From b971db06012b1104bbf5bd17382a573e6f354b3a Mon Sep 17 00:00:00 2001 From: Christer Ekholm Date: Thu, 9 Jul 2020 01:32:55 +0200 Subject: [PATCH 1/4] Consolidate templates and convert to epp() Replace the separate erb-templates for chrony.conf with one epp-template. The chrony.conf.epp is based on the erb-template for redhat. --- manifests/config.pp | 2 +- manifests/params.pp | 6 +- templates/chrony.conf.archlinux.erb | 371 ---------------------------- templates/chrony.conf.debian.erb | 128 ---------- templates/chrony.conf.epp | 127 ++++++++++ templates/chrony.conf.redhat.erb | 128 ---------- 6 files changed, 131 insertions(+), 631 deletions(-) delete mode 100644 templates/chrony.conf.archlinux.erb delete mode 100644 templates/chrony.conf.debian.erb create mode 100644 templates/chrony.conf.epp delete mode 100644 templates/chrony.conf.redhat.erb diff --git a/manifests/config.pp b/manifests/config.pp index 3c534ed..0f53614 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -36,7 +36,7 @@ owner => 0, group => 0, mode => '0644', - content => template($config_template), + content => epp($config_template), } file { $config_keys: diff --git a/manifests/params.pp b/manifests/params.pp index c9a2278..fb357d0 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -6,7 +6,7 @@ 'Archlinux' : { $cmdacl = ['cmdallow 127.0.0.1'] $config = '/etc/chrony.conf' - $config_template = 'chrony/chrony.conf.archlinux.erb' + $config_template = 'chrony/chrony.conf.epp' $config_keys = '/etc/chrony.keys' $config_keys_owner = 0 $config_keys_group = 0 @@ -18,7 +18,7 @@ 'Suse', 'RedHat' : { $cmdacl = [] $config = '/etc/chrony.conf' - $config_template = 'chrony/chrony.conf.redhat.erb' + $config_template = 'chrony/chrony.conf.epp' $config_keys = '/etc/chrony.keys' $config_keys_owner = 0 $config_keys_group = chrony @@ -30,7 +30,7 @@ 'Debian' : { $cmdacl = [] $config = '/etc/chrony/chrony.conf' - $config_template = 'chrony/chrony.conf.debian.erb' + $config_template = 'chrony/chrony.conf.epp' $config_keys = '/etc/chrony/chrony.keys' $config_keys_owner = 0 $config_keys_group = 0 diff --git a/templates/chrony.conf.archlinux.erb b/templates/chrony.conf.archlinux.erb deleted file mode 100644 index a54943f..0000000 --- a/templates/chrony.conf.archlinux.erb +++ /dev/null @@ -1,371 +0,0 @@ -####################################################################### -# -# This is an example chrony configuration file. You should copy it to -# /etc/chrony.conf after uncommenting and editing the options that you -# want to enable. The more obscure options are not included. Refer -# to the documentation for these. -# -# Copyright 2002 Richard P. Curnow -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of version 2 of the GNU General Public License as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -# -# -####################################################################### -### COMMENTS -# Any of the following lines are comments (you have a choice of -# comment start character): -# a comment -% a comment -! a comment -; a comment -# -# Below, the '!' form is used for lines that you might want to -# uncomment and edit to make your own chrony.conf file. -# -####################################################################### -####################################################################### -### SPECIFY YOUR NTP SERVERS -# Most computers using chrony will send measurement requests to one or -# more 'NTP servers'. You will probably find that your Internet Service -# Provider or company have one or more NTP servers that you can specify. -# Failing that, there are a lot of public NTP servers. There is a list -# you can access at -# http://www.eecis.udel.edu/~mills/ntp/servers.htm. - -! server ntp0.your-isp.com -! server ntp1.your-isp.com -! server ntp.public-server.org -<% if @servers.is_a?(Hash) then @servers.keys.sort.each do |server| -%> -server <%= server %> <%= @servers[server].join(' ') %> -<% end else Array(@servers).each do |server| -%> -server <%= server %> iburst -<% end end -%> - -#server 0.nl.pool.ntp.org -#server 1.nl.pool.ntp.org -#server 2.nl.pool.ntp.org -#server 3.nl.pool.ntp.org - -# However, for dial-up use you probably want these instead. The word -# 'offline' means that the server is not visible at boot time. Use -# chronyc's 'online' command to tell chronyd that these servers have -# become visible after you go on-line. - -! server ntp0.your-isp.com offline -! server ntp1.your-isp.com offline -! server ntp.public-server.org offline - -<% if @pools.is_a?