当虚拟机克隆部署好之后,那么首先配置免秘钥登录,之前说过,当在一台机器上搭建好一个框架的时候,其他机器如何也要见见这个框架,那么就可以通过走网络的形式进行文件传输,将搭建好的框架直接传输过去就ok了,因为两台机器的环境目录结构都想通只要传输过去修改主机名等相关配置就可以了,要通过走网络的形式(scp),而且当你传输过去之后,也可以用到ssh进行直接切换用户,不用退出当前用户在进行切换,但切换或者传输是每次需要输入很多次密码或者指令,完全没有必要,所以为了方便,企业一般都会配置ssh免秘钥。
ssh免密钥登录:
第一步:为每台机器生产自己公私钥(一路回车就行)
ssh-keygen -t rsa
/home/huadian/.ssh
第二步:共公钥发给每台机器,包括自己(这里需要输密码确认)
ssh-copy-id bigdata-01.superyong.com
ssh-copy-id bigdata-02.superyong.com
ssh-copy-id bigdata-03.superyong.com
---测试---
用ssh登录到其他机器,包括自己;
NTP时间同步:
配置完成后你会发现每台虚拟机的时间都不一样,Linux中,我们可以通过ntp服务实现每台机器的时间一致:
实现方式
1.通过Linux crotab实现
让我们的系统每1分钟和时间服务器进行同步
crotab -e
* * * * * command
分(0~59) 时(0~23) 日(1~31) 月(1~12) 周(0~7)
*/1 * * * * ntpdate ntp_server_ip
每天凌晨两点执行脚本:
0 2 * * * sh shell.sh
2.使用ntp服务同步外网时间服务器
原理:选择一台机器作为中间同步服务A,A和外网进行同步,B,C同步A;
配置A:
sudo vi /etc/ntp.conf
打开后如下:
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile /var/lib/ntp/drift
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict -6 ::1
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.centos.pool.ntp.org
server 1.centos.pool.ntp.org
server 2.centos.pool.ntp.org
#broadcast 192.168.1.255 autokey # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 autokey # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 autokey # manycast client
# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available.
#server 127.127.1.0 # local clock
#fudge 127.127.1.0 stratum 10
# Enable public key cryptography.
#crypto
includefile /etc/ntp/crypto/pw
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats
我们需要删除一些默认配置,添加一些我们需要的配置:
删除:
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict -6 ::1
server 0.centos.pool.ntp.org
server 1.centos.pool.ntp.org
server 2.centos.pool.ntp.org
添加:
-》配置A,允许那些机器可以和我同步:
restrict 192.168.59.0 mask 255.255.255.0 nomodify notrap
这个表示在192.168.59.0子网掩码是255.255.255.0的网段下的 ip可以和我同步,前面咱们配置的三台机器分别是:
192.168.59.101;192.168.59.102;192.168.59.103,所以这样就可以允许该网段下所有ip都可以和我同步了。
-》配置A,自身和谁同步:
server 202.112.10.36
-》配置A,当断网时,保持和谁同步(打开注释即可,这里保持可本地同步即可)
server 127.127.1.0 # local clock
fudge 127.127.1.0 stratum 10
-》启动ntp服务:
sudo service ntpd start
-》查看同步状态(这个同步过程很慢。。。)
ntpstat
-》查看当前主机和谁同步:
ntpq -p
修改好之后:
be tightened as well, but to do so would effect some of
# the administrative functions.
# Hosts on local network are less restricted.
restrict 192.168.59.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 202.112.10.36
#broadcast 192.168.1.255 autokey # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 autokey # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 autokey # manycast client
# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available.
server 127.127.1.0 # local clock
fudge 127.127.1.0 stratum 10
# Enable public key cryptography.
#crypto
includefile /etc/ntp/crypto/pw
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats
好了经过漫长的等待,同步完成ok,你的虚拟机关闭在开启的时候可能导致时间错乱,企业中服务器开启,一般是不可能关闭的!
接下来配置另外两台主机B、C和A主机同步
只需要给另外两台主机:
删除:
server 0.centos.pool.ntp.org
server 1.centos.pool.ntp.org
server 2.centos.pool.ntp.org
添加一条配置:
server 192.168.59.101
可以手动触发下,可以很快的看到效果,,,
sudo ntpdate 192.168.59.101
B、C也需要开启ntp服务。
到这里SSH免秘钥配置和NTP时间同步就配置完成了。
额,是不是感觉整个时间还这么麻烦,但是为了精确才这样配置的,如果你对时间要求不是那么严格的话,你可以直接设置时间,偷懒一下:
在ssh工具上,有命令同步工具可以方便大家同时修改多台机器的时间:
点击打开后输入命令
sudo date -s "2019-1-16 15:30:00"
就可以修改三台机器的时间了;