diff --git a/.gitignore b/.gitignore index b5b7a00d..b5db85e0 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,5 @@ spec/fixtures/ .vagrant/ .bundle/ coverage/ +.idea/ +*.iml diff --git a/.sync.yml b/.sync.yml index ed97d539..66a03c64 100644 --- a/.sync.yml +++ b/.sync.yml @@ -1 +1,3 @@ --- +spec/spec_helper.rb: + unmanaged: true diff --git a/.travis.yml b/.travis.yml index a40ae502..6cf8b004 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,6 +1,6 @@ --- language: ruby -bundler_args: --without development +bundler_args: --without system_tests script: "bundle exec rake validate && bundle exec rake lint && bundle exec rake spec SPEC_OPTS='--format documentation'" matrix: fast_finish: true diff --git a/CHANGELOG.md b/CHANGELOG.md index f9f78526..45db969d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,69 @@ -##2014-05-14 - Supported Release 3.1.0 +## 2015-xx-xx - Supported Release 4.0.0 +### Summary +This release drops puppet 2.7 support and older stdlib support. + +#### Backwards-incompatible changes +- UDLC (Undisciplined local clock) is now no longer enabled by default on anything (previous was enabled on non-virtual). +- Puppet 2.7 no longer supported +- puppetlabs-stdlib less than 4.5.0 no longer supported +- TODO: The `keys_file` parent directory is no longer managed by puppet + +#### Features +- TODO + +#### Bugfixes +- TODO + +##2014-11-04 - Supported Release 3.3.0 +###Summary + +This release adds support for SLES 12. + +####Features +- Added support for SLES 12 + +##2014-10-02 - Supported Release 3.2.1 +###Summary + +This is a bug-fix release addressing the security concerns of setting /etc/ntp to mode 0755 recursively. + +####Bugfixes +- Do not recursively set ownership/mode of /etc/ntp + +##2014-09-10 - Supported Release 3.2.0 +###Summary + +This is primarily a feature release. It adds a few new parameters to class `ntp` +and adds support for Solaris 11. + +####Features +- Add the `$interfaces` parameter to `ntp` +- Add support for Solaris 10 and 11 +- Synchronized files with modulesync +- Test updates +- Add the `$iburst_enable` parameter to `ntp` + +####Bugfixes +- Fixes for strict variables +- Remove dependency on stdlib4 + +##2014-06-06 - Release 3.1.2 +###Summary + +This is a supported release. This release fixes a manifest typo. + +##2014-06-06 - Release 3.1.1 +###Summary + +This is a bugfix release to get around dependency issues in PMT 3.6. This +version has a dependency on puppetlabs-stdlib >= 4 so PE3.2.x is no longer +supported. + +####Bugfixes +- Remove deprecated Modulefile as it was causing duplicate dependencies with PMT. + +##2014-05-14 - Release 3.1.0 ###Summary -This is a supported release. This release adds `disable_monitor` so you can disable the monitor functionality of NTP, which was recently used in NTP amplification attacks. It also adds diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index e1288478..f1cbde4b 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -41,11 +41,9 @@ Checklist (and a short version for the impatient) * Pre-requisites: - - Sign the [Contributor License Agreement](https://cla.puppetlabs.com/) - - Make sure you have a [GitHub account](https://github.com/join) - - [Create a ticket](http://projects.puppetlabs.com/projects/modules/issues/new), or [watch the ticket](http://projects.puppetlabs.com/projects/modules/issues) you are patching for. + - [Create a ticket](https://tickets.puppetlabs.com/secure/CreateIssue!default.jspa), or [watch the ticket](https://tickets.puppetlabs.com/browse/) you are patching for. * Preferred method: @@ -94,17 +92,7 @@ The long version whitespace or other "whitespace errors". You can do this by running "git diff --check" on your changes before you commit. - 2. Sign the Contributor License Agreement - - Before we can accept your changes, we do need a signed Puppet - Labs Contributor License Agreement (CLA). - - You can access the CLA via the [Contributor License Agreement link](https://cla.puppetlabs.com/) - - If you have any questions about the CLA, please feel free to - contact Puppet Labs via email at cla-submissions@puppetlabs.com. - - 3. Sending your patches + 2. Sending your patches To submit your changes via a GitHub pull request, we _highly_ recommend that you have them on a topic branch, instead of @@ -124,7 +112,7 @@ The long version in order to open a pull request. - 4. Update the related GitHub issue. + 3. Update the related GitHub issue. If there is a GitHub issue associated with the change you submitted, then you should update the ticket to include the @@ -220,14 +208,12 @@ review. Additional Resources ==================== -* [Getting additional help](http://projects.puppetlabs.com/projects/puppet/wiki/Getting_Help) +* [Getting additional help](http://puppetlabs.com/community/get-help) * [Writing tests](http://projects.puppetlabs.com/projects/puppet/wiki/Development_Writing_Tests) * [Patchwork](https://patchwork.puppetlabs.com) -* [Contributor License Agreement](https://projects.puppetlabs.com/contributor_licenses/sign) - * [General GitHub documentation](http://help.github.com/) * [GitHub pull request documentation](http://help.github.com/send-pull-requests/) diff --git a/Gemfile b/Gemfile index e960f7c4..62c56939 100644 --- a/Gemfile +++ b/Gemfile @@ -1,15 +1,19 @@ source ENV['GEM_SOURCE'] || "https://rubygems.org" -group :development, :test do +group :development, :unit_tests do gem 'rake', :require => false - gem 'rspec-puppet', :require => false + gem 'rspec-core', '3.1.7', :require => false + gem 'rspec-puppet', '~> 1.0', :require => false gem 'puppetlabs_spec_helper', :require => false - gem 'serverspec', :require => false gem 'puppet-lint', :require => false - gem 'beaker', :require => false - gem 'beaker-rspec', :require => false - gem 'pry', :require => false gem 'simplecov', :require => false + gem 'puppet_facts', :require => false + gem 'json', :require => false +end + +group :system_tests do + gem 'beaker-rspec', :require => false + gem 'serverspec', :require => false end if facterversion = ENV['FACTER_GEM_VERSION'] diff --git a/Modulefile b/Modulefile deleted file mode 100644 index 6cf7fb7c..00000000 --- a/Modulefile +++ /dev/null @@ -1,11 +0,0 @@ -name 'puppetlabs-ntp' -version '3.1.0' -source 'git://github.com/puppetlabs/puppetlabs-ntp' -author 'Puppet Labs' -license 'Apache Version 2.0' -summary 'NTP Module' -description 'NTP Module for Debian, Ubuntu, CentOS, RHEL, OEL, Fedora, FreeBSD, ArchLinux and Gentoo.' -project_page 'http://github.com/puppetlabs/puppetlabs-ntp' - -## Add dependencies, if any: -dependency 'puppetlabs/stdlib', '>= 4.0.0' diff --git a/README.markdown b/README.markdown index 88cf34a1..f7209ef9 100644 --- a/README.markdown +++ b/README.markdown @@ -5,9 +5,6 @@ 1. [Overview](#overview) 2. [Module Description - What the module does and why it is useful](#module-description) 3. [Setup - The basics of getting started with ntp](#setup) - * [What ntp affects](#what-ntp-affects) - * [Setup requirements](#setup-requirements) - * [Beginning with ntp](#beginning-with-ntp) 4. [Usage - Configuration options and additional functionality](#usage) 5. [Reference - An under-the-hood peek at what the module is doing and how](#reference) 5. [Limitations - OS compatibility, etc.](#limitations) @@ -23,16 +20,9 @@ The ntp module handles installing, configuring, and running NTP across a range o ##Setup -###What ntp affects - -* ntp package. -* ntp configuration file. -* ntp service. - ###Beginning with ntp -`include '::ntp'` is enough to get you up and running. If you wish to pass in -parameters specifying which servers to use, then: +`include '::ntp'` is enough to get you up and running. If you wish to pass in parameters specifying which servers to use, then: ```puppet class { '::ntp': @@ -42,8 +32,7 @@ class { '::ntp': ##Usage -All interaction with the ntp module can do be done through the main ntp class. -This means you can simply toggle the options in `::ntp` to have full functionality of the module. +All interaction with the ntp module can be done through the main ntp class. This means you can simply toggle the options in `::ntp` to have full functionality of the module. ###I just want NTP, what's the minimum I need? @@ -68,9 +57,25 @@ class { '::ntp': } ``` +###I just want to install a client that can't be queried + +```puppet +class { '::ntp': + servers => ['ntp1.corp.com', 'ntp2.corp.com'], + restrict => [ + 'default ignore', + '-6 default ignore', + '127.0.0.1', + '-6 ::1', + 'ntp1.corp.com nomodify notrap nopeer noquery', + 'ntp1.corp.com nomodify notrap nopeer noquery' + ], +} +``` + ###I only want to listen on specific interfaces, not on 0.0.0.0 -Restricting this is especially useful on Openstack nodes which may have numerous virtual interfaces. +Restricting ntp to a specific interface is especially useful on Openstack nodes which may have numerous virtual interfaces. ```puppet class { '::ntp': @@ -89,6 +94,14 @@ class { '::ntp': } ``` +###I'd like to configure and run ntp, but I don't need to install it. + +```puppet +class { '::ntp': + package_manage => false, +} +``` + ###Looks great! But I'd like a different template; we need to do something unique here. ```puppet @@ -116,133 +129,150 @@ class { '::ntp': ###Parameters -The following parameters are available in the ntp module: +The following parameters are available in the `::ntp` class: ####`autoupdate` -**Deprecated:** This parameter determined whether the ntp module should be -automatically updated to the latest version available. Replaced by `package_ensure`. +**Deprecated; replaced by the `package_ensure` parameter**. Tells Puppet whether to keep the ntp module updated to the latest version available. Valid options: 'true' or 'false'. Default value: 'false' + +####`broadcastclient` + +Enable reception of broadcast server messages to any local interface. ####`config` -Sets the file that ntp configuration is written into. +Specifies a file for ntp's configuration info. Valid options: string containing an absolute path. Default value: '/etc/ntp.conf' (or '/etc/inet/ntp.conf' on Solaris) ####`config_template` -Determines which template Puppet should use for the ntp configuration. +Specifies a file to act as a template for the config file. Valid options: string containing a path (absolute, or relative to the module path). Default value: 'ntp/ntp.conf.erb' + +####`disable_auth` + +Do not require cryptographic authentication for broadcast client, multicast +client and symmetric passive associations. ####`disable_monitor` -Disables monitoring of ntp. +Tells Puppet whether to refrain from monitoring the NTP service. Valid options: 'true' or 'false'. Default value: 'false' ####`driftfile` -Sets the location of the drift file for ntp. +Specifies an NTP driftfile. Valid options: string containing an absolute path. Default value: '/var/lib/ntp/drift' (except on AIX and Solaris) + +#### `fudge` + +Used to provide additional information for individual clock drivers. Valid options: array containing strings that follow the `fudge` command. Default value: [ ] ####`iburst_enable` -Set the iburst option in the ntp configuration. If enabled the option is set for every ntp peer. +Specifies whether to enable the iburst option for every NTP peer. Valid options: 'true' or 'false'. Default value: 'false' (except on AIX and Debian) + +####`interfaces` + +Specifies one or more network interfaces for NTP to listen on. Valid options: array. Default value: [ ] ####`keys_controlkey` -The key to use as the control key. +Provides a control key to be used by NTP. Valid options: string. Default value: ' ' ####`keys_enable` -Whether the ntp keys functionality is enabled. +Tells Puppet whether to enable key-based authentication. Valid options: 'true' or 'false'. Default value: 'false' ####`keys_file` -Location of the keys