CentOS7 NTP server + keepalived

NTP安装

yum -y install ntp

systemctl enable ntpd

首先同步一次时间

ntpdate time.windows.com

ntp配置(Host1 Host2)

/etc/ntp.conf

server time.windows.com prefer
server 0.asia.pool.ntp.org
server 1.asia.pool.ntp.org
server 2.asia.pool.ntp.org


#记录上次的NTP server与上层NTP server连接接所花费的时间
driftfile /var/lib/ntp/drift


#设置默认策略为允许任何主机进行时间同步
restrict 0.0.0.0 mask 0.0.0.0 nomodify


#设置ntp日志的path
statsdir /var/log/ntp/


#设置ntp日志文件
logfile /var/log/ntp/ntp.log

mkdir /var/log/ntp/; touch /var/log/ntp/ntp.log; chown ntp:ntp /var/log/ntp/ntp.log

systemctl start ntpd

Keepalived安装

（host1、host2）

yum -y install Keepalived

NTP健康检测脚本：

cat /script/check_ntp.sh

#!/bin/bash

# status="ntp_failed" check failed, status="ntp_success" check ntp success
status="ntp_failed"


if [ $(ps -C ntpd --no-header |wc -l) != 0 ]; then
    status="ntp_success"
else
    /bin/systemctl restart ntpd
    if [ $(ps -C ntpd --no-header |wc -l) != 0 ]; then
        status="ntp_success"
    fi
fi

chmod +x /script/check_ntp.sh

向外发送邮件告警python脚本：

cat /script/keepalived_notify.py

#!/usr/bin/env python
# -*- coding:utf-8 -*-
# use: /bin/python /script/keepalived_notify.py 角色{master/backup} 本机IP 虚拟机IP


import smtplib
from email.mime.text import MIMEText
from email.header import Header
import sys, time, subprocess



# 第三方 SMTP 服务
mail_host="smtp.exmail.qq.com"  #设置服务器
mail_user="xx@qq.com"    #用户名
mail_pass="mail_password"   #口令


sender = 'xx@qq.com'
receivers = ['xx1@qq.com', 'xx@163.com']  # 接收告警邮件地址，可设置为你的QQ邮箱或者其他邮箱


p = subprocess.Popen('hostname', shell=True, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
hostname = p.stdout.readline().split('\n')[0]

message_to = ''
for i in receivers:
    message_to += i + ';'

def print_help():
    note = '''python script.py role ip vip
    '''
    print(note)
    exit(1)

time_stamp = time.strftime('%Y-%m-%d %H:%M:%S',time.localtime(time.time()))

if len(sys.argv) != 4:
    print_help()
elif sys.argv[1] == 'master':
    message_content = '%s server: %s(%s) change to Master, vIP: %s' %(time_stamp, sys.argv[2], hostname, sys.argv[3])
    subject = '%s change to Master -- keepalived notify' %(sys.argv[2])
elif sys.argv[1] == 'backup':
    message_content = '%s server: %s(%s) change to Backup, vIP: %s' %(time_stamp, sys.argv[2], hostname, sys.argv[3])
    subject = '%s change to Backup -- keepalived notify' %(sys.argv[2])
else:
    print_help()

message = MIMEText(message_content, 'plain', 'utf-8')
message['From'] = Header(sender, 'utf-8')
message['To'] =  Header(message_to, 'utf-8')

message['Subject'] = Header(subject, 'utf-8')

try:
    smtpObj = smtplib.SMTP()
    smtpObj.connect(mail_host, 25)    # 25 为 SMTP 端口号
    smtpObj.login(mail_user,mail_pass)
    smtpObj.sendmail(sender, receivers, message.as_string())
    print("邮件发送成功")
except smtplib.SMTPException as e:
    print("Error: 无法发送邮件")
    print(e)

host1配置

/etc/keepalived/keepalived.conf

global_defs {
        notification_email {
                xx@xx.com
        }

        notification_email_from keepalived@xx.com
        smtp_server 127.0.0.1
        smtp_connect_timeout 30
        router_id LVS_DEVEL
}


vrrp_script chk_ntp {
        script "/script/check_ntp.sh |grep 'ntp_success' "
        interval 4
        weight -60    ## 当检测失败时，优先级减60，该值的绝对要大于主备优先级差的绝对值
}


vrrp_instance VI_1 {
        state BACKUP        ############ MASTER/BACKUP
        interface ens160
        virtual_router_id 51
        mcast_src_ip 172.16.0.2
        priority 150                  ########### MASTER权值要比BACKUP高
        advert_int 1

        authentication {
                auth_type PASS
                auth_pass GSksLAyTX9ylwG86U2Ez
        }

        track_script { 
                chk_http_port ### 执行NTP健康检测
        }
        
        virtual_ipaddress {
                172.16.0.10
        }

        notify_master "/bin/python /script/keepalived_notify.py master 172.16.0.2 172.16.0.10"    ## 当切换为master时执行脚本
        notify_backup "/bin/python /script/keepalived_notify.py backup 172.16.0.2 172.16.0.10"    ## 当切换为backup时执行脚本
}

Host2配置

global_defs {
        notification_email {
                xx@xx.com
        }

        notification_email_from keepalived@xx.com
        smtp_server 127.0.0.1
        smtp_connect_timeout 30
        router_id LVS_DEVEL
}

vrrp_script chk_ntp {
        script "/script/check_ntp.sh |grep 'ntp_success' "
        interval 4
        weight -60    ## 当检测失败时，优先级减60，该值的绝对要大于主备优先级差的绝对值
}

vrrp_instance VI_1 {
        state MASTER        ############ MASTER/BACKUP
        interface ens160
        virtual_router_id 51
        mcast_src_ip 172.16.0.3
        priority 100                  ########### MASTER权值要比BACKUP高
        advert_int 1

        authentication {
                auth_type PASS
                auth_pass GSksLAyTX9ylwG86U2Ez
        }

        track_script { 
                chk_http_port ### 执行NTP健康检测
        }
        virtual_ipaddress {
                172.16.0.10
        }
        
        notify_master "/bin/python /script/keepalived_notify.py master 172.16.0.3 172.16.0.10"    ## 当切换为master时执行脚本
        notify_backup "/bin/python /script/keepalived_notify.py backup 172.16.0.3 172.16.0.10"    ## 当切换为backup时执行脚本
}

keepalived CentOS 7 启动脚本

#####

[Unit]

Description=Keepalived, LVS and VRRP High Availability Monitor

After=syslog.target network.target

[Service]

Type=forking

KillMode=process

EnvironmentFile=-/etc/sysconfig/keepalived

ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS

ExecReload=/bin/kill -HUP $MAINPID

[Install]

WantedBy=multi-user.target

#####

systemctl enable keepalived

systemctl start keepalived

1 windows客户端向NTP每10分钟同步一次时间

gpedit.msc打开组策略

1.1 启动windows NTP客户端

1.2 配置windows NTP客户端

1.3 Internet时间设置里指定时间服务器

点击立即更新

2 linux客户端向NTP每10分钟同步一次时间

2.1 安装NTP

yum -y install ntp

2.2 设置时间同步

执行下面的命令

echo -e "\n\n## sync time\n*/10 * * * *    root    ntpdate 172.16.0.10 > /dev/null && hwclock-w > /dev/null" >> /etc/crontab