forked from ISTI-ansible-roles/ansible-roles
Merge branch 'master' of adellam/ansible-roles into master
This commit is contained in:
commit
14fa74c2ab
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
- block:
|
||||
- name: Install the ntp server
|
||||
apt: pkg=ntp state=present valid_cache_time=3600
|
||||
apt: pkg=ntp state=present cache_valid_time=3600
|
||||
|
||||
- name: Install the ntp configuration.
|
||||
template: src=ntp.conf.j2 dest=/etc/ntp.conf owner=root group=root mode=0644
|
||||
|
@ -34,5 +34,9 @@
|
|||
service: name=ntpd state=stopped enabled=no
|
||||
when: not ntp_service_enabled | bool
|
||||
|
||||
- name: Manage services firewalld rules. Services names must be the known ones. Save the services that are meant to be permanent
|
||||
firewalld: service=ntp zone=public permanent=True state=enabled immediate=True
|
||||
when: firewalld_enabled | bool
|
||||
|
||||
when: ansible_distribution_file_variety == "RedHat"
|
||||
tags: [ 'packages', 'ntp' ]
|
||||
|
|
|
@ -20,7 +20,8 @@ restrict ::1
|
|||
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
|
||||
{% if ntp_servers_pool is defined %}
|
||||
{% for pool_ip in ntp_servers_pool %}
|
||||
{{ pool_ip }} prefer iburst
|
||||
server {{ pool_ip }} prefer iburst
|
||||
{% endfor %}
|
||||
{% else %}
|
||||
server 0.centos.pool.ntp.org iburst
|
||||
server 1.centos.pool.ntp.org iburst
|
||||
|
@ -28,8 +29,6 @@ server 2.centos.pool.ntp.org iburst
|
|||
server 3.centos.pool.ntp.org iburst
|
||||
{% endif %}
|
||||
|
||||
restrict source notrap nomodify noquery
|
||||
|
||||
# Clients from this (example!) subnet have unlimited access, but only if
|
||||
# cryptographically authenticated.
|
||||
{% if nagios_monitoring_server_ip is defined %}
|
||||
|
@ -40,6 +39,7 @@ restrict {{ ip }} mask 255.255.255.255 notrap nomodify
|
|||
{% if ntp_allowed_clients is defined %}
|
||||
{% for host in ntp_allowed_clients %}
|
||||
restrict {{ host.ip }} mask {{ host.netmask }} {% if host.options is defined %}{{ host.options }}{% else %}notrap nomodify{% endif %}
|
||||
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
|
|
|
@ -18,7 +18,8 @@ filegen clockstats file clockstats type day enable
|
|||
# more information.
|
||||
{% if ntp_servers_pool is defined %}
|
||||
{% for pool_ip in ntp_servers_pool %}
|
||||
{{ pool_ip }} prefer iburst
|
||||
server {{ pool_ip }} prefer iburst
|
||||
{% endfor %}
|
||||
{% else %}
|
||||
pool 0.ubuntu.pool.ntp.org iburst
|
||||
pool 1.ubuntu.pool.ntp.org iburst
|
||||
|
@ -26,9 +27,6 @@ pool 2.ubuntu.pool.ntp.org iburst
|
|||
pool 3.ubuntu.pool.ntp.org iburst
|
||||
{% endif %}
|
||||
|
||||
# Use Ubuntu's ntp server as a fallback.
|
||||
pool ntp.ubuntu.com
|
||||
|
||||
# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
|
||||
# details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
|
||||
# might also be helpful.
|
||||
|
@ -58,6 +56,7 @@ restrict {{ ip }} mask 255.255.255.255 notrap nomodify
|
|||
{% if ntp_allowed_clients is defined %}
|
||||
{% for host in ntp_allowed_clients %}
|
||||
restrict {{ host.ip }} mask {{ host.netmask }} {% if host.options is defined %}{{ host.options }}{% else %}notrap nomodify{% endif %}
|
||||
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
|
|
Loading…
Reference in New Issue