Puppet Class: lsys::ntp
- Defined in:
- manifests/ntp.pp
Summary
A basic NTP profileOverview
A basic NTP profile
7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 |
# File 'manifests/ntp.pp', line 7
class lsys::ntp (
Boolean $enable_hardening = false,
Optional[Array[Stdlib::Host]] $servers = undef,
) {
if $servers {
$ntp_servers = $servers
}
elsif $facts['os']['family'] == 'RedHat' {
$ntp_servers = [
'0.centos.pool.ntp.org',
'1.centos.pool.ntp.org',
'2.centos.pool.ntp.org',
'3.centos.pool.ntp.org',
]
}
else {
$ntp_servers = [
'0.pool.ntp.org',
'1.pool.ntp.org',
'2.pool.ntp.org',
'3.pool.ntp.org',
]
}
if $facts['os']['family'] == 'RedHat' and $facts['os']['release']['major'] in ['8', '9'] {
# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_basic_system_settings/using-chrony-to-configure-ntp
# https://access.redhat.com/solutions/1977523
class { 'chrony':
servers => $ntp_servers,
}
contain chrony
if $enable_hardening {
file {
default: mode => 'o=';
'/usr/bin/chronyc': ;
'/usr/sbin/chronyd': ;
}
}
}
else {
# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/ch-configuring_ntp_using_ntpd
class { 'ntp':
iburst_enable => true,
servers => $ntp_servers,
restrict => [
'default nomodify notrap nopeer noquery',
'-6 default nomodify notrap nopeer noquery',
'127.0.0.1',
'-6 ::1',
],
}
contain ntp
if $enable_hardening {
file {
default: mode => 'o=';
'/etc/ntp': ;
'/usr/bin/ntpstat': ;
'/usr/sbin/ntp-keygen': ;
'/usr/sbin/ntpd': ;
'/usr/sbin/ntpdc': ;
'/usr/sbin/ntpq': ;
'/usr/sbin/ntptime': ;
'/usr/sbin/tickadj': ;
}
}
}
}
|