file. +Specifies an NTP keys file. Valid options: string containing an absolute path. Default value: '/etc/ntp/keys' (except on AIX, SLES, and Solaris) ####`keys_requestkey` -Which of the keys is the request key. +Provides a request key to be used by NTP. Valid options: string. Default value: ' ' -#### `keys_trusted` +#### `keys_trusted`: +Provides one or more keys to be trusted by NTP. Valid options: array of keys. Default value: [ ] -Array of trusted keys. +#### `logfile` + +Specifies a log file for NTP to use instead of syslog. Valid options: string containing an absolute path. Default value: ' ' ####`package_ensure` -Sets the ntp package to be installed. Can be set to 'present', 'latest', or a specific version. +Tells Puppet whether the NTP package should be installed, and what version. Valid options: 'present', 'latest', or a specific version number. Default value: 'present' + +####`package_manage` + +Tells Puppet whether to manage the NTP package. Valid options: 'true' or 'false'. Default value: 'true' ####`package_name` -Determines the name of the package to install. +Tells Puppet what NTP package to manage. Valid options: string. Default value: 'ntp' (except on AIX and Solaris) ####`panic` -Determines if ntp should 'panic' in the event of a very large clock skew. -This defaults to false for virtual machines, as they don't do a great job with keeping time. +Specifies whether NTP should "panic" in the event of a very large clock skew. Valid options: 'true' or 'false'. Default value: 'true' (except on virtual machines, where major time shifts are normal) ####`preferred_servers` -List of ntp servers to prefer. Will append 'prefer' for any server in this list -that also appears in the servers list. +Specifies one or more preferred peers. Puppet will append 'prefer' to each matching item in the `servers` array. Valid options: array. Default value: [ ] ####`restrict` -Sets the restrict options in the ntp configuration. The lines are -prefixed with 'restrict', so you just need to list the rest of the restriction. +Specifies one or more `restrict` options for the NTP configuration. Puppet will prefix each item with 'restrict', so you only need to list the content of the restriction. Valid options: array. Default value for most operating systems: + +~~~~ +[ + 'default kod nomodify notrap nopeer noquery', + '-6 default kod nomodify notrap nopeer noquery', + '127.0.0.1', + '-6 ::1', +] +~~~~ + +Default value for AIX systems: + +~~~~ +[ + 'default nomodify notrap nopeer noquery', + '127.0.0.1', +] +~~~~ ####`servers` -Selects the servers to use for ntp peers. +Specifies one or more servers to be used as NTP peers. Valid options: array. Default value: varies by operating system ####`service_enable` -Determines if the service should be enabled at boot. +Tells Puppet whether to enable the NTP service at boot. Valid options: 'true' or 'false'. Default value: 'true' ####`service_ensure` -Determines if the service should be running or not. +Tells Puppet whether the NTP service should be running. Valid options: 'running' or 'stopped'. Default value: 'running' ####`service_manage` -Selects whether Puppet should manage the service. +Tells Puppet whether to manage the NTP service. Valid options: 'true' or 'false'. Default value: 'true' ####`service_name` -Selects the name of the ntp service for Puppet to manage. +Tells Puppet what NTP service to manage. Valid options: string. Default value: varies by operating system ####`udlc` -Enables configs for undisciplined local clock, regardless of -status as a virtual machine. - +Specifies whether to configure ntp to use the undisciplined local clock as a time source. Valid options: 'true' or 'false'. Default value: 'false' ##Limitations -This module has been built on and tested against Puppet 2.7 and higher. - -The module has been tested on: - -* RedHat Enterprise Linux 5/6 -* Debian 6/7 -* CentOS 5/6 -* Ubuntu 12.04 -* Gentoo -* Arch Linux -* FreeBSD -* Solaris 10, 11 -* AIX 5.3, 6.1, 7.1 - -Testing on other platforms has been light and cannot be guaranteed. +This module has been tested on [all PE-supported platforms](https://forge.puppetlabs.com/supported#compat-matrix), and no issues have been identified. ##Development -Puppet Labs modules on the Puppet Forge are open projects, and community -contributions are essential for keeping them great. We can’t access the -huge number of platforms and myriad of hardware, software, and deployment -configurations that Puppet is intended to serve. +Puppet Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad of hardware, software, and deployment configurations that Puppet is intended to serve. -We want to keep it as easy as possible to contribute changes so that our -modules work in your environment. There are a few guidelines that we need -contributors to follow so that we can have a chance of keeping on top of things. +We want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things. -You can read the complete module contribution guide [on the Puppet Labs wiki.](http://projects.puppetlabs.com/projects/module-site/wiki/Module_contributing) +For more information, see our [module contribution guide.](https://docs.puppetlabs.com/forge/contributing.html) ###Contributors -The list of contributors can be found at: [https://github.com/puppetlabs/puppetlabs-ntp/graphs/contributors](https://github.com/puppetlabs/puppetlabs-ntp/graphs/contributors) +To see who's already involved, see the [list of contributors.](https://github.com/puppetlabs/puppetlabs-ntp/graphs/contributors) diff --git a/Rakefile b/Rakefile index 5868545f..e3be95b0 100644 --- a/Rakefile +++ b/Rakefile @@ -2,9 +2,9 @@ require 'puppetlabs_spec_helper/rake_tasks' require 'puppet-lint/tasks/puppet-lint' PuppetLint.configuration.fail_on_warnings +PuppetLint.configuration.send('relative') PuppetLint.configuration.send('disable_80chars') PuppetLint.configuration.send('disable_class_inherits_from_params_class') -PuppetLint.configuration.send('disable_class_parameter_defaults') PuppetLint.configuration.send('disable_documentation') PuppetLint.configuration.send('disable_single_quote_string_with_variables') PuppetLint.configuration.ignore_paths = ["spec/**/*.pp", "pkg/**/*.pp"] diff --git a/lib/puppet/parser/functions/ntp_dirname.rb b/lib/puppet/parser/functions/ntp_dirname.rb new file mode 100644 index 00000000..06cdb7ce --- /dev/null +++ b/lib/puppet/parser/functions/ntp_dirname.rb @@ -0,0 +1,15 @@ +module Puppet::Parser::Functions + newfunction(:ntp_dirname, :type => :rvalue, :doc => <<-EOS + Returns the dirname of a path. + EOS + ) do |arguments| + + raise(Puppet::ParseError, "ntp_dirname(): Wrong number of arguments " + + "given (#{arguments.size} for 1)") if arguments.size < 1 + + path = arguments[0] + return File.dirname(path) + end +end + +# vim: set ts=2 sw=2 et : diff --git a/manifests/config.pp b/manifests/config.pp index 1c8963dc..67806fd8 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -2,13 +2,22 @@ class ntp::config inherits ntp { if $keys_enable { + file { $keys_file: + ensure => file, + owner => 0, + group => ntp, + mode => '0640', + } + $directory = dirname($keys_file) - file { $directory: - ensure => directory, - owner => 0, - group => 0, - mode => '0755', - recurse => true, + if $directory =~ /^\/.+\/.+$/ { + file { $directory: + ensure => directory, + owner => 0, + group => 0, + mode => '0640', + recurse => true, + } } } diff --git a/manifests/init.pp b/manifests/init.pp index 2cbc462f..14adf595 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,8 +1,11 @@ class ntp ( $autoupdate = $ntp::params::autoupdate, + $broadcastclient = $ntp::params::broadcastclient, $config = $ntp::params::config, $config_template = $ntp::params::config_template, + $disable_auth = $ntp::params::disable_auth, $disable_monitor = $ntp::params::disable_monitor, + $fudge = $ntp::params::fudge, $driftfile = $ntp::params::driftfile, $logfile = $ntp::params::logfile, $iburst_enable = $ntp::params::iburst_enable, @@ -12,6 +15,7 @@ $keys_requestkey = $ntp::params::keys_requestkey, $keys_trusted = $ntp::params::keys_trusted, $package_ensure = $ntp::params::package_ensure, + $package_manage = $ntp::params::package_manage, $package_name = $ntp::params::package_name, $panic = $ntp::params::panic, $preferred_servers = $ntp::params::preferred_servers, @@ -25,8 +29,10 @@ $udlc = $ntp::params::udlc ) inherits ntp::params { + validate_bool($broadcastclient) validate_absolute_path($config) validate_string($config_template) + validate_bool($disable_auth) validate_bool($disable_monitor) validate_absolute_path($driftfile) if $logfile { validate_absolute_path($logfile) } @@ -36,12 +42,14 @@ validate_re($keys_requestkey, ['^\d+$', '']) validate_array($keys_trusted) validate_string($package_ensure) + validate_bool($package_manage) validate_array($package_name) validate_bool($panic) validate_array($preferred_servers) validate_array($restrict) validate_array($interfaces) validate_array($servers) + validate_array($fudge) validate_bool($service_enable) validate_string($service_ensure) validate_bool($service_manage) diff --git a/manifests/install.pp b/manifests/install.pp index 237f4c1c..49f4044b 100644 --- a/manifests/install.pp +++ b/manifests/install.pp @@ -1,8 +1,12 @@ # class ntp::install inherits ntp { - package { $package_name: - ensure => $package_ensure, + if $package_manage { + + package { $package_name: + ensure => $package_ensure, + } + } } diff --git a/manifests/params.pp b/manifests/params.pp index 3acaa914..47a89800 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -15,20 +15,38 @@ $service_manage = true $udlc = false $interfaces = [] + $disable_auth = false + $broadcastclient = false + + # Allow a list of fudge options + $fudge = [] # On virtual machines allow large clock skews. - $panic = str2bool($::is_virtual) ? { - true => false, + # TODO Change this to str2bool($::is_virtual) when stdlib dependency is >= 4.0.0 + # NOTE The "x${var}" is just to avoid lint quoted variable warning. + $panic = "x${::is_virtual}" ? { + 'xtrue' => false, default => true, } + $default_config = '/etc/ntp.conf' + $default_keys_file = '/etc/ntp/keys' + $default_driftfile = '/var/lib/ntp/drift' + $default_package_name = ['ntp'] + $default_service_name = 'ntpd' + + $package_manage = $::osfamily ? { + 'FreeBSD' => false, + default => true, + } + case $::osfamily { 'AIX': { - $config = '/etc/ntp.conf' - $keysfile = '/etc/ntp.keys' + $config = $default_config + $keys_file = '/etc/ntp.keys' $driftfile = '/etc/ntp.drift' $package_name = [ 'bos.net.tcp.client' ] - $restrict = [ + $restrict = [ 'default nomodify notrap nopeer noquery', '127.0.0.1', ] @@ -42,15 +60,15 @@ ] } 'Debian': { - $config = '/etc/ntp.conf' - $keys_file = '/etc/ntp/keys' - $driftfile = '/var/lib/ntp/drift' - $package_name = [ 'ntp' ] - $restrict = [ - 'default kod nomodify notrap nopeer noquery', + $config = $default_config + $keys_file = $default_keys_file + $driftfile = $default_driftfile + $package_name = $default_package_name + $restrict = [ + '-4 kod nomodify notrap nopeer noquery', '-6 default kod nomodify notrap nopeer noquery', '127.0.0.1', - '-6 ::1', + '::1', ] $service_name = 'ntp' $iburst_enable = true @@ -62,17 +80,17 @@ ] } 'RedHat': { - $config = '/etc/ntp.conf' - $driftfile = '/var/lib/ntp/drift' - $keys_file = '/etc/ntp/keys' - $package_name = [ 'ntp' ] - $restrict = [ + $config = $default_config + $keys_file = $default_keys_file + $driftfile = $default_driftfile + $package_name = $default_package_name + $service_name = $default_service_name + $restrict = [ 'default kod nomodify notrap nopeer noquery', '-6 default kod nomodify notrap nopeer noquery', '127.0.0.1', '-6 ::1', ] - $service_name = 'ntpd' $iburst_enable = false $servers = [ '0.centos.pool.ntp.org', @@ -80,18 +98,24 @@ '2.centos.pool.ntp.org', ] } - 