From ec06272db8ddb1b2c347ffcea797bad67005508a Mon Sep 17 00:00:00 2001 From: Jeff McCune Date: Wed, 23 Feb 2011 14:41:04 -0500 Subject: Add ntp debian module. This module will be published to the forge and includes Debian and Ubuntu support initially. RedHat support will be added shortly. --- templates/ntp.conf.debian.erb | 55 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 templates/ntp.conf.debian.erb (limited to 'templates') diff --git a/templates/ntp.conf.debian.erb b/templates/ntp.conf.debian.erb new file mode 100644 index 0000000..e4275de --- /dev/null +++ b/templates/ntp.conf.debian.erb @@ -0,0 +1,55 @@ +# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help + +driftfile /var/lib/ntp/ntp.drift + + +# Enable this if you want statistics to be logged. +#statsdir /var/log/ntpstats/ + +statistics loopstats peerstats clockstats +filegen loopstats file loopstats type day enable +filegen peerstats file peerstats type day enable +filegen clockstats file clockstats type day enable + + +# You do need to talk to an NTP server or two (or three). +#server ntp.your-provider.example + +# pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will +# pick a different set every time it starts up. Please consider joining the +# pool: + +# Managed by puppet class { "ntp": servers => [ ... ] } +<% servers.each do |server| -%> +server <%= server %> +<% end -%> + +# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for +# details. The web page +# might also be helpful. +# +# Note that "restrict" applies to both servers and clients, so a configuration +# that might be intended to block requests from certain clients could also end +# up blocking replies from your own upstream servers. + +# By default, exchange time with everybody, but don't allow configuration. +restrict -4 default kod notrap nomodify nopeer noquery +restrict -6 default kod notrap nomodify nopeer noquery + +# Local users may interrogate the ntp server more closely. +restrict 127.0.0.1 +restrict ::1 + +# Clients from this (example!) subnet have unlimited access, but only if +# cryptographically authenticated. +#restrict 192.168.123.0 mask 255.255.255.0 notrust + + +# If you want to provide time to your local subnet, change the next line. +# (Again, the address is an example only.) +#broadcast 192.168.123.255 + +# If you want to listen to time broadcasts on your local subnet, de-comment the +# next lines. Please do this only if you trust everybody on the network! +#disable auth +#broadcastclient -- cgit v1.2.3