43-1.el7.centos.x86_64 3/6
Erasing : anaconda-core-21.48.22.134-1.el7.centos.x86_64 4/6
Erasing : anaconda-tui-21.48.22.134-1.el7.centos.x86_64 5/6
Erasing : chrony-3.2-2.el7.x86_64 6/6
경고: /etc/chrony.conf(이)가 /etc/chrony.conf.rpmsave(으)로 저장되었습니다
Verifying : initial-setup-0.3.9.43-1.el7.centos.x86_64 1/6
Verifying : initial-setup-gui-0.3.9.43-1.el7.centos.x86_64 2/6
Verifying : anaconda-core-21.48.22.134-1.el7.centos.x86_64 3/6
Verifying : chrony-3.2-2.el7.x86_64 4/6
Verifying : anaconda-gui-21.48.22.134-1.el7.centos.x86_64 5/6
Verifying : anaconda-tui-21.48.22.134-1.el7.centos.x86_64 6/6
Removed:
chrony.x86_64 0:3.2-2.el7
Dependency Removed:
anaconda-core.x86_64 0:21.48.22.134-1.el7.centos
anaconda-gui.x86_64 0:21.48.22.134-1.el7.centos
anaconda-tui.x86_64 0:21.48.22.134-1.el7.centos
initial-setup.x86_64 0:0.3.9.43-1.el7.centos
initial-setup-gui.x86_64 0:0.3.9.43-1.el7.centos
Complete!
[root@kiostory etc]#
[root@kiostory etc]#
[root@kiostory etc]# yum install ntp
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: data.nicehosting.co.kr
* epel: ftp.riken.jp
* extras: data.nicehosting.co.kr
* updates: mirror.navercorp.com
Resolving Dependencies
--> Running transaction check
---> Package ntp.x86_64 0:4.2.6p5-28.el7.centos will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
ntp x86_64 4.2.6p5-28.el7.centos base 549 k
Transaction Summary
================================================================================
Install 1 Package
Total download size: 549 k
Installed size: 1.4 M
Is this ok [y/d/N]: y
Downloading packages:
ntp-4.2.6p5-28.el7.centos.x86_64.rpm | 549 kB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : ntp-4.2.6p5-28.el7.centos.x86_64 1/1
Verifying : ntp-4.2.6p5-28.el7.centos.x86_64 1/1
Installed:
ntp.x86_64 0:4.2.6p5-28.el7.centos
Complete!
[root@kiostory etc]# vi ntp.conf
[root@kiostory etc]#
[root@kiostory etc]#
[root@kiostory etc]#
[root@kiostory etc]# ifconfig
ens3: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether 00:16:d3:fa:38:3f txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 17
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 950 bytes 74900 (73.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 950 bytes 74900 (73.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:c7:f4:2b txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wls5: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.35.240 netmask 255.255.255.0 broadcast 192.168.35.255
inet6 fe80::375e:4c8a:2657:2cd4 prefixlen 64 scopeid 0x20<link>
ether 00:1c:bf:33:f8:b3 txqueuelen 1000 (Ethernet)
RX packets 17631 bytes 17281692 (16.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 12889 bytes 1418095 (1.3 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@kiostory etc]# cat ntp.conf
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile /var/lib/ntp/drift
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict ::1
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
#broadcast 192.168.1.255 autokey # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 autokey # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 autokey # manycast client
# Enable public key cryptography.
#crypto
includefile /etc/ntp/crypto/pw
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats
# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor
server 1.time.bora.net
restrict 192.168.35.0 mask 255.255.255.0 nomodify notrap
[root@kiostory etc]#
[root@kiostory etc]# netstat -a |grep 123
unix 2 [ ACC ] STREAM LISTENING 12354 /run/systemd/private
unix 3 [ ] STREAM CONNECTED 31237
unix 3 [ ] STREAM CONNECTED 31238 /run/systemd/journal/stdout
[root@kiostory etc]#
[root@kiostory etc]# firewall-cmd --add-service=ntp --permanent
Warning: ALREADY_ENABLED: ntp
success
[root@kiostory etc]#
[root@kiostory etc]# netstat -a |grep 123
unix 2 [ ACC ] STREAM LISTENING 12354 /run/systemd/private
unix 3 [ ] STREAM CONNECTED 31237
unix 3 [ ] STREAM CONNECTED 31238 /run/systemd/journal/stdout
[root@kiostory etc]# firewall-cmd --reload
success
[root@kiostory etc]# netstat -a |grep 123
unix 2 [ ACC ] STREAM LISTENING 12354 /run/systemd/private
unix 3 [ ] STREAM CONNECTED 31237
unix 3 [ ] STREAM CONNECTED 31238 /run/systemd/journal/stdout
[root@kiostory etc]# systemctl start ntpd
[root@kiostory etc]# netstat -a |grep 123
unix 2 [ ACC ] STREAM LISTENING 12354 /run/systemd/private
unix 3 [ ] STREAM CONNECTED 31237
unix 3 [ ] STREAM CONNECTED 31238 /run/systemd/journal/stdout
[root@kiostory etc]# systemctl enable ntpd
Created symlink from /etc/systemd/system/multi-user.target.wants/ntpd.service to /usr/lib/systemd/system/ntpd.service.