'SuSE': { - $config = '/etc/ntp.conf' + 'Suse': { + if $::operatingsystem == 'SLES' and $::operatingsystemmajrelease == '12' + { + $service_name = 'ntpd' + $keys_file = '/etc/ntp.keys' + } else{ + $service_name = 'ntp' + $keys_file = $default_keys_file + } + $config = $default_config $driftfile = '/var/lib/ntp/drift/ntp.drift' - $keys_file = '/etc/ntp/keys' - $package_name = [ 'ntp' ] - $restrict = [ + $package_name = $default_package_name + $restrict = [ 'default kod nomodify notrap nopeer noquery', '-6 default kod nomodify notrap nopeer noquery', '127.0.0.1', '-6 ::1', ] - $service_name = 'ntp' $iburst_enable = false $servers = [ '0.opensuse.pool.ntp.org', @@ -101,17 +125,17 @@ ] } 'FreeBSD': { - $config = '/etc/ntp.conf' + $config = $default_config $driftfile = '/var/db/ntpd.drift' - $keys_file = '/etc/ntp/keys' + $keys_file = $default_keys_file $package_name = ['net/ntp'] - $restrict = [ + $restrict = [ 'default kod nomodify notrap nopeer noquery', '-6 default kod nomodify notrap nopeer noquery', '127.0.0.1', '-6 ::1', ] - $service_name = 'ntpd' + $service_name = $default_service_name $iburst_enable = true $servers = [ '0.freebsd.pool.ntp.org maxpoll 9', @@ -121,17 +145,17 @@ ] } 'Archlinux': { - $config = '/etc/ntp.conf' - $driftfile = '/var/lib/ntp/drift' - $keys_file = '/etc/ntp/keys' - $package_name = [ 'ntp' ] - $restrict = [ + $config = $default_config + $keys_file = $default_keys_file + $driftfile = $default_driftfile + $package_name = $default_package_name + $service_name = $default_service_name + $restrict = [ 'default kod nomodify notrap nopeer noquery', '-6 default kod nomodify notrap nopeer noquery', '127.0.0.1', '-6 ::1', ] - $service_name = 'ntpd' $iburst_enable = false $servers = [ '0.pool.ntp.org', @@ -140,41 +164,41 @@ ] } 'Solaris': { - $config = '/etc/inet/ntp.conf' - $driftfile = '/var/ntp/ntp.drift' - $keys_file = '/etc/inet/ntp.keys' - $package_name = $::operatingsystemrelease ? { + $config = '/etc/inet/ntp.conf' + $driftfile = '/var/ntp/ntp.drift' + $keys_file = '/etc/inet/ntp.keys' + $package_name = $::operatingsystemrelease ? { /^(5\.10|10|10_u\d+)$/ => [ 'SUNWntpr', 'SUNWntpu' ], /^(5\.11|11|11\.\d+)$/ => [ 'service/network/ntp' ] } - $restrict = [ + $restrict = [ 'default kod nomodify notrap nopeer noquery', '-6 default kod nomodify notrap nopeer noquery', '127.0.0.1', '-6 ::1', ] - $service_name = 'network/ntp' + $service_name = 'network/ntp' $iburst_enable = false - $servers = [ + $servers = [ '0.pool.ntp.org', '1.pool.ntp.org', '2.pool.ntp.org', '3.pool.ntp.org', ] } - # Gentoo was added as its own $::osfamily in Facter 1.7.0 + # Gentoo was added as its own $::osfamily in Facter 1.7.0 'Gentoo': { - $config = '/etc/ntp.conf' - $driftfile = '/var/lib/ntp/drift' - $keys_file = '/etc/ntp/keys' + $config = $default_config + $keys_file = $default_keys_file + $driftfile = $default_driftfile $package_name = ['net-misc/ntp'] - $restrict = [ + $service_name = $default_service_name + $restrict = [ 'default kod nomodify notrap nopeer noquery', '-6 default kod nomodify notrap nopeer noquery', '127.0.0.1', '-6 ::1', ] - $service_name = 'ntpd' $iburst_enable = false $servers = [ '0.gentoo.pool.ntp.org', @@ -184,21 +208,21 @@ ] } 'Linux': { - # Account for distributions that don't have $::osfamily specific settings. - # Before Facter 1.7.0 Gentoo did not have its own $::osfamily + # Account for distributions that don't have $::osfamily specific settings. + # Before Facter 1.7.0 Gentoo did not have its own $::osfamily case $::operatingsystem { 'Gentoo': { - $config = '/etc/ntp.conf' - $driftfile = '/var/lib/ntp/drift' - $keys_file = '/etc/ntp/keys' + $config = $default_config + $keys_file = $default_keys_file + $driftfile = $default_driftfile + $service_name = $default_service_name $package_name = ['net-misc/ntp'] - $restrict = [ + $restrict = [ 'default kod nomodify notrap nopeer noquery', '-6 default kod nomodify notrap nopeer noquery', '127.0.0.1', '-6 ::1', ] - $service_name = 'ntpd' $iburst_enable = false $servers = [ '0.gentoo.pool.ntp.org', diff --git a/metadata.json b/metadata.json index 9584e69a..962d11e4 100644 --- a/metadata.json +++ b/metadata.json @@ -1,4 +1,12 @@ { + "name": "puppetlabs-ntp", + "version": "3.3.0", + "author": "Puppet Labs", + "summary": "Installs, configures, and manages the NTP service.", + "license": "Apache Version 2.0", + "source": "https://github.com/puppetlabs/puppetlabs-ntp", + "project_page": "https://github.com/puppetlabs/puppetlabs-ntp", + "issues_url": "https://tickets.puppetlabs.com/browse/MODULES", "operatingsystem_support": [ { "operatingsystem": "RedHat", @@ -12,27 +20,32 @@ "operatingsystem": "CentOS", "operatingsystemrelease": [ "5", - "6" + "6", + "7" ] }, { "operatingsystem": "OracleLinux", "operatingsystemrelease": [ "5", - "6" + "6", + "7" ] }, { "operatingsystem": "Scientific", "operatingsystemrelease": [ "5", - "6" + "6", + "7" ] }, { "operatingsystem": "SLES", "operatingsystemrelease": [ - "11 SP1" + "10 SP4", + "11 SP1", + "12" ] }, { @@ -53,7 +66,6 @@ { "operatingsystem": "Solaris", "operatingsystemrelease": [ - "10", "11" ] }, @@ -69,25 +81,15 @@ "requirements": [ { "name": "pe", - "version_requirement": ">= 3.2.0 < 3.4.0" + "version_requirement": ">= 3.7.0 < 4.0.0" }, { "name": "puppet", "version_requirement": "3.x" } ], - "name": "puppetlabs-ntp", - "version": "3.1.0", - "source": "git://github.com/puppetlabs/puppetlabs-ntp", - "author": "Puppet Labs", - "license": "Apache Version 2.0", - "summary": "NTP Module", "description": "NTP Module for Debian, Ubuntu, CentOS, RHEL, OEL, Fedora, FreeBSD, ArchLinux and Gentoo.", - "project_page": "http://github.com/puppetlabs/puppetlabs-ntp", "dependencies": [ - { - "name": "puppetlabs/stdlib", - "version_requirement": ">= 0.1.6" - } + {"name":"puppetlabs/stdlib","version_requirement":">= 4.5.0 < 5.0.0"} ] } diff --git a/spec/acceptance/disable_monitoring_spec.rb