(Hash) then @pools.keys.sort.each do |pool| -%> -pool <%= pool %> <%= @pools[pool].join(' ') %> -<% end else Array(@pools).each do |pool| -%> -pool <%= pool %> iburst -<% end end -%> - -# You may want to specify NTP 'peers' instead. If you run a network -# with a lot of computers and want several computers running chrony to -# have the 'front-line' interface to the public NTP servers, you can -# 'peer' these machines together to increase robustness. - -! peer ntp0.my-company.com - -# There are other options to the 'server' and 'peer' directives that you -# might want to use. For example, you can ignore measurements whose -# round-trip-time is too large (indicating that the measurement is -# probably useless, because you don't know which way the measurement -# message got held up.) Consult the full documentation for details. - -<% if @stratumweight -%> -# How much distance should be added per stratum to the synchronisation distance when chronyd selects the synchronisation source from available sources. -stratumweight <%= @stratumweight %> -<% end -%> -####################################################################### -### AVOIDING POTENTIALLY BOGUS CHANGES TO YOUR CLOCK -# -# To avoid changes being made to your computer's gain/loss compensation -# when the measurement history is too erratic, you might want to enable -# one of the following lines. The first seems good for dial-up (or -# other high-latency connections like slow leased lines), the second -# seems OK for a LAN environment. - -! maxupdateskew 100 -! maxupdateskew 5 - -####################################################################### -### FILENAMES ETC -# Chrony likes to keep information about your computer's clock in files. -# The 'driftfile' stores the computer's clock gain/loss rate in parts -# per million. When chronyd starts, the system clock can be tuned -# immediately so that it doesn't gain or lose any more time. You -# generally want this, so it is uncommented. - -driftfile /etc/chrony.drift - -# If you want to use the program called chronyc to configure aspects of -# chronyd's operation once it is running (e.g. tell it the Internet link -# has gone up or down), you need a password. This is stored in the -# following keys file. (You also need keys to support authenticated NTP -# exchanges between cooperating machines.) Again, this option is -# assumed by default. - -keyfile /etc/chrony.keys - -# chronyd can save the measurement history for the servers to files when -# it it exits. This is useful in 2 situations: -# -# 1. On Linux, if you stop chronyd and restart it with '-r' (e.g. after -# an upgrade), the old measurements will still be relevant when chronyd -# is restarted. This will reduce the time needed to get accurate -# gain/loss measurements, especially with a dial-up link. -# -# 2. Again on Linux, if you use the RTC support and start chronyd with -# '-r -s' on bootup, measurements from the last boot will still be -# useful (the real time clock is used to 'flywheel' chronyd between -# boots). -# -# Enable these two options to use this. - -dumponexit -dumpdir /var/log/chrony - -# chronyd writes its process ID to a file. If you try to start a second -# copy of chronyd, it will detect that the process named in the file is -# still running and bail out. If you want to change the path to the PID -# file, uncomment this line and edit it. The default path is shown. - -! pidfile /var/run/chronyd.pid - -####################################################################### -### INITIAL CLOCK CORRECTION -# This option is only useful if your NTP servers are visible at boot -# time. This probably means you are on a LAN. If so, the following -# option will choose the best-looking of the servers and correct the -# system time to that. The value '10' means that if the error is less -# than 10 seconds, it will be gradually removed by speeding up or -# slowing down your computer's clock until it is correct. If the error -# is above 10 seconds, an immediate time jump will be applied