Manage an NTP service

Network Time Protocol (NTP) is one of the most crucial, yet easiest, services to configure and manage with Puppet, to properly synchronize time across all your nodes. Follow this guide to get started managing a NTP service using the Puppet ntp module.

Before you begin

Ensure you’ve already installed Puppet, and at least one *nix agent. Also, log in as root or Administrator on your nodes.

The clocks on your servers are not inherently accurate. They need to synchronize with something to let them know what the right time is. NTP is a protocol that synchronizes the clocks of computers over a network. NTP uses Coordinated Universal Time (UTC) to synchronize computer clock times to within a millisecond.

Your entire datacenter, from the network to the applications, depends on accurate time for security services, certificate validation, and file sharing across Puppet agents. If the time is wrong, your Puppet primary server might mistakenly issue agent certificates from the distant past or future, which other agents treat as expired.

Using the Puppet NTP module, you can:

Ensure time is correctly synced across all the servers in your infrastructure.
Ensure time is correctly synced across your configuration management tools.
Roll out updates quickly if you need to change or specify your own internal NTP server pool.

This guide walks you through the following steps in setting up NTP configuration management:

Installing the puppetlabs-ntp module.
Adding classes to the default node in your main manifest.
Viewing the status of your NTP service.
Using multiple nodes in the main manifest to configure NTP for different permissions.

Note: You can add the NTP service to as many agents as needed. For simplicity, this guide describes adding it to only one.

The first step is installing the puppetlabs-ntp module. The puppetlabs-ntp module is part of the supported modules program; these modules are supported, tested, and maintained by Puppet. For more information on puppetlabs-ntp, see the README. To install it, run:
```
puppet module install puppetlabs-ntp
```
The resulting output is similar to this:
```
 Preparing to install into /etc/puppetlabs/puppet/modules ...
    Notice: Downloading from http://forgeapi.puppetlabs.com ...
    Notice: Installing -- do not interrupt ...
    /etc/puppetlabs/puppet/environments/production/modules
    └── puppetlabs-ntp (v3.1.2)
```
That’s it! You’ve just installed the puppetlabs-ntp module.
The next step is adding classes from the NTP module to the main manifest.
The NTP module contains several classes. Classes are named chunks of Puppet code and are the primary means by which Puppet configures nodes. The NTP module contains the following classes:
- ntp: the main class, which includes all other NTP classes, including the classes in this list.
- ntp::install: handles the installation packages.
- ntp::config: handles the configuration file.
- ntp::service: handles the service.
You’re going to add the ntp class to the default node in your main manifest. Depending on your needs or infrastructure, you might have a different group that you’ll assign NTP to, but you would take similar steps.
1. From the command line on the primary server, navigate to the directory that contains the main manifest:
```
cd /etc/puppetlabs/code/environments/production/manifests
```
2. Use your text editor to open site.pp.
3. Add the following Puppet code to site.pp:
```
node default { 
  class { 'ntp':
        servers => ['nist-time-server.eoni.com','nist1-lv.ustiming.org','ntp-nist.ldsbc.edu']
  }
}
```
  Note: If your site.pp file already has a default node in it, add just the class and servers lines to it.
  
  Note: For additional time server options, see the list at https://www.ntppool.org/.
4. On your agent, start a Puppet run:
```
puppet agent -t
```
  Your Puppet-managed node is now configured to use NTP.
To check if the NTP service is running, run:
```
puppet resource service ntpd
```
On Ubuntu operating systems, the service is ntp instead of ntpd.
The result looks like this:
```
service { 'ntpd':
  		  ensure => 'running',
 		  enable => 'true',
	}
```
If you want to configure the NTP service to run differently on different nodes, you can set up NTP on nodes other than default in the site.pp file.
In previous steps, you’ve been configuring the default node.

In the example below, two NTP servers (kermit and grover) are configured to talk to outside time servers. The other NTP servers (snuffie, bigbird, and hooper) use those two primary servers to sync their time.

One of the primary NTP servers, kermit, is very cautiously configured — it can’t afford outages, so it’s not allowed to automatically update its NTP server package without testing. The other servers are more permissively configured.
The site.pp looks like this:
```
node "kermit.example.com" { 
  class { "ntp":
        servers            => [ '0.us.pool.ntp.org iburst','1.us.pool.ntp.org iburst','2.us.pool.ntp.org iburst','3.us.pool.ntp.org iburst'],
        autoupdate         => false,
        restrict           => [],
        service_enable     => true,
  }
}

node "grover.example.com" { 
  class { "ntp":
        servers            => [ 'kermit.example.com','0.us.pool.ntp.org iburst','1.us.pool.ntp.org iburst','2.us.pool.ntp.org iburst'],
        autoupdate         => true,
        restrict           => [],
        service_enable     => true,
  }
}

node "snuffie.example.com", "bigbird.example.com", "hooper.example.com" {
  class { "ntp":
        servers    => [ 'grover.example.com', 'kermit.example.com'],
        autoupdate => true,
        enable     => true,
  }
}
```
In this way, it is possible to configure NTP on multiple nodes to suit your needs.

Results

For more information about working with the puppetlabs-ntp module, check out our How to Manage NTP webinar.

Puppet offers many opportunities for learning and training, from formal certification courses to guided online lessons. See the Learning Puppet page for more information.