From e896ad92293b596876dbd829ffd0f98e0bd441ad Mon Sep 17 00:00:00 2001 From: Ashley Penney Date: Mon, 29 Jul 2013 17:07:40 -0400 Subject: Remove all the distribution specific templates. Add a single ntp.conf.erb as the standard template going forward, to ease the maintenance burden of adding features to this module. --- templates/ntp.conf.archlinux.erb | 30 -------------- templates/ntp.conf.debian.erb | 63 ----------------------------- templates/ntp.conf.el.erb | 62 ---------------------------- templates/ntp.conf.erb | 44 ++++++++++++++++++++ templates/ntp.conf.freebsd.erb | 29 -------------- templates/ntp.conf.gentoo.erb | 59 --------------------------- templates/ntp.conf.suse.erb | 87 ---------------------------------------- 7 files changed, 44 insertions(+), 330 deletions(-) delete mode 100644 templates/ntp.conf.archlinux.erb delete mode 100644 templates/ntp.conf.debian.erb delete mode 100644 templates/ntp.conf.el.erb create mode 100644 templates/ntp.conf.erb delete mode 100644 templates/ntp.conf.freebsd.erb delete mode 100644 templates/ntp.conf.gentoo.erb delete mode 100644 templates/ntp.conf.suse.erb diff --git a/templates/ntp.conf.archlinux.erb b/templates/ntp.conf.archlinux.erb deleted file mode 100644 index ef3b725..0000000 --- a/templates/ntp.conf.archlinux.erb +++ /dev/null @@ -1,30 +0,0 @@ -# With the default settings below, ntpd will only synchronize your clock. -# -# For details, see: -# - the ntp.conf man page -# - http://support.ntp.org/bin/view/Support/GettingStarted -# - https://wiki.archlinux.org/index.php/Network_Time_Protocol_daemon -# -<% if @panic == false -%> -# Keep ntpd from panicking in the event of a large clock skew -# # when a VM guest is suspended and resumed. -tinker panic 0 -<% end -%> - -# Associate to public NTP pool servers; see http://www.pool.ntp.org/ -<% [@servers].flatten.each do |server| -%> -server <%= server %> -<% end -%> - -<% if @restrict -%> -# Only allow read-only access from localhost -restrict default noquery nopeer -restrict 127.0.0.1 -restrict ::1 -<% end -%> - -# Location of drift file -driftfile /var/lib/ntp/ntp.drift - -# NOTE: If you run dhcpcd and have lines like 'restrict' and 'fudge' appearing -# here, be sure to add '-Y -N' to the dhcpcd_ethX variables in /etc/conf.d/net diff --git a/templates/ntp.conf.debian.erb b/templates/ntp.conf.debian.erb deleted file mode 100644 index 1ca6b20..0000000 --- a/templates/ntp.conf.debian.erb +++ /dev/null @@ -1,63 +0,0 @@ -# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help - -<% if @panic == false -%> -# Keep ntpd from panicking in the event of a large clock skew -# when a VM guest is suspended and resumed. -tinker panic 0 - -<% end -%> -driftfile /var/lib/ntp/ntp.drift - - -# Enable this if you want statistics to be logged. -#statsdir /var/log/ntpstats/ - -statistics loopstats peerstats clockstats -filegen loopstats file loopstats type day enable -filegen peerstats file peerstats type day enable -filegen clockstats file clockstats type day enable - - -# You do need to talk to an NTP server or two (or three). -#server ntp.your-provider.example - -# pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will -# pick a different set every time it starts up. Please consider joining the -# pool: - -# Managed by puppet class { 'ntp': servers => [ ... ] } -<% [@servers].flatten.each do |server| -%> -server <%= server %> -<% end -%> - -<% if @restrict -%> -# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for -# details. The web page -# might also be helpful. -# -# Note that "restrict" applies to both servers and clients, so a configuration -# that might be intended to block requests from certain clients could also end -# up blocking replies from your own upstream servers. - -# By default, exchange time with everybody, but don't allow configuration. -restrict -4 default kod notrap nomodify nopeer noquery -restrict -6 default kod notrap nomodify nopeer noquery - -# Local users may interrogate the ntp server more closely. -restrict 127.0.0.1 -restrict ::1 - -# Clients from this (example!) subnet have unlimited access, but only if -# cryptographically authenticated. -#restrict 192.168.123.0 mask 255.255.255.0 notrust - -<% end -%> - -# If you want to provide time to your local subnet, change the next line. -# (Again, the address is an example only.) -#broadcast 192.168.123.255 - -# If you want to listen to time broadcasts on your local subnet, de-comment the -# next lines. Please do this only if you trust everybody on the network! -#disable auth -#broadcastclient diff --git a/templates/ntp.conf.el.erb b/templates/ntp.conf.el.erb deleted file mode 100644 index 9a5d51b..0000000 --- a/templates/ntp.conf.el.erb +++ /dev/null @@ -1,62 +0,0 @@ -<% if @panic == false -%> -# Keep ntpd from panicking in the event of a large clock skew -# when a VM