add ntp config

2024-08-16 12:59:49 +02:00 · 2018-12-28 15:10:34 +01:00 · 2018-12-28 15:10:34 +01:00 · 52488963c7
commit 52488963c7
parent 84e5ca63d3
13 changed files with 130 additions and 3 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -1,2 +1,25 @@
 ---
-# defaults file for ansible-role-ntp
+# defaults file for ansible-role-ntp
+
+# Restrict acces on ntp server
+# Default is: ::1, 127.0.0.1
+ntp_restrict:
+  - default nomodify notrap nopeer noquery
+  - 127.0.0.1
+  - ::1
+
+# Ntp server to use for date synchronization
+# Default is worldwide pool
+ntp_servers:
+  - 0.pool.ntp.org iburst
+  - 1.pool.ntp.org iburst
+  - 2.pool.ntp.org iburst
+  - 3.pool.ntp.org iburst
+
+# Enable or disable ntp statistics
+# Default is false
+ntp_statistics: false
+
+# Define timezone to use
+# Default is Etc/UTC
+ntp_timezone: Europe/London
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -1,2 +1,17 @@
 ---
-# handlers file for ansible-role-ntp
+# handlers file for ansible-role-ntp
+
+- name: Restart ntp daemons on Linux
+  service:
+    name: "{{ ntp_service }}"
+    state: restarted
+
+- name: Restart ntp daemons on FreeBSD
+  service:
+    name: "{{ ntp_service }}"
+    state: restarted
+
+- name: Restart ntp daemons on OpenBSD
+  service:
+    name: "{{ ntp_service }}"
+    state: restarted
--- a/tasks/config.yml
+++ b/tasks/config.yml
@ -0,0 +1,15 @@
+---
+# Tasks file for config ntp daemon
+
+- name: Define timezone to use
+  timezone:
+    name: "{{ ntp_timezone }}"
+
+- name: seting-up ntp config
+  template:
+    src: ntp.conf.j2
+    dest: "{{ ntp_configfile }}"
+    owner: "{{ ntp_configfile_user }}"
+    group: "{{ ntp_configfile_group }}"
+    mode: 644
+  notify: "Restart ntp daemons on {{ ansible_system }}"
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -4,5 +4,8 @@
 - name: Include OS specific variables.
  include_vars: "{{ ansible_os_family }}.yml"

- name: Install ntp agent
+- name: Install ntp
  include_tasks: "packages/setup-{{ ansible_system }}.yml"
+
+- name: Configure ntp
+  include_tasks: config.yml
--- a/templates/ntp.conf.j2
+++ b/templates/ntp.conf.j2
@ -0,0 +1,19 @@
+#####################################
+##                                 ##
+## THIS FILE IS MANAGED BY ANSIBLE ##
+##                                 ##
+#####################################
+
+driftfile {{ ntp_driftfile }}
+
+{%- for restrict_ip in ntp_restrict -%}
+restrict {{ restrict_ip }}
+{%- endfor -%}
+
+{%- for pool_server in ntp_servers -%}
+server {{ pool_server }}
+{%- endfor -%}
+
+{%- if ntp_statistics -%}
+statistics clockstats cryptostats loopstats peerstats
+{%- endif -%}
--- a/tests/inspec/config_spec.rb
+++ b/tests/inspec/config_spec.rb
@ -0,0 +1,17 @@
+# Test ntp config
+
+ntp_configfile = '/etc/ntp.conf'
+
+control 'config-01' do
+  impact 1.0
+  title 'Ntp server'
+  desc 'Ntp worldwide servers should be present'
+  describe file(ntp_configfile) do
+     its('owner') { should eq 'root' }
+     its('mode') { should cmp '0644' }
+     its('content') { should match /server 0.pool.ntp.org iburst/ }
+     its('content') { should match /server 1.pool.ntp.org iburst/ }
+     its('content') { should match /server 2.pool.ntp.org iburst/ }
+     its('content') { should match /server 3.pool.ntp.org iburst/ }
+  end
+end
--- a/vars/Archlinux.yml
+++ b/vars/Archlinux.yml
@ -1,2 +1,7 @@
 ntp_package: ntp
 ntp_service: ntpd
+
+ntp_configfile: /etc/ntp.conf
+ntp_configfile_user: root
+ntp_configfile_group: root
+ntp_driftfile: /var/lib/ntp/drift
--- a/vars/Debian.yml
+++ b/vars/Debian.yml
@ -1,2 +1,7 @@
 ntp_package: ntp
 ntp_service: ntp
+
+ntp_configfile: /etc/ntp.conf
+ntp_configfile_user: root
+ntp_configfile_group: root
+ntp_driftfile: /var/lib/ntp/drift
--- a/vars/FreeBSD.yml
+++ b/vars/FreeBSD.yml
@ -1,2 +1,7 @@
 ntp_package: ntp
 ntp_service: ntpd
+
+ntp_configfile: /etc/ntp.conf
+ntp_configfile_user: root
+ntp_configfile_group: wheel
+ntp_driftfile: /var/lib/ntp/drift
--- a/vars/Gentoo.yml
+++ b/vars/Gentoo.yml
@ -1,2 +1,7 @@
 ntp_package: net-misc/ntp
 ntp_service: ntp-client
+
+ntp_configfile: /etc/ntp.conf
+ntp_configfile_user: root
+ntp_configfile_group: root
+ntp_driftfile: /var/lib/ntp/drift
--- a/vars/OpenBSD.yml
+++ b/vars/OpenBSD.yml
@ -1,2 +1,7 @@
 ntp_package: ntp
 ntp_service: ntpd
+
+ntp_configfile: /etc/ntp.conf
+ntp_configfile_user: root
+ntp_configfile_group: wheel
+ntp_driftfile: /var/lib/ntp/drift
--- a/vars/RedHat.yml
+++ b/vars/RedHat.yml
@ -1,2 +1,7 @@
 ntp_package: ntp
 ntp_service: ntpd
+
+ntp_configfile: /etc/ntp.conf
+ntp_configfile_user: root
+ntp_configfile_group: root
+ntp_driftfile: /var/lib/ntp/drift
--- a/vars/Suse.yml
+++ b/vars/Suse.yml
@ -1,2 +1,7 @@
 ntp_package: ntp
 ntp_service: ntpd
+
+ntp_configfile: /etc/ntp.conf
+ntp_configfile_user: root
+ntp_configfile_group: root
+ntp_driftfile: /var/lib/ntp/drift/ntp.drift