From 52488963c7e441e1d1c655babe27f4a9dc9802bd Mon Sep 17 00:00:00 2001 From: diodonfrost Date: Fri, 28 Dec 2018 15:10:34 +0100 Subject: [PATCH] add ntp config --- defaults/main.yml | 25 ++++++++++++++++++++++++- handlers/main.yml | 17 ++++++++++++++++- tasks/config.yml | 15 +++++++++++++++ tasks/main.yml | 5 ++++- templates/ntp.conf.j2 | 19 +++++++++++++++++++ tests/inspec/config_spec.rb | 17 +++++++++++++++++ vars/Archlinux.yml | 5 +++++ vars/Debian.yml | 5 +++++ vars/FreeBSD.yml | 5 +++++ vars/Gentoo.yml | 5 +++++ vars/OpenBSD.yml | 5 +++++ vars/RedHat.yml | 5 +++++ vars/Suse.yml | 5 +++++ 13 files changed, 130 insertions(+), 3 deletions(-) create mode 100644 tasks/config.yml create mode 100644 templates/ntp.conf.j2 create mode 100644 tests/inspec/config_spec.rb diff --git a/defaults/main.yml b/defaults/main.yml index c46355c..f808dc7 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,2 +1,25 @@ --- -# defaults file for ansible-role-ntp \ No newline at end of file +# defaults file for ansible-role-ntp + +# Restrict acces on ntp server +# Default is: ::1, 127.0.0.1 +ntp_restrict: + - default nomodify notrap nopeer noquery + - 127.0.0.1 + - ::1 + +# Ntp server to use for date synchronization +# Default is worldwide pool +ntp_servers: + - 0.pool.ntp.org iburst + - 1.pool.ntp.org iburst + - 2.pool.ntp.org iburst + - 3.pool.ntp.org iburst + +# Enable or disable ntp statistics +# Default is false +ntp_statistics: false + +# Define timezone to use +# Default is Etc/UTC +ntp_timezone: Europe/London diff --git a/handlers/main.yml b/handlers/main.yml index 90bff91..46ff1b2 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,2 +1,17 @@ --- -# handlers file for ansible-role-ntp \ No newline at end of file +# handlers file for ansible-role-ntp + +- name: Restart ntp daemons on Linux + service: + name: "{{ ntp_service }}" + state: restarted + +- name: Restart ntp daemons on FreeBSD + service: + name: "{{ ntp_service }}" + state: restarted + +- name: Restart ntp daemons on OpenBSD + service: + name: "{{ ntp_service }}" + state: restarted diff --git a/tasks/config.yml b/tasks/config.yml new file mode 100644 index 0000000..389cd2a --- /dev/null +++ b/tasks/config.yml @@ -0,0 +1,15 @@ +--- +# Tasks file for config ntp daemon + +- name: Define timezone to use + timezone: + name: "{{ ntp_timezone }}" + +- name: seting-up ntp config + template: + src: ntp.conf.j2 + dest: "{{ ntp_configfile }}" + owner: "{{ ntp_configfile_user }}" + group: "{{ ntp_configfile_group }}" + mode: 644 + notify: "Restart ntp daemons on {{ ansible_system }}" diff --git a/tasks/main.yml b/tasks/main.yml index 8db2220..b656bc1 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -4,5 +4,8 @@ - name: Include OS specific variables. include_vars: "{{ ansible_os_family }}.yml" -- name: Install ntp agent +- name: Install ntp include_tasks: "packages/setup-{{ ansible_system }}.yml" + +- name: Configure ntp + include_tasks: config.yml diff --git a/templates/ntp.conf.j2 b/templates/ntp.conf.j2 new file mode 100644 index 0000000..cd99cee --- /dev/null +++ b/templates/ntp.conf.j2 @@ -0,0 +1,19 @@ +##################################### +## ## +## THIS FILE IS MANAGED BY