diff options
| author | Ashley Penney <ashley.penney@puppetlabs.com> | 2013-08-08 12:17:35 -0700 |
|---|---|---|
| committer | Ashley Penney <ashley.penney@puppetlabs.com> | 2013-08-08 12:17:35 -0700 |
| commit | 042fa75058aeca0387a5cefb28b160c7c24541ed (patch) | |
| tree | 70543afb7409c865d8c2cd79fcf9cf9517efc3b0 | |
| parent | e3feec2486002038b7d960e78a68cab747f2e731 (diff) | |
| parent | 52ff81b7d0debb91f0aa86c5933aa90d5008ded5 (diff) | |
Merge pull request #87 from apenney/restrict
Convert restrict to an array of restrictions.
| -rw-r--r-- | Gemfile | 1 | ||||
| -rw-r--r-- | manifests/init.pp | 2 | ||||
| -rw-r--r-- | manifests/params.pp | 7 | ||||
| -rw-r--r-- | templates/ntp.conf.erb | 13 |
4 files changed, 14 insertions, 9 deletions
@@ -7,6 +7,7 @@ group :development, :test do gem 'puppet-lint', :require => false gem 'serverspec', :require => false gem 'rspec-system-serverspec', :require => false + gem 'vagrant-wrapper', :require => false end if puppetversion = ENV['PUPPET_GEM_VERSION'] diff --git a/manifests/init.pp b/manifests/init.pp index 2c8b9e4..be95118 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -31,7 +31,7 @@ class ntp ( validate_array($package_name) validate_bool($panic) validate_array($preferred_servers) - validate_bool($restrict) + validate_array($restrict) validate_array($servers) validate_bool($service_enable) validate_string($service_ensure) diff --git a/manifests/params.pp b/manifests/params.pp index ef037fc..6127393 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -8,7 +8,12 @@ class ntp::params { $keys_trusted = [] $package_ensure = 'present' $preferred_servers = [] - $restrict = true + $restrict = [ + 'restrict default kod nomodify notrap nopeer noquery', + 'restrict -6 default kod nomodify notrap nopeer noquery', + 'restrict 127.0.0.1', + 'restrict -6 ::1', + ] $service_enable = true $service_ensure = 'running' $service_manage = true diff --git a/templates/ntp.conf.erb b/templates/ntp.conf.erb index c0a821b..94b3675 100644 --- a/templates/ntp.conf.erb +++ b/templates/ntp.conf.erb @@ -6,13 +6,12 @@ tinker panic 0 <% end -%> -<% if @restrict -%> -# Permit time synchronization with our time source, but do not -# permit the source to query or modify the service on this system. -restrict default kod nomodify notrap nopeer noquery -restrict -6 default kod nomodify notrap nopeer noquery -restrict 127.0.0.1 -restrict -6 ::1 +<% if @restrict != [] -%> +# Permit time synchronization with our time source, but do not' +# permit the source to query or modify the service on this system.' +<% @restrict.flatten.each do |restrict| -%> +<%= restrict %> +<% end %> <% end -%> # Servers |