Enable NTP authentication

Enable NTP authentication

This section describes how to enable Network Time Protocol (NTP) authentication in a deployment model and apply it to your environment.

To configure authentication for NTP:

  1. Log in to the Salt Master node.

  2. Create the classes/cluster/<cluster_name>/infra/ntp_auth.yml file with the following configuration as an example:

    ntp:
      client:
        enabled: true
        auth:
          enabled: true
          secrets:
            1:
              secret_type: 'M'
              secret: '<Runrabbitrundigthath>'
              trustedkey: true
            2:
              secret_type: 'M'
              secret: '<Howiwishyouwereherew>'
              trustedkey: true
        stratum:
          primary:
            server: <ntp1.example.com>
            key_id: 1
          secondary:
            server: <ntp2.example.com>
            key_id: 2
    

    In the secrets and stratum sections, specify your own keys and strata servers accordingly.

    The key_id parameter for each strata server represents the id of a secret from the secrets section.

    The above configuration example enables authentication for two servers. For a specific use case, see README.rst at NTP Salt formula.

  3. In the classes/cluster/<cluster_name>/infra/init.yml file, include the following class to distribute the settings across all nodes:

    classes:
    - cluster.<cluster_name>.infra.ntp_auth
    
  4. Apply the ntp state on the Salt Master node:

    salt '*' state.sls ntp