NTPD
ネットワーク内の時刻合わせを行うためのNTPサーバを導入する。
上位NTPサーバは自分が加入しているISPが提供しているNTPサーバを利用するかNICTが公開しているNTPサーバを利用する。
Strutamが上位のNTPサーバほど誤差が少ないと思われがちだが、ネットワーク経路が遠いのでは全く意味がない。Strutamが下位でも経路上近ければ誤差が少ないこともある。
$ wget http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.2.tar.gz $ tar xvzf ntp-4.2.2.tar.gz $ cd ntp-4.2.2 $ ./configure $ make # make installインストール後手動でNTPサーバに対して時刻同期が可能か確認する。
# /usr/local/bin/ntpdate ntp.nict.jp 31 Jul 18:03:41 ntpdate[345]: step time server 133.243.238.243 offset -25.305290 sec # /usr/local/bin/ntpdate ntp.nict.jp 31 Jul 18:03:41 ntpdate[345]: adjust time server 133.243.238.243 offset -0.000503 secNTPサーバの設定を行う。
ntp-4.2からrestrictに記述するnotrustの取り扱いが変わったためnotrustは記述しないように注意する。
/etc/ntp.conf
# Prohibit general access to this service. restrict default ignore # Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1 # -- CLIENT NETWORK ------- # Permit systems on this network to synchronize with this # time service. Do not permit those systems to modify the # configuration of this service. Also, do not use those # systems as peers for synchronization. # restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap nopeer # --- OUR TIMESERVERS ----- # or remove the default restrict line # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. # restrict mytrustedtimeserverip mask 255.255.255.255 nomodify notrap noquery # server mytrustedtimeserverip restrict ntp.nict.jp nomodify notrap noquery server ntp.nict.jp server ntp.nict.jp server ntp.nict.jp # --- NTP MULTICASTCLIENT --- #multicastclient # listen on default 224.0.1.1 # restrict 224.0.1.1 mask 255.255.255.255 notrust nomodify notrap # restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap # --- GENERAL CONFIGURATION --- # # Undisciplined Local Clock. This is a fake driver intended for backup # and when no outside source of synchronized time is available. The # default stratum is usually 3, but in this case we elect to use stratum # 0. Since the server line does not have the prefer keyword, this driver # is never used for synchronization, unless no other other # synchronization source is available. In case the local host is # controlled by some external source, such as an external oscillator or # another protocol, the prefer keyword would cause the local host to # disregard all other synchronization sources, unless the kernel # modifications are in use and declare an unsynchronized condition. # #server 127.127.1.0 # local clock #fudge 127.127.1.0 stratum 10 # # Drift file. Put this in a directory which the daemon can write to. # No symbolic links allowed, either, since the daemon updates the file # by creating a temporary in the same directory and then rename()'ing # it to the file. # driftfile /etc/ntp/drift broadcastdelay 0.008 logfile /var/log/ntpd.logドリフトファイルを作成する。
/etc/ntp/drift
1.810手動での時刻同期用NTPサーバを登録する。
/etc/ntp/step-tickers
ntp.nict.jp起動スクリプトを作成する。
/etc/rc.d/init.d/ntpd
#!/bin/bash
#
# ntpd This shell script takes care of starting and stopping
# ntpd (NTPv4 daemon).
#
# chkconfig: 345 58 74
# description: ntpd is the NTPv4 daemon.
# The Network Time Protocol (NTP) is used to synchronize the time of
# a computer client or server to another server or reference time source,
# such as a radio or satellite receiver or modem.
#
#
# Source Redhat function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
[ -r /etc/sysconfig/network ] && . /etc/sysconfig/network
RETVAL=0
prog="ntpd"
OPTIONS="-c /etc/ntp.conf -p /var/run/ntpd.pid"
# Track on path to ntpd if not already in PATH
NTPD_PATH=":/usr/local/bin"
PATH=$PATH$NTPD_PATH
export PATH
ntpconf=/etc/ntp.conf
ntpstep=/etc/ntp/step-tickers
start() {
# get the servers from step-ticker
tickers=''
if [ -s "$ntpstep" ]; then
tickers=`/bin/sed -e 's/\#.*$//g' $ntpstep`
fi
timeservers=`/usr/bin/awk '$1=="peer"||$1=="server"{print $2}' $ntpconf`
# check for -x
OPTIND=0
dostep=''
while getopts ":aAbc:dD:f:gk:l:LmnN:p:P:qr:s:t:v:V:xU:T:" args $OPTIONS;
do
if [ "$args" = "x" ]; then
dostep='yes'
break
fi
done
OPTIND=0
if [ -z "$tickers" ]; then
tickers=$timeservers
fi
if [ -s "$ntpstep" -o -n "$dostep" ]; then
# Synchronize with servers if step-tickers exists
# or the -x option is used
echo -n $"$prog: Synchronizing with time server: "
/usr/local/bin/ntpdate -s -b -p 8 $tickers
RETVAL=$?
