summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorkadecole <kcole@yahoo.com>2015-06-18 00:23:06 -0500
committerJeff Geerling <geerlingguy@mac.com>2016-03-03 22:35:50 -0600
commit567078d7c3ac7190d6748f0cfcd535e82912a12b (patch)
treeec062a64a2a5b2fa7cc1112d86281e24add57816
parent2bfe67855da09a0b3b1cdb0d751b115fa42f1c36 (diff)
downloadntp-567078d7c3ac7190d6748f0cfcd535e82912a12b.tar.gz
ntp-567078d7c3ac7190d6748f0cfcd535e82912a12b.tar.bz2
ntp-567078d7c3ac7190d6748f0cfcd535e82912a12b.tar.xz
ntp-567078d7c3ac7190d6748f0cfcd535e82912a12b.zip
Add a managed ntp.conf template.
-rw-r--r--defaults/main.yml6
-rw-r--r--handlers/main.yml3
-rw-r--r--tasks/main.yml12
-rw-r--r--templates/ntp.conf.j222
4 files changed, 40 insertions, 3 deletions
diff --git a/defaults/main.yml b/defaults/main.yml
index f0fc211..5b47eca 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,3 +1,9 @@
---
ntp_enabled: true
ntp_timezone: America/Chicago
+
+ntp_servers:
+ - 0.pool.ntp.org iburst
+ - 1.pool.ntp.org iburst
+ - 2.pool.ntp.org iburst
+ - 3.pool.ntp.org iburst
diff --git a/handlers/main.yml b/handlers/main.yml
new file mode 100644
index 0000000..ee25a57
--- /dev/null
+++ b/handlers/main.yml
@@ -0,0 +1,3 @@
+---
+ - name: restart ntp
+ service: name={{ ntp_daemon }} state=restarted
diff --git a/tasks/main.yml b/tasks/main.yml
index 2844315..b6213ba 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -8,18 +8,19 @@
dest: /etc/localtime
state: link
force: yes
+ when: ntp_enabled
- name: Install NTP (RedHat).
yum: name=ntp state=installed
- when: ansible_os_family == 'RedHat'
+ when: ansible_os_family == 'RedHat' and ntp_enabled
- name: Install NTP (Debian).
apt: name=ntp state=installed
- when: ansible_os_family == 'Debian'
+ when: ansible_os_family == 'Debian' and ntp_enabled
- name: Install NTP (FreeBSD).
pkgng: name=ntp state=present
- when: ansible_os_family == 'FreeBSD'
+ when: ansible_os_family == 'FreeBSD' and ntp_enabled
- name: Ensure NTP is running and enabled at system start.
service:
@@ -34,3 +35,8 @@
state: stopped
enabled: no
when: not ntp_enabled
+
+- name: Generate ntp.conf file
+ template: src=ntp.conf.j2 dest=/etc/ntp.conf
+ notify: restart ntp
+ when: ntp_enabled
diff --git a/templates/ntp.conf.j2 b/templates/ntp.conf.j2
new file mode 100644
index 0000000..b0ddb0c
--- /dev/null
+++ b/templates/ntp.conf.j2
@@ -0,0 +1,22 @@
+# {{ ansible_managed }}
+
+# Default NTP servers for the operating system.
+{% for item in ntp_servers %}
+server {{ item }}
+{% endfor %}
+
+# Security:
+#
+# By default, only allow time queries and block all other requests
+# from unauthenticated clients.
+#
+# See http://support.ntp.org/bin/view/Support/AccessRestrictions
+# for more information.
+#
+restrict default kod limited nomodify notrap nopeer noquery
+restrict -6 default kod limited nomodify notrap nopeer noquery
+
+# The following settings allow unrestricted access from the localhost
+restrict 127.0.0.1
+restrict -6 ::1
+restrict 127.127.1.0