系统时间和硬件时间

硬件时间:记录在主板CMOS上的时间,由主板上的纽扣电池供电运行,电脑关机后也在正常运行。

系统时间:Linux kernel中的时钟,操作系统启动时,会去读取硬件时间,之后就独立运行。

运行久了,两者之间会有较大的偏差。集群也一样,运行久了不同的机器之间在时间上会有偏差。这是就需要进行时间上的同步。

1)查看系统时间:date

date直接查看:

[root@baby-virt-4 ~]# dateSat Jun  6 00:01:08 CST 2015

也可以对输出进行格式化:

[root@baby-virt-4 ~]# date +"%Y-%m-%d %H:%M:%S"2015-06-06 00:00:58

重设系统时间:date -s 或 date --set="pattern"

[root@baby-virt-4 ~]# date --set="2015-06-11 15:15:00"Thu Jun 11 15:15:00 CST 2015[root@baby-virt-4 ~]# date +"%Y-%m-%d %H:%M:%S"2015-06-11 15:15:16

2)查看硬件时间:hwclock

hwclock直接查看:

[root@baby-virt-4 ~]# hwclockThu 11 Jun 2015 11:18:26 PM CST  -0.345021 seconds

重设硬件时间:

[root@baby-virt-4 ~]# hwclock --set --date="2015-06-06 00:00:00"[root@baby-virt-4 ~]# hwclockSat 06 Jun 2015 12:00:06 AM CST  -0.594816 seconds

硬件时间同步至系统时间:hwclock -s 或 hwclock --hctosys

系统时间同步至硬件时间:hwclock -w 或 hwclock --systohc

时间和时区

时区(Time Zone)是地球上的区域使用同一个时间定义。在不同的时区,时间也不一致,为了统一这个时间,就有了UTC协调世界时,又称世界统一时间),计算机设置的就是这个时间,在从时间服务器出同步时间时,对方提供的也是这个时间,然后在本地计算机由于时区文件的设置,使得显示的时间为当地时区的时间。下面就介绍下如何设置时区。

在/usr/share/zoneinfo目录下有已经编译好的timezone文件,各国的大城市基本都在这儿了,可以通过file查看文件格式:

[root@baby-CentOS zoneinfo]# file UTCUTC: timezone data, version 2, 1 gmt time flag, 1 std time flag, no leap seconds, no transition times, 1 abbreviation char

如果想查看某个时区的时间可通过zdump命令,直接指定某个时区文件进行查看

[root@baby-CentOS zoneinfo]# zdump America/New_York America/New_York  Thu Jun 11 04:22:14 2015 EDT

那么如何设置本机的时区呢?这里有两种方法:

1)修改/etc/localtime这个文件,可以复制/usr/share/zoneinfo目录下某个时区文件/etc目录下,重命名位localtime:

[root@baby-CentOS zoneinfo]# cp -a America/New_York /etc/localtime[root@baby-CentOS zoneinfo]# dateThu Jun 11 04:28:17 EDT 2015

也可以直接将/etc/localtime文件软链接至/usr/share/zoneinfo目录下的某个时区文件:

[root@baby-CentOS zoneinfo]# ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime[root@baby-CentOS zoneinfo]# dateThu Jun 11 16:32:28 CST 2015

2)修改TZ环境变量也可以实现时区的更换,通过tzselect命令选择时区(按照提示输入1,2.....就行),选择完成之后会输出类似这样的信息:

You can make this change permanent for yourself by appending the line	TZ='Asia/Shanghai'; export TZto the file '.profile' in your home directory; then log out and log in again.

直接在命令行输入 TZ='Asia/Shanghai'; export TZ 即可。在date查看时间时,系统是先去查找TZ环境变量,TZ没有设置才去寻找/etc/localtime文件,所以TZ环境变量设置之后会覆盖/etc/localtime文件信息,但是环境变量的设置在下次登录时就无效了,若要永久有效,可将命令写到/etc/profile文件中。

时间服务器搭建

在集群环境中,时间的准确性和统一性非常重要,ntp就用来解决这个问题。NTP(Network Time Protocol,网络时间协议)是用来使网络中的各个计算机时间同步的一种协议。它的用途是把计算机的时钟同步到世界协调时UTC,其精度在局域网内可达0.1ms。我们可以将本地的几台计算机同步到网上的NTP server,然后再将这几台计算机做成NTP Relay Server,给本地的其他计算机提供同步服务。下面开始介绍如何搭建。

