Puppet module to manage the NTP service
Ruby Pascal Puppet
Latest commit 2389889 Feb 23, 2017 @tphoney tphoney committed on GitHub Merge pull request #375 from jcpunk/MODULES-4414
(MODULES-4414) Allow NTP statistics if requested
Permalink
Failed to load latest commit information.
data (MODULES-4414) Allow NTP statistics if requested Feb 21, 2017
examples Move "tests" to examples, where they belong Jun 27, 2016
manifests Merge pull request #375 from jcpunk/MODULES-4414 Feb 23, 2017
spec (MODULES-4414) Allow NTP statistics if requested Feb 21, 2017
templates (MODULES-4414) Allow NTP statistics if requested Feb 21, 2017
types (FM-5361) Update the allowed parameter types for the ntp class Oct 14, 2016
.fixtures.yml Change validation to use data type annotations Oct 14, 2016
.gitattributes (FM-4046) Update to current msync configs [006831f] Feb 16, 2016
.gitignore (MODULES-4098) Sync the rest of the files Jan 20, 2017
.project (MODULES-4098) Sync the rest of the files Jan 20, 2017
.rspec (FM-4049) Update to current msync configs [2c99161] Jan 27, 2016
.rubocop.yml Update modulesync_config [a3fe424] Aug 26, 2016
.sync.yml (MODULES-4098) Sync the rest of the files Jan 20, 2017
.travis.yml (MODULES-4097) Sync travis.yml Jan 10, 2017
CHANGELOG.md Add a link to the blogpost to the CHANGELOG Oct 18, 2016
CONTRIBUTING.md (MODULES-4098) Sync the rest of the files Jan 20, 2017
Gemfile (MODULES-4098) Sync the rest of the files Jan 20, 2017
LICENSE (FM-4046) Update to current msync configs [006831f] Feb 16, 2016
MAINTAINERS.md (MODULES-4098) Sync the rest of the files Jan 20, 2017
NOTICE (MODULES-4098) Sync the rest of the files Jan 20, 2017
README.markdown (MODULES-4414) Allow NTP statistics if requested Feb 21, 2017
Rakefile (MODULES-4098) Sync the rest of the files Jan 20, 2017
appveyor.yml (MODULES-4098) Sync the rest of the files Jan 20, 2017
hiera.yaml Move params to data-in-modules Oct 14, 2016
metadata.json add xenial to metadata Jan 4, 2017

README.markdown

ntp

Table of Contents

  1. Module Description - What the module does and why it is useful
  2. Setup - The basics of getting started with ntp
  3. Usage - Configuration options and additional functionality
  4. Reference - An under-the-hood peek at what the module is doing and how
  5. Limitations - OS compatibility, etc.
  6. Development - Guide for contributing to the module

Module description

The ntp module installs, configures, and manages the NTP service across a range of operating systems and distributions.

Setup

Beginning with ntp

include '::ntp' is enough to get you up and running. To pass in parameters specifying which servers to use:

class { '::ntp':
  servers => [ 'ntp1.corp.com', 'ntp2.corp.com' ],
}

Usage

All parameters for the ntp module are contained within the main ::ntp class, so for any function of the module, set the options you want. See the common usages below for examples.

Install and enable NTP

include '::ntp'

Change NTP servers

class { '::ntp':
  servers => [ 'ntp1.corp.com', 'ntp2.corp.com' ],
}

Restrict who can connect

class { '::ntp':
  servers  => [ 'ntp1.corp.com', 'ntp2.corp.com' ],
  restrict => ['127.0.0.1'],
}

Install a client that can't be queried

class { '::ntp':
  servers   => ['ntp1.corp.com', 'ntp2.corp.com'],
  restrict  => [
    'default ignore',
    '-6 default ignore',
    '127.0.0.1',
    '-6 ::1',
    'ntp1.corp.com nomodify notrap nopeer noquery',
    'ntp2.corp.com nomodify notrap nopeer noquery'
  ],
}

Listen on specific interfaces

Restricting NTP to a specific interface is especially useful on Openstack node, which may have numerous virtual interfaces.

class { '::ntp':
  servers  => [ 'ntp1.corp.com', 'ntp2.corp.com' ],
  interfaces => ['127.0.0.1', '1.2.3.4']
}

Opt out of Puppet controlling the service

class { '::ntp':
  servers        => [ 'ntp1.corp.com', 'ntp2.corp.com' ],
  restrict       => ['127.0.0.1'],
  service_manage => false,
}

Configure and run ntp without installing

class { '::ntp':
  package_manage => false,
}

Pass in a custom template

class { '::ntp':
  servers         => [ 'ntp1.corp.com', 'ntp2.corp.com' ],
  restrict        => ['127.0.0.1'],
  service_manage  => false,
  config_epp      => 'different/module/custom.template.epp',
}

Reference

Classes

Public classes

  • ntp: Main class, includes all other classes.

