What is Network Time Protocol (NTP)?
FIrst off, network Time Protocol (NTP) is a protocol used to synchronize computer clock times in a network.
Why is it important to synchronize computer clock times?
It is important to synchronize computer clock times via the network time protocol (NTP) on server clocks across your network as this helps t prevent data loss and eliminate SSL problems .
How to Set the Network Time Protocol (NTP) on your servers with Puppet Enterprise (PE) Tasks
How you can use Puppet Enterprise software to set the same time for your servers across your network with the network time protocol.
This will be similar to the How to set up NTP with PE post, however we will be using Puppet Enterprise Tasks to allow us to use the Puppet Enterprise console user interface more.
In the following steps, I will be showing you how you can use Puppet Enterprise software to manage your network time protocol across your network. This includes:
- Install NTP module from the PuppetForge
- Create an NTP node group
- Add the NTP class from the module to your agent nodes
- View changes to infrastructure on the events page
- Edit parameters of the main NTP class
Prerequisites:
- Puppet Enterprise version 2018.1 or later
- Test or staging environment with an internet connection (e.g. AWS, GCP, Azure)
- At least one agent server node running Linux
To manage your NTP (network time protocol) with Puppet Enterprise, you will need access to the following modules from the Puppet Forge. I will be showing you using Linux machines where, we will be installing the following:
- Network Time Protocol (NTP) module - puppetlabs-ntp module
- Standard library of resources for Puppet module - stdlib module
- Execute module that allows execution of a command and parameters - exec module
How to set Network Time Protocol on your servers with Puppet Enterprise
In this guide, I will show you how to do this for your Linux server nodes.
Step 0 - Install exec module onto your server with Puppet Enterprise installed
Step 1 - Install the Linux NTP module onto your server with Puppet Enterprise installed
Step 2 - Create the Linux NTP node group in your Puppet Enterprise
Step 3 - Add a NTP class to the Linux NTP node group that you have created
Step 4 - Confirm that the NTP changes are reflected in your Puppet Enterprise
Step 5 - Let's set our preferred NTP servers by editing our class parameters
Step 6 - Check to see that our NTP servers have been updated to our preferences
Step 0 - Install exec module onto your server with Puppet Enterprise installed
Install the exec module onto your server where you have Puppet Enterprise installed*.
*If you have not installed Puppet Enterprise, you can follow my guide (here) on installing Puppet Enterprise on your Linux Server.
On your Puppet Master server, run the following command to install the exec module from the Puppet Forge.
$ puppet module install puppetlabs-exec
Once installed, you will have a new option to use in your Puppet "Tasks".
You will be able to check if you have this by going to your Puppet Enterprise Console> Orchestration> Tasks> Run a task.
That is:
Puppet Enterprise Console> Orchestration> Tasks>
Puppet Enterprise Console> Orchestration> Tasks> Run a task.
Puppet Enterprise Console> Orchestration> Tasks> Run a task> Task (drop down menu)
Step 1 - Install the Linux NTP module onto your server with Puppet Enterprise installed
This requires you to have the exec module installed, as per the previous step.
On your Puppet Master server, we will now run the following commands. Instead of having to run this via the command line on the Puppet Master, we will be able to run this inside the Puppet Enterprise console and use the user interface to run these tasks.
$ puppet module install puppetlabs/stdlib
$ puppet module install puppetlabs/ntp
Step 1.1 - Install the Linux stdlib module onto your server with Puppet Enterprise installed
To install stdlib module we will create a Puppet Task that will execute the installation command on our desired machine nodes for us.
We will go to Puppet Enterprise Console> Orchestration> Tasks> Run a task> Task (drop down menu).
I will select Task: exec::linux
Under the "Task parameters" and "command" row, I will put the command I want to run. In this case it is the following:
puppet module install puppetlabs/stdlib
Select the target machine nodes you want this installed on.
Once you are ready, run the task and you should see "Succeeded" outputs like the following:
I will do the same now to install the Linux NTP module.
We will go to Puppet Enterprise Console> Orchestration> Tasks> Run a task> Task (drop down menu).
I will select Task: exec::linux
Under the "Task parameters" and "command" row, I will put the command I want to run. In this case it is the following:
puppet module install puppetlabs/ntp
Successful output:
Optionally, if you prefer to use them using the command line, you can still install these modules manually using the following commands on your Puppet Master server.
$ puppet module install puppetlabs/stdlib
$ puppet module install puppetlabs/ntp
For more details on the "command"
(that is used as part of the exec module):
command
- (Namevar: If omitted, this attribute’s value defaults to the resource’s title.)
- The actual command to execute. Must either be fully qualified or a search path for the command must be provided. If the command succeeds, any output produced will be logged at the instance’s normal log level (usually notice), but if the command fails (meaning its return code does not match the specified code) then any output is logged at the err log level.
- Multiple exec resources can use the same command value; Puppet only uses the resource title to ensure execs are unique.
- More details - https://puppet.com/docs/puppet/7.1/type.html
Step 2 - Create the Linux NTP node group in your Puppet Enterprise
We will now create a Linux NTP node group to our Puppet Master server. We will do this using our Puppet Enterprise (PE) console in our web browser.
So in your Puppet Enterprise console on your web browser, we will want to find Node groups* (It is under "Inventory> Node Groups").
*Note - "Node Groups" in previous versions of Puppet Enterprise may be referred to as "Classification" option. Previously this was located under the "Configure" header. That is, "Configure> Classification".