guest is suspended and resumed. -tinker panic 0 - -<% end -%> -<% if @restrict -%> -# Permit time synchronization with our time source, but do not -# permit the source to query or modify the service on this system. -restrict default kod nomodify notrap nopeer noquery -restrict -6 default kod nomodify notrap nopeer noquery - -# Permit all access over the loopback interface. This could -# be tightened as well, but to do so would effect some of -# the administrative functions. -restrict 127.0.0.1 -restrict -6 ::1 - -# Hosts on local network are less restricted. -#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap - -<% end -%> -# Use public servers from the pool.ntp.org project. -# Please consider joining the pool (http://www.pool.ntp.org/join.html). - -# Managed by puppet class { 'ntp': servers => [ ... ] } -<% [@servers].flatten.each do |server| -%> -server <%= server %> -<% end -%> - -#broadcast 192.168.1.255 key 42 # broadcast server -#broadcastclient # broadcast client -#broadcast 224.0.1.1 key 42 # multicast server -#multicastclient 224.0.1.1 # multicast client -#manycastserver 239.255.254.254 # manycast server -#manycastclient 239.255.254.254 key 42 # manycast client - -<% if scope.lookupvar('::is_virtual') == "false" -%> -# Undisciplined Local Clock. This is a fake driver intended for backup -# and when no outside source of synchronized time is available. -server 127.127.1.0 # local clock -fudge 127.127.1.0 stratum 10 -<% end -%> - -# Drift file. Put this in a directory which the daemon can write to. -# No symbolic links allowed, either, since the daemon updates the file -# by creating a temporary in the same directory and then rename()'ing -# it to the file. -driftfile /var/lib/ntp/drift - -# Key file containing the keys and key identifiers used when operating -# with symmetric key cryptography. -keys /etc/ntp/keys - -# Specify the key identifiers which are trusted. -#trustedkey 4 8 42 - -# Specify the key identifier to use with the ntpdc utility. -#requestkey 8 - -# Specify the key identifier to use with the ntpq utility. -#controlkey 8 diff --git a/templates/ntp.conf.erb b/templates/ntp.conf.erb new file mode 100644 index 0000000..0e86884 --- /dev/null +++ b/templates/ntp.conf.erb @@ -0,0 +1,44 @@ +# ntp.conf: Managed by puppet. +# +<% if @panic == false -%> +# Keep ntpd from panicking in the event of a large clock skew +# when a VM guest is suspended and resumed. +tinker panic 0 +<% end -%> + +<% if @restrict -%> +# Permit time synchronization with our time source, but do not +# permit the source to query or modify the service on this system. +restrict default kod nomodify notrap nopeer noquery +restrict -6 default kod nomodify notrap nopeer noquery +restrict 127.0.0.1 +restrict -6 ::1 +<% end -%> + +# Servers +<% [@servers].flatten.each do |server| -%> +server <%= server %><%= ' prefer' if [@preferred_servers].include?(server) %> +<% end -%> + +<% if scope.lookupvar('::is_virtual') == "false" -%> +# Undisciplined Local Clock. This is a fake driver intended for backup +# and when no outside source of synchronized time is available. +server 127.127.1.0 # local clock +fudge 127.127.1.0 stratum 10 +<% end -%> + +# Driftfile. +driftfile <%= @driftfile %> + +<% if @keys_enable -%> +keys <%= @keys_file %> +<% unless @keys_trusted.empty? -%> +trustedkey <%= @keys_trusted.join(' ') %> +<% end -%> +<% if @keys_requestkey != '' -%> +requestkey <%= @keys_requestkey %> +<% end -%> +<% if @keys_controlkey != '' -%> +controlkey <%= @keys_controlkey %> +<% end -%> +<% end -%> diff --git a/templates/ntp.conf.freebsd.erb b/templates/ntp.conf.freebsd.erb deleted file mode 100644 index 12be09c..0000000 --- a/templates/ntp.conf.freebsd.erb +++ /dev/null @@ -1,29 +0,0 @@ -# -# $FreeBSD: release/9.0.0/etc/ntp.conf 195652 2009-07-13 05:51:33Z dwmalone $ -# -# Default NTP servers for the FreeBSD operating system. -# -# Don't forget to enable ntpd in /etc/rc.conf with: -# ntpd_enable="YES" -# -# The driftfile is by default /var/db/ntpd.drift, check -# /etc/defaults/rc.conf on how to change the location. -# -# -# See http://www.pool.ntp.org/ for details. Note, the pool encourages -# users with a static IP and good upstream NTP servers to add a server -# to the pool. See http://www.pool.ntp.org/join.html if you are interested. -# -# The option `iburst' is used for faster initial synchronisation. -# The option `maxpoll 9' is used to prevent PLL/FLL flipping on FreeBSD. -# -# Managed by puppet class { 'ntp': servers => [ ... ] } -<% if @panic == false -%> -# Keep ntpd from panicking in the event of a large clock skew -# when a VM guest is suspended and resumed. -tinker panic 0 -<% end -%> - -<% [@servers].flatten.each do |server| -%> -server <%= server %> -<% end -%> diff --git a/templates/ntp.conf.gentoo.erb b/templates/ntp.conf.gentoo.erb deleted