Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status

RSS

ntp (90) Versions 3.9.1

Installs and configures ntp as a client or server

Policyfile
Berkshelf
Knife
cookbook 'ntp', '= 3.9.1', :supermarket
cookbook 'ntp', '= 3.9.1'
knife supermarket install ntp
knife supermarket download ntp
README
Dependencies
Changelog
Quality -%

NTP Cookbook

Cookbook Version
CI State
OpenCollective
OpenCollective
License

Installs and configures ntp. On Windows systems it uses the Meinberg port of the standard NTPd client to Windows.

Maintainers

This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of Chef cookbook maintainers working together to maintain important cookbooks. If you’d like to know more please visit sous-chefs.org or come chat with us on the Chef Community Slack in #sous-chefs.

Requirements

Platforms

  • Debian-family Linux Distributions
  • RedHat-family Linux Distributions 5-7 (8 does not contain NTP client)
  • Fedora
  • Gentoo Linux
  • openSUSE / SLES 12+
  • FreeBSD
  • Windows 2008 R2+
  • macOS 10.11+

Chef

  • Chef 12.1+

Cookbooks

  • none

Attributes

  • ntp['servers'] - (applies to NTP Servers and Clients)

    • Array, should be a list of upstream NTP servers that will be considered authoritative by the local NTP daemon. The local NTP daemon will act as a client, adjusting local time to match time data retrieved from the upstream NTP servers.

The NTP protocol works best with at least 4 servers. The ntp daemon will disregard any server after the 10th listed, but will continue monitoring all listed servers. For more information, see Upstream Server Time Quantity at support.ntp.org.

  • ntp['pools'] - (applies to NTP Servers and Clients)

    • Array, should be a list of upstream NTP pools that will be considered authoritative by the local NTP daemon. The local NTP daemon will act as a client, adjusting local time to match time data retrieved from each of the servers in the upstream pool.

See this Release Announcement for discussion about tuning this option.

  • ntp['peers'] - (applies to NTP Servers ONLY)

  • ntp['restrictions'] - (applies to NTP Servers only)

    • Array, should be a list of restrict lines to define access to NTP clients on your LAN.
  • ntp['sync_clock'] (applies to NTP Servers and Clients)

    • Boolean. Defaults to false. Forces the ntp daemon to be halted, an ntp -q command to be issued, and the ntp daemon to be restarted again on every Chef-client run. Will have no effect if drift is over 1000 seconds.
  • ntp['sync_hw_clock'] (applies to NTP Servers and Clients)

    • Boolean. Defaults to false. On *nix-based systems, forces the 'hwclock --systohc' command to be issued on every Chef-client run. This will sync the hardware clock to the system clock.
    • Not available on Windows.
  • ntp['restrict_default']

  • ntp["listen_network"] / ntp["listen"]

    • String, optional attribute. Default is for NTP to listen on all addresses.
    • ntp["listen_network"] should be set to 'primary' to listen on the node's primary IP address as determined by ohai, or set to a CIDR (eg: '192.168.4.0/24') to listen on the last node address on that CIDR.
    • ntp["listen"] can be set to a specific address (eg: '192.168.4.10') instead of ntp["listen_network"] to force listening on a specific address.
    • If both ntp["listen"] and ntp["listen_network"] are set then ntp["listen"] will always win.
  • ntp["ignore"]

    • Array, interface names to ignore from listening. Can be used to disable listening wildcard interfaces (eg: ['wildcard', '::1']), can be combined with ntp["listen"]
  • ntp["statistics"]

    • Boolean. Default to true. Enable/disable statistics data logging into ntp['statsdir'].
    • Not available on Windows.
  • ntp['conf_restart_immediate']

    • Boolean. Defaults to false. Restarts NTP service immediately after a config update if true. Otherwise it is a delayed restart.
  • ntp['peer']['disable_tinker_panic_on_virtualization_guest'] (applies to virtualized hosts only)

    • Boolean. Defaults to true. Sets tinker panic to 0. NTP default it 1000. (See http://www.vmware.com/vmtn/resources/238 p. 23 for explanation on disabling panic) (Note: this overrides ntp['tinker']['panic'] attribute)
  • ntp['peer']['use_iburst'] (applies to NTP Servers ONLY)

