ntp #96

  • By paulgear
  • Latest version (#96)
  • bionic, xenial, trusty
  • Stable

Description

NTP, the Network Time Protocol, is used to keep computer clocks accurate
by synchronizing them over the Internet or a local network, or by
following an accurate hardware receiver that interprets GPS, DCF-77,
NIST or similar time signals.
.
This charm can be deployed alongside principal charms to enable NTP
management across deployed services.


Overview

Network Time Protocol (NTP) is a network-based time service to ensure
synchronization of time across a network of computers. It is defined in
RFC5905.

Usage

The ntp charm is a subordinate charm which is designed for use with other
principal charms. In its basic mode, the ntp charm is used to configure NTP
in service units to talk directly to a set of NTP time sources:

juju deploy cs:ntp
juju add-relation ntp myservice

By default this charm uses the standard set of NTP pool servers which are
configured in Ubuntu. In the event that you don't wish every juju unit on your
network to talk directly to the public NTP pool on the Internet, there are
several options.

Manual

If you already have a set of reliable, non-juju NTP servers in your network,
simply configure them as sources or peers and disable the default list of pool
servers. For example:

juju set ntp source="myatomicclock.local.net"
juju set ntp peers="ntp1.local.net ntp2.local.net ntp3.local.net"
juju set ntp pools=""

Sources, peers, and pools should be space-separated.

Multiple strata

In network environments where general outbound network access to the Internet
is not avaliable or you don't have a good internal time source such as an
atomic clock, you can use selected juju units to act as an NTP service for
other units.

On machines which do have outbound NTP access to the Internet:

juju deploy cs:ubuntu --num-units=4
juju deploy cs:ntp ntp-stratum2
juju add-relation ubuntu ntp-stratum2

On other juju units which do not have outbound NTP access:

juju deploy my-service
juju deploy cs:ntp ntp-stratum3
juju add-relation my-service ntp-stratum3
juju add-relation ntp-stratum2 ntp-stratum3
juju set ntp source="" peers="" pools=""

Auto peers

Auto peers implements multiple strata automatically, by testing upstream NTP
connectivity, selecting the units with the best connectivity to comprise
the upstream stratum, and configuring the remaining hosts to receive time from
those units.

juju deploy my-service
juju deploy cs:ntp
juju add-relation my-service ntp
juju set ntp auto_peers=true

NTP Implementations

Under Ubuntu 17.10 (Artful Aardvark) and earlier, the default implementation
of NTP is ntpd, from the Network Time Foundation. Ubuntu 18.04 (Bionic
Beaver) moves to chrony as the default NTP implementation. These decisions
are also reflected in this charm.

Monitoring

This charm may be related to the NRPE charm for monitoring by Nagios.
The telegraf charm also includes support for gathering NTP metrics.

Configuration

nagios_ntpmon_checks
(string) A space-separated list of nagios ntpmon checks to enable. Default is to enable all checks except trace; leave empty for no checks.
offset peers reach sync proc vars
nagios_servicegroups
(string) A comma-separated list of nagios servicegroups. If left empty, the nagios_context will be used as the servicegroup
peers
(string) Space-separated list of NTP servers to use as peers. Under ntpd, peers are allowed to query the local NTP server via ntpq.
auto_peers
(boolean) Automatically select the most appropriate units in the service to be a service stratum connecting with upstream NTP servers, and use those units as time sources for the remaining units.
nagios_context
(string) Used by the nrpe subordinate charms. A string that will be prepended to instance name to set the host name in nagios. So for instance the hostname would be something like: juju-myservice-0 If you're running multiple environments with the same services in them this allows you to differentiate between them.
juju
orphan_stratum
(int) The stratum at which NTP must lose connectivity to before it considers itself orphaned, and starts determining the reference time with local peers. A typical value is 6, which will enable orphaned operation when there are no stratum 6 servers or servers of a higher stratum available, which is two strata below most Internet NTP hosts. Set to 0 to disable orphan mode entirely. You must enable at least one peer in order to use orphan mode, but four or more is recommended for best results.
source
(string) Space-separated list of NTP servers to use as time sources.
auto_peers_upstream
(int) How many units should attempt to connect with upstream NTP servers?
6
package_status
(string) The status of service-affecting packages will be set to this value in the dpkg database. Valid values are "install" and "hold".
install
extra_packages
(string) Space separated list of extra deb packages to install.
pools
(string) Space-separated list of NTP servers to use as pool sources. These are recommended over normal sources for their self-healing capabilities. Leave empty to disable pool sources.
0.ubuntu.pool.ntp.org 1.ubuntu.pool.ntp.org 2.ubuntu.pool.ntp.org 3.ubuntu.pool.ntp.org ntp.ubuntu.com
use_iburst
(boolean) Use iburst for all peers/sources, not just those received via the master relation.
True
install_keys
(string) List of signing keys for install_sources package sources, per charmhelpers standard format (a yaml list of strings encoded as a string). The keys should be the full ASCII armoured GPG public keys. While GPG key ids are also supported and looked up on a keyserver, operators should be aware that this mechanism is insecure. null can be used if a standard package signing key is used that will already be installed on the machine, and for PPA sources where the package signing key is securely retrieved from Launchpad.
install_sources
(string) List of extra apt sources, per charm-helpers standard format (a yaml list of strings encoded as a string). Each source may be either a line that can be added directly to sources.list(5), or in the form ppa:<user>/<ppa-name> for adding Personal Package Archives, or a distribution component to enable.