to correct -# it. Some software can get upset if the system clock jumps (especially -# backwards), so be careful! - -! initstepslew 10 ntp0.your-company.com ntp1.your-company.com ntp2.your-company.com - -####################################################################### -### LOGGING -# If you want to log information about the time measurements chronyd has -# gathered, you might want to enable the following lines. You probably -# only need this if you really enjoy looking at the logs, you want to -# produce some graphs of your system's timekeeping performance, or you -# need help in debugging a problem. - -! logdir /var/log/chrony -! log measurements statistics tracking - -# If you have real time clock support enabled (see below), you might want -# this line instead: - -! log measurements statistics tracking rtc - -####################################################################### -### ACTING AS AN NTP SERVER -# You might want the computer to be an NTP server for other computers. -# e.g. you might be running chronyd on a dial-up machine that has a LAN -# sitting behind it with several 'satellite' computers on it. -# -# By default, chronyd does not allow any clients to access it. You need -# to explicitly enable access using 'allow' and 'deny' directives. -# -# e.g. to enable client access from the 192.168.*.* class B subnet, - -! allow 192.168/16 - -<% Array(@queryhosts).each do |allowed| -%> -allow <%= allowed %> -<% end -%> - -# .. but disallow the 192.168.100.* subnet of that, - -! deny 192.168.100/24 - -# You can have as many allow and deny directives as you need. The order -# is unimportant. -# - -# http://chrony.tuxfamily.org/manual.html#port-directive -port <%= @port %> - -# If you want chronyd to act as an NTP broadcast server, enable and edit -# (and maybe copy) the following line. This means that a broadcast -# packet is sent to the address 192.168.1.255 every 60 seconds. The -# address MUST correspond to the broadcast address of one of the network -# interfaces on your machine. If you have multiple network interfaces, -# add a broadcast line for each. - -! broadcast 60 192.168.1.255 - -# If you want to present your computer's time for others to synchronise -# with, even if you don't seem to be synchronised to any NTP servers -# yourself, enable the following line. The value 10 may be varied -# between 1 and 15. You should avoid small values because you will look -# like a real NTP server. The value 10 means that you appear to be 10 -# NTP 'hops' away from an authoritative source (atomic clock, GPS -# receiver, radio clock etc). - -! local stratum 10 - -# Normally, chronyd will keep track of how many times each client -# machine accesses it. The information can be accessed by the 'clients' -# command of chronyc. You can disable this facility by uncommenting the -# following line. This will save a bit of memory if you have many -# clients. - -! noclientlog -<% if !@clientlog -%> -noclientlog -<% end -%> - -# The clientlog size is limited to 512KB by default. If you have many -# clients, especially in many different subnets, you might want to -# increase the limit. - -! clientloglimit 4194304 -<% if defined?(@clientloglimit) -%> -clientloglimit <%= @clientloglimit %> -<% end -%> - -####################################################################### -### REPORTING BIG CLOCK CHANGES -# Perhaps you want to know if chronyd suddenly detects any large error -# in your computer's clock. This might indicate a fault or a problem -# with the server(s) you are using, for example. -# -# The next option causes a message to be written to syslog when chronyd -# has to correct an error above 0.5 seconds (you can use any amount you -# like). - -! logchange 0.5 - -# The next option will send email to the named person when chronyd has -# to correct an error above 0.5 seconds. (If you need to send mail to -# several people, you need to set up a mailing list or sendmail alias -# for them and use the address of that.) - -! mailonchange wibble@foobar.org 0.5 -<% if defined?