From 76aa23c024572a8d55897ca3d36417691a9aa394 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Fri, 25 Oct 2019 19:48:41 +0200 Subject: [PATCH] Fix the templates, a 'server' directive was missing. --- library/roles/ntp/tasks/main.yml | 6 +++++- library/roles/ntp/templates/ntp-centos.conf.j2 | 6 +++--- library/roles/ntp/templates/ntp.conf.j2 | 7 +++---- 3 files changed, 11 insertions(+), 8 deletions(-) diff --git a/library/roles/ntp/tasks/main.yml b/library/roles/ntp/tasks/main.yml index c7f74c5..d643f8b 100644 --- a/library/roles/ntp/tasks/main.yml +++ b/library/roles/ntp/tasks/main.yml @@ -1,7 +1,7 @@ --- - block: - name: Install the ntp server - apt: pkg=ntp state=present valid_cache_time=3600 + apt: pkg=ntp state=present cache_valid_time=3600 - name: Install the ntp configuration. template: src=ntp.conf.j2 dest=/etc/ntp.conf owner=root group=root mode=0644 @@ -34,5 +34,9 @@ service: name=ntpd state=stopped enabled=no when: not ntp_service_enabled | bool + - name: Manage services firewalld rules. Services names must be the known ones. Save the services that are meant to be permanent + firewalld: service=ntp zone=public permanent=True state=enabled immediate=True + when: firewalld_enabled | bool + when: ansible_distribution_file_variety == "RedHat" tags: [ 'packages', 'ntp' ] diff --git a/library/roles/ntp/templates/ntp-centos.conf.j2 b/library/roles/ntp/templates/ntp-centos.conf.j2 index 9a779b4..696336c 100644 --- a/library/roles/ntp/templates/ntp-centos.conf.j2 +++ b/library/roles/ntp/templates/ntp-centos.conf.j2 @@ -20,7 +20,8 @@ restrict ::1 # Please consider joining the pool (http://www.pool.ntp.org/join.html). {% if ntp_servers_pool is defined %} {% for pool_ip in ntp_servers_pool %} -{{ pool_ip }} prefer iburst +server {{ pool_ip }} prefer iburst +{% endfor %} {% else %} server 0.centos.pool.ntp.org iburst server 1.centos.pool.ntp.org iburst @@ -28,8 +29,6 @@ server 2.centos.pool.ntp.org iburst server 3.centos.pool.ntp.org iburst {% endif %} -restrict source notrap nomodify noquery - # Clients from this (example!) subnet have unlimited access, but only if # cryptographically authenticated. {% if nagios_monitoring_server_ip is defined %} @@ -40,6 +39,7 @@ restrict {{ ip }} mask 255.255.255.255 notrap nomodify {% if ntp_allowed_clients is defined %} {% for host in ntp_allowed_clients %} restrict {{ host.ip }} mask {{ host.netmask }} {% if host.options is defined %}{{ host.options }}{% else %}notrap nomodify{% endif %} + {% endfor %} {% endif %} diff --git a/library/roles/ntp/templates/ntp.conf.j2 b/library/roles/ntp/templates/ntp.conf.j2 index 20d6a48..9b262f8 100644 --- a/library/roles/ntp/templates/ntp.conf.j2 +++ b/library/roles/ntp/templates/ntp.conf.j2 @@ -18,7 +18,8 @@ filegen clockstats file clockstats type day enable # more information. {% if ntp_servers_pool is defined %} {% for pool_ip in ntp_servers_pool %} -{{ pool_ip }} prefer iburst +server {{ pool_ip }} prefer iburst +{% endfor %} {% else %} pool 0.ubuntu.pool.ntp.org iburst pool 1.ubuntu.pool.ntp.org iburst @@ -26,9 +27,6 @@ pool 2.ubuntu.pool.ntp.org iburst pool 3.ubuntu.pool.ntp.org iburst {% endif %} -# Use Ubuntu's ntp server as a fallback. -pool ntp.ubuntu.com - # Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for # details. The web page # might also be helpful. @@ -58,6 +56,7 @@ restrict {{ ip }} mask 255.255.255.255 notrap nomodify {% if ntp_allowed_clients is defined %} {% for host in ntp_allowed_clients %} restrict {{ host.ip }} mask {{ host.netmask }} {% if host.options is defined %}{{ host.options }}{% else %}notrap nomodify{% endif %} + {% endfor %} {% endif %}