Set up time management through NTP

Table of contents

The following sets up a local NTP server that synchronizes with pool.ntp.org andclients that synchronize with your local NTP server. See bottom of this exampleif you don't want to build a server, but use a "brute force" method (repeatedntpdate syncs).

This example demonstrates you can have a lot of low-level detailed control if you want it.

code

bundleagentsystem_time_ntp{vars:linux::"cache_dir"string=>"$(sys.workdir)/cache";# Cache directory for NTP config files"ntp_conf"string=>"/etc/ntp.conf";# Target file for NTP configuration"ntp_server"string=>"172.16.12.161";"ntp_network"string=>"172.16.12.0";# IP address and netmask of your local NTP server"ntp_mask"string=>"255.255.255.0";"ntp_pkgs"slist=>{"ntp"};# NTP packages to be installed to ensure service# Define a class for the NTP serverclasses:any::"ntp_hosts"or=>{classmatch(canonify("ipv4_$(ntp_server)"))};# Ensure that the NTP packages are installedpackages:ubuntu::"$(ntp_pkgs)"comment=>"setup NTP",package_policy=>"add",package_method=>generic;# Ensure existence of file and directory for NTP drift learning statisticsfiles:linux::"/var/lib/ntp/ntp.drift"comment=>"Enable ntp service",create=>"true";"/var/log/ntpstats/."comment=>"Create a statistic directory",perms=>mog("644","ntp","ntp"),create=>"true";ntp_hosts::# Build the cache configuration file for the NTP server"/var/cfengine/cache/ntp.conf"comment=>"Build$(this.promiser) cache file for NTP server",create=>"true",edit_defaults=>empty,edit_line=>restore_ntp_master("$(ntp_network)","$(ntp_mask)");centos.ntp_hosts::# Copy the cached configuration file to its target destination"$(ntp_conf)"comment=>"Ensure$(this.promiser) in a perfect condition",copy_from=>local_cp("$(cache_dir)/ntp.conf"),classes=>if_repaired("refresh_ntpd_centos");ubuntu.ntp_hosts::"$(ntp_conf)"comment=>"Ensure$(this.promiser) in a perfect condition",copy_from=>local_cp("$(cache_dir)/ntp.conf"),classes=>if_repaired("refresh_ntpd_ubuntu");!ntp_hosts::# Build the cache configuration file for the NTP client"$(cache_dir)/ntp.conf"comment=>"Build$(this.promiser) cache file for NTP client",create=>"true",edit_defaults=>empty,edit_line=>restore_ntp_client("$(ntp_server)");centos.!ntp_hosts::# Copy the cached configuration file to its target destination"$(ntp_conf)"comment=>"Ensure$(this.promiser) in a perfect condition",copy_from=>local_cp("$(cache_dir)/ntp.conf"),classes=>if_repaired("refresh_ntpd_centos");ubuntu.!ntp_hosts::"$(ntp_conf)"comment=>"Ensure$(this.promiser) in a perfect condition",copy_from=>local_cp("$(cache_dir)/ntp.conf"),classes=>if_repaired("refresh_ntpd_ubuntu");# Set classes (conditions) for to restart the NTP daemon if there have been any changes to configurationprocesses:centos::"ntpd.*"restart_class=>"refresh_ntpd_centos";ubuntu::"ntpd.*"restart_class=>"refresh_ntpd_ubuntu";# Restart the NTP daemon if the configuration has changedcommands:refresh_ntpd_centos::"/etc/init.d/ntpd restart";refresh_ntpd_ubuntu::"/etc/init.d/ntp restart";}#######################################################bundleedit_linerestore_ntp_master(network,mask){vars:"list"string=>"####################################### ntp.conf-masterdriftfile /var/lib/ntp/ntp.driftstatsdir /var/log/ntpstats/statistics loopstats peerstats clockstatsfilegen loopstats file loopstats type day enablefilegen peerstats file peerstats type day enablefilegen clockstats file clockstats type day enable# Use public servers from the pool.ntp.org project.# Please consider joining the pool (http://www.pool.ntp.org/join.html).# Consider changing the below servers to a location near you for better time# e.g. server 0.europe.pool.ntp.org, or server 0.no.pool.ntp.org etc.server 0.centos.pool.ntp.orgserver 1.centos.pool.ntp.orgserver 2.centos.pool.ntp.org# Permit time synchronization with our time source, but do not# permit the source to query or modify the service on this system.restrict -4 default kod nomodify notrap nopeer noqueryrestrict -6 default kod nomodify notrap nopeer noquery# Permit all access over the loopback interface.  This could# be tightened as well, but to do so would effect some of# the administrative functions.restrict 127.0.0.1restrict ::1# Hosts on local network are less restricted.restrict$(network) mask$(mask) nomodify notrap";insert_lines:"$(list)";}#######################################################bundleedit_linerestore_ntp_client(serverip){vars:"list"string=>"####################################### This file is protected by cfengine ######################################## ntp.conf-clientdriftfile /var/lib/ntp/ntp.driftstatsdir /var/log/ntpstats/statistics loopstats peerstats clockstatsfilegen loopstats file loopstats type day enablefilegen peerstats file peerstats type day enablefilegen clockstats file clockstats type day enable# Permit time synchronization with our time source, but do not# permit the source to query or modify the service on this system.restrict -4 default kod nomodify notrap nopeer noqueryrestrict -6 default kod nomodify notrap nopeer noquery# Permit all access over the loopback interface.  This could# be tightened as well, but to do so would effect some of# the administrative functions.restrict 127.0.0.1restrict ::1server$(serverip)restrict$(serverip) nomodify";insert_lines:"$(list)";}

This policy can be found in/var/cfengine/share/doc/examples/example_ntp.cf

If you don't want to build a server, you might do like this:

code

bundleagenttime_management{vars:any::"ntp_server"string=>"no.pool.ntp.org";commands:any::"/usr/sbin/ntpdate$(ntp_server)"contain=>silent;}

This is a hard reset of the time, it corrects it immediately. This may cause problemsif there are large deviations in time and you are using time sensitive software on yoursystem. An NTP daemon setup as shown above, on the other hand, slowly adapts the timeto avoid causing disruption. In addition, the NTP daemon can be configured to learn yoursystem's time drift and automatically adjust for it without having to be in touch withthe server at all times.

Still need help?

Chat

Ask a question on Github

Mailing list

Version

master 3.24 (LTS)3.21 (LTS)view all versions

Movatterモバイル変換

Set up time management through NTP

Still need help?