Puppet Class: profile::wmcs::services::ntp
- Defined in:
- modules/profile/manifests/wmcs/services/ntp.pp
Overview
SPDX-License-Identifier: Apache-2.0
Class profile::wmcs::services::ntp
Ntp server profile
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 |
# File 'modules/profile/manifests/wmcs/services/ntp.pp', line 5
class profile::wmcs::services::ntp (
Array[Stdlib::Host] $server_peers = lookup('profile::wmcs::services::server_peers'),
) {
include network::constants
$server_upstream_pools = ['0.us.pool.ntp.org']
# Keep syncing even if our peer doesn't respond
$extra_config = 'tos orphan 12'
$query_acl = []
$server_upstreams = []
$peers = $server_peers.filter |Stdlib::Host $host| { $host != $::facts['networking']['fqdn'] }
# On Bookworm (or, really, src:ntpsec, but that's replacing src:ntp in Bookworm),
# we can pass CIDR ranges directly in the config file. For now, we need to pass the
# netmask in the long format.
$time_acl = $network::constants::cloud_instance_networks[$::site].map |Stdlib::IP::Address $cidr| {
$address = $cidr.split('/')[0]
$mask = wmflib::cidr2mask($cidr)
"${address} mask ${mask}"
}
ntp::daemon { 'server':
servers => $server_upstreams,
pools => $server_upstream_pools,
peers => $peers,
time_acl => $time_acl,
extra_config => $extra_config,
query_acl => $query_acl,
}
# FIXME: add monitoring once we decide on a wmcs/services monitoring system
}
|