VLT-Website-Heading

How to set Network Time Protocol (NTP) on your servers with Puppet Enterprise Tasks

Jan 14, 2021 3:02:50 PM / by Vu Long Tran

What is Network Time Protocol (NTP)? 

FIrst off, network Time Protocol (NTP) is a protocol used to synchronize computer clock times in a network.

Why is it important to synchronize computer clock times?

It is important to synchronize computer clock times via the network time protocol (NTP) on server clocks across your network as this  helps t prevent data loss and eliminate SSL problems .

How to Set the Network Time Protocol (NTP) on your servers with Puppet Enterprise (PE) Tasks

How you can use Puppet Enterprise software to set the same time for your servers across your network with the network time protocol.

This will be similar to the How to set up NTP with PE post, however we will be using Puppet Enterprise Tasks to allow us to use the Puppet Enterprise console user interface more.

In the following steps, I will be showing you how you can use Puppet Enterprise software to manage your network time protocol across your network. This includes:

  • Install NTP module from the PuppetForge
  • Create an NTP node group
  • Add the NTP class from the module to your agent nodes
  • View changes to infrastructure on the events page
  • Edit parameters of the main NTP class

Prerequisites:

  • Puppet Enterprise version 2018.1 or later
  • Test or staging environment with an internet connection (e.g. AWS, GCP, Azure)
  • At least one agent server node running Linux

To manage your NTP (network time protocol) with Puppet Enterprise, you will need access to the following modules from the Puppet Forge. I will be showing you using Linux machines where, we will be installing the following:

How to set Network Time Protocol on your servers with Puppet Enterprise

In this guide, I will show you how to do this for your Linux server nodes. 

Step 0 - Install exec module onto your server with Puppet Enterprise installed

Step 1 - Install the Linux NTP module onto your server with Puppet Enterprise installed

Step 2 - Create the Linux NTP node group in your Puppet Enterprise

Step 3 - Add a NTP class to the Linux NTP node group that you have created

Step 4 - Confirm that the NTP changes are reflected in your Puppet Enterprise

Step 5 - Let's set our preferred NTP servers by editing our class parameters

Step 6 - Check to see that our NTP servers have been updated to our preferences

Step 7 - All set, well done!

(Optional) - Step 8 - Check if Puppet Master automatically does configuration management updates on target machine nodes

 

Step 0 - Install exec module onto your server with Puppet Enterprise installed

Install the exec module onto your server where you have Puppet Enterprise installed*.

*If you have not installed Puppet Enterprise, you can follow my guide (here) on installing Puppet Enterprise on your Linux Server.

On your Puppet Master server, run the following command to install the exec module from the Puppet Forge.

$ puppet module install puppetlabs-exec

Once installed, you will have a new option to use in your Puppet "Tasks".

Puppet Tasks - exec task

You will be able to check if you have this by going to your Puppet Enterprise Console> Orchestration> Tasks> Run a task.

That is:

Puppet Enterprise Console> Orchestration> Tasks>

Puppet Tasks

Puppet Enterprise Console> Orchestration> Tasks> Run a task.

Puppet Tasks 2

Puppet Enterprise Console> Orchestration> Tasks> Run a task> Task (drop down menu)

Puppet Tasks - exec task

Step 1 - Install the Linux NTP module onto your server with Puppet Enterprise installed

This requires you to have the exec module installed, as per the previous step.

On your Puppet Master server, we will now run the following commands. Instead of having to run this via the command line on the Puppet Master, we will be able to run this inside the Puppet Enterprise console and use the user interface to run these tasks.

$ puppet module install puppetlabs/stdlib

$ puppet module install puppetlabs/ntp

Step 1.1 - Install the Linux stdlib module onto your server with Puppet Enterprise installed

To install stdlib module we will create a Puppet Task that will execute the installation command on our desired machine nodes for us.

We will go to Puppet Enterprise Console> Orchestration> Tasks> Run a task> Task (drop down menu).

I will select Task: exec::linux

Puppet Task execute linux command

Under the "Task parameters" and "command" row, I will put the command I want to run. In this case it is the following:

puppet module install puppetlabs/stdlib

task-stdlib-install-01

Select the target machine nodes you want this installed on.

