From 567078d7c3ac7190d6748f0cfcd535e82912a12b Mon Sep 17 00:00:00 2001
From: kadecole <kcole@yahoo.com>
Date: Thu, 18 Jun 2015 00:23:06 -0500
Subject: Add a managed ntp.conf template.

---
 defaults/main.yml     |  6 ++++++
 handlers/main.yml     |  3 +++
 tasks/main.yml        | 12 +++++++++---
 templates/ntp.conf.j2 | 22 ++++++++++++++++++++++
 4 files changed, 40 insertions(+), 3 deletions(-)
 create mode 100644 handlers/main.yml
 create mode 100644 templates/ntp.conf.j2

diff --git a/defaults/main.yml b/defaults/main.yml
index f0fc211..5b47eca 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,3 +1,9 @@
 ---
 ntp_enabled: true
 ntp_timezone: America/Chicago
+
+ntp_servers:
+ - 0.pool.ntp.org iburst
+ - 1.pool.ntp.org iburst
+ - 2.pool.ntp.org iburst
+ - 3.pool.ntp.org iburst
diff --git a/handlers/main.yml b/handlers/main.yml
new file mode 100644
index 0000000..ee25a57
--- /dev/null
+++ b/handlers/main.yml
@@ -0,0 +1,3 @@
+---
+ - name: restart ntp
+   service: name={{ ntp_daemon }} state=restarted
diff --git a/tasks/main.yml b/tasks/main.yml
index 2844315..b6213ba 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -8,18 +8,19 @@
     dest: /etc/localtime
     state: link
     force: yes
+  when: ntp_enabled
 
 - name: Install NTP (RedHat).
   yum: name=ntp state=installed
-  when: ansible_os_family == 'RedHat'
+  when: ansible_os_family == 'RedHat' and ntp_enabled
 
 - name: Install NTP (Debian).
   apt: name=ntp state=installed
-  when: ansible_os_family == 'Debian'
+  when: ansible_os_family == 'Debian' and ntp_enabled
 
 - name: Install NTP (FreeBSD).
   pkgng: name=ntp state=present
-  when: ansible_os_family == 'FreeBSD'
+  when: ansible_os_family == 'FreeBSD' and ntp_enabled
 
 - name: Ensure NTP is running and enabled at system start.
   service:
@@ -34,3 +35,8 @@
     state: stopped
     enabled: no
   when: not ntp_enabled
+
+- name: Generate ntp.conf file
+  template: src=ntp.conf.j2 dest=/etc/ntp.conf
+  notify: restart ntp
+  when: ntp_enabled
diff --git a/templates/ntp.conf.j2 b/templates/ntp.conf.j2
new file mode 100644
index 0000000..b0ddb0c
--- /dev/null
+++ b/templates/ntp.conf.j2
@@ -0,0 +1,22 @@
+# {{ ansible_managed }}
+
+# Default NTP servers for the operating system.
+{% for item in ntp_servers %}
+server {{ item }}
+{% endfor %}
+
+# Security:
+#
+# By default, only allow time queries and block all other requests
+# from unauthenticated clients.
+#
+# See http://support.ntp.org/bin/view/Support/AccessRestrictions
+# for more information.
+#
+restrict default kod limited nomodify notrap nopeer noquery
+restrict -6 default kod limited nomodify notrap nopeer noquery
+
+# The following settings allow unrestricted access from the localhost
+restrict 127.0.0.1
+restrict -6 ::1
+restrict 127.127.1.0
-- 
cgit v1.2.3