    • Boolean. Defaults to true. Enables iburst in peer declaration.
  • ntp['peer']['use_burst'] (applies to NTP Servers ONLY)

    • Boolean. Defaults to false. Enables burst in peer declaration.
  • ntp['peer']['minpoll'] (applies to NTP Servers ONLY)

    • Boolean. Defaults to 6 (ntp default). Specify the minimum poll intervals for NTP messages, in seconds to the power of two.
  • ntp['peer']['maxpoll'] (applies to NTP Servers ONLY)

    • Boolean. Defaults to 10 (ntp default). Specify the maximum poll intervals for NTP messages, in seconds to the power of two.
  • ntp['server']['prefer'] (applies to NTP Servers and Clients)

    • String. Defaults to emtpy string. The server from ntp['servers'] to prefer getting the time from.
  • ntp['server']['use_iburst'] (applies to NTP Servers and Clients)

    • Boolean. Defaults to true. Enables iburst in server declaration.
  • ntp['server']['use_burst'] (applies to NTP Servers and Clients)

    • Boolean. Defaults to false. Enables burst in server declaration.
  • ntp['server']['minpoll'] (applies to NTP Servers and Clients)

    • Boolean. Defaults to 6 (ntp default). Specify the minimum poll intervals for NTP messages, in seconds to the power of two.
  • ntp['server']['maxpoll'] (applies to NTP Servers and Clients)

    • Boolean. Defaults to 10 (ntp default). Specify the maximum poll intervals for NTP messages, in seconds to the power of two.
  • ntp['tinker']['allan']

    • Number. Defaults to 1500 (ntp default). Spedifies the Allan intercept, which is a parameter of the PLL/FLL clock discipline algorithm, in seconds.
  • ntp['tinker']['dispersion']

    • Number. Defaults to 15 (ntp default). Specifies the dispersion increase rate in parts-per-million (PPM).
  • ntp['tinker']['panic']

    • Number. Defaults to 1000 (ntp default). Spedifies the panic threshold in seconds. If set to zero, the panic sanity check is disabled and a clock offset of any value will be accepted.
  • ntp['tinker']['step']

    • Number. Defaults to 0.128 (ntp default). Spedifies the step threshold in seconds. If set to zero, step adjustments will never occur. Note: The kernel time discipline is disabled if the step threshold is set to zero or greater than 0.5 s.
  • ntp['tinker']['stepout']

    • Number. Defaults to 900 (ntp default). Specifies the stepout threshold in seconds. If set to zero, popcorn spikes will not be suppressed.
  • ntp['localhost']['noquery'] (applies to NTP Servers and Clients)

    • Boolean. Defaults to false. Set to true if using ntp < 4.2.8 or any unpatched ntp version to mitigate CVE-2014-9293 / CVE-2014-9294 / CVE-2014-9295
  • ntp['orphan']['enabled']

    • Boolean, enables orphan mode if set to true
  • ntp['orphan']['stratum']

    • Number. Defaults to 5, recommended value for stratum is 2 more than the worst-case externally-reachable source of time

Automatically Set Attributes

These attributes are set based on platform / system information provided by Ohai

  • ntp['packages']

    • Array, the packages to install
    • Default, ntp for everything, ntpdate depending on platform. Not applicable for Windows nodes.
  • ntp['service']

    • String, the service to act on
    • Default, ntp, NTP, or ntpd, depending on platform
  • ntp['varlibdir']

    • String, the path to /var/lib files such as the driftfile.
    • Default, platform-specific location. Not applicable for Windows nodes
  • ntp['driftfile']

    • String, the path to the frequency file.
    • Default, platform-specific location.
  • ntp['conffile']

    • String, the path to the ntp configuration file.
    • Default, platform-specific location.
  • ntp['statsdir']

    • String, the directory path for files created by the statistics facility.
    • Default, platform-specific location. Not applicable for Windows nodes
  • ntp['conf_owner'] and ntp['conf_group']

    • String, the owner and group of the sysconf directory files, such as /etc/ntp.conf.
    • Default, platform-specific root:root or root:wheel.
  • ntp['var_owner'] and ntp['var_group']

