From 52ff81b7d0debb91f0aa86c5933aa90d5008ded5 Mon Sep 17 00:00:00 2001 From: Ashley Penney Date: Thu, 8 Aug 2013 09:55:32 -0700 Subject: Convert restrict to an array of restrictions. Instead of a boolean with hardcoded values we now just convert restrict into an array of lines related to restrictions. --- Gemfile | 1 + manifests/init.pp | 2 +- manifests/params.pp | 7 ++++++- templates/ntp.conf.erb | 13 ++++++------- 4 files changed, 14 insertions(+), 9 deletions(-) diff --git a/Gemfile b/Gemfile index 42962fc..4e73330 100644 --- a/Gemfile +++ b/Gemfile @@ -7,6 +7,7 @@ group :development, :test do gem 'puppet-lint', :require => false gem 'serverspec', :require => false gem 'rspec-system-serverspec', :require => false + gem 'vagrant-wrapper', :require => false end if puppetversion = ENV['PUPPET_GEM_VERSION'] diff --git a/manifests/init.pp b/manifests/init.pp index 2c8b9e4..be95118 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -31,7 +31,7 @@ class ntp ( validate_array($package_name) validate_bool($panic) validate_array($preferred_servers) - validate_bool($restrict) + validate_array($restrict) validate_array($servers) validate_bool($service_enable) validate_string($service_ensure) diff --git a/manifests/params.pp b/manifests/params.pp index ef037fc..6127393 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -8,7 +8,12 @@ class ntp::params { $keys_trusted = [] $package_ensure = 'present' $preferred_servers = [] - $restrict = true + $restrict = [ + 'restrict default kod nomodify notrap nopeer noquery', + 'restrict -6 default kod nomodify notrap nopeer noquery', + 'restrict 127.0.0.1', + 'restrict -6 ::1', + ] $service_enable = true $service_ensure = 'running' $service_manage = true diff --git a/templates/ntp.conf.erb b/templates/ntp.conf.erb index c0a821b..94b3675 100644 --- a/templates/ntp.conf.erb +++ b/templates/ntp.conf.erb @@ -6,13 +6,12 @@ tinker panic 0 <% end -%> -<% if @restrict -%> -# Permit time synchronization with our time source, but do not -# permit the source to query or modify the service on this system. -restrict default kod nomodify notrap nopeer noquery -restrict -6 default kod nomodify notrap nopeer noquery -restrict 127.0.0.1 -restrict -6 ::1 +<% if @restrict != [] -%> +# Permit time synchronization with our time source, but do not' +# permit the source to query or modify the service on this system.' +<% @restrict.flatten.each do |restrict| -%> +<%= restrict %> +<% end %> <% end -%> # Servers -- cgit v1.2.3