Puppetizing ntpd on Solaris 11.4

Last time we configured a Puppet master, see Puppet Master on Solaris 11.3 SRU 23.

Let's do some basic configuration with Puppet today. I'm doing this on Solaris 11.4 Beta with Puppet 5.3.3 so some paths on the master are slightly different. Keep this in mind when you're still on Solaris 11.3.

First things first, setup hiera.

root@master # cat /etc/puppetlabs/puppet/hiera.yaml
---
version: 5
defaults:
  datadir: /var/lib/hiera
  data_hash: yaml_data
hierarchy:
  - name: "Per-node data"
    path: "nodes/%{trusted.certname}.yaml"

  - name: "Per-net data"
    paths:
      - "net/%{::network_net0}.yaml"
      - "net/%{::network_ipmp0}.yaml"

  - name: "Other YAML hierarchy levels"
    path: "common.yaml"

root@master # cat /var/lib/hiera/common.yaml
---
classes:
  - ntp

# https://forge.puppetlabs.com/puppetlabs/ntp
ntp::enable: true
ntp::iburst_enable: true
# fix "ntpd[12345]: [ID 702911 daemon.warning] restrict default: KOD does nothing without LIMITED."
ntp::restrict:
  - default nomodify notrap nopeer noquery
  - -6 default nomodify notrap nopeer noquery
  - 127.0.0.1
  - -6 ::1
ntp::servers:
  - 10.1.2.3
  - 10.4.5.6

root@master # cat /var/lib/hiera/net/192.168.1.0.yaml
---
ntp::servers:
  - 192.168.1.1

I pulled a lot of hair out while figuring this out... when changing hiera.yaml you have to restart puppet!

Puppet master note: If you modify hiera.yaml between agent runs, you’ll have to restart your Puppet master for your changes to take effect.

And we're almost done. We just have to add one line to site.pp and restart puppet:master because we changed hiera.yaml.

root@master # cat /etc/puppetlabs/code/environments/production/manifests/site.pp
include(lookup('classes', Array[String], 'unique'))

root@master # svcadm restart puppet:master
root@master # tail /var/log/puppetlabs/puppet/puppet-master.log
2018-05-18 13:09:22 +0200 Puppet (notice): Starting Puppet master version 5.3.3

Let's hop on to the agent and see if it works.

# puppet agent --test --noop --server master.mycompany.com
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Applying configuration version '1526649508'
Notice: /Stage[main]/Ntp::Config/File[/etc/inet/ntp.conf]/ensure: current_value 'absent', should be 'file' (noop)
Notice: Class[Ntp::Config]: Would have triggered 'refresh' from 1 event
Info: Class[Ntp::Config]: Scheduling refresh of Class[Ntp::Service]
Notice: Class[Ntp::Service]: Would have triggered 'refresh' from 1 event
Info: Class[Ntp::Service]: Scheduling refresh of Service[ntp]
Notice: /Stage[main]/Ntp::Service/Service[ntp]/ensure: current_value 'stopped', should be 'running' (noop)
Info: /Stage[main]/Ntp::Service/Service[ntp]: Unscheduling refresh on Service[ntp]
Notice: Class[Ntp::Service]: Would have triggered 'refresh' from 1 event
Notice: Class[Ntp]: Would have triggered 'refresh' from 2 events
Notice: Stage[main]: Would have triggered 'refresh' from 3 events
Notice: Applied catalog in 1.90 seconds

# svcadm enable puppet:agent
# svcs ntp
STATE          STIME    FMRI
online         15:19:34 svc:/network/ntp:default
# ntpq -pn
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*192.168.1.1     LOCAL(0)         2 u   58   64  377    1.010    0.017   0.037

Neat, we have puppetized NTP with a few lines of code.

Links

• Puppet 5 Quick Start » NTP
• puppetlabs/ntp