    • String, the owner and group of the /var/lib directory files, such as /var/lib/ntp.
    • Default, platform-specific ntp:ntp or root:wheel. Not applicable for Windows nodes
  • ntp['leapfile']

    • String, the path to the ntp leapfile.
    • Default, /etc/ntp.leapseconds.
  • ntp['package_url']

    • String, the URL to the the Meinberg NTPd client installation package.
    • Default, Meinberg site download URL
    • Windows platform only
  • ntp['vs_runtime_url']

    • String, the URL to the the Visual Studio C++ 2008 runtime libraries that are required for the Meinberg NTP client.
    • Default, Microsoft site download URL
    • Windows platform only
  • ntp['vs_runtime_productname']

    • String, the installation name of the Visual Studio C++ Runtimes file.
    • Default, "Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022"
    • Windows platform only
  • ntp['sync_hw_clock']

    • Boolean, determines if the ntpdate command is issued to sync the hardware clock
    • Default, false
    • Not applicable for Windows nodes
  • ntp['apparmor_enabled']

    • Boolean, enables configuration of apparmor if set to true
    • Defaults to false and will make no provisions for apparmor.
    • If a platform has apparmor enabled (currently Ubuntu) default will become true.
  • ntp['use_cmos']

    • Boolean, uses a high stratum undisciplined clock for machines with real CMOS clock.
    • Defaults to true unless a platform appears to be virtualized according to Ohai.
  • ntp['pkg_source']

    • Only applicable to Solaris 10
    • String, device/path to Solaris packages.
    • Defaults to /var/spool/pkg
  • ntp['leapfile_from_mirror']

    • Using ntp.leapseconds from http resources. Store true with ntp['leapfile_url'] file location
    • Boolean
    • Defaults to false
  • ntp['leapfile_url']

    • Remote file location of ntp.leapseconds. Use only with ntp ['leapfile_from_mirror'] = true
    • String, URL

Usage

default recipe

Set up the ntp attributes in a role. For example in a base.rb role applied to all nodes:

name 'base'
description 'Role applied to all systems'
default_attributes(
  'ntp' => {
    'servers' => ['time0.int.example.org', 'time1.int.example.org']
  }
)

Then in an ntpserver.rb role that is applied to NTP servers (e.g., time.int.example.org):

name 'ntp_server'
description 'Role applied to the system that should be an NTP server.'
default_attributes(
  'ntp' => {
    'servers'      => ['0.pool.ntp.org', '1.pool.ntp.org'],
    'peers'        => ['time0.int.example.org', 'time1.int.example.org'],
    'restrictions' => ['10.0.0.0 mask 255.0.0.0 nomodify notrap']
  }
)

The timeX.int.example.org used in these roles should be the names or IP addresses of internal NTP servers. Then simply add ntp, or ntp::default to your run_list to apply the ntp daemon's configuration.

windows_client recipe

Windows only. Apply on a Windows host to install the Meinberg NTPd client.

mac_os_x_client recipe

macOS only. Apply on a macOS host to configure NTP.

Contributors

This project exists thanks to all the people who contribute.

Backers

Thank you to all our backers!

https://opencollective.com/sous-chefs#backers

Sponsors

Support this project by becoming a sponsor. Your logo will show up here with a link to your website.

https://opencollective.com/sous-chefs/sponsor/0/website
https://opencollective.com/sous-chefs/sponsor/1/website
https://opencollective.com/sous-chefs/sponsor/2/website
https://opencollective.com/sous-chefs/sponsor/3/website
https://opencollective.com/sous-chefs/sponsor/4/website
https://opencollective.com/sous-chefs/sponsor/5/website
https://opencollective.com/sous-chefs/sponsor/6/website
https://opencollective.com/sous-chefs/sponsor/7/website
https://opencollective.com/sous-chefs/sponsor/8/website
https://opencollective.com/sous-chefs/sponsor/9/website

Dependent cookbooks

This cookbook has no specified dependencies.

