Page Menu
Home
DevCentral
Search
Configure Global Search
Log In
Files
F34566571
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
6 KB
Referenced Files
None
Subscribers
None
View Options
diff --git a/pillar/core/ntp.sls b/pillar/core/ntp.sls
new file mode 100644
index 0000000..98b9ef3
--- /dev/null
+++ b/pillar/core/ntp.sls
@@ -0,0 +1,12 @@
+# -------------------------------------------------------------
+# Salt — NTP servers
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+ntp_servers:
+ - 0.fr.pool.ntp.org
+ - 1.fr.pool.ntp.org
+ - 2.fr.pool.ntp.org
+ - 3.fr.pool.ntp.org
diff --git a/pillar/top.sls b/pillar/top.sls
index 178734c..a7232a4 100644
--- a/pillar/top.sls
+++ b/pillar/top.sls
@@ -1,78 +1,79 @@
# -------------------------------------------------------------
# Salt configuration for Nasqueron servers
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2016-04-10
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
base:
'*':
- core.users
- core.groups
- core.network
+ - core.ntp
- nodes.nodes
- nodes.forests
- hotfixes.roles
- services.monitoring-reporting
- services.table
- webserver.sites
- credentials.vault
cloudhugger:
- opensearch.software
- opensearch.clusters
complector:
- credentials.vault
# To provision services
- saas.rabbitmq
docker-002:
- notifications.config
- paas.docker
- saas.jenkins
- saas.phpbb
db-a-001:
- dbserver.cluster-A
db-b-001:
- dbserver.cluster-B
dwellers:
- paas.docker
- saas.airflow
- saas.jenkins
eglide:
- shellserver.quassel
hervil:
- mailserver.vimbadmin
- mailserver.dovecot
- mailserver.postfix
ysul:
- devserver.repos
- saas.mediawiki
- webserver.labs
- webserver.wwwroot51
web-001:
- saas.mediawiki
- saas.wordpress
windriver:
- devserver.datacubes
- devserver.ports
- devserver.repos
- netbox.netbox
- observability.prometheus
- packages.freebsd
- viperserv.bots
- viperserv.fantoir
- webserver.labs
- webserver.wwwroot51
diff --git a/roles/core/ntp/files/rc/ntpd.conf b/roles/core/ntp/files/chrony.conf.jinja
similarity index 68%
copy from roles/core/ntp/files/rc/ntpd.conf
copy to roles/core/ntp/files/chrony.conf.jinja
index c8d7ca0..aa0438e 100644
--- a/roles/core/ntp/files/rc/ntpd.conf
+++ b/roles/core/ntp/files/chrony.conf.jinja
@@ -1,16 +1,24 @@
# -------------------------------------------------------------
-# ntpd — rc configuration
+# Chrony configuration
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
-# Source file: roles/core/ntp/files/rc/ntpd.conf
+# Source file: roles/core/ntp/files/chrony.conf.jinja
# -------------------------------------------------------------
#
# <auto-generated>
# This file is managed by our rOPS SaltStack repository.
#
# Changes to this file may cause incorrect behavior
# and will be lost if the state is redeployed.
# </auto-generated>
-ntpd_enable=YES
+{% for server in servers -%}
+pool {{ server }} iburst
+{% endfor %}
+
+driftfile /var/lib/chrony/drift
+makestep 1.0 3
+rtcsync
+
+logdir /var/log/chrony
diff --git a/roles/core/ntp/files/rc/ntpd.conf b/roles/core/ntp/files/ntp.conf.jinja
similarity index 58%
copy from roles/core/ntp/files/rc/ntpd.conf
copy to roles/core/ntp/files/ntp.conf.jinja
index c8d7ca0..c326f2d 100644
--- a/roles/core/ntp/files/rc/ntpd.conf
+++ b/roles/core/ntp/files/ntp.conf.jinja
@@ -1,16 +1,28 @@
+
# -------------------------------------------------------------
-# ntpd — rc configuration
+# ntpd configuration
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
-# Source file: roles/core/ntp/files/rc/ntpd.conf
+# Source file: roles/core/ntp/files/ntp.conf.jinja
# -------------------------------------------------------------
#
# <auto-generated>
# This file is managed by our rOPS SaltStack repository.
#
# Changes to this file may cause incorrect behavior
# and will be lost if the state is redeployed.
# </auto-generated>
-ntpd_enable=YES
+tos minclock 3 maxclock 6
+
+{% for server in servers -%}
+pool {{ server }} iburst
+{% endfor %}
+
+restrict default limited kod nomodify notrap noquery nopeer
+restrict source limited kod nomodify notrap noquery
+restrict 127.0.0.1
+restrict ::1
+
+leapfile "/var/db/ntpd.leap-seconds.list"
diff --git a/roles/core/ntp/files/rc/ntpd.conf b/roles/core/ntp/files/rc/ntpd.conf
index c8d7ca0..6ff4833 100644
--- a/roles/core/ntp/files/rc/ntpd.conf
+++ b/roles/core/ntp/files/rc/ntpd.conf
@@ -1,16 +1,16 @@
# -------------------------------------------------------------
# ntpd — rc configuration
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# Source file: roles/core/ntp/files/rc/ntpd.conf
# -------------------------------------------------------------
#
# <auto-generated>
# This file is managed by our rOPS SaltStack repository.
#
# Changes to this file may cause incorrect behavior
# and will be lost if the state is redeployed.
# </auto-generated>
-ntpd_enable=YES
+ntpd_enable="YES"
diff --git a/roles/core/ntp/init.sls b/roles/core/ntp/init.sls
index 0340cc8..ebaa1db 100644
--- a/roles/core/ntp/init.sls
+++ b/roles/core/ntp/init.sls
@@ -1,26 +1,47 @@
# -------------------------------------------------------------
# Salt — NTP
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% if grains['os_family'] == 'RedHat' %}
+{% if grains["os_family"] == "RedHat" %}
chrony:
pkg.installed
+/etc/chrony.conf:
+ file.managed:
+ - source: salt://roles/core/ntp/files/chrony.conf.jinja
+ - template: jinja
+ - context:
+ servers: {{ salt["pillar.get"]("ntp_servers") }}
+ - user: root
+ - group: root
+ - mode: 644
+ - watch_in:
+ - service: chrony_service
+
chrony_service:
service.running:
- name: chronyd
- enable: true
{% endif %}
{% if grains["os"] == "FreeBSD" %}
/etc/rc.conf.d/ntpd:
file.managed:
- source: salt://roles/core/ntp/files/rc/ntpd.conf
+/etc/ntp.conf:
+ file.managed:
+ - source: salt://roles/core/ntp/files/ntp.conf.jinja
+ - template: jinja
+ - context:
+ servers: {{ salt["pillar.get"]("ntp_servers") }}
+ - watch_in:
+ - service: ntpd
+
ntpd:
service.running:
- enable: True
{% endif %}
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Sat, Jul 4, 03:12 (1 d, 14 h)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3882064
Default Alt Text
(6 KB)
Attached To
Mode
rOPS Nasqueron Operations
Attached
Detach File
Event Timeline
Log In to Comment