Page MenuHomeDevCentral

No OneTemporary

diff --git a/pillar/core/ntp.sls b/pillar/core/ntp.sls
new file mode 100644
index 0000000..98b9ef3
--- /dev/null
+++ b/pillar/core/ntp.sls
@@ -0,0 +1,12 @@
+# -------------------------------------------------------------
+# Salt — NTP servers
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+ntp_servers:
+ - 0.fr.pool.ntp.org
+ - 1.fr.pool.ntp.org
+ - 2.fr.pool.ntp.org
+ - 3.fr.pool.ntp.org
diff --git a/pillar/top.sls b/pillar/top.sls
index 178734c..a7232a4 100644
--- a/pillar/top.sls
+++ b/pillar/top.sls
@@ -1,78 +1,79 @@
# -------------------------------------------------------------
# Salt configuration for Nasqueron servers
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2016-04-10
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
base:
'*':
- core.users
- core.groups
- core.network
+ - core.ntp
- nodes.nodes
- nodes.forests
- hotfixes.roles
- services.monitoring-reporting
- services.table
- webserver.sites
- credentials.vault
cloudhugger:
- opensearch.software
- opensearch.clusters
complector:
- credentials.vault
# To provision services
- saas.rabbitmq
docker-002:
- notifications.config
- paas.docker
- saas.jenkins
- saas.phpbb
db-a-001:
- dbserver.cluster-A
db-b-001:
- dbserver.cluster-B
dwellers:
- paas.docker
- saas.airflow
- saas.jenkins
eglide:
- shellserver.quassel
hervil:
- mailserver.vimbadmin
- mailserver.dovecot
- mailserver.postfix
ysul:
- devserver.repos
- saas.mediawiki
- webserver.labs
- webserver.wwwroot51
web-001:
- saas.mediawiki
- saas.wordpress
windriver:
- devserver.datacubes
- devserver.ports
- devserver.repos
- netbox.netbox
- observability.prometheus
- packages.freebsd
- viperserv.bots
- viperserv.fantoir
- webserver.labs
- webserver.wwwroot51
diff --git a/roles/core/ntp/files/rc/ntpd.conf b/roles/core/ntp/files/chrony.conf.jinja
similarity index 68%
copy from roles/core/ntp/files/rc/ntpd.conf
copy to roles/core/ntp/files/chrony.conf.jinja
index c8d7ca0..aa0438e 100644
--- a/roles/core/ntp/files/rc/ntpd.conf
+++ b/roles/core/ntp/files/chrony.conf.jinja
@@ -1,16 +1,24 @@
# -------------------------------------------------------------
-# ntpd — rc configuration
+# Chrony configuration
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
-# Source file: roles/core/ntp/files/rc/ntpd.conf
+# Source file: roles/core/ntp/files/chrony.conf.jinja
# -------------------------------------------------------------
#
# <auto-generated>
# This file is managed by our rOPS SaltStack repository.
#
# Changes to this file may cause incorrect behavior
# and will be lost if the state is redeployed.
# </auto-generated>
-ntpd_enable=YES
+{% for server in servers -%}
+pool {{ server }} iburst
+{% endfor %}
+
+driftfile /var/lib/chrony/drift
+makestep 1.0 3
+rtcsync
+
+logdir /var/log/chrony
diff --git a/roles/core/ntp/files/rc/ntpd.conf b/roles/core/ntp/files/ntp.conf.jinja
similarity index 58%
copy from roles/core/ntp/files/rc/ntpd.conf
copy to roles/core/ntp/files/ntp.conf.jinja
index c8d7ca0..c326f2d 100644
--- a/roles/core/ntp/files/rc/ntpd.conf
+++ b/roles/core/ntp/files/ntp.conf.jinja
@@ -1,16 +1,28 @@
+
# -------------------------------------------------------------
-# ntpd — rc configuration
+# ntpd configuration
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
-# Source file: roles/core/ntp/files/rc/ntpd.conf
+# Source file: roles/core/ntp/files/ntp.conf.jinja
# -------------------------------------------------------------
#
# <auto-generated>
# This file is managed by our rOPS SaltStack repository.
#
# Changes to this file may cause incorrect behavior
# and will be lost if the state is redeployed.
# </auto-generated>
-ntpd_enable=YES
+tos minclock 3 maxclock 6
+
+{% for server in servers -%}
+pool {{ server }} iburst
+{% endfor %}
+
+restrict default limited kod nomodify notrap noquery nopeer
+restrict source limited kod nomodify notrap noquery
+restrict 127.0.0.1
+restrict ::1
+
+leapfile "/var/db/ntpd.leap-seconds.list"
diff --git a/roles/core/ntp/files/rc/ntpd.conf b/roles/core/ntp/files/rc/ntpd.conf
index c8d7ca0..6ff4833 100644
--- a/roles/core/ntp/files/rc/ntpd.conf
+++ b/roles/core/ntp/files/rc/ntpd.conf
@@ -1,16 +1,16 @@
# -------------------------------------------------------------
# ntpd — rc configuration
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# Source file: roles/core/ntp/files/rc/ntpd.conf
# -------------------------------------------------------------
#
# <auto-generated>
# This file is managed by our rOPS SaltStack repository.
#
# Changes to this file may cause incorrect behavior
# and will be lost if the state is redeployed.
# </auto-generated>
-ntpd_enable=YES
+ntpd_enable="YES"
diff --git a/roles/core/ntp/init.sls b/roles/core/ntp/init.sls
index 0340cc8..ebaa1db 100644
--- a/roles/core/ntp/init.sls
+++ b/roles/core/ntp/init.sls
@@ -1,26 +1,47 @@
# -------------------------------------------------------------
# Salt — NTP
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% if grains['os_family'] == 'RedHat' %}
+{% if grains["os_family"] == "RedHat" %}
chrony:
pkg.installed
+/etc/chrony.conf:
+ file.managed:
+ - source: salt://roles/core/ntp/files/chrony.conf.jinja
+ - template: jinja
+ - context:
+ servers: {{ salt["pillar.get"]("ntp_servers") }}
+ - user: root
+ - group: root
+ - mode: 644
+ - watch_in:
+ - service: chrony_service
+
chrony_service:
service.running:
- name: chronyd
- enable: true
{% endif %}
{% if grains["os"] == "FreeBSD" %}
/etc/rc.conf.d/ntpd:
file.managed:
- source: salt://roles/core/ntp/files/rc/ntpd.conf
+/etc/ntp.conf:
+ file.managed:
+ - source: salt://roles/core/ntp/files/ntp.conf.jinja
+ - template: jinja
+ - context:
+ servers: {{ salt["pillar.get"]("ntp_servers") }}
+ - watch_in:
+ - service: ntpd
+
ntpd:
service.running:
- enable: True
{% endif %}

File Metadata

Mime Type
text/x-diff
Expires
Sat, Jul 4, 03:12 (1 d, 14 h)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3882064
Default Alt Text
(6 KB)

Event Timeline