Contingent cookbooks

base_install Applicable Versions
baseserver Applicable Versions
cafe-core Applicable Versions
cdap Applicable Versions
chef-manageiq Applicable Versions
circonus-broker Applicable Versions
cloudless-box Applicable Versions
common_linux Applicable Versions
eucalyptus Applicable Versions
firstbook Applicable Versions
il-base Applicable Versions
kagent Applicable Versions
krb5 Applicable Versions
kvm Applicable Versions
linux-basic Applicable Versions
linux_basic Applicable Versions
mw_server_base Applicable Versions
my_cookbook Applicable Versions
ntp_cluster Applicable Versions
os-hardening Applicable Versions
paramount Applicable Versions
platformstack Applicable Versions
privx Applicable Versions
sanity Applicable Versions
server-base Applicable Versions
stack-base Applicable Versions

ntp Cookbook CHANGELOG

This file is used to list changes made in each version of the ntp cookbook.

3.9.1 - 2021-02-03

  • Remove duplicated source attributes in cookbook_file for leapfile_url

3.9.0 - 2021-01-29

  • Sous Chefs Adoption
  • Cookstyle fixes
  • Standardise files with files in sous-chefs/repo-management
  • Add testing for Windows and MacOS

3.8.0 (2020-12-04)

  • Changed installing ntp.leapseconds file dynamicaly from (or other). Use node['ntp']['leapfile_url'] to override - @mnosenko
  • Improve how we inject the helper libraries - @tas50
  • Require Chef 12.15+ - @tas50
  • Add testing in Github actions - @tas50
  • Fix failing specs - @tas50

3.7.0 (2019-10-01)

  • Resolve multiple AppArmor failures on Ubuntu systems - @caarlos0
  • Rename Mac OS X references to be macOS - @tas50
  • Resolve multiple cookstyle warnings - @tas50
  • Added RHEL 8, Debian 10, and openSUSE 15 testing - @tas50
  • Update the Windows NTP client to the latest version - @tas50
  • Remove support for EOL SLES 11 - @tas50
  • Gracefully fail on RHEL 8 and later - @tas50
  • Update the supported platforms to include opensuse - @tas50
  • Update to the latest ntp.leapseconds file - @tas50

3.6.2 (2019-01-21)

  • Update leap seconds file to the latest expiring 6/2019 - @tas50

3.6.1 (2018-11-24)

  • Add the attach_disconnected flag to the ntpd AppArmor config

3.6.0 (2018-07-24)

  • Don't add defaults if pools or peers are specified

3.5.6 (2018-01-28)

  • Add /var/log/ntpstats/protostats to Apparmor config

3.5.5 (2018-01-28)

  • Update leap second file. Now expires Dec 2018

3.5.4 (2017-11-27)

  • Update ntp.leapseconds (expires: 1 Dec 2017 → 28 June 2018)

3.5.3 (2017-11-27)

  • Fix failing non-interactive install on Solaris10

3.5.2 (2017-08-16)

  • Fix apprarmor denied for sock_type=dgram in ubuntu dists.

3.5.1 (2017-06-28)

  • Use the latest NTP release on windows to resolve several bugs
  • Fix Amazon Linux support on Chef 13
  • Allow windows to sync to the hardware clock when not virtualized since Ohai has provided Windows with virtualization data for a while now
  • Update inspec tests to pass on Windows
  • Update Chefspecs for the latest platforms

3.5.0 (2017-06-27)

  • Change RHEL platforms to use the driftfile location RHEL ships out of the box
  • Add support for ntp pool configuration option
  • Fix installation and config on Solaris 10 & 11.
  • Set default service name on SLES 11.x
  • Fix MacOS X default attributes and OSX chefspec.