(@mailonchange) -%> -# Send mail if chronyd applied a correction exceeding given threshold. -mailonchange <%= @mailonchange %> <%= @threshold %> -<% end -%> - -####################################################################### -### COMMAND ACCESS -# The program chronyc is used to show the current operation of chronyd -# and to change parts of its configuration whilst it is running. - -# Normally, chronyd will only allow connections from chronyc on the same -# machine as itself. This is for security. If you have a subnet -# 192.168.*.* and you want to be able to use chronyc from any machine on -# it, you could uncomment the following line. (Edit this to your own -# situation.) - -! cmdallow 192.168/16 - -# You can add as many 'cmdallow' and 'cmddeny' lines as you like. The -# syntax and meaning is the same as for 'allow' and 'deny', except that -# 'cmdallow' and 'cmddeny' control access to the chronyd's command port. - -# NOTE, even if the host where you run chronyc is granted access, you -# still need a command key set up and you have to know the password to -# put into chronyc to allow you to modify chronyd's parameters. By -# default all you can do is view information about chronyd's operation. - -# Some people have reported that the need the following line to allow -# chronyc to work even on the same machine. This should not be -# necessary, and the problem is being investigated. You can leave this -# line enabled, as it's benign otherwise. - -<% @cmdacl.each do |acl| -%> -<%= acl %> -<% end -%> - -####################################################################### -### REAL TIME CLOCK -# chronyd can characterise the system's real-time clock. This is the -# clock that keeps running when the power is turned off, so that the -# machine knows the approximate time when it boots again. The error at -# a particular epoch and gain/loss rate can be written to a file and -# used later by chronyd when it is started with the '-s' option. -# -# You need to have 'enhanced RTC support' compiled into your Linux -# kernel. (Note, these options apply only to Linux.) - -rtcfile /etc/chrony.rtc - -<% if defined?(@rtconutc) %> -# Your RTC can be set to keep Universal Coordinated Time (UTC) or local -# time. (Local time means UTC +/- the effect of your timezone.) If you -# use UTC, chronyd will function correctly even if the computer is off -# at the epoch when you enter or leave summer time (aka daylight saving -# time). However, if you dual boot your system with Microsoft Windows, -# that will work better if your RTC maintains local time. You take your -# pick! - -rtconutc -<% end -%> - -# By default chronyd assumes that the enhanced RTC device is accessed as -# /dev/rtc. If it's accessed somewhere else on your system (e.g. you're -# using devfs), uncomment and edit the following line. - -! rtcdevice /dev/misc/rtc - -<%- if defined?(@refclocks) -%> -# Hardware reference clock drivers -<% if @refclocks.is_a?(Hash) then @refclocks.keys.sort.each do |driver| -%> -<% if @refclocks.is_a?(Hash) then @refclocks.keys.sort.each do |driver| -%> -<% if @refclocks[driver].is_a(Array) then @refclocks[driver].sort.each do | instance | -%> -refclock <%= driver %> <%= instance %> -<% end end end -%> -<% else -%> -refclock <%= driver %> <%= @refclocks[driver] %> -<% end end -%> -<% else -%> -<% Array(@refclocks).sort.each do |refclock| -%> -refclock <%= refclock %> -<% end end -%> -<% end -%> - -####################################################################### -### REAL TIME SCHEDULER -# This directive tells chronyd to use the real-time FIFO scheduler with the -# specified priority (which must be between 0 and 100). This should result -# in reduced latency. You don't need it unless you really have a requirement -# for extreme clock stability. Works only on Linux. Note that the "-P" -# command-line switch will override this. - -! sched_priority 1 - -####################################################################### -### LOCKING CHRONYD INTO RAM -# This directive tells chronyd to use the mlockall() syscall to lock itself -# into RAM so that it will never be paged out. This should result in reduced -# latency. You don't need it unless you really have a requirement -# for extreme clock stability. Works only on Linux. Note that the "-m" -# command-line switch will also enable this feature. - -! lock_all -<% if @lock_all -%> -lock_all -<% end -%> - -# In first <%= @makestep_updates %> updates step the system clock instead of slew -# if the adjustment is larger than <%= @makestep_seconds %> seconds. -makestep <%= @makestep_seconds %> <%= @makestep_updates %> diff --git a/templates/chrony.conf.debian.erb b/templates/chrony.conf.debian.erb deleted file mode 100644 index 43f2ded..0000000 --- a/templates/chrony.conf.debian.erb +++ /dev/null @@ -1,128 +0,0 @@ -# Use public servers from the pool.ntp.org project. -# Please consider joining the pool (http://www.pool.ntp.org/join.html). -<% if @servers.is_a?