Yadda ake Sanyawa da Sanya Sabar NTP da Abokin Ciniki akan Debian

Ka'idar Time Protocol (NTP) tana ba da ƙwarewa ta musamman ga kamfanoni don daidaita agogon duk tsarin da ke cikin kamfanin. Aiki tare na lokaci yana da mahimmanci don dalilai da yawa kama daga tambarin lokacin aikace-aikacen zuwa tsaro zuwa ingantaccen shigarwar log.

Lokacin da tsarin kungiya duk suna kula da lokutan agogo daban-daban, zai zama da wahala sosai daga mahangar matsala don tantance lokacin da kuma a waɗanne yanayi wani lamari na iya faruwa.

NTP yana ba da hanya mai sauƙi don tabbatar da cewa duk tsarin zai kula da daidai lokacin wanda hakan zai iya sauƙaƙa nauyi a kan masu gudanarwa/goyon bayan fasaha.

NTP yana aiki akan jigo na aiki tare tare da agogon tunani, wanda kuma aka sani da sabar 'stratum 0'. Duk sauran sabar NTP sai su zama uwar garken matakin ƙananan matakin dangane da yadda suke nesa da sabar tunani.

Farkon sarkar NTP shine uwar garken stratum 1 wanda koyaushe yana da alaƙa kai tsaye zuwa agogon nuni na stratum 0. Daga nan, ƙananan sabar sabar matakan suna haɗe ta hanyar haɗin yanar gizo zuwa uwar garken matakin matakin mafi girma.

Koma zuwa zanen da ke ƙasa don ƙarin fahimta.

Duk da yake kafa wani stratum 0 ko stratum 1 uwar garken za a iya yi, yana da tsada don yin haka kuma don haka wannan jagorar zai mayar da hankali ga ƙananan saitin uwar garken.

Tecmint yana da ainihin tsarin tsarin NTP a mahaɗin da ke biyowa:

1. Yadda ake Aiki tare da Lokaci tare da Sabar NTP

Inda wannan jagorar zai bambanta shine maimakon samun duk runduna akan hanyar sadarwa suna neman sabar NTP na jama'a, ɗaya (ko mafi kyawun aiki, da yawa) sabar(s) zata tuntuɓar tsarin NTP na jama'a sannan ya samar da lokaci ga duk runduna a cikin cibiyar sadarwar gida.

Sabar NTP ta ciki galibi tana da kyau don adana bandwidth na cibiyar sadarwa tare da samar da ƙarin tsaro ta hanyar ƙuntatawa na NTP da cryptography. Don ganin yadda wannan ya bambanta da zane na farko, da fatan za a duba zane na biyu a ƙasa.

Mataki 1: Shigar da NTP Server

1. Mataki na farko don kafa tsarin NTP na ciki shine shigar da software na uwar garken NTP. Kunshin software a Debian da ake kira 'NTP'a halin yanzu yana ƙunshe da duk kayan aikin uwar garken da ake buƙata don saita tsarin NTP. Kamar yadda yake tare da duk koyawa game da tsarin tsarin, Tushen ko samun damar sudo ana ɗauka.

# apt-get install ntp
# dpkg --get-selections ntp          [Can be used to confirm NTP is installed]
# dpkg -s ntp                        [Can also be used to confirm NTP is installed]

Mataki 1: Kanfigareshan na NTP Server

2. Da zarar an shigar da NTP, lokaci ya yi da za a saita abin da manyan sabobin stratum don tambaya don lokaci. Fayil ɗin daidaitawa na NTP ana adana shi a ''/etc/ntp.conf' kuma ana iya canza shi tare da kowane editan rubutu. Wannan fayil ɗin zai ƙunshi cikakkun sunayen yanki na manyan sabar sabar, ƙuntatawa da aka saita don wannan uwar garken NTP, da duk wasu sigogi na musamman don runduna masu tambayar wannan sabar ta NTP.

Don fara tsarin daidaitawa, ana buƙatar daidaita sabar matakin mafi girma. Debian ta tsohuwa zai sanya tafkin NTP na Debian a cikin fayil ɗin daidaitawa. Waɗannan suna da kyau ga mafi yawan dalilai amma mai gudanarwa na iya ziyartar NIST don tantance wasu sabar ko don amfani da duk sabar NIST a cikin salon zagaye (hanyar NIST ta ba da shawara).

Don wannan koyawa za a saita takamaiman sabar. Fayil ɗin daidaitawa ya karye zuwa wasu manyan sassan kuma an saita shi ta tsohuwa don IPv4 da IPv6 (Idan kuna son kashe IPv6, akwai ambaton wannan daga baya). Don fara tsarin daidaitawa, dole ne a buɗe fayil ɗin sanyi tare da editan rubutu.