ANSIBLE ## +## ## +##################################### + +driftfile {{ ntp_driftfile }} + +{%- for restrict_ip in ntp_restrict -%} +restrict {{ restrict_ip }} +{%- endfor -%} + +{%- for pool_server in ntp_servers -%} +server {{ pool_server }} +{%- endfor -%} + +{%- if ntp_statistics -%} +statistics clockstats cryptostats loopstats peerstats +{%- endif -%} diff --git a/tests/inspec/config_spec.rb b/tests/inspec/config_spec.rb new file mode 100644 index 0000000..319e85f --- /dev/null +++ b/tests/inspec/config_spec.rb @@ -0,0 +1,17 @@ +# Test ntp config + +ntp_configfile = '/etc/ntp.conf' + +control 'config-01' do + impact 1.0 + title 'Ntp server' + desc 'Ntp worldwide servers should be present' + describe file(ntp_configfile) do + its('owner') { should eq 'root' } + its('mode') { should cmp '0644' } + its('content') { should match /server 0.pool.ntp.org iburst/ } + its('content') { should match /server 1.pool.ntp.org iburst/ } + its('content') { should match /server 2.pool.ntp.org iburst/ } + its('content') { should match /server 3.pool.ntp.org iburst/ } + end +end diff --git a/vars/Archlinux.yml b/vars/Archlinux.yml index cba4248..343a16a 100644 --- a/vars/Archlinux.yml +++ b/vars/Archlinux.yml @@ -1,2 +1,7 @@ ntp_package: ntp ntp_service: ntpd + +ntp_configfile: /etc/ntp.conf +ntp_configfile_user: root +ntp_configfile_group: root +ntp_driftfile: /var/lib/ntp/drift diff --git a/vars/Debian.yml b/vars/Debian.yml index 0e42ddd..6471813 100644 --- a/vars/Debian.yml +++ b/vars/Debian.yml @@ -1,2 +1,7 @@ ntp_package: ntp ntp_service: ntp + +ntp_configfile: /etc/ntp.conf +ntp_configfile_user: root +ntp_configfile_group: root +ntp_driftfile: /var/lib/ntp/drift diff --git a/vars/FreeBSD.yml b/vars/FreeBSD.yml index cba4248..ea70244 100644 --- a/vars/FreeBSD.yml +++ b/vars/FreeBSD.yml @@ -1,2 +1,7 @@ ntp_package: ntp ntp_service: ntpd + +ntp_configfile: /etc/ntp.conf +ntp_configfile_user: root +ntp_configfile_group: wheel +ntp_driftfile: /var/lib/ntp/drift diff --git a/vars/Gentoo.yml b/vars/Gentoo.yml index ed19340..27cca0c 100644 --- a/vars/Gentoo.yml +++ b/vars/Gentoo.yml @@ -1,2 +1,7 @@ ntp_package: net-misc/ntp ntp_service: ntp-client + +ntp_configfile: /etc/ntp.conf +ntp_configfile_user: root +ntp_configfile_group: root +ntp_driftfile: /var/lib/ntp/drift diff --git a/vars/OpenBSD.yml b/vars/OpenBSD.yml index cba4248..ea70244 100644 --- a/vars/OpenBSD.yml +++ b/vars/OpenBSD.yml @@ -1,2 +1,7 @@ ntp_package: ntp ntp_service: ntpd + +ntp_configfile: /etc/ntp.conf +ntp_configfile_user: root +ntp_configfile_group: wheel +ntp_driftfile: /var/lib/ntp/drift diff --git a/vars/RedHat.yml b/vars/RedHat.yml index cba4248..343a16a 100644 --- a/vars/RedHat.yml +++ b/vars/RedHat.yml @@ -1,2 +1,7 @@ ntp_package: ntp ntp_service: ntpd + +ntp_configfile: /etc/ntp.conf +ntp_configfile_user: root +ntp_configfile_group: root +ntp_driftfile: /var/lib/ntp/drift diff --git a/vars/Suse.yml b/vars/Suse.yml index cba4248..1a673df 100644 --- a/vars/Suse.yml +++ b/vars/Suse.yml @@ -1,2 +1,7 @@ ntp_package: ntp ntp_service: ntpd + +ntp_configfile: /etc/ntp.conf +ntp_configfile_user: root +ntp_configfile_group: root +ntp_driftfile: /var/lib/ntp/drift/ntp.drift