From 567078d7c3ac7190d6748f0cfcd535e82912a12b Mon Sep 17 00:00:00 2001 From: kadecole Date: Thu, 18 Jun 2015 00:23:06 -0500 Subject: Add a managed ntp.conf template. --- defaults/main.yml | 6 ++++++ handlers/main.yml | 3 +++ tasks/main.yml | 12 +++++++++--- templates/ntp.conf.j2 | 22 ++++++++++++++++++++++ 4 files changed, 40 insertions(+), 3 deletions(-) create mode 100644 handlers/main.yml create mode 100644 templates/ntp.conf.j2 diff --git a/defaults/main.yml b/defaults/main.yml index f0fc211..5b47eca 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,3 +1,9 @@ --- ntp_enabled: true ntp_timezone: America/Chicago + +ntp_servers: + - 0.pool.ntp.org iburst + - 1.pool.ntp.org iburst + - 2.pool.ntp.org iburst + - 3.pool.ntp.org iburst diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..ee25a57 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,3 @@ +--- + - name: restart ntp + service: name={{ ntp_daemon }} state=restarted diff --git a/tasks/main.yml b/tasks/main.yml index 2844315..b6213ba 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -8,18 +8,19 @@ dest: /etc/localtime state: link force: yes + when: ntp_enabled - name: Install NTP (RedHat). yum: name=ntp state=installed - when: ansible_os_family == 'RedHat' + when: ansible_os_family == 'RedHat' and ntp_enabled - name: Install NTP (Debian). apt: name=ntp state=installed - when: ansible_os_family == 'Debian' + when: ansible_os_family == 'Debian' and ntp_enabled - name: Install NTP (FreeBSD). pkgng: name=ntp state=present - when: ansible_os_family == 'FreeBSD' + when: ansible_os_family == 'FreeBSD' and ntp_enabled - name: Ensure NTP is running and enabled at system start. service: @@ -34,3 +35,8 @@ state: stopped enabled: no when: not ntp_enabled + +- name: Generate ntp.conf file + template: src=ntp.conf.j2 dest=/etc/ntp.conf + notify: restart ntp + when: ntp_enabled diff --git a/templates/ntp.conf.j2 b/templates/ntp.conf.j2 new file mode 100644 index 0000000..b0ddb0c --- /dev/null +++ b/templates/ntp.conf.j2 @@ -0,0 +1,22 @@ +# {{ ansible_managed }} + +# Default NTP servers for the operating system. +{% for item in ntp_servers %} +server {{ item }} +{% endfor %} + +# Security: +# +# By default, only allow time queries and block all other requests +# from unauthenticated clients. +# +# See http://support.ntp.org/bin/view/Support/AccessRestrictions +# for more information. +# +restrict default kod limited nomodify notrap nopeer noquery +restrict -6 default kod limited nomodify notrap nopeer noquery + +# The following settings allow unrestricted access from the localhost +restrict 127.0.0.1 +restrict -6 ::1 +restrict 127.127.1.0 -- cgit v1.2.1