diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | manifests/init.pp | 77 | ||||
| -rw-r--r-- | templates/ntp.conf.debian.erb | 55 | ||||
| -rw-r--r-- | tests/init.pp | 6 |
4 files changed, 136 insertions, 3 deletions
diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..01d0a08 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +pkg/ diff --git a/manifests/init.pp b/manifests/init.pp index 0c12c7e..78dbd5d 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,17 +1,90 @@ # Class: ntp # -# This module manages ntp +# This module manages the ntp service. +# +# Jeff McCune <jeff@puppetlabs.com> +# 2011-02-23 +# +# Tested platforms: +# - Debian 6.0 Squeeze # # Parameters: # +# $servers = [ "0.debian.pool.ntp.org iburst", +# "1.debian.pool.ntp.org iburst", +# "2.debian.pool.ntp.org iburst", +# "3.debian.pool.ntp.org iburst", ] +# # Actions: # +# Installs, configures, and manages the ntp service. +# # Requires: # # Sample Usage: # +# class { "ntp": servers => [ 'time.apple.com' ] } +# # [Remember: No empty lines between comments and class definition] -class ntp { +class ntp($servers=[ "0.debian.pool.ntp.org iburst", + "1.debian.pool.ntp.org iburst", + "2.debian.pool.ntp.org iburst", + "3.debian.pool.ntp.org iburst",], + $ensure="running", + $autoupdate=false +) { + + if ! ($ensure in [ "running", "stopped" ]) { + fail("ensure parameter must be running or stopped") + } + + if $autoupdate == true { + $package_ensure = latest + } elsif $autoupdate == false { + $package_ensure = present + } else { + fail("autoupdate parameter must be true or false") + } + + case $operatingsystem { + debian, ubuntu: { + $supported = true + $pkg_name = [ "ntp" ] + $svc_name = "ntp" + $config = "/etc/ntp.conf" + $config_tpl = "ntp.conf.debian.erb" + } + default: { + $supported = false + notify { "${module_name}_unsupported": + message => "The ${module_name} module is not supported on ${operatingsystem}", + } + } + } + + if ($supported == true) { + + package { $pkg_name: + ensure => $package_ensure, + } + + file { $config: + ensure => file, + owner => 0, + group => 0, + mode => 0644, + content => template("${module_name}/${config_tpl}"), + require => Package[$pkg_name], + } + + service { "ntp": + ensure => $ensure, + name => $svc_name, + hasstatus => true, + hasrestart => true, + subscribe => [ Package[$pkg_name], File[$config] ], + } + } } diff --git a/templates/ntp.conf.debian.erb b/templates/ntp.conf.debian.erb new file mode 100644 index 0000000..e4275de --- /dev/null +++ b/templates/ntp.conf.debian.erb @@ -0,0 +1,55 @@ +# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help + +driftfile /var/lib/ntp/ntp.drift + + +# Enable this if you want statistics to be logged. +#statsdir /var/log/ntpstats/ + +statistics loopstats peerstats clockstats +filegen loopstats file loopstats type day enable +filegen peerstats file peerstats type day enable +filegen clockstats file clockstats type day enable + + +# You do need to talk to an NTP server or two (or three). +#server ntp.your-provider.example + +# pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will +# pick a different set every time it starts up. Please consider joining the +# pool: <http://www.pool.ntp.org/join.html> + +# Managed by puppet class { "ntp": servers => [ ... ] } +<% servers.each do |server| -%> +server <%= server %> +<% end -%> + +# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for +# details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions> +# might also be helpful. +# +# Note that "restrict" applies to both servers and clients, so a configuration +# that might be intended to block requests from certain clients could also end +# up blocking replies from your own upstream servers. + +# By default, exchange time with everybody, but don't allow configuration. +restrict -4 default kod notrap nomodify nopeer noquery +restrict -6 default kod notrap nomodify nopeer noquery + +# Local users may interrogate the ntp server more closely. +restrict 127.0.0.1 +restrict ::1 + +# Clients from this (example!) subnet have unlimited access, but only if +# cryptographically authenticated. +#restrict 192.168.123.0 mask 255.255.255.0 notrust + + +# If you want to provide time to your local subnet, change the next line. +# (Again, the address is an example only.) +#broadcast 192.168.123.255 + +# If you want to listen to time broadcasts on your local subnet, de-comment the +# next lines. Please do this only if you trust everybody on the network! +#disable auth +#broadcastclient diff --git a/tests/init.pp b/tests/init.pp index 9f87de7..b918564 100644 --- a/tests/init.pp +++ b/tests/init.pp @@ -1 +1,5 @@ -include ntp +node default { + + class { "ntp": } + +} |