3.4.0 (2017-05-06)

  • Ensure metadata compatibility with older Chef 12 releases
  • Testing updates for Chef 13
  • Test with Delivery local mode instead of a Rakefile
  • Use a SPDX standard license string
  • Remove xcp as a platform in the metadata
  • Added requestkey attribute

3.3.1 (2016-12-21)

  • Fix resource cloning warning in recipe[default]

3.3.0 (2016-12-16)

  • Add Mac OS X client config support

3.2.1 (2016-11-23)

  • Update leap seconds file to version 3676924800

3.2.0 (2016-09-28)

  • Remove support for Arch
  • Remove legacy apparmor config that wasn't used
  • Don't install ntpdate (and uninstall it) on Ubuntu 16.04+
  • Expand specs and avoid deprecation warnings

3.1.0 (2016-09-16)

  • Require Chef 12.1 not 12.0
  • Remove the dependency on the Windows cookbook

3.0.0 (2016-09-07)

  • Require Chef 12+

2.0.3 (2016-08-31)

  • Remove minitest tests from the undo recipe

2.0.2 (2016-08-30)

  • Replace node.set with node.normal to avoid deprecation notices

2.0.1 (2016-08-29)

  • Update the leap seconds file
  • Remove node name from configs
  • Switch to cookstyle and use the Rakefile directly for testing in Travis CI
  • Update platforms we test on
  • Fix failing Chefspecs and avoid deprecation warnings during spec runs

v2.0.0 (2016-05-18)

  • Remove the undo recipe. This functionality is better suited for a custom cookbook that matches the needs of individual organizations
  • Removed the installation of the visual studio 2008 runtime that was only necessary for Windows 2003.
  • Fixed the forced clock syncing on FreeBSD hosts

v1.11.1 (2016-05-12)

  • Ownership of this cookbook has been transferred back to Chef Software.

v1.11.0 (2016-03-29)

  • When force setting the clock run ntp as the ntp user to ensure we don't set file ownership to root
  • Added optional support for orphan mode
  • Require windows cookbook 1.38.0 to resolve several issues with the older cookbook versions
  • Add support for using keys

v1.10.1 (2016-02-04)

  • Update the Readme to include openSUSE and Arch Linux
  • Guard the timeout set in the service to prevent failures on old chef releases

v1.10.0 (2016-02-04)

  • Fixed compatibility with FreeBSD hosts by skipping the sync with the hardware clock and using the proper path to the "true" command
  • Fixed compatibility with Windows by extending the service start timeout, introducing retries, and excluding Windows from the hardware sync logic
  • Changed the default array of packages to install from ntp and ntpdate to just ntp. ntpdate is used on Debian and modern RHEL/Fedora hosts only. This gives us out of the box support for Arch and Suse
  • Ensure that Fedora systems also install ntpdate
  • Updated test dependencies to the latest
  • Updated test documentation to point to the official Chef testing documentation
  • Expanded the Test Kitchen config with better support for FreeBSD/Fedora and new Windows boxes

v1.9.2 (2016-02-04)

  • PR [#121] - Remove nomodify config from loopback

v1.9.1 (2016-01-07)

  • PR [#132] - Update ntp.leapseconds

v1.9.0 (2015-12-16)

  • PR [#111] - Fix duplication of localhost listen directive in template
  • PR [#127] - Set var_owner on FreeBSD to root instead of default ntp
  • PR [#117] - Document node['ntp']['ignore']
  • PR [#118] - Add attributes to support pld-linux
  • PR [#120] - Fix links to Github PRs in the Changelog
  • PR [#124] - Additional fix for apparmor issue gmiranda23#103
  • Depend on windows cookbook instead of suggesting. Suggests doesn't actually do anything
  • Fix / expand apparmor specs to pass and test the auto apparmor config logic
  • Enable Travis CI and update the travis.yml file to run full integration tests with Kitchen Docker so we test all PRs on Ubuntu 12.04/14.04 and CentOS 6.7 / 7.1
  • Reformat all markdown files
  • Update all references to Opscode to be Chef Software.
  • Update copyright dates and contact e-mails
  • Expanded platforms in the Test Kitchen config
  • Added new supermarket issues_url and source_url metadata
  • Update the Berkfile API url and removed version pins on the testing cookbooks
  • Remove yum from the Berksfile as it isn't actually used
  • Use the standard Chef testing Rakefile
  • Remove the attribute documentation from the metadata as it is quickly out of sync
  • Resolve rubocop warnings and include the standard Chef rubocop.yml file
  • Update development deps in the Gemfile to the latest releases
  • Remove the outdated contributing.md doc from the Opscode days

v1.8.6 (2015-05-14)