(Hash) then @servers.keys.sort.each do |server| -%> -server <%= server %> <%= @servers[server].join(' ') %> -<% end else Array(@servers).each do |server| -%> -server <%= server %> iburst -<% end end -%> - -<% if @pools.is_a?(Hash) then @pools.keys.sort.each do |pool| -%> -pool <%= pool %> <%= @pools[pool].join(' ') %> -<% end else Array(@pools).each do |pool| -%> -pool <%= pool %> iburst -<% end end -%> - -<% Array(@peers).each do |peer| -%> -peer <%= peer %> -<% end -%> - -<% if @stratumweight -%> -# How much distance should be added per stratum to the synchronisation distance when chronyd selects the synchronisation source from available sources. -stratumweight <%= @stratumweight %> -<% end -%> -# Record the rate at which the system clock gains/losses time. -driftfile /var/lib/chrony/drift - -# Enable kernel RTC synchronization. -rtcsync - -# In first <%= @makestep_updates %> updates step the system clock instead of slew -# if the adjustment is larger than <%= @makestep_seconds %> seconds. -makestep <%= @makestep_seconds %> <%= @makestep_updates %> - -# Allow client access from local network. -#allow 192.168/16 -<% Array(@queryhosts).each do |allowed| -%> -allow <%= allowed %> -<% end -%> - -<% if defined?(@cmdport) -%> -cmdport <%= @cmdport %> -<% end -%> - -<% @bindcmdaddress.each do |addr| -%> -bindcmdaddress <%= addr %> -<% end -%> - -<% @cmdacl.each do |acl| -%> -<%= acl %> -<% end -%> - -# http://chrony.tuxfamily.org/manual.html#port-directive -port <%= @port %> - -# Serve time even if not synchronized to any NTP server. -local stratum <%= @local_stratum %> - -keyfile <%= @config_keys %> - -<% if !@clientlog -%> -# Disable logging of client accesses. -noclientlog -<% end -%> - -<% if defined?(@clientloglimit) -%> -# The clientlog size is limited to 512KB by default. If you have many -# clients, especially in many different subnets, you might want to -# increase the limit. -clientloglimit <%= @clientloglimit %> -<% end -%> - -# Send a message to syslog if a clock adjustment is larger than 0.5 seconds. -logchange 0.5 - -<% if defined?(@mailonchange) -%> -# Send mail if chronyd applied a correction exceeding given threshold. -mailonchange <%= @mailonchange %> <%= @threshold %> -<% end -%> - -logdir /var/log/chrony -<%- if defined?(@log_options) -%> -log <%= @log_options %> -<%- end -%> - -<%- if defined?(@refclocks) -%> -# Hardware reference clock drivers -<% if @refclocks.is_a?(Hash) then @refclocks.keys.sort.each do |driver| -%> -<% if @refclocks.is_a?(Hash) then @refclocks.keys.sort.each do |driver| -%> -<% if @refclocks[driver].is_a(Array) then @refclocks[driver].sort.each do | instance | -%> -refclock <%= driver %> <%= instance %> -<% end end end -%> -<% else -%> -refclock <%= driver %> <%= @refclocks[driver] %> -<% end end -%> -<% else -%> -<% Array(@refclocks).sort.each do |refclock| -%> -refclock <%= refclock %> -<% end end -%> -<% end -%> - -<% if @lock_all -%> -# Lock chrony to RAM. -lock_all -<% end -%> - -<% if defined?(@leapsecmode) %> -# https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html#leapsecmode -leapsecmode <%= @leapsecmode %> -<% end -%> - -<% if defined?(@leapsectz) %> -# https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html#leapsectz -leapsectz <%= @leapsectz %> -<% end -%> - -<% if defined?(@maxslewrate) %> -# https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html#maxslewrate -maxslewrate <%= @maxslewrate %> -<% end -%> - -<% if defined?(@smoothtime) %> -# https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html#smoothtime -smoothtime <%= @smoothtime %> -<% end -%> - -<% if defined?