diff options
author | Jeff Geerling <geerlingguy@mac.com> | 2016-03-03 22:49:30 -0600 |
---|---|---|
committer | Jeff Geerling <geerlingguy@mac.com> | 2016-03-03 22:49:30 -0600 |
commit | 836d4144c3090636fa74bedd55842ba19bc7c1dc (patch) | |
tree | 103fd05671d52dfab54cb7c38d08a747bff057c6 | |
parent | 8997ed53da3dcfcb875e1eec6e38205394b04e3e (diff) | |
parent | 9c0a3ce4ff0c8bc00dbb8497193c2fc5f015c5aa (diff) | |
download | ntp-836d4144c3090636fa74bedd55842ba19bc7c1dc.tar.gz ntp-836d4144c3090636fa74bedd55842ba19bc7c1dc.tar.bz2 ntp-836d4144c3090636fa74bedd55842ba19bc7c1dc.tar.xz ntp-836d4144c3090636fa74bedd55842ba19bc7c1dc.zip |
Fixed merge conflicts.
-rw-r--r-- | README.md | 17 | ||||
-rw-r--r-- | defaults/main.yml | 7 | ||||
-rw-r--r-- | handlers/main.yml | 3 | ||||
-rw-r--r-- | tasks/main.yml | 9 | ||||
-rw-r--r-- | templates/ntp.conf.j2 | 70 | ||||
-rw-r--r-- | tests/test.yml | 1 |
6 files changed, 101 insertions, 6 deletions
@@ -20,6 +20,17 @@ Whether to start the ntpd service and enable it at system boot. On many virtual Set the timezone for your server. + ntp_manage_config: false + +Set to true to allow this role to manage the NTP configuration file (`/etc/ntp.conf`). + + ntp_servers: + - 0.pool.ntp.org iburst + - 1.pool.ntp.org iburst + - 2.pool.ntp.org iburst + - 3.pool.ntp.org iburst + +Specify the NTP servers you'd like to use. Only takes effect if you allow this role to manage NTP's configuration, by setting `ntp_manage_config` to `true`. ## Dependencies @@ -27,11 +38,9 @@ None. ## Example Playbook - - hosts: db-servers - vars_files: - - vars/main.yml + - hosts: all roles: - - { role: geerlingguy.ntp } + - geerlingguy.ntp *Inside `vars/main.yml`*: diff --git a/defaults/main.yml b/defaults/main.yml index f0fc211..3ec5741 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,3 +1,10 @@ --- ntp_enabled: true ntp_timezone: America/Chicago + +ntp_manage_config: false +ntp_servers: + - 0.pool.ntp.org iburst + - 1.pool.ntp.org iburst + - 2.pool.ntp.org iburst + - 3.pool.ntp.org iburst diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..eb57480 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,3 @@ +--- + - name: restart ntp + service: "name={{ ntp_daemon }} state=restarted" diff --git a/tasks/main.yml b/tasks/main.yml index 2844315..6a58382 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -21,16 +21,21 @@ pkgng: name=ntp state=present when: ansible_os_family == 'FreeBSD' -- name: Ensure NTP is running and enabled at system start. +- name: Ensure NTP is running and enabled as configured. service: name: "{{ ntp_daemon }}" state: started enabled: yes when: ntp_enabled -- name: Ensure NTP is stopped and disabled at system start. +- name: Ensure NTP is stopped and disabled as configured. service: name: "{{ ntp_daemon }}" state: stopped enabled: no when: not ntp_enabled + +- name: Generate ntp.conf file + template: src=ntp.conf.j2 dest=/etc/ntp.conf + notify: restart ntp + when: ntp_manage_config diff --git a/templates/ntp.conf.j2 b/templates/ntp.conf.j2 new file mode 100644 index 0000000..cc1e0f0 --- /dev/null +++ b/templates/ntp.conf.j2 @@ -0,0 +1,70 @@ +# {{ ansible_managed }} + +# For more information about this file, see the man pages +# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5). + +driftfile /var/lib/ntp/drift + +# Enable this if you want statistics to be logged. +#statsdir /var/log/ntpstats/ + +statistics loopstats peerstats clockstats +filegen loopstats file loopstats type day enable +filegen peerstats file peerstats type day enable +filegen clockstats file clockstats type day enable + +# Use public servers from the pool.ntp.org project. +# Please consider joining the pool (http://www.pool.ntp.org/join.html). +{% for item in ntp_servers %} +server {{ item }} +{% endfor %} + +# Permit time synchronization with our time source, but do not +# permit the source to query or modify the service on this system. +restrict default nomodify notrap nopeer noquery + +# Permit all access over the loopback interface. This could +# be tightened as well, but to do so would effect some of +# the administrative functions. +restrict 127.0.0.1 +restrict ::1 + +# Clients from this (example!) subnet have unlimited access, but only if +# cryptographically authenticated. +#restrict 192.168.123.0 mask 255.255.255.0 notrust + +# Enable public key cryptography. +#crypto + +#includefile /etc/ntp/crypto/pw + +# Key file containing the keys and key identifiers used when operating +# with symmetric key cryptography. +#keys /etc/ntp/keys + +# Specify the key identifiers which are trusted. +#trustedkey 4 8 42 + +# Specify the key identifier to use with the ntpdc utility. +#requestkey 8 + +# Specify the key identifier to use with the ntpq utility. +#controlkey 8 + +# Enable writing of statistics records. +#statistics clockstats cryptostats loopstats peerstats + +# Disable the monitoring facility to prevent amplification attacks using ntpdc +# monlist command when default restrict does not include the noquery flag. See +# CVE-2013-5211 for more details. +# Note: Monitoring will not be disabled with the limited restriction flag. +disable monitor + +# If you want to provide time to your local subnet, change the next line. +# (Again, the address is an example only.) +#broadcast 192.168.123.255 + +# If you want to listen to time broadcasts on your local subnet, de-comment the +# next lines. Please do this only if you trust everybody on the network! +#disable auth +#broadcastclient diff --git a/tests/test.yml b/tests/test.yml index 794470d..34c9773 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -4,6 +4,7 @@ vars: ntp_enabled: false + ntp_manage_config: true roles: - ansible-role-ntp |