diff options
| author | Hunter Haugen <h.haugen@gmail.com> | 2012-11-28 11:40:01 -0500 |
|---|---|---|
| committer | Hunter Haugen <h.haugen@gmail.com> | 2012-11-28 11:43:47 -0500 |
| commit | 13835e152e9bc93d2d48a4809aa39dbf8f492946 (patch) | |
| tree | ff8fc07d31426ca0c49883d35c41fe4d37282dee | |
| parent | e6e8d9e9c967ef0714dcf629f071b311da524c95 (diff) | |
Add restrict parameter
NTP servers should not restrict themselves to 127.0.0.1, and this commit
adds a `restrict` parameter to enable/disable this configuration block
in the relevent templates.
| -rw-r--r-- | manifests/init.pp | 7 | ||||
| -rw-r--r-- | templates/ntp.conf.debian.erb | 2 | ||||
| -rw-r--r-- | templates/ntp.conf.el.erb | 2 |
3 files changed, 11 insertions, 0 deletions
diff --git a/manifests/init.pp b/manifests/init.pp index b404071..d1d9fce 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -18,6 +18,12 @@ # '2.debian.pool.ntp.org iburst', # '3.debian.pool.ntp.org iburst', ] # +# $restrict = true +# Whether to restrict ntp daemons from allowing others to use as a server. +# +# $autoupdate = false +# Whether to update the ntp package automatically or not. +# # Actions: # # Installs, configures, and manages the ntp service. @@ -34,6 +40,7 @@ # [Remember: No empty lines between comments and class definition] class ntp($servers='UNSET', $ensure='running', + $restrict=true, $autoupdate=false ) { diff --git a/templates/ntp.conf.debian.erb b/templates/ntp.conf.debian.erb index 7a3f690..5d966f8 100644 --- a/templates/ntp.conf.debian.erb +++ b/templates/ntp.conf.debian.erb @@ -30,6 +30,7 @@ filegen clockstats file clockstats type day enable server <%= server %> <% end -%> +<% if @restrict -%> # Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for # details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions> # might also be helpful. @@ -50,6 +51,7 @@ restrict ::1 # cryptographically authenticated. #restrict 192.168.123.0 mask 255.255.255.0 notrust +<% end -%> # If you want to provide time to your local subnet, change the next line. # (Again, the address is an example only.) diff --git a/templates/ntp.conf.el.erb b/templates/ntp.conf.el.erb index fe8a9a5..80b358b 100644 --- a/templates/ntp.conf.el.erb +++ b/templates/ntp.conf.el.erb @@ -4,6 +4,7 @@ tinker panic 0 <% end -%> +<% if @restrict -%> # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. restrict default kod nomodify notrap nopeer noquery @@ -18,6 +19,7 @@ restrict -6 ::1 # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap +<% end -%> # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). |