[root@baby-virt-4 ~]# yum install ntp

/etc/ntp.conf是ntp的主配置文件,介绍下里面的参数(部分参数直接copy from官方网站,具体怎么用我也不清楚):

  • server                 #指定向哪台ntp server同步时间

  • fudge                #Passes additional information to the clock driver

  • stratum             #Manually sets the Stratum the server should operate at (1-15),这是设置时间服务器                                     #的层次

                                 #若需要向其他时间服务器同步时间,就不要设为0,0是顶级。

  • driftfile              #Specifies the location of the frequency file,频率文件放置的路径

                                 #系统时钟在运行时有一个频率,频率上的误差使得运行久了时间会不精确,NTP server会自动

                                  #检测这个误差并予以调整,它会把这个误差记录到driftfile所指定的文件中。

  • broadcastdelay         #Sets the propagation delay from the server when broadcasting

  • keys                            #Store a list of keys needed for any cryptographic links

  • restrict   #访问控制(对指定的ip地址进行访问控制)

    restrict参数:

                Parameters        Definitions

                ignore                 Deny all packets and queries   #估计是所有从123号端口进来的数据包都丢弃

                kod                      Send Kiss-Of-Death packet on access violation  

                                                       #若违反了连接规则,则直接发送Kiss-Of-Death数据包

            nomodify            Deny ntpq / ntpdc queries that attempt to modify the server

                                                        #客户端不能更改服务端的时间参数

                notrap                 Deny control message trap service    #......

                noquery              Deny all ntpq / ntpdc queries       #拒绝所有ntpq和ntpdc的查询

                noserve                Deny all queries - except ntpq / ntpdc    

                                #拒绝除ntpq和ntpdc的所有查询,这项添加后客户端将无法同步

                notrust                 Deny access unless cryptographically authenticated (ver 4.2 onwards)

                               #客户端除非通过认证,否则该客户端来源将被视为不信任子网 

                nopeer                 Deny all packets that attempt to establish a peer association

#

#restrict default kod nomodify notrap nopeer noquery

#restrict -6 default kod nomodify notrap nopeer noquery

#restrict 127.0.0.1

#默认的是上面这几项,允许本地的所有操作,对所有的ipv4,ipv6进行这几项设置“kod nomodify 

#notrap nopeer noquery”

#

#restrict 192.168.0.0 mask 255.255.255.0 notrap nomodify

#也可以通过上面的设置放宽对指定网段的限制

#

#restrict default kod nomodify notrap nopeer noquery noserve

#restrict -6 default kod nomodify notrap nopeer noquery noserve

#restrict 127.0.0.1

#restrict cn.pool.ntp.org kod nomodify notrap nopeer noquery

#restrict 0.cn.pool.ntp.org kod nomodify notrap nopeer noquery

#restrict 192.168.0.0 mask 255.255.255.0 notrap nomodify

#server cn.pool.ntp.org prefer    #指定网络上的NTP server

#server 0.cn.pool.ntp.org           #指定网络上的NTP server

#还可以通过上面的设置只对192.168.0.0/24这个网段开放同步服务,这个需要在最上面的两行加上noserve,

#不过这会阻止NTP server进来的信息,使得这台时间服务器服务和指定的NTP server进行同步,

#还需要加上红色的两行。

#server 127.127.1.0

#fudge 127.127.1.0 stratum 10

上面两行表示,如果从上层服务器那儿无法获取时间,那就以本地服务器的时间作为标准时间发送给客户端。127.127.1.0是一个保留地址(类似于127.0.0.1),所以把这个地址作为服务器时,这台服务器以本地服务器的时间作为标准时间发送给客户端,自身不向任何的时间服务器同步时间。

下面是/etc/ntp.conf配置文件中server,peerbroadcast,manycastclient这几个参数的配置格式(来自官网)

  • server address [key key | autokey] [burst] [iburst] [version version] [prefer] [minpoll minpoll] [maxpoll maxpoll]

  • peer address [key key | autokey] [version version] [prefer] [minpoll minpoll] [maxpoll maxpoll]

  • broadcast address [key key | autokey] [version version] [minpoll minpoll] [ttl ttl]

  • manycastclient address [key key | autokey] [version version] [minpoll minpoll [maxpoll maxpoll] [ttl ttl]

上面各参数的释义:

  • peer

  • For type s addresses (only), this command mobilizes a persistent symmetric-active mode association with the specified remote peer. In this mode the local clock can be synchronized to the remote peer or the remote peer can be synchronized to the local clock. This is useful in a network of servers where, depending on various failure scenarios, either the local or remote peer may be the better source of time. This command should NOT be used for type bm or r addresses.