file mode 100644 index c981c7d..0000000 --- a/templates/ntp.conf.gentoo.erb +++ /dev/null @@ -1,59 +0,0 @@ -# NOTES: -# DHCP clients can append or replace NTP configuration files. -# You should consult your DHCP client documentation about its -# default behaviour and how to change it. - -# Name of the servers ntpd should sync with -# Please respect the access policy as stated by the responsible person. -#server ntp.example.tld iburst -<% if @panic == false -%> -# Keep ntpd from panicking in the event of a large clock skew -# # when a VM guest is suspended and resumed. -tinker panic 0 -<% end -%> - -# Managed by puppet class { 'ntp': servers => [ ... ] } -<% [@servers].flatten.each do |server| -%> -server <%= server %> -<% end -%> - -# Common pool for random people -#server pool.ntp.org - -## -# A list of available servers can be found here: -# http://www.pool.ntp.org/ -# http://www.pool.ntp.org/#use -# A good way to get servers for your machine is: -# netselect -s 3 pool.ntp.org -## - -# you should not need to modify the following paths -driftfile /var/lib/ntp/ntp.drift - -#server ntplocal.example.com prefer -#server timeserver.example.org - -# Warning: Using default NTP settings will leave your NTP -# server accessible to all hosts on the Internet. - -# If you want to deny all machines (including your own) -# from accessing the NTP server, uncomment: -#restrict default ignore - - -<% if @restrict -%> -# To deny other machines from changing the -# configuration but allow localhost: -restrict default nomodify nopeer -restrict 127.0.0.1 -restrict ::1 -<% end -%> - - -# To allow machines within your network to synchronize -# their clocks with your server, but ensure they are -# not allowed to configure the server or used as peers -# to synchronize against, uncomment this line. -# -#restrict 192.168.0.0 mask 255.255.255.0 nomodify nopeer notrap diff --git a/templates/ntp.conf.suse.erb b/templates/ntp.conf.suse.erb deleted file mode 100644 index 1a4361e..0000000 --- a/templates/ntp.conf.suse.erb +++ /dev/null @@ -1,87 +0,0 @@ -################################################################################ -## /etc/ntp.conf -## -## Sample NTP configuration file. -## See package 'ntp-doc' for documentation, Mini-HOWTO and FAQ. -## Copyright (c) 1998 S.u.S.E. GmbH Fuerth, Germany. -## -## Author: Michael Andres, -## Michael Skibbe, -## -################################################################################ - -## -## Radio and modem clocks by convention have addresses in the -## form 127.127.t.u, where t is the clock type and u is a unit -## number in the range 0-3. -## -## Most of these clocks require support in the form of a -## serial port or special bus peripheral. The particular -## device is normally specified by adding a soft link -## /dev/device-u to the particular hardware device involved, -## where u correspond to the unit number above. -## -## Generic DCF77 clock on serial port (Conrad DCF77) -## Address: 127.127.8.u -## Serial Port: /dev/refclock-u -## -## (create soft link /dev/refclock-0 to the particular ttyS?) -## -# server 127.127.8.0 mode 5 prefer - -<% if @panic == true -%> -## -## Undisciplined Local Clock. This is a fake driver intended for backup -## and when no outside source of synchronized time is available. -## -server 127.127.1.0 # local clock (LCL) -fudge 127.127.1.0 stratum 10 # LCL is unsynchronized -<% end -%> - -# Managed by puppet class { 'ntp': servers => [ ... ] } -<% [@servers].flatten.each do |server| -%> -server <%= server %> -<% end -%> - -<% if @panic == false -%> -# Keep ntpd from panicking in the event of a large clock skew -# when a VM guest is suspended and resumed. -tinker panic 0 - -<% end -%> -## -## Miscellaneous stuff -## - -driftfile /var/lib/ntp/drift/ntp.drift # path for drift file - -logfile /var/log/ntp # alternate log file -# logconfig =syncstatus + sysevents -# logconfig =all - -# statsdir /tmp/ # directory for statistics files -# filegen peerstats file peerstats type day enable -# filegen loopstats file loopstats type day enable -# filegen clockstats file clockstats type day enable - -<% if @restrict -%> -# Permit time synchronization with our time source, but do not -# permit the source to query or modify the service on this system. -restrict -4 default kod nomodify notrap nopeer noquery -restrict -6 default kod nomodify notrap nopeer noquery - -# Permit all access over the loopback interface. This could -# be tightened as well, but to do so would effect some of -# the administrative functions. -restrict 127.0.0.1 -restrict -6 ::1 - -<% end -%> - -# -# Authentication stuff -# -keys /etc/ntp.keys # path for keys file -trustedkey 1 # define trusted keys -requestkey 1 # key (7) for accessing server variables -# controlkey 15 # key (6) for accessing server variables -- cgit v1.2.3