  • PR [#102](102) - Update leapseconds file to 3660249600 (through C49)
  • Gemfile parity with ChefDK 0.5.1
  • .kitchen.yml platform updates to current bento boxes

v1.8.4 (2015-04-17)

  • PR [#101] - add logfile attribute

v1.8.2 (2015-04-15)

  • PR [#100] - Sort peers & servers for consistency

v1.8.0 (2015-04-13)

  • Chefspec 4.0 updates
  • Rubocop updates
  • PR [#85] - Update leapseconds for June 2015 leapsecond
  • PR [#70] - Allow setting tinker options in attributes
  • PR [#84] - Add attributes for tinker option customization
  • PR [#88] - Attribute sets noquery for localhost lines
  • PR [#89] - ntp.leapseconds notifies ntp service with delayed restart
  • PR [#91] - Allow ntp.conf update to restart immediate
  • PR [#95] - Add preferred ntp server support
  • PR [#96] - Add restrict default attribute
  • PR [#72] - Move high stratum real CMOs to an attribute
  • PR [#98] - Bump test-kitchen gem version
  • PR [#99] - Lazy attribute for leapfile_enabled

v1.7.0 (2014-12-10)

  • Added CentOS 7 support for test-kitchen
  • PR [#37] - Check that apparmor exists before enabling service
  • PR [#45] - Statistics logging switch (not available for Windows)
  • PR [#57] - Move include statement on helper outside 'windows?' check
  • PR [#71] - Ability to listen more than one interface
  • PR [#73] - Fix appamor configuration for Ubuntu
  • PR [#74] - Remove is_server from example
  • PR [#75] - Add more settings for server and peer declarations
  • PR [#83] - Fix apparmor spec tests

v1.6.8 (2014-12-04)

  • PR [#81] - Update to berkshelf3

v1.6.6 (2014-12-02)

  • PR [#76] - Overhauled Testing
  • PR [#68] - Updated Leapseconds
  • PR [#51] - Berksfile source deprecation

v1.6.5 (2014-09-25)

  • Ensure that ntp version is captured

v1.6.4 (2014-07-02)

  • Leapseconds File Expired, update to 3626380800
  • COOK-3887 - Trivial changes to achieve Gentoo support
  • COOK-1876 - ntp leapfile assumes ntpd >= 4.2.6 syntax

v1.6.2 (2014-03-19)

  • [COOK-4162] - change "No NTP servers specified" message to :debug

v1.6.0 (2014-02-21)

Improvement

Bug

  • COOK-4106 - Check for default content in ntp.conf
  • COOK-4087 - quote option in readme
  • COOK-3797 - Cookbook fails to upload due to 1.9.x syntax
  • COOK-3023 - NTP leapseconds file denied by Ubuntu apparmor profile

v1.5.4 (2013-12-29)

[COOK-4007]- update to 3612902400

v1.5.2

Bug

v1.5.0

Improvement

New Feature

  • COOK-3636 - Allow ntp cookbook to update clock to ntp servers

Bug

  • COOK-3410 - Remove redundant ntpdate/disable recipes
  • COOK-1170 - Allow redefining NTP servers in a role

v1.4.0

Improvement

  • COOK-3365 - Update ntp leapseconds file to version 3597177600
  • COOK-1674 - Add Windows support

v1.3.2

  • [COOK-2024] - update leapfile for IERS Bulletin C

v1.3.0

  • [COOK-1404] - add leapfile for handling leap seconds

v1.2.0

  • [COOK-1184] - Add recipe to disable NTP completely
  • [COOK-1298] - Refactor into a reference cookbook for testing

v1.1.8

  • [COOK-1158] - RHEL family >= 6 has ntpdate package

v1.1.6

  • Related to changes in COOK-1124, fix group for freebsd and else

v1.1.4

  • [COOK-1124] - parameterised driftfile and statsdir to be configurable by platform

v1.1.2

  • [COOK-952] - freebsd support
  • [COOK-949] - check for any virtual system not just vmware

v1.1.0

  • Fixes COOK-376 (use LAN peers, iburst option, LAN restriction attribute)

v1.0.1

  • Support scientific linux
  • Use service name attribute in resource (fixes EL derivatives)

No quality metric results found