Puppet Class: profile::wmcs::services::ntp

Defined in:
modules/profile/manifests/wmcs/services/ntp.pp

Overview

SPDX-License-Identifier: Apache-2.0

Class profile::wmcs::services::ntp

Ntp server profile

Parameters:

  • server_peers (Array[Stdlib::Host]) (defaults to: lookup('profile::wmcs::services::server_peers')) 


5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'modules/profile/manifests/wmcs/services/ntp.pp', line 5

class profile::wmcs::services::ntp (
    Array[Stdlib::Host] $server_peers = lookup('profile::wmcs::services::server_peers'),
) {
    include network::constants

    $server_upstream_pools = ['0.us.pool.ntp.org']

    # Keep syncing even if our peer doesn't respond
    $extra_config = 'tos orphan 12'

    $query_acl = []
    $server_upstreams = []

    $peers = $server_peers.filter |Stdlib::Host $host| { $host != $::facts['networking']['fqdn'] }

    # On Bookworm (or, really, src:ntpsec, but that's replacing src:ntp in Bookworm),
    # we can pass CIDR ranges directly in the config file. For now, we need to pass the
    # netmask in the long format.
    $time_acl = $network::constants::cloud_instance_networks[$::site].map |Stdlib::IP::Address $cidr| {
        $address = $cidr.split('/')[0]
        $mask = wmflib::cidr2mask($cidr)
        "${address} mask ${mask}"
    }

    ntp::daemon { 'server':
        servers      => $server_upstreams,
        pools        => $server_upstream_pools,
        peers        => $peers,
        time_acl     => $time_acl,
        extra_config => $extra_config,
        query_acl    => $query_acl,
    }

    # FIXME: add monitoring once we decide on a wmcs/services monitoring system
}