Time Synchronization

Time synchronization makes lots of things work better, including:

  • make
  • Kerberos
  • tar
  • syslog

We’ve got a central NTP server on campus, and I’m using that to sync from. Puppet handles ntp and ntpdate configuration on the managed systems. Components of that setup:

  • ntp.pp and ntpdate.pp classes imported from puppet/classes
  • Virtualization-detecting facter recipe (originally from here, but also included below since it’s short and in case the original gets moved). This does two things: first, Xen domUs get their time from the dom0 by default. They won’t fail running ntp, but if dom0 has the wrong time, you’ll have a hard time getting any of the domUs to ever get the right time. So we’ll make sure ntp isn’t running there, as a reminder. Second, according to the virtualization recipe’s author, VMWare guests can’t run ntp at all. So we’ll disable it there, too.

/etc/puppet/facts/virtual.rb

Facter.add("virtual") do
  confine :kernel => :linux
  result = "physical"
  setcode do
    lspciexists = system "which lspci >&/dev/null"
    if $?.exitstatus == 0
      output = %x{lspci}
      output.each {|p|
        # --- look for the vmware video card to determine
        # if it is virtual => vmware.
        # ---     00:0f.0 VGA compatible controller: VMware ...
        result = "vmware" if p =~ /VMware/
        }
    end
    # VMware server 1.0.3 rpm places vmware-vmx in this place,
    # other versions or platforms may not.
    if FileTest.exists?("/usr/lib/vmware/bin/vmware-vmx")
      result = "vmware_server"
    end
    if FileTest.exists?("/proc/sys/xen/independent_wallclock")
      result = "xenu"
    elsif FileTest.exists?("/proc/xen/capabilities")
      txt = File.read("/proc/xen/capabilities")
      if txt =~ /control_d/i
        result = "xen0"
      end
    end
    result
  end
end

/etc/puppet/manifests/classes/ntp.pp

class ntp {
  $ntppackage = $operatingsystem ? {
      Solaris => "SUNWntpu",
      default => "ntp"
  }
  package { $ntppackage:
      ensure => installed,
      provider => $operatingsystem ? {
          Solaris => "sun",
          default => "apt"
      }
  }

  file { ntpconf:
    path => $operatingsystem ? {
      Solaris => "/etc/inet/ntp.conf",
      default => "/etc/ntp.conf"
    },
    owner => root, group => root, mode => 644,
    source => "puppet://REDACTED/ntp.conf",
    require => Package[$ntppackage],
  }

  service { ntp:
    ensure => $virtual ? {
      vmware => stopped,
      xenu => stopped,
      default => running
    },
    enable => $virtual ? {
      vmware => false,
      xenu => false,
      default => true
    },
    subscribe => [Package[$ntppackage], File[ntpconf]]
  }
}

/etc/puppet/manifests/classes/ntpdate.pp

class ntpdate {
  package { ntpdate: ensure => installed }
}

and one entry from /etc/puppet/manifests/site.pp:

node ch405l {
  include ntp, ntpdate
}

Minor annoyances or deviations from the way things used to be configured: as of Debian 4.0, ntpdate is run when network interfaces are brought up, rather than at a user-defined time via the SysV init system. So if a system was installed with a bad time (most commonly on our dual-boot systems) and you want to avoid reboots, you’ll have to run ntpdate-debian once to get the clock in sync with the NTP server before ntpd will do anything right.

Join the Conversation

2 Comments

  1. Pingback: xentutorial.com

Leave a comment

Your email address will not be published. Required fields are marked *