Select target nodes to deploy command on

Once you are ready, run the task and you should see "Succeeded" outputs like the following:

Command deployed on our target nodes

I will do the same now to install the Linux NTP module.

We will go to Puppet Enterprise Console> Orchestration> Tasks> Run a task> Task (drop down menu).

I will select Task: exec::linux

Puppet Task execute linux command

Under the "Task parameters" and "command" row, I will put the command I want to run. In this case it is the following:

puppet module install puppetlabs/ntp

Install NTP module with Puppet exec task

Successful output:

Install NTP module with Puppet exec task 2

Optionally, if you prefer to use them using the command line, you can still install these modules manually using the following commands on your Puppet Master server.

$ puppet module install puppetlabs/stdlib

$ puppet module install puppetlabs/ntp

add-ntp-module

For more details on the "command" (that is used as part of the exec module):

command

  • (Namevar: If omitted, this attribute’s value defaults to the resource’s title.)
  • The actual command to execute. Must either be fully qualified or a search path for the command must be provided. If the command succeeds, any output produced will be logged at the instance’s normal log level (usually notice), but if the command fails (meaning its return code does not match the specified code) then any output is logged at the err log level.
  • Multiple exec resources can use the same command value; Puppet only uses the resource title to ensure execs are unique.
  • More details - https://puppet.com/docs/puppet/7.1/type.html

 

Step 2 - Create the Linux NTP node group in your Puppet Enterprise

We will now create a Linux NTP node group to our Puppet Master server. We will do this using our Puppet Enterprise (PE) console in our web browser.

So in your Puppet Enterprise console on your web browser, we will want to find Node groups* (It is under "Inventory> Node Groups").

Inventory> Node Groups

*Note - "Node Groups" in previous versions of Puppet Enterprise may be referred to as "Classification" option. Previously this was located under the "Configure" header. That is, "Configure> Classification". 

Click on Add Group link

Name the new node group to "Linux NTP" or similar. You can leave the default values for the other settings.

Add NTP to node groups

Click Add button.

Click the name of the group you just created.

On the Rules tab, enter "kernel" in the Fact Field and enter Linux in the Value field. 

Note - The word "Linux" is case sensitive, please make sure you have capital L for Linux (and not "linux")

Add NTP to node groups

Add NTP to node groups

Click Add rule button

Click Commit 1 change button at the bottom right of the page.

 

Step 3 - Add a NTP class to the Linux NTP node group that you have created

Let's add a NTP class to the Linux NTP node group that you have created.

In the Puppet Enterprise (PE) console, click Node Groups

Select the name of the node group you created in the previous step.

On the Class tab, let's add a new class.

Add NTP class

In the Add new class field, enter ntp.

Add NTP class

If you do not see any ntp class listed, click the refresh link on the right.

Refresh classes

NTP add class

NTP add class

Click Add class

Click Commit 1 change button at the bottom right of the page.

Add NTP class

We will now run Puppet run by going to the Run menu near the upper right, select Puppet, and then selecting Puppet. (Run> Puppet).

Run puppet run

Run puppet run

On the "Run Puppet" page, review details and when you are ready.

add-ntp-class-08

Click Run job button.

add-ntp-class-09

Then you will see the job details page (Jobs > Job details).

add-ntp-class-09-1

 

Step 4 - Confirm that the NTP changes are reflected in your Puppet Enterprise

In the Puppet Enterprise (PE) console sidebar, click Events.

Click Intentional Changes under Classes with events.

add-ntp-events-summary

As needed, you can adjust the settings so you can focus on the new NTP changes we have made. This includes:

  • the time period by using the Show list until the number of events is not zero
  • In the Filter by class name field enter ntp and click  Apply.

Explore the events by clicking one of the class names as you would like. To view more details, you can click on a class name, you can view the nodes where the class was applied.

You can view specific resources applied to a node by clicking on a node name, on Linux for example:

When you click on the class: Ntp::Config

You will see: File[/etc/ntp.conf]

class-ntp-config

Step 5 - Let's set our preferred NTP servers by editing our class parameters

We can set our preferred NTP servers by editing class parameters of our class. As by default, the NTP module from Puppet Forge has been set to use public NTP servers, and your company may have it's own preferred internal pool of NTP servers that you need to set this to.