b/spec/acceptance/disable_monitoring_spec.rb index 709010b0..e86c9b80 100644 --- a/spec/acceptance/disable_monitoring_spec.rb +++ b/spec/acceptance/disable_monitoring_spec.rb @@ -1,5 +1,11 @@ require 'spec_helper_acceptance' +if (fact('osfamily') == 'Solaris') + config = '/etc/inet/ntp.conf' +else + config = '/etc/ntp.conf' +end + describe "ntp class with disable_monitor:", :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do context 'should run successfully' do pp = "class { 'ntp': disable_monitor => true }" @@ -9,8 +15,8 @@ apply_manifest(pp, :catch_changes => true) end - describe file('/etc/ntp.conf') do - it { should contain('disable monitor') } + describe file("#{config}") do + its(:content) { should match('disable monitor') } end end @@ -22,8 +28,8 @@ apply_manifest(pp, :catch_changes => true) end - describe file('/etc/ntp.conf') do - it { should_not contain('disable monitor') } + describe file("#{config}") do + its(:content) { should_not match('disable monitor') } end end diff --git a/spec/acceptance/nodesets/sles-12-64.yml b/spec/acceptance/nodesets/sles-12-64.yml new file mode 100644 index 00000000..00c147a8 --- /dev/null +++ b/spec/acceptance/nodesets/sles-12-64.yml @@ -0,0 +1,20 @@ +--- +HOSTS: + czriitzephrrlzw: + roles: + - master + - database + - dashboard + - agent + - default + platform: sles-12-x86_64 + template: sles-12-x86_64 + hypervisor: vcloud +CONFIG: + nfs_server: none + consoleport: 443 + datastore: instance0 + folder: Delivery/Quality Assurance/Enterprise/Dynamic + resourcepool: delivery/Quality Assurance/Enterprise/Dynamic + pooling_api: http://vcloud.delivery.puppetlabs.net/ + pe_dir: http://enterprise.delivery.puppetlabs.net/3.4/preview diff --git a/spec/acceptance/ntp_config_spec.rb b/spec/acceptance/ntp_config_spec.rb index e30e5770..689ba8e6 100644 --- a/spec/acceptance/ntp_config_spec.rb +++ b/spec/acceptance/ntp_config_spec.rb @@ -7,7 +7,7 @@ line = '0.debian.pool.ntp.org iburst' when 'RedHat' line = '0.centos.pool.ntp.org' -when 'SuSE' +when 'Suse' line = '0.opensuse.pool.ntp.org' when 'Gentoo' line = '0.gentoo.pool.ntp.org' @@ -24,6 +24,12 @@ line = '0.debian.pool.ntp.org iburst' end +if (fact('osfamily') == 'Solaris') + config = '/etc/inet/ntp.conf' +else + config = '/etc/ntp.conf' +end + describe 'ntp::config class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do it 'sets up ntp.conf' do apply_manifest(%{ @@ -31,8 +37,8 @@ class { 'ntp': } }, :catch_failures => true) end - describe file('/etc/ntp.conf') do + describe file("#{config}") do it { should be_file } - it { should contain line } + its(:content) { should match line } end end diff --git a/spec/acceptance/ntp_install_spec.rb b/spec/acceptance/ntp_install_spec.rb index 1c81fb00..29aac224 100644 --- a/spec/acceptance/ntp_install_spec.rb +++ b/spec/acceptance/ntp_install_spec.rb @@ -22,7 +22,11 @@ packagename = 'service/network/ntp' end else - packagename = 'ntp' + if fact('operatingsystem') == 'SLES' and fact('operatingsystemmajrelease') == '12' + servicename = 'ntpd' + else + servicename = 'ntp' + end end describe 'ntp::install class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do diff --git a/spec/acceptance/ntp_parameters_spec.rb b/spec/acceptance/ntp_parameters_spec.rb index 124d3f67..e4c230d7 100644 --- a/spec/acceptance/ntp_parameters_spec.rb +++ b/spec/acceptance/ntp_parameters_spec.rb @@ -22,7 +22,17 @@ packagename = 'service/network/ntp' end else - packagename = 'ntp' + if fact('operatingsystem') == 'SLES' and fact('operatingsystemmajrelease') == '12' + servicename = 'ntpd' + else + servicename = 'ntp' + end +end + +if (fact('osfamily') == 'Solaris') + config = '/etc/inet/ntp.conf' +else + config = '/etc/ntp.conf' end describe "ntp class:", :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do @@ -67,9 +77,9 @@ apply_manifest(pp, :catch_failures => true) end - describe file('/etc/ntp.conf') do + describe file("#{config}") do it { should be_file } - it { should contain 'testcontent' } + its(:content) { should match 'testcontent' } end end @@ -79,9 +89,9 @@ apply_manifest(pp, :catch_failures => true) end - describe file('/etc/ntp.conf') do + describe file("#{config}") do it { should be_file } - it { should contain 'driftfile /tmp/driftfile' } + its(:content) { should match 'driftfile /tmp/driftfile' } end end @@ -102,12 +112,12 @@ class { 'ntp': apply_manifest(pp, :catch_failures => true) end - describe file('/etc/ntp.conf') do + describe file("#{config}") do it { should be_file } - it { should contain 'keys /etc/ntp/keys' } - it { should contain 'controlkey /etc/ntp/controlkey' } - it { should contain 'requestkey 1' } - it { should contain 'trustedkey 1 2' } + its(:content) { should match 'keys /etc/ntp/keys' } + its(:content) { should match 'controlkey /etc/ntp/controlkey' } + its(:content) { should match 'requestkey 1' } + its(:content) { should match 'trustedkey 1 2' } end end @@ -139,8 +149,8 @@ class { 'ntp': apply_manifest(pp, :catch_failures => true) end - describe file('/etc/ntp.conf') do - it { should contain 'tinker panic' } + describe file("#{config}") do + its(:content) { should match 'tinker panic' } end end @@ -154,8 +164,8 @@ class { 'ntp': apply_manifest(pp, :catch_failures => true) end - describe file('/etc/ntp.conf') do - it { should_not contain 'tinker panic 0' } + describe file("#{config}") do + its(:content) { should_not match 'tinker panic 0' } end end @@ -165,9 +175,9 @@ class { 'ntp': apply_manifest(pp, :catch_failures => true) end - describe file('/etc/ntp.conf') do + describe file("#{config}") do it { should be_file } - it { should contain '127.127.1.0' } + its(:content) { should match '127.127.1.0' } end end diff --git a/spec/acceptance/ntp_service_spec.rb b/spec/acceptance/ntp_service_spec.rb index 83c27975..73edd656 100644 --- a/spec/acceptance/ntp_service_spec.rb +++ b/spec/acceptance/ntp_service_spec.rb @@ -1,16 +1,35 @@ require 'spec_helper_acceptance' +require 'specinfra' case fact('osfamily') -when 'RedHat', 'FreeBSD', 'Linux', 'Gentoo' - servicename = 'ntpd' -when 'Solaris' - servicename = 'network/ntp' -when 'AIX' - servicename = 'xntpd' -else - servicename = 'ntp' + when 'RedHat', 'FreeBSD', 'Linux', 'Gentoo' + servicename = 'ntpd' + when 'Solaris' + servicename = 'network/ntp' + when 'AIX' + servicename = 'xntpd' + else + if fact('operatingsystem') == 'SLES' and fact('operatingsystemmajrelease') == '12' + servicename = 'ntpd' + else + servicename = 'ntp' + end +end +shared_examples 'running' do + describe service(servicename) do + if !