enhanced default configuration #194
Conversation
|
(Closed by accident) What if we just don't manage the parent directory? I can't figure out why it was originally done that way. |
|
The parent directory should be managed, but it indeed should be managed separately (example with an optional $config_dir variable) if you want to do it nicely (IMHO). Then you can include sane defaults. It's also possible to not include the parent directory at all, but then (if ntp has its own configuration directory) an administrator needs to 'notice' that the configuration directory is not managed. I personally would assume it would be managed with sane defaults. |
|
Yeah, to directly manage Would you like to update this PR to make it more "confdir" centric instead of "keys file" centric? |
|
Agreed, I'll update it ASAP |
|
Thanks for the effort, This needs rebased. |
sebastianschauenburg
force-pushed
the
enhance-default-config
branch
from
a837475 to
3b9c124
Compare
sebastianschauenburg
force-pushed
the
enhance-default-config
branch
2 times, most recently
from
196c16a to
0a68feb
Compare
| } | ||
| } | ||
|
|
||
| if $config_dir { | ||
| file { $config_dir: |
sebastianschauenburg
force-pushed
the
enhance-default-config
branch
from
0a68feb to
7d8883a
Compare
|
This can still be easily merged, @hunner? |
|
Cherry-picking this commit on top of master is still quite easy, if someone want's to resurrect this change. Then it needs a entry for Meanwhile, I added a check to avoid managing '/' or '/etc' in #292 to fix the immediate problem. |
|
👍 do it so, number 1. |
I noticed /etc/ being chmod'ed when the $keys_file is located at "/etc/ntp.keys". The original configuration causes permissions in /etc/ to be recursively changed. I've mitigated this by checking if there are at least 2 directories above the $keys_file (the $keys_file should at least be in /etc/ or /usr/local/ if it's custom compiled). Furthermore changed the default permissions from 0755 to 0640, since the execute bit automatically set by puppet on directories. Usually the service group of this daemon is named 'ntp', as such changed the group. Is this a welcome contribution right now?