Fix the templates, a 'server' directive was missing.

2019-10-25 19:48:41 +02:00 · 2019-10-25 19:48:41 +02:00 · 76aa23c024
parent 974f7d893a
commit 76aa23c024
3 changed files with 11 additions and 8 deletions
--- a/library/roles/ntp/tasks/main.yml
+++ b/library/roles/ntp/tasks/main.yml
@ -1,7 +1,7 @@
 ---
 - block:
  - name: Install the ntp server
-    apt: pkg=ntp state=present valid_cache_time=3600
+    apt: pkg=ntp state=present cache_valid_time=3600

  - name: Install the ntp configuration.
    template: src=ntp.conf.j2 dest=/etc/ntp.conf owner=root group=root mode=0644
@ -34,5 +34,9 @@
    service: name=ntpd state=stopped enabled=no
    when: not ntp_service_enabled | bool

+  - name: Manage services firewalld rules. Services names must be the known ones. Save the services that are meant to be permanent
+    firewalld: service=ntp zone=public permanent=True state=enabled immediate=True
+    when: firewalld_enabled | bool
+
  when: ansible_distribution_file_variety == "RedHat"
  tags: [ 'packages', 'ntp' ]
--- a/library/roles/ntp/templates/ntp-centos.conf.j2
+++ b/library/roles/ntp/templates/ntp-centos.conf.j2
@ -20,7 +20,8 @@ restrict ::1
 # Please consider joining the pool (http://www.pool.ntp.org/join.html).
 {% if ntp_servers_pool is defined %}
 {% for pool_ip in ntp_servers_pool %}
-{{ pool_ip }} prefer iburst
+server {{ pool_ip }} prefer iburst
+{% endfor %}
 {% else %}
 server 0.centos.pool.ntp.org iburst
 server 1.centos.pool.ntp.org iburst
@ -28,8 +29,6 @@ server 2.centos.pool.ntp.org iburst
 server 3.centos.pool.ntp.org iburst
 {% endif %}

-restrict source notrap nomodify noquery
-
 # Clients from this (example!) subnet have unlimited access, but only if
 # cryptographically authenticated.
 {% if nagios_monitoring_server_ip is defined %}
@ -40,6 +39,7 @@ restrict {{ ip }} mask 255.255.255.255 notrap nomodify
 {% if ntp_allowed_clients is defined %}
 {% for host in ntp_allowed_clients %}
 restrict {{ host.ip }} mask {{ host.netmask }} {% if host.options is defined %}{{ host.options }}{% else %}notrap nomodify{% endif %}
+
 {% endfor %}
 {% endif %}

--- a/library/roles/ntp/templates/ntp.conf.j2
+++ b/library/roles/ntp/templates/ntp.conf.j2
@ -18,7 +18,8 @@ filegen clockstats file clockstats type day enable
 # more information.
 {% if ntp_servers_pool is defined %}
 {% for pool_ip in ntp_servers_pool %}
-{{ pool_ip }} prefer iburst
+server {{ pool_ip }} prefer iburst
+{% endfor %}
 {% else %}
 pool 0.ubuntu.pool.ntp.org iburst
 pool 1.ubuntu.pool.ntp.org iburst
@ -26,9 +27,6 @@ pool 2.ubuntu.pool.ntp.org iburst
 pool 3.ubuntu.pool.ntp.org iburst
 {% endif %}

-# Use Ubuntu's ntp server as a fallback.
-pool ntp.ubuntu.com
-
 # Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
 # details.  The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
 # might also be helpful.
@ -58,6 +56,7 @@ restrict {{ ip }} mask 255.255.255.255 notrap nomodify
 {% if ntp_allowed_clients is defined %}
 {% for host in ntp_allowed_clients %}
 restrict {{ host.ip }} mask {{ host.netmask }} {% if host.options is defined %}{{ host.options }}{% else %}notrap nomodify{% endif %}
+
 {% endfor %}
 {% endif %}