(@rtconutc) %> -# https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html#rtconutc -rtconutc -<% end -%> diff --git a/templates/chrony.conf.epp b/templates/chrony.conf.epp new file mode 100644 index 0000000..22d67bf --- /dev/null +++ b/templates/chrony.conf.epp @@ -0,0 +1,127 @@ +# NTP servers +<% $chrony::servers.each |$server| { -%> +server <%= $server.flatten.join(' ') %> +<% } -%> +<% $chrony::pools.each |$pool| { -%> +pool <%= $pool.flatten.join(' ') %> +<% } -%> +<% $chrony::peers.each |$pool| { -%> +pool <%= $pool.flatten.join(' ') %> +<% } -%> + +<% if $chrony::stratumweight { -%> + +# How much distance should be added per stratum to the synchronisation distance when +# chronyd selects the synchronisation source from available sources. +stratumweight <%= $chrony::stratumweight %> +<% } -%> + +# Record the rate at which the system clock gains/losses time. +driftfile /var/lib/chrony/drift + +# Enable kernel RTC synchronization. +rtcsync +<% if $chrony::makestep_seconds and $chrony::makestep_updates { -%> + +# In first <%= $chrony::makestep_updates %> updates step the system clock instead of slew +# if the adjustment is larger than <%= $chrony::makestep_seconds %> seconds. +makestep <%= $chrony::makestep_seconds %> <%= $chrony::makestep_updates %> +<% } -%> +<% if ! $chrony::queryhosts.empty { -%> + +# Allow client access. +<% $chrony::queryhosts.each |$allowed| { -%> +allow <%= $allowed %> +<% } -%> +<% } -%> +<% if $chrony::cmdport { -%> +cmdport <%= $chrony::cmdport %> +<% } -%> +<% if ! $chrony::bindcmdaddress.empty { -%> + +<% $chrony::bindcmdaddress.each |$addr| { -%> +bindcmdaddress <%= $addr %> +<% } -%> +<% } -%> +<% if ! $chrony::cmdacl.empty { -%> +<% $chrony::cmdacl.each |$acl| { -%> +<%= $acl %> +<% } -%> +<% } -%> + +<% if $chrony::port { -%> + +# http://chrony.tuxfamily.org/manual.html#port-directive +port <%= $chrony::port %> +<% } -%> +<% if $chrony::local_stratum { -%> + +# Serve time even if not synchronized to any NTP server. +local stratum <%= $chrony::local_stratum %> +<% } -%> +<% if $chrony::config_keys { -%> + +keyfile <%= $chrony::config_keys %> +<% } -%> +<% if ! $chrony::clientlog { -%> + +# Disable logging of client accesses. +noclientlog +<% } -%> +<% if $chrony::clientloglimit { -%> + +# The clientlog size is limited to 512KB by default. If you have many +# clients, especially in many different subnets, you might want to +# increase the limit. +clientloglimit <%= $chrony::clientloglimit %> +<% } -%> + +# Send a message to syslog if a clock adjustment is larger than 0.5 seconds. +logchange 0.5 + +<% if $chrony::mailonchange { -%> + +# Send mail if chronyd applied a correction exceeding given threshold. +mailonchange <%= $chrony::mailonchange %> <%= $chrony::threshold %> +<% } -%> + +logdir /var/log/chrony +<% if $chrony::log_options { -%> +log <%= $chrony::log_options %> +<% } -%> +<% if $chrony::refclocks { -%> + +<% $chrony::refclocks.each |$driver| { -%> +refclock <%= $driver.flatten.join(' ') %> +<% } -%> +<% } -%> +<% if $chrony::lock_all { -%> + +# Lock chrony to RAM. +lock_all +<% } -%> +<% if $chrony::leapsecmode { %> + +# https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html#leapsecmode +leapsecmode <%= $chrony::leapsecmode %> +<% } -%> +<% if $chrony::leapsectz { %> + +# https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html#leapsectz +leapsectz <%= $chrony::leapsectz %> +<% } -%> +<% if $chrony::maxslewrate { %> + +# https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html#maxslewrate +maxslewrate <%= $chrony::maxslewrate %> +<% } -%> +<% if $chrony::smoothtime { %> + +# https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html#smoothtime +smoothtime <%= $chrony::smoothtime %> +<% } -%> +<% if $chrony::rtconutc { %> + +# https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html#rtconutc +rtconutc +<% } -%> diff --git a/templates/chrony.conf.redhat.erb b/templates/chrony.conf.redhat.erb deleted file mode 100644 index 43f2ded..0000000 --- a/templates/chrony.conf.redhat.erb +++ /dev/null @@ -1,128 +0,0 @@ -# Use public servers from the pool.ntp.org project. -# Please consider joining the pool (http://www.pool.ntp.org/join.html). -<% if @servers.is_a?(Hash) then @servers.keys.sort.each do |server| -%> -server <%= server %> <%= @servers[server].join(' ') %> -<% end else Array(@servers).each do |server| -%> -server <%= server %> iburst -<% end end -%> - -<% if @pools.is_a?