  • broadcast

  • For type b and m addresses (only), this command mobilizes a persistent broadcast mode association. Multiple commands can be used to specify multiple local broadcast interfaces (subnets) and/or multiple multicast groups. Note that local broadcast messages go only to the interface associated with the subnet specified, but multicast messages go to all interfaces.

  • In broadcast mode the local server sends periodic broadcast messages to a client population at the address specified, which is usually the broadcast address on (one of) the local network(s) or a multicast address assigned to NTP. The IANA has assigned the multicast group address 224.0.1.1 exclusively to NTP, but other nonconflicting addresses can be used to contain the messages within administrative boundaries. Ordinarily, this specification applies only to the local server operating as a sender; for operation as a broadcast client, see the broadcastclient or multicastclient commands below.

  • manycastclient

  • For type m addresses (only), this command mobilizes a manycast client mode association for the multicast address specified. In this case a specific address must be supplied which matches the address used on the manycastserver command for the designated manycast servers. The NTP multicast address 224.0.1.1 assigned by the IANA should NOT be used, unless specific means are taken to avoid spraying large areas of the Internet with these messages and causing a possibly massive implosion of replies at the sender.

    The manycast command specifies that the local server is to operate in client mode with the remote servers that are discovered as the result of broadcast/multicast messages. The client broadcasts a request message to the group address associated with the specified address and specifically enabled servers respond to these messages. The client selects the servers providing the best time and continues as with the server command. The remaining servers are discarded as if never heard.

  • Options(各个选项的释义)

  • autokey

  • All packets sent to and received from the server or peer are to include authentication fields encrypted using the autokey scheme described in the  page.

  • burst

  • when the server is reachable and at each poll interval, send a burst of eight packets instead of the usual one packet. The spacing between the first and the second packets is about 16s to allow a modem call to complete, while the spacing between the remaining packets is about 2s. This is designed to improve timekeeping quality with the server command and s addresses.

  • iburst

  • When the server is unreachable and at each poll interval, send a burst of eight packets instead of the usual one. As long as the server is unreachable, the spacing between packets is about 16s to allow a modem call to complete. Once the server is reachable, the spacing between packets is about 2s. This is designed to speed the initial synchronization acquisition with the server command and s addresses and when ntpd is started with the -q option.

  • key key

  • All packets sent to and received from the server or peer are to include authentication fields encrypted using the specified key identifier with values from 1 to 65534, inclusive. The default is to include no encryption field.

  • minpoll minpoll

    maxpoll maxpoll

  • These options specify the minimum and maximum poll intervals for NTP messages, in seconds to the power of two. The maximum poll interval defaults to 10 (1,024 s), but can be increased by the maxpoll option to an upper limit of 17 (36.4 h). The minimum poll interval defaults to 6 (64 s), but can be decreased by the minpoll option to a lower limit of 4 (16 s).

  • prefer

  • Marks the server as preferred. All other things being equal, this host will be chosen for synchronization among a set of correctly operating hosts. See the page for further information.

  • ttl ttl

  • This option is used only with broadcast server and manycast client modes. It specifies the time-to-live ttl to use on broadcast server and multicast server and the maximum ttl for the expanding ring search with manycast client packets. Selection of the proper value, which defaults to 127, is something of a black art and should be coordinated with the network administrator.

  • version version

  • Specifies the version number to be used for outgoing NTP packets. Versions 1-4 are the choices, with version 4 the default.