Private classes

  • ntp::install: Handles the packages.
  • ntp::config: Handles the configuration file.
  • ntp::service: Handles the service.

Parameters

The following parameters are available in the ::ntp class:

authprov

Optional.

Data type: String.

Enables compatibility with W32Time in some versions of NTPd, such as Novell DSfW. Default value: undef.

broadcastclient

Data type: Boolean.

Enables reception of broadcast server messages to any local interface.

Default value: false.

config

Data type: Stdlib::Absolutepath.

Specifies a file for NTP's configuration info.

Default value: '/etc/ntp.conf' (Solaris: '/etc/inet/ntp.conf').

config_dir

Optional.

Data type: Stdlib::Absolutepath.

Specifies a directory for the NTP configuration files.

Default value: undef.

config_epp

Optional.

Data type: String.

Specifies an absolute or relative file path to an EPP template for the config file. Example value: 'ntp/ntp.conf.epp'. A validation error is thrown if both this and the config_template parameter are specified.

config_file_mode

Data type: String.

Specifies a file mode for the ntp configuration file.

Default value: '0664'.

config_template

Optional.

Data type: String.

Specifies an absolute or relative file path to an ERB template for the config file. Example value: 'ntp/ntp.conf.erb'. A validation error is thrown if both this and the config_epp parameter are specified.

disable_auth

Data type: Boolean.

Disables cryptographic authentication for broadcast client, multicast client, and symmetric passive associations.

disable_dhclient

Data type: Boolean.

Disables ntp-servers in dhclient.conf to prevent Dhclient from managing the NTP configuration.

disable_kernel

Data type: Boolean.

Disables kernel time discipline.

disable_monitor

Data type: Boolean.

Disables the monitoring facility in NTP.

Default value: true.

driftfile

Data type: Stdlib::Absolutepath.

Specifies the location of the NTP driftfile.

Default value: '/var/lib/ntp/drift' (AIX: 'ntp::driftfile:', Solaris: '/var/ntp/ntp.drift').

fudge

Optional.

Data type: Array[String].

Provides additional information for individual clock drivers.

Default value: [ ].

iburst_enable

Data type: Boolean.

Specifies whether to enable the iburst option for every NTP peer.

Default value: false (AIX, Debian: true).

interfaces

Data type: Array[String].

Specifies one or more network interfaces for NTP to listen on.

Default value: [ ].

interfaces_ignore

Data type: Array[String].

Specifies one or more ignore pattern for the NTP listener configuration (for example: all, wildcard, ipv6).

Default value: [ ].

keys

Data type: Array[String].

Distributes keys to keys file.

Default value: [ ].

keys_controlkey

Optional.

Data type: Ntp::Key_id.

Specifies the key identifier to use with the ntpq utility. Value in the range of 1 to 65,534 inclusive.

Default value: ' '.

keys_enable

Data type: Boolean.

Whether to enable key-based authentication.

Default value: false.

keys_file

Stdlib::Absolutepath.

Specifies the complete path and location of the MD5 key file containing the keys and key identifiers used by ntpd, ntpq and ntpdc when operating with symmetric key cryptography.

Default value: '/etc/ntp.keys' (RedHat, Amazon: /etc/ntp/keys).

keys_requestkey

Optional.

Data type: Ntp::Key_id.

Specifies the key identifier to use with the ntpdc utility program. Value in the range of 1 to 65,534 inclusive.

Default value: ' '.

keys_trusted

Optional.

Data type: Array[Ntp::Key_id].

Provides one or more keys to be trusted by NTP.

Default value: [ ].

leapfile

Optional.

Data type: Stdlib::Absolutepath.

Specifies a leap second file for NTP to use.

Default value: ' '.

logfile

Optional.

Data type: Stdlib::Absolutepath.

Specifies a log file for NTP to use instead of syslog.

Default value: ' '.

minpoll

Optional.

Data type: Ntp::Poll_interval.

Sets Puppet to non-standard minimal poll interval of upstream servers. Values: 3 to 16. Default: undef.

maxpoll

Optional.

Data type: Ntp::Poll_interval.

Sets use non-standard maximal poll interval of upstream servers. Values: 3 to 16. Default option: undef(FreeBSD: 9).

ntpsigndsocket

Optional.