(Hash) then @pools.keys.sort.each do |pool| -%> -pool <%= pool %> <%= @pools[pool].join(' ') %> -<% end else Array(@pools).each do |pool| -%> -pool <%= pool %> iburst -<% end end -%> - -<% Array(@peers).each do |peer| -%> -peer <%= peer %> -<% end -%> - -<% if @stratumweight -%> -# How much distance should be added per stratum to the synchronisation distance when chronyd selects the synchronisation source from available sources. -stratumweight <%= @stratumweight %> -<% end -%> -# Record the rate at which the system clock gains/losses time. -driftfile /var/lib/chrony/drift - -# Enable kernel RTC synchronization. -rtcsync - -# In first <%= @makestep_updates %> updates step the system clock instead of slew -# if the adjustment is larger than <%= @makestep_seconds %> seconds. -makestep <%= @makestep_seconds %> <%= @makestep_updates %> - -# Allow client access from local network. -#allow 192.168/16 -<% Array(@queryhosts).each do |allowed| -%> -allow <%= allowed %> -<% end -%> - -<% if defined?(@cmdport) -%> -cmdport <%= @cmdport %> -<% end -%> - -<% @bindcmdaddress.each do |addr| -%> -bindcmdaddress <%= addr %> -<% end -%> - -<% @cmdacl.each do |acl| -%> -<%= acl %> -<% end -%> - -# http://chrony.tuxfamily.org/manual.html#port-directive -port <%= @port %> - -# Serve time even if not synchronized to any NTP server. -local stratum <%= @local_stratum %> - -keyfile <%= @config_keys %> - -<% if !@clientlog -%> -# Disable logging of client accesses. -noclientlog -<% end -%> - -<% if defined?(@clientloglimit) -%> -# The clientlog size is limited to 512KB by default. If you have many -# clients, especially in many different subnets, you might want to -# increase the limit. -clientloglimit <%= @clientloglimit %> -<% end -%> - -# Send a message to syslog if a clock adjustment is larger than 0.5 seconds. -logchange 0.5 - -<% if defined?(@mailonchange) -%> -# Send mail if chronyd applied a correction exceeding given threshold. -mailonchange <%= @mailonchange %> <%= @threshold %> -<% end -%> - -logdir /var/log/chrony -<%- if defined?(@log_options) -%> -log <%= @log_options %> -<%- end -%> - -<%- if defined?(@refclocks) -%> -# Hardware reference clock drivers -<% if @refclocks.is_a?(Hash) then @refclocks.keys.sort.each do |driver| -%> -<% if @refclocks.is_a?(Hash) then @refclocks.keys.sort.each do |driver| -%> -<% if @refclocks[driver].is_a(Array) then @refclocks[driver].sort.each do | instance | -%> -refclock <%= driver %> <%= instance %> -<% end end end -%> -<% else -%> -refclock <%= driver %> <%= @refclocks[driver] %> -<% end end -%> -<% else -%> -<% Array(@refclocks).sort.each do |refclock| -%> -refclock <%= refclock %> -<% end end -%> -<% end -%> - -<% if @lock_all -%> -# Lock chrony to RAM. -lock_all -<% end -%> - -<% if defined?(@leapsecmode) %> -# https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html#leapsecmode -leapsecmode <%= @leapsecmode %> -<% end -%> - -<% if defined?(@leapsectz) %> -# https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html#leapsectz -leapsectz <%= @leapsectz %> -<% end -%> - -<% if defined?(@maxslewrate) %> -# https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html#maxslewrate -maxslewrate <%= @maxslewrate %> -<% end -%> - -<% if defined?(@smoothtime) %> -# https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html#smoothtime -smoothtime <%= @smoothtime %> -<% end -%> - -<% if defined?(@rtconutc) %> -# https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html#rtconutc -rtconutc -<% end -%> From 59f61aa2710145fbaf5993475b7a5f95137a755e Mon Sep 17 00:00:00 2001 From: Christer Ekholm Date: Thu, 9 Jul 2020 12:09:46 +0200 Subject: [PATCH 2/4] Update templates/chrony.conf.epp Fix typo cut&paste typo Co-authored-by: Ewoud Kohl van Wijngaarden --- templates/chrony.conf.epp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/chrony.conf.epp b/templates/chrony.conf.epp index 22d67bf..31eccf8 100644 --- a/templates/chrony.conf.epp +++ b/templates/chrony.conf.epp @@ -5,8 +5,8 @@ server <%= $server.flatten.join(' ') %> <% $chrony::pools.each |$pool| { -%> pool <%= $pool.flatten.join(' ') %> <% } -%> -<% $chrony::peers.each |$pool| { -%> -pool <%= $pool.flatten.join(' ') %> +<% $chrony::peers.each |$peer| { -%> +peer <%= $peer.flatten.join(' ') %> <% } -%> <% if $chrony::stratumweight { -%> From