(fact('operatingsystem') == 'SLES' && fact('operatingsystemmajrelease') == '12') + it { should be_running } + it { should be_enabled } + else + # hack until we either update SpecInfra or come up with alternative + it { + output = shell('service ntpd status') + expect(output.stdout).to match(/Active\:\s+active\s+\(running\)/) + expect(output.stdout).to match(/^\s+Loaded.*enabled\)$/) + } + end + end end - describe 'ntp::service class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do describe 'basic test' do it 'sets up the service' do @@ -19,10 +38,7 @@ class { 'ntp': } }, :catch_failures => true) end - describe service(servicename) do - it { should be_enabled } - it { should be_running } - end + it_should_behave_like 'running' end describe 'service parameters' do @@ -37,29 +53,37 @@ class { 'ntp': EOS apply_manifest(pp, :catch_failures => true) end - - describe service(servicename) do - it { should be_running } - it { should be_enabled } - end + it_should_behave_like 'running' end +end - describe 'service is unmanaged' do - it 'shouldnt stop the service' do - pp = <<-EOS +describe 'service is unmanaged' do + it 'shouldnt stop the service' do + pp = <<-EOS class { 'ntp': service_enable => false, service_ensure => stopped, service_manage => false, service_name => '#{servicename}' } - EOS - apply_manifest(pp, :catch_failures => true) - end + EOS + apply_manifest(pp, :catch_failures => true) + end - describe service(servicename) do + describe service(servicename) do + if !(fact('operatingsystem') == 'SLES' && fact('operatingsystemmajrelease') == '12') it { should be_running } it { should be_enabled } + else + # hack until we either update SpecInfra or come up with alternative + output = shell('service ntpd status', :acceptable_exit_codes => [0, 3]) + it 'should be disabled' do + expect(output.stdout).to match(/^\s+Loaded.*disabled\)$/) + end + it 'should be stopped' do + expect(output.stdout).to match(/Active\:\s+inactive/) + end end end end + diff --git a/spec/acceptance/preferred_servers_spec.rb b/spec/acceptance/preferred_servers_spec.rb index 352d5cc4..07275272 100644 --- a/spec/acceptance/preferred_servers_spec.rb +++ b/spec/acceptance/preferred_servers_spec.rb @@ -1,5 +1,11 @@ require 'spec_helper_acceptance' +if (fact('osfamily') == 'Solaris') + config = '/etc/inet/ntp.conf' +else + config = '/etc/ntp.conf' +end + describe 'preferred servers', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do pp = <<-EOS class { '::ntp': @@ -14,10 +20,10 @@ class { '::ntp': end end - describe file('/etc/ntp.conf') do + describe file("#{config}") do it { should be_file } - it { should contain 'server a' } - it { should contain 'server b' } + its(:content) { should match 'server a' } + its(:content) { should match 'server b' } its(:content) { should match /server c (iburst\s|)prefer/ } its(:content) { should match /server d (iburst\s|)prefer/ } end diff --git a/spec/acceptance/restrict_spec.rb b/spec/acceptance/restrict_spec.rb index 48061d9c..b919a6b2 100644 --- a/spec/acceptance/restrict_spec.rb +++ b/spec/acceptance/restrict_spec.rb @@ -1,16 +1,25 @@ require 'spec_helper_acceptance' +if (fact('osfamily') == 'Solaris') + config = '/etc/inet/ntp.conf' +else + config = '/etc/ntp.conf' +end + describe "ntp class with restrict:", :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do context 'should run successfully' do it 'runs twice' do pp = "class { 'ntp': restrict => ['test restrict']}" - apply_manifest(pp, :catch_failures => true) - apply_manifest(pp, :catch_changes => true) + 2.times do + apply_manifest(pp, :catch_failures => true) do |r| + expect(r.stderr).not_to match(/error/i) + end + end end end - describe file('/etc/ntp.conf') do - it { should contain('test restrict') } + describe file("#{config}") do + its(:content) { should match('test restrict') } end end diff --git a/spec/classes/ntp_spec.rb b/spec/classes/ntp_spec.rb index 4a9fd44f..4864e888 100644 --- a/spec/classes/ntp_spec.rb +++ b/spec/classes/ntp_spec.rb @@ -3,12 +3,16 @@ describe 'ntp' do let(:facts) {{ :is_virtual => 'false' }} - ['Debian', 'RedHat','SuSE', 'FreeBSD', 'Archlinux', 'Gentoo', 'Gentoo (Facter < 1.7)'].each do |system| + ['Debian', 'RedHat','Suse', 'FreeBSD', 'Archlinux', 'Gentoo', 'Gentoo (Facter < 1.7)'].each do |system| context "when on system #{system}" do if system == 'Gentoo (Facter < 1.7)' let :facts do super().merge({ :osfamily => 'Linux', :operatingsystem => 'Gentoo' }) end + elsif system == 'Suse' + let :facts do + super().merge({ :osfamily => system,:operatingsystem => 'SLES',:operatingsystemmajrelease => '11' }) + end else let :facts do super().merge({ :osfamily => system }) @@ -122,23 +126,76 @@ } end end + describe 'with parameter disable_auth' do + context 'when set to true' do + let(:params) {{ + :disable_auth => true, + }} + + it 'should contain disable auth setting' do + should contain_file('/etc/ntp.conf').with({ + 'content' => /^disable auth\n/, + }) + end + end + context 'when set to false' do + let(:params) {{ + :disable_auth => false, + }} + + it 'should not contain disable auth setting' do + should_not contain_file('/etc/ntp.conf').with({ + 'content' => /^disable auth\n/, + }) + end + end + end + describe 'with parameter broadcastclient' do + context 'when set to true' do + let(:params) {{ + :broadcastclient => true, + }} + + it 'should contain broadcastclient setting' do + should contain_file('/etc/ntp.conf').with({ + 'content' => /^broadcastclient\n/, + }) + end + end + context 'when set to false' do + let(:params) {{ + :broadcastclient => false, + }} + + it 'should not contain broadcastclient setting' do + should_not contain_file('/etc/ntp.conf').with({ + 'content' => /^broadcastclient\n/, + }) + end + end + end describe "ntp::install on #{system}" do - let(:params) {{ :package_ensure => 'present', :package_name => ['ntp'], }} + let(:params) {{ :package_ensure => 'present', :package_name => ['ntp'], :package_manage => true, }} it { should contain_package('ntp').with( :ensure => 'present' )} describe 'should allow package ensure to be overridden' do - let(:params) {{ :package_ensure => 'latest', :package_name => ['ntp'] }} + let(:params) {{ :package_ensure => 'latest', :package_name => ['ntp'], :package_manage => true, }} it { should contain_package('ntp').with_ensure('latest') } end describe 'should allow the package name to be overridden' do - let(:params) {{ :package_ensure => 'present', :package_name => ['hambaby'] }} + let(:params) {{ :package_ensure => 'present', :package_name => ['hambaby'], :package_manage => true, }} it { should contain_package('hambaby') } end + + describe 'should allow the package to be unmanaged' do + let(:params) {{ :package_manage => false, :package_name => ['ntp'], }} + it { should_not contain_package('ntp') } + end end describe 'ntp::service' do @@ -214,22 +271,22 @@ :servers => ['a', 'b', 'c', 'd'], :logfile => '/var/log/foobar.log', }} - + it 'should contain logfile setting' do should contain_file('/etc/ntp.conf').with({ - 'content' => /^logfile = \/var\/log\/foobar\.log\n/, + 'content' => /^logfile \/var\/log\/foobar\.log\n/, }) end end - + context 'when set to false' do let(:params) {{ :servers => ['a', 'b', 'c', 'd'], }} - + it 'should not contain a logfile line' do should_not contain_file('/etc/ntp.conf').with({ - 'content' => /logfile =/, + 'content' => /logfile /, }) end end @@ -287,15 +344,15 @@ end end - describe "on osfamily SuSE" do + describe "on osfamily Suse" do let :facts do - super().merge({ :osfamily => 'SuSE' }) + super().merge({ :osfamily => 'Suse', :operatingsystem => 'SLES',:operatingsystemmajrelease => '11' }) end it 'uses the opensuse ntp servers by default' do should contain_file('/etc/ntp.conf').with({ 'content' => /server \d.opensuse.pool.ntp.org/, - }) + }) end end diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index ccc8915b..1a4bea19 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -1,20 +1,29 @@ require 'beaker-rspec' -UNSUPPORTED_PLATFORMS = [ 'windows', 'Darwin' ] +UNSUPPORTED_PLATFORMS = ['windows', 'Darwin'] unless ENV['RS_PROVISION'] == 'no' or ENV['BEAKER_provision'] == 'no' # This will install the latest available package on el and deb based # systems fail on windows and osx, and install via gem on other *nixes - foss_opts = { :default_action => 'gem_install' } + foss_opts = {:default_action => 'gem_install'} - if default.is_pe?; then install_pe; else install_puppet( foss_opts ); end + if default.is_pe?; then + install_pe; + else + install_puppet(foss_opts); + end hosts.each do |host| unless host.is_pe? on host, "/bin/echo '' > #{host['hieraconf']}" end on host, "mkdir -p #{host['distmoduledir']}" - on host, 'puppet module install puppetlabs-stdlib', :acceptable_exit_codes => [0,1] + if host['platform'] =~ /sles-12/i || host['platform'] =~ /solaris-11/i + apply_manifest_on(host, 'package{"git":}') + on host, 'git clone -b 4.3.x https://github.com/puppetlabs/puppetlabs-stdlib /etc/puppetlabs/puppet/modules/stdlib' + else + on host, puppet('module install puppetlabs-stdlib'), {:acceptable_exit_codes => [0, 1]} + end end end @@ -27,7 +36,11 @@ # Configure all nodes in nodeset c.before :suite do - # Install module - puppet_module_install(:source => proj_root, :module_name => 'ntp') + hosts.each do |host| + on host, "mkdir -p #{host['distmoduledir']}/ntp" + %w(lib manifests templates metadata.json).each do |file| + scp_to host, "#{proj_root}/#{file}", "#{host['distmoduledir']}/ntp" + end + end end end diff --git a/templates/ntp.conf.erb b/templates/ntp.conf.erb index ff40fe60..2393087f 100644 --- a/templates/ntp.conf.erb +++ b/templates/ntp.conf.erb @@ -9,13 +9,16 @@ tinker panic 0 <% if @disable_monitor == true -%> disable monitor <% end -%> +<% if @disable_auth == true -%> +disable auth +<% end -%> <% if @restrict != [] -%> # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. <% @restrict.flatten.each do |restrict| -%> restrict <%= restrict %> -<% end %> +<% end -%> <% end -%> <% if @interfaces != [] -%> @@ -24,28 +27,32 @@ restrict <%= restrict %> interface ignore wildcard <% @interfaces.flatten.each do |interface| -%> interface listen <%= interface %> -<% end %> +<% end -%> +<% end -%> + +<% if @broadcastclient == true -%> +broadcastclient <% end -%> <% [@servers].flatten.each do |server| -%> server <%= server %><% if @iburst_enable == true -%> iburst<% end %><% if @preferred_servers.include?(server) -%> prefer<% end %> <% end -%> -<% if scope.lookupvar('::is_virtual') == "false" or @udlc -%> +<% if @udlc -%> # Undisciplined Local Clock. This is a fake driver intended for backup -# and when no outside source of synchronized time is available. -server 127.127.1.0 -fudge 127.127.1.0 stratum 10 +# and when no outside source of synchronized time is available. +server 127.127.1.0 +fudge 127.127.1.0 stratum 10 restrict 127.127.1.0 <% end -%> # Driftfile. driftfile <%= @driftfile %> -<% unless @logfile.nil? %> +<% unless @logfile.nil? -%> # Logfile -logfile = <%= @logfile %> -<% end %> +logfile <%= @logfile %> +<% end -%> <% if @keys_enable -%> keys <%= @keys_file %> @@ -60,3 +67,6 @@ controlkey <%= @keys_controlkey %> <% end -%> <% end -%> +<% [@fudge].flatten.each do |entry| -%> +fudge <%= entry %> +<% end -%>