Auxilliary Commands(辅助参数)

  • broadcastclient

  • This command enables reception of broadcast server messages to any local interface (type b) address. Upon receiving a message for the first time, the broadcast client measures the nominal server propagation delay using a brief client/server exchange with the server, then enters the broadcast client mode, in which it synchronizes to succeeding broadcast messages. Note that, in order to avoid accidental or malicious disruption in this mode, both the server and client should operate using symmetric-key or public-key authentication as described in the  page.

  • manycastserver address [...]

  • This command enables reception of manycast client messages to the multicast group address(es) (type m) specified. At least one address is required, but The NTP multicast address 224.0.1.1 assigned by the IANA should NOT be used, unless specific means are taken to limit the span of the reply and avoid a possibly massive implosion at the original sender. Note that, in order to avoid accidental or malicious disruption in this mode, both the server and client should operate using symmetric-key or public-key authentication as described in the  page.

  • multicastclient [address] [...]

  • This command enables reception of multicast server messages to the multicast group address(es) (type m) specified. Upon receiving a message for the first time, the multicast client measures the nominal server propagation delay using a brief client/server exchange with the server, then enters the broadcast client mode, in which it synchronizes to succeeding multicast messages. Note that, in order to avoid accidental or malicious disruption in this mode, both the server and client should operate using symmetric-key or public-key authentication as described in the  page.

完成配置文件的配置之后,直接启动服务即可service ntpd start,本地的时间服务器就会向指定的时间服务器同步时间,但是同步的仅仅是系统时间,若要同时更新系统时钟,可以这样配置:

# vim /etc/sysconfig/ntpdSYNC_HWCLOCK=yes

启动后,可以通过ntpq工具查看NTP server的运行情况,持续性查看可用watch:

[root@baby-CentOS ~]# ntpq -p     remote           refid      st t when poll reach   delay   offset  jitter============================================================================== dns1.synet.edu. .INIT.          16 u    - 1024    0    0.000    0.000   0.000*gus.buptnet.edu 202.112.10.60    3 u  337 1024  373   50.733   -5.584   4.182

remote                 #向哪台NTP服务器同步时间
refid                     #指的是给gus.buptnet.edu  ntp server提供时间同步服务的服务器
st                          #gus.buptnet.edu时间服务器的层级别(stratum). 

#由于NTP是层型结构,有顶端的服务器,多层的Relay Server再到客户端. 所以服务器从高到低级别可以设定为1-16. 

#为了减缓负荷和网络堵塞,原则上应该避免直接连接到级别为1的服务器.
when                    #用来计时还有多久本地机器就需要和远程服务器进行一次时间同步
poll                      #本地机和远程ntp服务器多少时间进行一次同步(单位为秒).
reach                    #这是一个八进制值,用来测试能否和服务器连接.每成功连接一次它的值就会增加
delay                    #从本地机发送同步要求到服务器的round trip time
offset                    #本地机和服务器之间的时间差别. offset越接近于0,我们就和服务器的时间越接近
jitter                     #这是一个用来做统计的值. 它统计了在特定个连续的连接数里offset的分布情况. 简单地说这个

                            #数值的绝对值越小我们和服务器的时间就越精确

还有在remote值前面会有标记符,例如gus.buptnet.edu前的*

*             #表示这是主NTP Server,我们系统的时间将由这台机器所提供
+            #辅助NTP Server和带有*号的服务器一起为我们提供同步服务. 当*号服务器不可用时由这个接管
-           #NTP Server被clustering algorithm认为是不合格的NTP Server
x             #NTP Server不可用

也可以通过ntpstat工具查看时间同步的情况:

[root@baby-CentOS ~]# ntpstatsynchronised to NTP server (202.112.10.36) at stratum 4    time correct to within 125 ms   polling server every 1024 s

这说明时间已同步至125ms内。

上面搭建的是一台relay server,若要让客户端的机器同步用ntpdate指向当前服务器即可:

[root@baby-CentOS-1 tmp]# ntpdate 192.168.0.16512 Jun 09:24:07 ntpdate[10728]: adjust time server 192.168.0.165 offset -0.004958 sec

可以将这个命令写到crontab计划任务中,每隔一段时间执行一次,在计划任务中ntpdate最好用绝对路径(/usr/sbin/ntpdate),这个可以通过which查看。也可以将客户端也搭建成一台relay server,把server指向当前的服务器。当ntpd服务启动之后,ntpdate将无法使用。