Click on Add Group link
Name the new node group to "Linux NTP
" or similar. You can leave the default values for the other settings.
Click Add button.
Click the name of the group you just created.
On the Rules tab, enter "kernel
" in the Fact Field and enter Linux
in the Value field.
Note - The word "Linux
" is case sensitive, please make sure you have capital L for Linux (and not "linux")
Click Add rule button
Click Commit 1 change button at the bottom right of the page.
Step 3 - Add a NTP class to the Linux NTP node group that you have created
Let's add a NTP class to the Linux NTP node group that you have created.
In the Puppet Enterprise (PE) console, click Node Groups
Select the name of the node group you created in the previous step.
On the Class tab, let's add a new class.
In the Add new class field, enter ntp
.
If you do not see any ntp
class listed, click the refresh
link on the right.
Click Add class
Click Commit 1 change button at the bottom right of the page.
We will now run Puppet run by going to the Run menu near the upper right, select Puppet, and then selecting Puppet. (Run> Puppet).
On the "Run Puppet" page, review details and when you are ready.
Click Run job button.
Then you will see the job details page (Jobs > Job details).
Step 4 - Confirm that the NTP changes are reflected in your Puppet Enterprise
In the Puppet Enterprise (PE) console sidebar, click Events.
Click Intentional Changes under Classes with events.
As needed, you can adjust the settings so you can focus on the new NTP changes we have made. This includes:
- the time period by using the Show list until the number of events is not zero
- In the Filter by class name field enter ntp and click Apply.
Explore the events by clicking one of the class names as you would like. To view more details, you can click on a class name, you can view the nodes where the class was applied.
You can view specific resources applied to a node by clicking on a node name, on Linux for example:
When you click on the class: Ntp::Config
You will see: File[/etc/ntp.conf]
Step 5 - Let's set our preferred NTP servers by editing our class parameters
We can set our preferred NTP servers by editing class parameters of our class. As by default, the NTP module from Puppet Forge has been set to use public NTP servers, and your company may have it's own preferred internal pool of NTP servers that you need to set this to.
To set this, we can edit or add class parameters in the Puppet Enterprise console. Rather than editing the module code which is also an option.
Let's change our servers NTP class
In the Puppet Enterprise (PE) console, click Node Groups
Select the name of the node group you created in the previous step.
On the Class tab, locate the ntp
class in the list of classes.
Under the Parameter column for the class, click on the dropdown menu and choose servers.
Set the ntp servers value to your preferred server.
For example, we can enter ["time.google.com","time1.google.com"] in the Value box.
Make sure you put the full details in there with the square brackets, as the system will be looking for an array.
["time.google.com", "time1.google.com"]
Click Add parameter.
Click Commit 1 change button at the bottom of the page.
After the run completes, we can verify the time on the system and ensure that it is accurate.
Step 6 - Check to see that our NTP servers have been updated to our preferences
For further verification that the service is configured correctly, open the /etc/ntp.conf
file to check the list of NTP servers. Alternatively, we can also run the following command.
$ cat etc/ntp.conf
If you scroll down this page you will see the NTP servers we set listed.
If it did not work, you will see this in the following default NTP servers when running the command:
$ cat etc/ntp.conf
Optional. If we want to check that the ntp is alive and running at any time we can run the following command.
$ puppet resource service ntpd
Step 7 - You're set, well done!
You're set now, well done!
You have learned how to download a Puppet Forge module and configure it for your preferred set up. You also would have noticed that we made changes to the Puppet Master server only, yet the changes would update to the nodes in the node group that we created. That is, our Linux server nodes.
We essentially:
- Installed Execute exec module from the PuppetForge
- Installed NTP module from the PuppetForge
- Created an NTP node group
- Added the NTP class from the module to your agent nodes
- Viewed changes to infrastructure on our events page
- Edited parameters of our main NTP class so that we can set the NTP servers we want
So with the same NTP (network time protocol) servers set, we now can enjoy having our Linux servers synchronised with the same times. All managed from our Puppet Master server machine, so we do not need to manually log into each agent server node to make this change. Perfect!
(Optional) - Step 8 - Check if Puppet Master automatically does configuration management updates on target machine nodes
We can run a test to check if Puppet Master auto updates the configuration for our target machine nodes and changes it back to the preferred NTP servers we have set.
Let's remove the NTP conf file to test this out.
Our ntp.conf configuration file is stored in/etc/ntp.conf.
I will use a Puppet exec task to run this and select my preferred target machine nodes. I will do this via the Puppet Enterprise Console> Orchestration> Tasks> Run a task> Task (drop down menu).
rm -rf /etc/ntp.conf
You should get a success results such as the following:
Here is a full screenshot of what you should see which should look like the following:
Then if we log into one of the target machine nodes we should find that the ntp.conf file is missing. You can check this using the cat /etc/ntp.conf
command.
Now we can wait up to default 30 minutes interval for our normal Puppet runs to happen, where Puppet will periodically check configuration on our machine nodes. Or you can manually trigger a "Puppet run" it in the Puppet Enterpise console or by running "puppet agent -t" on the Puppet Master server.
Once it is run, you should see the results.
Since we deliberately removed the ntp configuration file, we can click on one of the reports for the ones with the "Corrective changes" column marked with a number 1.
Here you can see that:
File[/etc/ntp.conf]
was seen as missing (marked as "absent"), so it was changed to be added (marked as "file"). So Puppet added the ntp.conf back.