Data type: Stdlib::Absolutepath.

Sets NTP to sign packets using the socket in the ntpsigndsocket path. Requires NTP to be configured to sign sockets. Value: Path to the socket directory; for example, for Samba: usr/local/samba/var/lib/ntp_signd/.

Default value: undef.

package_ensure

Data type: String.

Whether to install the NTP package, and what version to install. Values: 'present', 'latest', or a specific version number.

Default value: 'present'.

package_manage

Data type: Boolean.

Whether to manage the NTP package.

Default value: true.

package_name

Data type: Array[String].

Specifies the NTP package to manage.

Default value: 'ntp'.

panic

Optional. Data type: Integer[0].

Whether NTP should panic and exit in the event of a very large clock skew. Applies only if tinker option set to true or if your environment is in a virtual machine.

Default value: undef (virtual environments: 0).

peers

Data type: Array[String].

List of NTP servers with which to synchronise the local clock.

preferred_servers

Data type: Array[String].

Specifies one or more preferred peers. Puppet appends 'prefer' to each matching item in the servers array.

Default value: [ ].

restrict

Data type: Array[String].

Specifies one or more restrict options for the NTP configuration. Puppet prefixes each item with 'restrict', so you need to list only the content of the restriction.

Default value for most operating systems:

[
  'default kod nomodify notrap nopeer noquery',
  '-6 default kod nomodify notrap nopeer noquery',
  '127.0.0.1',
  '-6 ::1',
]

Default value for AIX systems:

[
  'default nomodify notrap nopeer noquery',
  '127.0.0.1',
]

servers

Data type: Array[String].

Specifies one or more servers to be used as NTP peers.

Default value: varies by operating system.

service_enable

Data type: Boolean.

Whether to enable the NTP service at boot.

Default value: true.

service_ensure

Data type: String.

Whether the NTP service should be running. Values: 'running' or 'stopped'.

Default value: 'running'.

service_manage

Data type: Boolean.

Whether to manage the NTP service.

Default value: true.

service_name

Data type: String.

The NTP service to manage.

Default value: varies by operating system.

service_provider

Data type: String.

Which service provider to use for NTP.

Default value: 'undef.

statistics

Data type: Array.

List of statistics to gather if ntp monitoring is enabled.

Default value: [].

statsdir

Data type: Stdlib::Absolutepath.

Location to store NTP statistics if ntp monitoring is enabled.

Default value: '/var/log/ntpstats'.

step_tickers_file

Optional.

Data type: Stdlib::Absolutepath.

Location of the step tickers file on the managed system.

Default value: varies by operating system.

step_tickers_epp

Optional.

Data type: String.

Location of the step tickers EPP template file. Validation error is thrown if both this and the step_tickers_template parameters are specified.

Default value: varies by operating system.

step_tickers_template

Optional.

Data type: String.

Location of the step tickers ERB template file. Validation error is thrown if both this and the step_tickers_epp parameter are specified.

Default value: varies by operating system.

stepout

Optional.

Data type: Integer[0, 65535].

Value for stepout if tinker value is true. Valid options: unsigned shortint digit.

Default value: undef.

tos

Data type: Boolean.

Whether to enable tos options.

Default value: false.

tos_minclock

Optional.

Data type: Integer[1].

Specifies the minclock tos option.

Default value: 3.

tos_minsane

Optional.

Data type: Integer[1].

Specifies the minsane tos option.

Default value: 1.

tos_floor

Optional.

Data type: Integer[1].

Specifies the floor tos option.

Default value: 1.

tos_ceiling

Optional.

Data type: Integer[1].

Specifies the ceiling tos option.

Default value: 15.

tos_cohort

Data type: Variant. Boolean, Integer[0,1].

Specifies the cohort tos option. Valid options: 0 or 1.

Default value: 0.

tinker

Data type: Boolean.

Whether to enable tinker options.

Default value: false.

udlc

Data type: Boolean.

Specifies whether to configure NTP to use the undisciplined local clock as a time source. Default value: false.

udlc_stratum

Optional. Data type: Integer[1,15].

Specifies the stratum the server should operate at when using the undisciplined local clock as the time source. This value should be set to no less than 10 if ntpd might be accessible outside your immediate, controlled network.

Default value: 10.

Limitations

This module has been tested on all PE-supported platforms. Additionally, it is tested (but not supported) on Solaris 10 and Fedora 20-22.

Development

Puppet modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. Please follow our guidelines when contributing changes.

For more information, see our module contribution guide.

Contributors

To see who's already involved, see the list of contributors.