[root@kiostory etc]# systemctl enable ntpd
[root@kiostory etc]# netstat -a |grep 123
unix 2 [ ACC ] STREAM LISTENING 12354 /run/systemd/private
unix 3 [ ] STREAM CONNECTED 31237
unix 3 [ ] STREAM CONNECTED 31238 /run/systemd/journal/stdout
[root@kiostory etc]# netstat -a |grep ntp
udp 0 0 kiostory:ntp 0.0.0.0:*
udp 0 0 kiostory:ntp 0.0.0.0:*
udp 0 0 localhost:ntp 0.0.0.0:*
udp 0 0 0.0.0.0:ntp 0.0.0.0:*
udp6 0 0 kiostory:ntp [::]:*
udp6 0 0 localhost:ntp [::]:*
udp6 0 0 [::]:ntp [::]:*
[root@kiostory etc]# systemctl stop ntpd
[root@kiostory etc]# netstat -a |grep ntp
[root@kiostory etc]# man firewall-cmd
[root@kiostory etc]#
[root@kiostory etc]#
[root@kiostory etc]#
[root@kiostory etc]# systemctl start ntpd
[root@kiostory etc]# netstat -a |grep ntp
udp 0 0 kiostory:ntp 0.0.0.0:*
udp 0 0 kiostory:ntp 0.0.0.0:*
udp 0 0 localhost:ntp 0.0.0.0:*
udp 0 0 0.0.0.0:ntp 0.0.0.0:*
udp6 0 0 kiostory:ntp [::]:*
udp6 0 0 localhost:ntp [::]:*
udp6 0 0 [::]:ntp [::]:*
[root@kiostory etc]# ntpq -p
No association ID's returned
[root@kiostory etc]# systemctl enable ntpd
[root@kiostory etc]# ntpq -p
No association ID's returned
[root@kiostory etc]# ps -ef |grep ntp
ntp 31862 1 0 22:01 ? 00:00:00 /usr/sbin/ntpd -u ntp:ntp -g
root 31864 31862 0 22:01 ? 00:00:00 /usr/sbin/ntpd -u ntp:ntp -g
root 31932 3120 0 22:02 pts/0 00:00:00 grep --color=auto ntp
[root@kiostory etc]#
'IA > System Admin' 카테고리의 다른 글
| grub에 패스워드 걸기 (0) | 2018.07.08 |
|---|---|
| grub을 통해 root의 잃어버린 패스워드 재설정 (0) | 2018.07.08 |
| How-To: Migrate MS SQL Cluster to a New SAN (for vm guests) (0) | 2017.11.11 |
| Moving a SQL Cluster with zerto (0) | 2017.11.11 |
| Remote TSP(Windows, remotesp.tsp) ? (0) | 2013.03.19 |
- Total
- Today
- Yesterday
- powershell
- 변수화
- 부동없이
- EXA
- 중복제거
- LIST
- vmware.powercli
- 배열
- 3par
- 제곱
- exadata
- dp-2
- 정렬
- virt-sysprep
- dp-1
- Append
- set()
- cloud-init
- 차집합
- oracle
- 스토리지
- insert
- powercli
- Join
- vmware
- 대소문자
- fromkeys
- 읽어오기
- storage
- sysprep
| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | ||||
| 4 | 5 | 6 | 7 | 8 | 9 | 10 |
| 11 | 12 | 13 | 14 | 15 | 16 | 17 |
| 18 | 19 | 20 | 21 | 22 | 23 | 24 |
| 25 | 26 | 27 | 28 | 29 | 30 | 31 |