[ $RETVAL -eq 0 ] && success || failure
echo
if [ $RETVAL -ne 0 ]; then
OPTIONS="$OPTIONS -g"
fi
else
# -g can replace the grep for time servers
# as it permits ntpd to violate its 1000s limit once.
OPTIONS="$OPTIONS -g"
fi
# Start daemons.
echo -n $"Starting $prog: "
daemon ntpd $OPTIONS
RETVAL=$?
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/ntpd
echo
return $RETVAL
}
stop() {
# Stop daemons.
# get the servers from step-ticker
tickers=''
if [ -s "$ntpstep" ]; then
tickers=`/bin/sed -e 's/\#.*$//g' $ntpstep`
fi
timeservers=`/usr/bin/awk '$1=="peer"||$1=="server"{print $2}' $ntpconf`
echo -n $"Stopping $prog: "
killproc ntpd
RETVAL=$?
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/ntpd
echo
return $RETVAL
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status ntpd
RETVAL=$?
;;
restart)
stop
start
RETVAL=$?
;;
condrestart)
if [ -f /var/lock/subsys/ntpd ]; then
stop
start
RETVAL=$?
fi
;;
*)
echo $"Usage: $0 {start|stop|restart|condrestart|status}"
exit 1
esac
exit $?
起動スクリプトを登録する。
# chmod 755 /etc/rc.d/init.d/ntpd # /sbin/chkconfig --add ntpd # /sbin/chkconfig --list ntpd 0:off 1:off 2:off 3:on 4:on 5:on 6:offNTPサーバを起動する。
# /sbin/service ntpd start ntpd: 時間サーバと同期中: [ OK ] ntpd を起動中: [ OK ] # ps aux |grep ntp root 14522 0.0 0.3 4076 904 ? Ss 14:10 0:00 ntpd -c /etc/ntp.conf -p /var/run/ntpd.pid # netstat -an |less Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State udp 0 0 192.168.1.xx:123 0.0.0.0:* udp 0 0 127.0.0.1:123 0.0.0.0:* udp 0 0 0.0.0.0:123 0.0.0.0:*動作確認する。
数分経過後以下のコマンドを実行し、先頭に(*)や(+)が付いていることを確認する。
# ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
+ntp-b2.nict.go. .PPS. 1 u 44 64 377 31.639 0.002 0.681
+ntp-a3.nict.go. .PPS. 1 u 42 64 377 30.395 -0.303 0.288
*ntp-a2.nict.go. .PPS. 1 u 40 64 377 30.170 -0.277 0.310
サーバ稼働時のログ。
# tail /var/log/messages Jul 31 18:28:42 bruna ntpd[759]: precision = 2.000 usec Jul 31 18:28:42 bruna ntpd[759]: Listening on interface wildcard, 0.0.0.0#123 Disabled Jul 31 18:28:42 bruna ntpd[759]: Listening on interface lo, 127.0.0.1#123 Enabled Jul 31 18:28:42 bruna ntpd[759]: Listening on interface eth0, 192.168.1.xx#123 Enabled Jul 31 18:28:42 bruna ntpd[759]: kernel time sync status 0040 Jul 31 18:28:42 bruna ntpd[759]: frequency initialized -119.192 PPM from /etc/ntp/drift # tail /var/log/ntpd.log 31 Jul 18:31:57 ntpd[759]: synchronized to 133.243.238.163, stratum 1 31 Jul 18:31:57 ntpd[759]: kernel time sync disabled 0001 31 Jul 18:35:41 ntpd[773]: ntpd exiting on signal 15 # tail /var/log/boot.log Jul 31 18:28:42 bruna ntpd: succeeded Jul 31 18:28:42 bruna ntpd: ntpd 起動 succeeded Jul 31 18:35:41 bruna ntpd: ntpd 停止 succeededログローテートの設定追加。
/etc/logrotate.d/ntp
/var/log/ntpd.log {
missingok
postrotate
/etc/init.d/ntpd condrestart > /dev/null 2>&1 || true
endscript
}