To set this, we can edit or add class parameters in the Puppet Enterprise console. Rather than editing the module code which is also an option.

Let's change our servers NTP class

In the Puppet Enterprise (PE) console, click Node Groups

Select the name of the node group you created in the previous step.

On the Class tab, locate the ntp class in the list of classes.

Under the Parameter column for the class, click on the dropdown menu and choose servers.

Edit parameterSet the ntp servers value to your preferred server.

For example, we can enter ["time.google.com","time1.google.com"] in the Value box.

Make sure you put the full details in there with the square brackets, as the system will be looking for an array.

["time.google.com", "time1.google.com"]

edit-parameters-ntp-brackets

Click Add parameter.

Click Commit 1 change button at the bottom of the page.

After the run completes, we can verify the time on the system and ensure that it is accurate.

Puppet NTP class run

Puppet NTP class run

 

Step 6 - Check to see that our NTP servers have been updated to our preferences

For further verification that the service is configured correctly, open the /etc/ntp.conf file to check the list of NTP servers. Alternatively, we can also run the following command.

$ cat etc/ntp.conf

Edit parameters to set new NTP servers

If you scroll down this page you will see the NTP servers we set listed.

Edit parameters to set new NTP servers

If it did not work, you will see this in the following default NTP servers when running the command:

$ cat etc/ntp.conf

Default NTP servers on Puppet

Optional. If we want to check that the ntp is alive and running at any time we can run the following command.

$ puppet resource service ntpd

Puppet resource service ntpd

Step 7 - You're set, well done!

You're set now, well done!

You have learned how to download a Puppet Forge module and configure it for your preferred set up. You also would have noticed that we made changes to the Puppet Master server only, yet the changes would update to the nodes in the node group that we created. That is, our Linux server nodes.

We essentially:

  • Installed Execute exec module from the PuppetForge
  • Installed NTP module from the PuppetForge
  • Created an NTP node group
  • Added the NTP class from the module to your agent nodes
  • Viewed changes to infrastructure on our events page
  • Edited parameters of our main NTP class so that we can set the NTP servers we want

So with the same NTP (network time protocol) servers set, we now can enjoy having our Linux servers synchronised with the same times. All managed from our Puppet Master server machine, so we do not need to manually log into each agent server node to make this change. Perfect!

 

(Optional) - Step 8 - Check if Puppet Master automatically does configuration management updates on target machine nodes

We can run a test to check if Puppet Master auto updates the configuration for our target machine nodes and changes it back to the preferred NTP servers we have set.

Let's remove the NTP conf file to test this out.

Our ntp.conf configuration file is stored in/etc/ntp.conf.

I will use a Puppet exec task to run this and select my preferred target machine nodes. I will do this via the Puppet Enterprise Console> Orchestration> Tasks> Run a task> Task (drop down menu).

rm -rf /etc/ntp.conf

Remove NTP conf file test

You should get a success results such as the following:

Remove NTP conf file test

Here is a full screenshot of what you should see which should look like the following:

Remove NTP conf file test

Then if we log into one of the target machine nodes we should find that the ntp.conf file is missing. You can check this using the cat /etc/ntp.conf command.

Remove NTP conf file test

Now we can wait up to default 30 minutes interval for our normal Puppet runs to happen, where Puppet will periodically check configuration on our machine nodes. Or you can manually trigger a "Puppet run" it in the Puppet Enterpise console or by running "puppet agent -t" on the Puppet Master server.

Once it is run, you should see the results.

Remove NTP conf file test

Since we deliberately removed the ntp configuration file, we can click on one of the reports for the ones with the "Corrective changes" column marked with a number 1.

Here you can see that:

File[/etc/ntp.conf] was seen as missing (marked as "absent"), so it was changed to be added (marked as "file"). So Puppet added the ntp.conf back.

puppet-remove-ntp-test6

Additional resources:

Topics: puppet, linux

Vu Long Tran

Written by Vu Long Tran

Solutions Engineer APAC. ex-@Forrester consultant. Writing on #cloud #howto guides and #tech tinkering!