aa4be5a267aa4a046015e93fd23d0a195f1abe24 Mon Sep 17 00:00:00 2001 From: Christer Ekholm Date: Thu, 9 Jul 2020 12:26:35 +0200 Subject: [PATCH 3/4] Move default value for $config_template from params.pp to init.pp Since this now has the same value for all OS, this don't need to be set by params.pp --- REFERENCE.md | 2 +- manifests/init.pp | 2 +- manifests/params.pp | 3 --- 3 files changed, 2 insertions(+), 5 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index 7de049e..92fb9e9 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -167,7 +167,7 @@ Data type: `String[1]` This determines which template puppet should use for the chrony configuration. -Default value: $chrony::params::config_template +Default value: 'chrony/chrony.conf.epp' ##### `config_keys` diff --git a/manifests/init.pp b/manifests/init.pp index ef86d77..8833f91 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -176,7 +176,7 @@ Optional[Stdlib::Port] $cmdport = undef, $commandkey = 0, Stdlib::Unixpath $config = $chrony::params::config, - String[1] $config_template = $chrony::params::config_template, + String[1] $config_template = 'chrony/chrony.conf.epp', Stdlib::Unixpath $config_keys = $chrony::params::config_keys, String[1] $config_keys_template = 'chrony/chrony.keys.erb', String[1] $chrony_password = 'xyzzy', diff --git a/manifests/params.pp b/manifests/params.pp index fb357d0..58e19f5 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -6,7 +6,6 @@ 'Archlinux' : { $cmdacl = ['cmdallow 127.0.0.1'] $config = '/etc/chrony.conf' - $config_template = 'chrony/chrony.conf.epp' $config_keys = '/etc/chrony.keys' $config_keys_owner = 0 $config_keys_group = 0 @@ -18,7 +17,6 @@ 'Suse', 'RedHat' : { $cmdacl = [] $config = '/etc/chrony.conf' - $config_template = 'chrony/chrony.conf.epp' $config_keys = '/etc/chrony.keys' $config_keys_owner = 0 $config_keys_group = chrony @@ -30,7 +28,6 @@ 'Debian' : { $cmdacl = [] $config = '/etc/chrony/chrony.conf' - $config_template = 'chrony/chrony.conf.epp' $config_keys = '/etc/chrony/chrony.keys' $config_keys_owner = 0 $config_keys_group = 0 From 1defd56050ce2902218b46102ebf9324ae397572 Mon Sep 17 00:00:00 2001 From: Christer Ekholm Date: Thu, 9 Jul 2020 15:28:00 +0200 Subject: [PATCH 4/4] Remove unneded condition for Array $chrony::cmdacl And also decrease nr of empty lines added to configfile. --- templates/chrony.conf.epp | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/templates/chrony.conf.epp b/templates/chrony.conf.epp index 31eccf8..14c5d80 100644 --- a/templates/chrony.conf.epp +++ b/templates/chrony.conf.epp @@ -8,7 +8,6 @@ pool <%= $pool.flatten.join(' ') %> <% $chrony::peers.each |$peer| { -%> peer <%= $peer.flatten.join(' ') %> <% } -%> - <% if $chrony::stratumweight { -%> # How much distance should be added per stratum to the synchronisation distance when @@ -43,12 +42,9 @@ cmdport <%= $chrony::cmdport %> bindcmdaddress <%= $addr %> <% } -%> <% } -%> -<% if ! $chrony::cmdacl.empty { -%> -<% $chrony::cmdacl.each |$acl| { -%> +<% $chrony::cmdacl.each |$acl| { -%> <%= $acl %> -<% } -%> <% } -%> - <% if $chrony::port { -%> # http://chrony.tuxfamily.org/manual.html#port-directive @@ -78,7 +74,6 @@ clientloglimit <%= $chrony::clientloglimit %> # Send a message to syslog if a clock adjustment is larger than 0.5 seconds. logchange 0.5 - <% if $chrony::mailonchange { -%> # Send mail if chronyd applied a correction exceeding given threshold. @@ -105,22 +100,22 @@ lock_all # https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html#leapsecmode leapsecmode <%= $chrony::leapsecmode %> <% } -%> -<% if $chrony::leapsectz { %> +<% if $chrony::leapsectz { -%> # https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html#leapsectz leapsectz <%= $chrony::leapsectz %> <% } -%> -<% if $chrony::maxslewrate { %> +<% if $chrony::maxslewrate { -%> # https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html#maxslewrate maxslewrate <%= $chrony::maxslewrate %> <% } -%> -<% if $chrony::smoothtime { %> +<% if $chrony::smoothtime { -%> # https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html#smoothtime smoothtime <%= $chrony::smoothtime %> <% } -%> -<% if $chrony::rtconutc { %> +<% if $chrony::rtconutc { -%> # https://chrony.tuxfamily.org/doc/3.4/chrony.conf.html#rtconutc rtconutc