# nano /etc/ntp.conf

Yankunan farko (driftfile, statsdir, da statistics) an saita su da kyau zuwa abubuwan da basu dace ba. Sashe na gaba yana ƙunshe da manyan sabar sabar wanda ta inda wannan uwar garken zata nemi lokaci. Maƙasudin kowane shigarwar uwar garken abu ne mai sauƙi:

server <fully qualified domain name> <options>
server time.nist.gov iburst â     [sample entry]

Yawanci yana da kyau a sami manyan sabar sabar da za a zaɓa daga cikin wannan jeri. Wannan uwar garken zai tambayi duk sabar da ke cikin jerin don tantance wanda ya fi dogara. An samo sabobin wannan misalin daga: http://tf.nist.gov/tf-cgi/servers.cgi.

Mataki 3: Kanfigareshan na NTP ƙuntatawa

3. Mataki na gaba shine saita ƙuntatawa na NTP. Ana amfani da waɗannan don ba da izini ko ƙyale runduna suyi hulɗa tare da uwar garken NTP. Tsohuwar don NTP shine lokacin hidima ga kowa amma kar a ba da izinin daidaitawa akan haɗin IPv4 da IPv6 duka.

A halin yanzu ana amfani da wannan uwar garken akan hanyar sadarwa ta IPv4 don haka an kashe IPv6 ta hanyoyi biyu. Abu na farko da aka yi don musaki IPV6 akan sabar NTP shine canza abubuwan da suka dace da daemon ya fara. An cim ma wannan ta hanyar canza layin a cikin ''/etc/default/ntp'.

# nano /etc/default/ntp

NTPD_OPTS='-4 -g' [Add the ' -4 ' to this line to tell NTPD to only listen to IPv4]

Komawa cikin babban fayil ɗin daidaitawa (/etc/ntp.conf), NTP daemon za a saita ta atomatik don raba lokaci tare da duk rundunonin IPv4/6 amma ba zai ƙyale sanyi ba. Ana iya ganin wannan ta hanyoyi biyu masu zuwa:

NTPD yana aiki akan izini sai dai in an ƙi. Tun da aka kashe IPv6, ana iya cire layin ''restrict -6' ko yin sharhi tare da '' #

Wannan yana canza halayen tsoho don NTP don yin watsi da duk saƙonni. Wannan na iya zama da ban mamaki amma ci gaba da karantawa kamar yadda za a yi amfani da ƙayyadaddun ƙayyadaddun bayanai don daidaita damar shiga wannan uwar garken NTP ga rundunonin da ke buƙatar shiga.

Yanzu uwar garken tana buƙatar sanin wanda aka yarda ya tambayi uwar garken na lokaci da kuma abin da aka yarda su yi da uwar garken NTP. Don wannan uwar garken, za a yi amfani da hanyar sadarwa mai zaman kansa na 172.27.0.0/16 don gina ƙayyadadden ƙayyadaddun ƙayyadaddun bayanai.

Wannan layin yana sanar da uwar garken don ba da damar kowane mai watsa shiri daga cibiyar sadarwar 172.27.0.0/16 don samun damar uwar garken na lokaci. Ma'auni bayan abin rufe fuska suna taimakawa don sarrafa abin da kowane ɗayan runduna kan wannan hanyar sadarwar zai iya yi lokacin neman sabar. Bari mu ɗauki ɗan lokaci don fahimtar kowane ɗayan waɗannan zaɓuɓɓukan ƙuntatawa:

1. Iyakantacce: Yana nuna cewa idan abokin ciniki ya yi amfani da adadin sarrafa adadin fakiti, uwar garken za a watsar da fakitin. Idan an kunna fakitin Kiss na Mutuwa, za a mayar da shi ga wanda ya zagi. Ana iya daidaita ƙimar ta mai gudanarwa amma ana ɗaukar abubuwan da ba a so a nan.
2. KOD: Sumbatar Mutuwa. Idan mai watsa shiri ya keta iyakar fakiti zuwa uwar garken, uwar garken zai amsa da fakitin s KoD ga mai gidan da ya keta.
3. Notrap: Yanayin ƙi 6 saƙon sarrafawa. Ana amfani da waɗannan saƙonnin sarrafawa don shirye-shiryen shiga mai nisa.
4. Nomodify: Yana hana ntpq da ntpdc queries da zasu gyara tsarin uwar garken amma har yanzu ana ba da izinin tambayoyin bayanai.
5. Noquery: Wannan zaɓi yana hana runduna tambayar uwar garken don bayani. Misali ba tare da wannan zaɓin ba, za su iya amfani da ntpdc ko ntpq don tantance inda wani lokaci na musamman ke samun lokacin sa daga ko wasu sabar lokacin takwaro wanda zai iya yin mu'amala da su.