summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJeff Geerling <geerlingguy@mac.com>2016-03-03 22:49:30 -0600
committerJeff Geerling <geerlingguy@mac.com>2016-03-03 22:49:30 -0600
commit836d4144c3090636fa74bedd55842ba19bc7c1dc (patch)
tree103fd05671d52dfab54cb7c38d08a747bff057c6
parent8997ed53da3dcfcb875e1eec6e38205394b04e3e (diff)
parent9c0a3ce4ff0c8bc00dbb8497193c2fc5f015c5aa (diff)
downloadntp-836d4144c3090636fa74bedd55842ba19bc7c1dc.tar.gz
ntp-836d4144c3090636fa74bedd55842ba19bc7c1dc.tar.bz2
ntp-836d4144c3090636fa74bedd55842ba19bc7c1dc.tar.xz
ntp-836d4144c3090636fa74bedd55842ba19bc7c1dc.zip
Fixed merge conflicts.
-rw-r--r--README.md17
-rw-r--r--defaults/main.yml7
-rw-r--r--handlers/main.yml3
-rw-r--r--tasks/main.yml9
-rw-r--r--templates/ntp.conf.j270
-rw-r--r--tests/test.yml1
6 files changed, 101 insertions, 6 deletions
diff --git a/README.md b/README.md
index 49a459f..0a28255 100644
--- a/README.md
+++ b/README.md
@@ -20,6 +20,17 @@ Whether to start the ntpd service and enable it at system boot. On many virtual
Set the timezone for your server.
+ ntp_manage_config: false
+
+Set to true to allow this role to manage the NTP configuration file (`/etc/ntp.conf`).
+
+ ntp_servers:
+ - 0.pool.ntp.org iburst
+ - 1.pool.ntp.org iburst
+ - 2.pool.ntp.org iburst
+ - 3.pool.ntp.org iburst
+
+Specify the NTP servers you'd like to use. Only takes effect if you allow this role to manage NTP's configuration, by setting `ntp_manage_config` to `true`.
## Dependencies
@@ -27,11 +38,9 @@ None.
## Example Playbook
- - hosts: db-servers
- vars_files:
- - vars/main.yml
+ - hosts: all
roles:
- - { role: geerlingguy.ntp }
+ - geerlingguy.ntp
*Inside `vars/main.yml`*:
diff --git a/defaults/main.yml b/defaults/main.yml
index f0fc211..3ec5741 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,3 +1,10 @@
---
ntp_enabled: true
ntp_timezone: America/Chicago
+
+ntp_manage_config: false
+ntp_servers:
+ - 0.pool.ntp.org iburst
+ - 1.pool.ntp.org iburst
+ - 2.pool.ntp.org iburst
+ - 3.pool.ntp.org iburst
diff --git a/handlers/main.yml b/handlers/main.yml
new file mode 100644
index 0000000..eb57480
--- /dev/null
+++ b/handlers/main.yml
@@ -0,0 +1,3 @@
+---
+ - name: restart ntp
+ service: "name={{ ntp_daemon }} state=restarted"
diff --git a/tasks/main.yml b/tasks/main.yml
index 2844315..6a58382 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -21,16 +21,21 @@
pkgng: name=ntp state=present
when: ansible_os_family == 'FreeBSD'
-- name: Ensure NTP is running and enabled at system start.
+- name: Ensure NTP is running and enabled as configured.
service:
name: "{{ ntp_daemon }}"
state: started
enabled: yes
when: ntp_enabled
-- name: Ensure NTP is stopped and disabled at system start.
+- name: Ensure NTP is stopped and disabled as configured.
service:
name: "{{ ntp_daemon }}"
state: stopped
enabled: no
when: not ntp_enabled
+
+- name: Generate ntp.conf file
+ template: src=ntp.conf.j2 dest=/etc/ntp.conf
+ notify: restart ntp
+ when: ntp_manage_config
diff --git a/templates/ntp.conf.j2 b/templates/ntp.conf.j2
new file mode 100644
index 0000000..cc1e0f0
--- /dev/null
+++ b/templates/ntp.conf.j2
@@ -0,0 +1,70 @@
+# {{ ansible_managed }}
+
+# For more information about this file, see the man pages
+# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
+
+driftfile /var/lib/ntp/drift
+
+# Enable this if you want statistics to be logged.
+#statsdir /var/log/ntpstats/
+
+statistics loopstats peerstats clockstats
+filegen loopstats file loopstats type day enable
+filegen peerstats file peerstats type day enable
+filegen clockstats file clockstats type day enable
+
+# Use public servers from the pool.ntp.org project.
+# Please consider joining the pool (http://www.pool.ntp.org/join.html).
+{% for item in ntp_servers %}
+server {{ item }}
+{% endfor %}
+
+# Permit time synchronization with our time source, but do not
+# permit the source to query or modify the service on this system.
+restrict default nomodify notrap nopeer noquery
+
+# Permit all access over the loopback interface. This could
+# be tightened as well, but to do so would effect some of
+# the administrative functions.
+restrict 127.0.0.1
+restrict ::1
+
+# Clients from this (example!) subnet have unlimited access, but only if
+# cryptographically authenticated.
+#restrict 192.168.123.0 mask 255.255.255.0 notrust
+
+# Enable public key cryptography.
+#crypto
+
+#includefile /etc/ntp/crypto/pw
+
+# Key file containing the keys and key identifiers used when operating
+# with symmetric key cryptography.
+#keys /etc/ntp/keys
+
+# Specify the key identifiers which are trusted.
+#trustedkey 4 8 42
+
+# Specify the key identifier to use with the ntpdc utility.
+#requestkey 8
+
+# Specify the key identifier to use with the ntpq utility.
+#controlkey 8
+
+# Enable writing of statistics records.
+#statistics clockstats cryptostats loopstats peerstats
+
+# Disable the monitoring facility to prevent amplification attacks using ntpdc
+# monlist command when default restrict does not include the noquery flag. See
+# CVE-2013-5211 for more details.
+# Note: Monitoring will not be disabled with the limited restriction flag.
+disable monitor
+
+# If you want to provide time to your local subnet, change the next line.
+# (Again, the address is an example only.)
+#broadcast 192.168.123.255
+
+# If you want to listen to time broadcasts on your local subnet, de-comment the
+# next lines. Please do this only if you trust everybody on the network!
+#disable auth
+#broadcastclient
diff --git a/tests/test.yml b/tests/test.yml
index 794470d..34c9773 100644
--- a/tests/test.yml
+++ b/tests/test.yml
@@ -4,6 +4,7 @@
vars:
ntp_enabled: false
+ ntp_manage_config: true
roles:
- ansible-role-ntp