linux – NTP服务器架构

前端之家收集整理的这篇文章主要介绍了linux – NTP服务器架构前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我有一个运行多个 Linux机器的虚拟环境,我正在计划如何管理所有的ntp架构.
据我所知,’ntp.conf’文件中有两个服务器是没有用的,客户端应该只有一个或三个以上的ntp服务器,所以我的第一个方法是让一个服务器’server1’指向4个公共服务器,特别是RHEL服务器,然后有其他框’server2’指向server1,而在我指向server2的所有其他Linux服务器之下,但我观察到这种架构有一种奇怪的行为.我已经看到一些服务器在server2和它们之间取消,甚至有时server1和server2也没有完全同步.
我的第一个问题是,为什么会发生这种情况?
然后我想出了另一个架构,它有相同的server1指向公共ntp服务器,然后有三个服务器,’server2′,’server3’和’server4’指向server1,在我指向servers2-4的所有其他机器下面.
这个架构是否有可能改善我所有网络中的同步?
或者同步之间会有相同的性能吗?
什么是最好的架构方法

Edited

这是来自server1的ntpq -p的输出

remote          refid      st t when poll reach   delay   offset  jitter
=========================================================================
*Time100.Stupi. .PPS.       1 u  317 1024  377  182.786    5.327   3.022
LOCAL(0)        .LOCL.     10 l  46h   64    0    0.000    0.000   0.000

在这里它的ntp.conf:

# For more information about this file,see the man pages
# ntp.conf(5),ntp_acc(5),ntp_auth(5),ntp_clock(5),ntp_misc(5),ntp_mon(5).

driftfile /var/lib/ntp/drift

# Permit time synchronization with our time source,but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

# Permit all access over the loopback interface.  This could
# be tightened as well,but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict -6 ::1

# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.rhel.pool.ntp.org iburst
server 1.rhel.pool.ntp.org iburst
server 2.rhel.pool.ntp.org iburst
server 3.rhel.pool.ntp.org iburst
#broadcast 192.168.1.255 autokey        # broadcast server
#broadcastclient                        # broadcast client
#broadcast 224.0.1.1 autokey            # multicast server
#multicastclient 224.0.1.1              # multicast client
#manycastserver 239.255.254.254         # manycast server
#manycastclient 239.255.254.254 autokey # manycast client

# Enable public key cryptography.
#crypto

includefile /etc/ntp/crypto/pw

# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys

# Specify the key identifiers which are trusted.
#trustedkey 4 8 42

# Specify the key identifier to use with the ntpdc utility.
#requestkey 8

# Specify the key identifier to use with the ntpq utility.
#controlkey 8

# Enable writing of statistics records.
statistics clockstats cryptostats loopstats peerstats sysstats rawstats

### Added by IPA Installer ###
server 127.127.1.0
fudge 127.127.1.0 stratum 10

以下是三个客户的输出

remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*server1         172.16.29.21     3 u    1   64    1    1.090   -0.138   0.036


     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*server1         172.16.29.21     3 u 1035 1024  377    1.117   -1.943   0.530


     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*server1         172.16.29.21     3 u   32   64    1    0.902    1.788   0.140

解决方法

根据您的环境中保持关键时间的重要性,您可能不希望server1成为单点故障.如果您必须将其脱机以进行维护或维修很长一段时间,其对等方将停止同步.从那里开始都是下坡.

为什么不将server1,server2,server3,server4同步到4个或5个Internet对等体.那么,您的内部网络可以参考这些系统吗?

传统观点认为,3是你达到法定人数所需要的,但你需要容忍至少有一个人被确定为假人或离线.

请参阅; 5.3.3. Upstream Time Server Quantity

此外,您还提到了当前配置的怪异和问题.有助于查看相关主机的ntpq -p输出.

原文链接:https://www.f2er.com/linux/400906.html

猜你在找的Linux相关文章